Red Hat SummitChapter 3. Configuring compliance policy deployment methods
Use one the following procedures to configure Satellite for the method that you have selected to deploy compliance policies. You will select one of these methods when you later create a compliance policy.
3.1. Compliance policy deployment options
With Satellite, multiple methods are available for compliance policy deployment.
You can use one of the following methods to deploy compliance policies:
- Ansible deployment
- You use an Ansible role to configure hosts for compliance scans.
- Puppet deployment
- You use a Puppet class and the Puppet agent to configure hosts for compliance scans.
- Manual deployment
You manually configure hosts for compliance scans.
For the manual deployment method, no additional Satellite configuration is required.
3.2. Configuring Satellite for Ansible compliance policy deployment
If you want to use Ansible to deploy compliance policies, configure Satellite for Ansible compliance policy deployment.
Procedure
Import the
theforeman.foreman_scap_clientAnsible role.For more information, see Managing configurations by using Ansible integration.
-
Assign the created policy and the
theforeman.foreman_scap_clientAnsible role to a host or host group. To trigger the deployment, run the Ansible role on the host or host group either manually, or set up a recurring job by using remote execution for regular policy updates.
For more information, see Configuring and Setting Up Remote Jobs in Managing hosts.
3.3. Configuring Satellite for Puppet compliance policy deployment
If you want to use Puppet to deploy compliance policies, configure Satellite for Puppet compliance policy deployment.
Procedure
- Ensure Puppet is enabled.
- Ensure the Puppet agent is installed on hosts.
Import the Puppet environment that contains the
foreman_scap_clientPuppet module.For more information, see Managing configurations by using Puppet integration.
Assign the created policy and the
foreman_scap_clientPuppet class to a host or host group.Puppet triggers the deployment on the next regular run or you can run Puppet manually. Puppet runs every 30 minutes by default.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}