product-demos
product-demos copied to clipboard
RedHatGov
Feature Request: Linux demo - Add ability to run compliance scan (once defined in Insights)
The LINUX / Compliance scan only offers the STIG profile. It would be great if we could provide this kind of workflow for a demo:
- Run LINUX / Register
- Log into console.redhat.com and associate systems to a compliance profile
- Run new LINUX / Compliance Scan job to call
insights-client --compliance - Ensure that the job above handles the case where the user hasn't associated the system to a compliance profile.
Happy to work on this and submit a PR when I can.
This will also require the installation of the correct version of scap-security-guide on the host as per:
Insights Compliance - Supported Configurations
Here's an example of how I have dealt with it:
there is a role for that here https://github.com/RedHatInsights/ansible-collections-insights/tree/master/roles/insights_client
would need to integrate into the lab
I have revisited this particular demo and realise that it is not connected to Insights in any way. We are just running one of the compliance demos available from here: https://galaxy.ansible.com/RedHatOfficial
As a consequence maybe it is worthwhile developing a separate exercise to run an Insights-based compliance scan. Thoughts?
I believe I have addressed this issue via PR #51 Do you think we can close this issue as a consequence?