You can run Ansible playbooks locally without a server. Your describing a normal Ansible deployment, but if the Ansible package is installed on a local system, you don't need an external system.
Shawn... is your vision that Ansible would be a dependency for SSG remediations? I don't have an issue with that at all, but I'm just trying to think through how it would work when applying security policies during installation. Tom A. Sent from my iPhone > On Aug 1, 2017, at 7:32 PM, Bond Masuda <[email protected]> wrote: > > I'm probably missing the point here, but I don't understand. Ansible is > agentless and doesn't require anything to run plays/tasks on a remote system > other than an ssh connection/account and the proper privileges for that > account. At the end of the day, it may end up running a command line via the > "shell" module anyway, so what's the point? > > What does ansible being available have anything to do with remediation of the > target system? You only install ansible on the control system, not the target > usually unless you're using the pull mechanism? I think it would be nice to > have ansible plays that can do the remediation, but you can do that without > having ansible installed on the target system... > > ?? confused ?? > > >> On 08/01/2017 04:20 PM, Shawn Wells wrote: >> RHEL 7.4 is out! That means we can now be public on how Ansible is >> shipping as part of the rhel-7-server-extras-rpms channel: >> https://access.redhat.com/downloads/content/ansible/2.3.1.0-3.el7/noarch/fd431d51/package >> >> Now that we can ensure every RHEL install has access to Ansible, is it >> time to remove the bash scripts? >> >> The original premise of bash script inclusion was "bash is everywhere >> RHEL is" ..... and now Ansible carries the same truth. >> >> Potential downside for discussion: >> Ansible binaries ship in the extras channel versus the core >> rhel-7-server (or whatever it's called). Will users mind enabling the >> extras channel? >> >> _______________________________________________ >> scap-security-guide mailing list -- >> [email protected] >> To unsubscribe send an email to >> [email protected] > _______________________________________________ > scap-security-guide mailing list -- [email protected] > To unsubscribe send an email to > [email protected] _______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected]
