mondoohq / ansible-mondoo Goto Github PK
View Code? Open in Web Editor NEWAnsible Role for Mondoo cnquery and cnspec
Home Page: https://galaxy.ansible.com/mondoo/client
License: Other
Ansible Role for Mondoo cnquery and cnspec
Home Page: https://galaxy.ansible.com/mondoo/client
License: Other
Describe the bug
We should use the main branch for all our projects. This repo is still master. Change the default branch to main.
Describe the bug
When
To Reproduce
Install Mondoo using the official mondoo.client
Ansible role, e.g. using the following playbook:
---
- hosts: linux_hosts
become: true
roles:
- role: mondoo.client
Expected behavior
Mondoo client is installed.
Screenshots or CLI Output
Installation crashes with the following error:
TASK [mondoo.client : Ensure deprecated mondoo service is removed] *************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Could not find the requested service mondoo.service: host"}
Desktop (please complete the following information):
I've tested against the following distros:
Additional context
I think the error exists in the following two files:
Checking against non-existing services fail in Ansible. You'd need to further check the error message, e.g. use register
and a customized failed_when
definition.
The Testinfra test still refers to the old service name:
Describe the bug
The playbook is trying to update the OS provider for v8 clients. That results in an error since the command isn't available
To Reproduce
Steps to reproduce the behavior:
Expected behavior
The OS provider update should happen only for v9 clients
Is your feature request related to a problem? Please describe.
If I instal clients for windows manually, I can implement directly an update-task for the mondoo client, like...
Install-Mondoo -RegistrationToken '[TOKEN]' -Service enable -UpdateTask enable -Time 12:00 -Interval 3;
... but the windows clients installed via ansible role won't get this update task.
Describe the solution you'd like
I would prefer the possibility to decide if I wan't to implement an auto-update task and what intervall and time, or just to be able to set a flag for auto update yes or no and take the default interval.
Describe alternatives you've considered
n/a
Additional context
Perhaps we can provide the update task for both, linux and windows. Perhaps it's possible that mondoo will write a cronjob with "apt-get --only-upgrade install mondoo -y" or "yum update mondoo" on the specified time interval, so the client can be patched according to your patch-cycle. We could patch some test-systems a day before the productive ones, but would be safe to always have an updated version.
Describe the bug
The latest version of the Ansible role has a different format (v2.0.0) than previous ones (1.5.0) - therefore ansible-galaxy
during role installation.
To Reproduce
Steps to reproduce the behavior:
Run the ansible-galaxy install mondoo.client
command.
Expected behavior
The tag should have the same format so that ansible-galaxy
can compare versions.
Screenshots or CLI Output
[WARNING]: - mondoo.client was NOT installed successfully: Unable to compare role versions (1.0.0, 1.1.0, 1.2.0, 1.3.0, 1.3.1, 1.4.0, 1.5.0, v2.0.0) to determine the most recent version due to
incompatible version formats. Please contact the role author to resolve versioning conflicts, or specify an explicit role version to install.
ERROR! - you can use --ignore-errors to skip failed roles and finish processing the list.
Desktop (please complete the following information):
Additional context
As a workaround, you can create a file requirements.yml
with the following content:
---
- roles:
- name: mondoo.client
version: v2.0.0
Afterwards, you can install the specific version like this:
$ ansible-galaxy role install -r requirements.yml
Anyhow, this issue should be fixed.
Hi there,
I see there is issues with publishing to Ansible Galaxy, can this help?
Is your feature request related to a problem? Please describe.
It would be really nice to be able to submit an annotation directly while initial registration as an optional parameter. If you use annotations for managing the system owner, it will really helpful to get an overview inside the console (if searching for annotations will work soon).
Describe the solution you'd like
A string variable which will be used as string for the --annotation parameter while registering the client. If the string contains a "=", the the part before will be the key, the part behind the value. If no "=" is given, the annotation key should be "custom" and the value the whole string.
Describe alternatives you've considered
No alternatives ;)
Additional context
I think many people could need this, if they have a lot of systems with different owners, so you can create reports based on the annotations an address only the system owner relevant systems. If the annotation will be setup directly in the installation process, it will save a lot of time compared to change this by every single host inside the console.
Allow updating clients with cnspec already installed. For example, running the playbook on a machine that already has cnspec v8, it should check if that's the latest version and if it's not, it should perform an update
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.