For the examples in this section please see ansible-Safeguard for Sudo releases page to find the latest collection build artifact (*.tar.gz file) and use the URL to this file in place of the URL's shown below. The collection build artifact is under the 'Assets' section for each release (right click on the *.tar.gz file and select 'Copy link address' to copy URL).
To install from GitHub you can use the ansible-galaxy command to install the collection on your control node. See Ansible documentation for futher information.
Using ansible-galaxy command:
ansible-galaxy collection install https://github.com/OneIdentity/ansible-privilege-manager/releases/download/v0.1.0/oneidentity-privilege_manager-0.1.0.tar.gz
The collection can also be added to a project's requirements.yml file
---
collections:
- name: https://github.com/OneIdentity/ansible-privilege-manager/releases/download/v0.1.0/oneidentity-privilege_manager-0.1.0.tar.gz
and installed using the ansible-galaxy command. This method allows all required collections for a project to be specified in one place and installed with one command.
ansible-galaxy collection install -r requirements.yml
When used with Ansible Tower and Ansible AWX the collections in the project's requirements.yml file are automatically installed each time a project is run and there is no need to use the ansible-galaxy command.
For local build and installation, you can clone the Git repository, build the collection artifact, and install the locally built collection artifact. This would be useful for those wishing to extend or customize the collection.
-
Clone the Git repository:
git clone https://github.com/OneIdentity/ansible-privilege-manager.git
-
Run a local build inside the collection using the ansible-galaxy command in the root directory of the cloned repository:
cd ansible-privilege-manager
ansible-galaxy collection build
The build command will generate an Ansible Galaxy collection artifact with a tar.gz file extension, sample output will look like the following:
Created collection for oneidentity.privilege_manager at /home/user/ansible-privilege-manager/oneidentity-privilege_manager-0.1.0.tar.gz
The path shown above is just an example, the path to your build artifact will be in the root directory of the cloned repository.
-
Install the locally-built collection artifact using the ansible-galaxy command to install the collection on your control node. See Ansible documentation for further information.
Using ansible-galaxy command:
ansible-galaxy collection install /home/user/ansible-privilege-manager/oneidentity-privilege_manager-0.1.0.tar.gz
The collection can also be added to a project's requirements.yml file
---
collections:
- name: /home/user/ansible-privilege-manager/oneidentity-privilege_manager-0.1.0.tar.gz
and installed using the ansible-galaxy command. This method allows all required collections for a project to be specified in one place and installed with one command.
ansible-galaxy collection install -r requirements.yml
When used with Ansible Tower and Ansible AWX the collections in the project's requirements.yml file are automatically installed each time a project is run and there is no need to use the ansible-galaxy command.
Privilege Manager Ansible Collection
The One Identity Safeguard for Sudo Ansible Collection, referred to as ansible-privilege-manager, consists of roles, modules, plugins, report templates, and sample playbooks to automate software deployment, configuration, policy server joining, and report generation for Safeguard for Sudo.
Collection contents
The table below shows the former MCU functions and their Ansible equivalents as well as new Ansible functions with no former MCU equivalents:
Actions in MCU |
Equivalent in Ansible |
Description |
Check readiness |
preflight role |
Check server readiness for software install and Policy Server create. Check client readiness for software install and Policy Server join. |
Install on a host |
software role |
Server and client software install, upgrade, downgrade, uninstall, and version checking. |
Join host |
join role |
Client Policy Server joining/unjoining. |
N/A |
sudoers role |
Gathers sudoers file information including included sudoers files and directories. User and group information can be gathered as well. |
N/A |
sudo_policy_for_unix_host role |
List the version of Privilege Manager for sudo plugins and the sudo policies in use on all client hosts that are joined to the policy group. |