Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix Ansible inventory scan command #484

Merged
merged 2 commits into from
Nov 26, 2024
Merged

Fix Ansible inventory scan command #484

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7237f8b
Fix Ansible inventory scan command
misterpantz Nov 25, 2024
a072e34
Put it in the right place good heavens
misterpantz Nov 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions docs/platform/infra/opsys/automation/_ansible-hide.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,10 @@ The method for scanning an Ansible inventory depends on whether your shell suppo

##### Option A: Pipe the Ansible inventory to cnspec scan

The first option if you are using a shell such as `bash` or `zsh` that supports `|` redirects is to pipe the output of the `ansible-inventory -i hosts.ini --list` command to `cnspec scan --inventory-format-ansible`. For `FILENAME`, substitute the name of the inventory file.
The first option if you are using a shell such as `bash` or `zsh` that supports `|` redirects is to pipe the output of the `ansible-inventory -i hosts.ini --list` command to `cnspec scan --inventory-format-ansible`.

```bash title="Pipe the contents of an Ansible inventory to the cnspec scan command"
ansible-inventory -i hosts.ini --list | cnspec scan --inventory-format-ansible
ansible-inventory -i hosts.ini --list | cnspec scan --inventory-file - --inventory-format-ansible
```

##### Option B: Scan Ansible inventory hosts.json
Expand Down
20 changes: 19 additions & 1 deletion docs/platform/infra/opsys/automation/ansible.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -232,13 +232,31 @@ instance1 | SUCCESS => {

#### Step 2: Scan the Ansible inventory

The method for scanning an Ansible inventory depends on whether your shell supports `|`.

##### Option A: Pipe the Ansible inventory to cnspec scan

The first option if you are using a shell such as `bash` or `zsh` that supports `|` redirects is to pipe the output of the `ansible-inventory -i hosts.ini --list` command to `cnspec scan --inventory-format-ansible`. If the inventory file is

```bash title="Pipe the contents of an Ansible inventory to the cnspec scan command"
ansible-inventory -i hosts.ini --list | cnspec scan --inventory-file - --inventory-format-ansible
```

##### Option B: Scan Ansible inventory hosts.json

If your shell does not support pipes, you can generate a `hosts.json` from the `ansible-inventory` command and then pass that file to `cnspec scan` using the `--inventory-file` flag.

```bash title="Generate hosts.json and scan with cnspec scan command"
ansible-inventory -i hosts.ini --list > hosts.json
cnspec scan --inventory-file hosts.json --inventory-format-ansible
```

Generate a `hosts.json` file from the `ansible-inventory` command and then pass that file to `cnspec scan` using the `--inventory-file` flag.

```bash title="Generate hosts.json and scan with cnspec scan command"
ansible-inventory -i hosts.ini --list > hosts.json

cnspec scan --inventory-file hosts.json --inventory-format-ansible

```

Both cnspec and the Mondoo Console show results from each policy that runs against your assets.
Expand Down
Loading