mondoohq / ansible-mondoo Goto Github PK

Describe the bug
We should use the main branch for all our projects. This repo is still master. Change the default branch to main.

Describe the bug
When

To Reproduce

Install Mondoo using the official mondoo.client Ansible role, e.g. using the following playbook:

---
- hosts: linux_hosts
  become: true
  roles:
    - role: mondoo.client

Expected behavior
Mondoo client is installed.

Screenshots or CLI Output
Installation crashes with the following error:

TASK [mondoo.client : Ensure deprecated mondoo service is removed] *************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Could not find the requested service mondoo.service: host"}

Desktop (please complete the following information):

I've tested against the following distros:

• AlmaLinux 8
• Ubuntu 22.04
• Fedora 37
• Debian 11

Additional context
I think the error exists in the following two files:

• https://github.com/mondoohq/ansible-mondoo/blob/e6e3f89323d3fdee02ec6527d3bcdd7017c0847e/tasks/linux_login.yml (beginning in line 53)
• https://github.com/mondoohq/ansible-mondoo/blob/a86b1c1fd566701741a1f8b755f33d12b6775a19/tasks/linux.yml (beginning in line 66)

Checking against non-existing services fail in Ansible. You'd need to further check the error message, e.g. use register and a customized failed_when definition.

The Testinfra test still refers to the old service name:

Describe the bug
The playbook is trying to update the OS provider for v8 clients. That results in an error since the command isn't available

To Reproduce
Steps to reproduce the behavior:

1. Create a machine with cnspec v8
2. Run the playbook
3. Note the error

Expected behavior
The OS provider update should happen only for v9 clients

Is your feature request related to a problem? Please describe.
If I instal clients for windows manually, I can implement directly an update-task for the mondoo client, like...

Install-Mondoo -RegistrationToken '[TOKEN]' -Service enable -UpdateTask enable -Time 12:00 -Interval 3;

... but the windows clients installed via ansible role won't get this update task.

Describe the solution you'd like
I would prefer the possibility to decide if I wan't to implement an auto-update task and what intervall and time, or just to be able to set a flag for auto update yes or no and take the default interval.

Describe alternatives you've considered
n/a

Additional context
Perhaps we can provide the update task for both, linux and windows. Perhaps it's possible that mondoo will write a cronjob with "apt-get --only-upgrade install mondoo -y" or "yum update mondoo" on the specified time interval, so the client can be patched according to your patch-cycle. We could patch some test-systems a day before the productive ones, but would be safe to always have an updated version.

Describe the bug
The latest version of the Ansible role has a different format (v2.0.0) than previous ones (1.5.0) - therefore ansible-galaxy during role installation.

To Reproduce
Steps to reproduce the behavior:

Run the ansible-galaxy install mondoo.client command.

Expected behavior
The tag should have the same format so that ansible-galaxy can compare versions.

Screenshots or CLI Output

[WARNING]: - mondoo.client was NOT installed successfully: Unable to compare role versions (1.0.0, 1.1.0, 1.2.0, 1.3.0, 1.3.1, 1.4.0, 1.5.0, v2.0.0) to determine the most recent version due to
incompatible version formats. Please contact the role author to resolve versioning conflicts, or specify an explicit role version to install.
ERROR! - you can use --ignore-errors to skip failed roles and finish processing the list.

Desktop (please complete the following information):

• OS: Fedora
• OS Version: 37
• Ansible version: 2.14.1
• Ansible role version: 2.0.0

Additional context
As a workaround, you can create a file requirements.yml with the following content:

---
- roles:
  - name: mondoo.client
    version: v2.0.0

Afterwards, you can install the specific version like this:

$ ansible-galaxy role install -r requirements.yml

Anyhow, this issue should be fixed.

Hi there,

I see there is issues with publishing to Ansible Galaxy, can this help?

https://github.com/ansible/ansible-publish-action

Is your feature request related to a problem? Please describe.
It would be really nice to be able to submit an annotation directly while initial registration as an optional parameter. If you use annotations for managing the system owner, it will really helpful to get an overview inside the console (if searching for annotations will work soon).

Describe the solution you'd like
A string variable which will be used as string for the --annotation parameter while registering the client. If the string contains a "=", the the part before will be the key, the part behind the value. If no "=" is given, the annotation key should be "custom" and the value the whole string.

Describe alternatives you've considered
No alternatives ;)

Additional context
I think many people could need this, if they have a lot of systems with different owners, so you can create reports based on the annotations an address only the system owner relevant systems. If the annotation will be setup directly in the installation process, it will save a lot of time compared to change this by every single host inside the console.

Allow updating clients with cnspec already installed. For example, running the playbook on a machine that already has cnspec v8, it should check if that's the latest version and if it's not, it should perform an update