added notification as well

.ansible-sign/sha256sum.txt

@@ -16,8 +16,8 @@ a8a29037770b73ab1e0ad0f05ae721e6430d7cc732dabbe22320840483fa8080  alertmanager.y
 b30ff084240d998e18bedf88c056f3b438205fef6bfe22d7e1cd663d83ad191b  nodeexporter_stop.yml
 8f9129583653af0ef47a35e953bd3a2f8ac996c734f0a84f7418cfebae933bd9  passwd_restore.yml
 6a584e1238c230b215f1231a8875aadcac9465af36b54d3bd23e4eb2677acb59  roles/insights_cve/defaults/main.yml
-4bf8aa42aa83349b4e61d76fdf6cc47a8580157e320b46d22ad910587b9e0f04  roles/insights_cve/tasks/main.yml
-102c3cf87fa224ae59988d1b5bef6d3b5b8f074bf8cc809f0f7df872b970ef58  roles/insights_cve/tasks/remediation.yml
+9eb104724608c9825164d4d76944a04803d65dd5649b1ab54b5673fc7443c4c5  roles/insights_cve/tasks/main.yml
+ff97aef329270a2f19e0683fd83259fc483c469e7e75812cf2a57251faaa9f62  roles/insights_cve/tasks/remediation.yml
 0bf80df4832bf561f376710842e657ac6224d2f84d60b8f1d6abd888f6df3479  roles/insights_cve/templates/pb_generator_body.j2
 10831b191942119573948bc7eb9779879207c25a8deb6bc7d1e1153bfdfec3f6  roles/servicenow_ticket/defaults/main.yml
 53bf49b79f8124b6e21231b5c110679de1fb9a2ad0d3d60322af29c2f588eef5  roles/servicenow_ticket/tasks/main.yml

.ansible-sign/sha256sum.txt.sig

@@ -1,14 +1,14 @@
 -----BEGIN PGP SIGNATURE-----
 
-iQGzBAABCAAdFiEE/bJvyFHKKJdaZDOLTiIiIXrUDNEFAmTva/4ACgkQTiIiIXrU
-DNHRBAv+IfnRH66+JLN98q/zrp1KY8DVr42CviPIG2agZz+jJHD3sIttPcglYXNA
-fMJTAj3L+LuvjV1e4WBePPjlv4mIa7oxdh0PgLeoNWQfQ3w709EOb1je4qlgmJgC
-R38QC94Bij3Y9Ez1zO0mdAbbQ8EQFKv3vb098Xv5UY2sBa0F3yxl49SblwQKOUUj
-KqZibArcOGQIpClC6/38YWzdqAEPDF1KPhpnKQ6eg2MCqgEPxmpNcxX3uhYdvl8Y
-8ZJDqUpDysJ6uH3GIUaqyoIt+3DbGDrCOHXdQX2VZXhFF4V8koNaX3IAPlCpWxDf
-B5nI0dSjkwgilZ2kVg5sfemH7IVQ6VyzrtUUMmt6oakyVF9u1+HLUekSB7mysx+n
-v7ZM8wQfQXLHjUpf1zqgE1du+T1RObN412+OHdAs23Yidr3EeIrCsLLwNj/z47Jn
-gsMvA1XAb/6erYSkIGR91cLBv5Y4Pcf34wgKXkNPE1r+fmaigtYuxLAy0Bj5XtvI
-mGfU74EM
-=OORZ
+iQGzBAABCAAdFiEE/bJvyFHKKJdaZDOLTiIiIXrUDNEFAmTvbb8ACgkQTiIiIXrU
+DNFULQwAsLDHVlq5zupOuHJ+MQZ/ZTssKo330mZGuuTQGnIZtrWI9xdqkvxyfMx5
+3FnVSjd6xqPNmpxz+FdzXIf7oN56E/F27dbCaa1j8Oxttwdi4IBiSzNbxZddz6R5
+hni4venHTZYf1F+H87A+xWhNR+ZGam1f0p6NksbhaD9pqx7/mvbw18Dbd1ltsv0V
+F3bG1JE3vk+HCVe9VDd73sZFWEi2sqNLUj2OUAfjx69w/5du+ZzRMbz+loTRUZEp
+KMZiQp5Tbv2YXnjeVWmMsUkD1zWHezTH9kmMoYkSKWI2SB7TtUCD26rzEPbJceui
+FYvz+0L//6Db1rvwQRRbwbZRepHtdGyk8Myth8WLlnmTvObVt01nCEbqIa/ChckM
+mh7boOlAWLhzJjA4LEAhntEbenYbUF+HGWfUDb+IrbBoWEB8cQYRcQz9KRf9uAGT
+UDlyr+vQDrO6OXY5KBUn6WOuQQSQIX8GzEhLj8thGplrCUtwvHH6x0Ju3JjWIlqD
+isI/m+nS
+=WykH
 -----END PGP SIGNATURE-----

roles/insights_cve/tasks/main.yml

@@ -105,75 +105,12 @@
         project: "Red Hat Insights"
         timeout: 60
 
-    - name: Include remediation tasks
+    - name: Perform remediation tasks using AAP
       ansible.builtin.include_tasks: remediation.yml
       loop: "{{ cve_list | first | split }}"
       loop_control:
         index_var: my_idx
 
-    # - name: Insights | Create playbooks locally
-    #   ansible.builtin.copy:
-    #     dest: "{{ playbook_dir }}/{{ item.item }}-remediation-{{ insights_adv_target_host }}.yml"
-    #     content: "{{ item.content }}"
-    #     mode: "0755"
-    #   loop: "{{ pbs_per_host.results }}"
-    #   delegate_to: localhost
-
-    # - name: Run CVE remediation playbook on "{{ insights_adv_target_host }}"
-    #   ansible.builtin.shell:
-    #     cmd: ansible-playbook -i azure_rm.yml -e ansible_user="{{ ansible_user }}" -e ansible_password="{{ ansible_password }}" "{{ playbook_dir }}/{{ item.item }}-remediation-{{ insights_adv_host_data.display_name }}.yml"
-    #   loop: "{{ pbs_per_host.results.id }}"
-    #   when:
-    #     - hostvars[inventory_hostname].insights_provider_type == 'azure'
-    #     - ansible_os_family == 'RedHat'
-    #     - ansible_facts['distribution'] == "RedHat"
-    #   delegate_to: localhost
-
-    # - name: Run CVE remediation playbook on "{{ insights_adv_target_host }}"
-    #   ansible.builtin.shell:
-    #     cmd: ansible-playbook -i aws_ec2.yml -e ansible_user="{{ ansible_user }}" -e ansible_ssh_private_key_file="/runner/artifacts/{{ tower_job_id }}/ssh_key_data" "{{ playbook_dir }}/{{ item.item }}-remediation-{{ insights_adv_host_data.display_name }}.yml"
-    #   loop: "{{ pbs_per_host.results }}"
-    #   when:
-    #     - hostvars[inventory_hostname].insights_provider_type == 'aws'
-    #     - ansible_os_family == 'RedHat'
-    #     - ansible_facts['distribution'] == "RedHat"
-    #     - ansible_password is not defined
-    #   delegate_to: localhost
-
-    # - name: Run CVE remediation playbook on "{{ insights_adv_target_host }}"
-    #   ansible.builtin.shell:
-    #     cmd: ansible-playbook -i aws_ec2.yml -e ansible_user="{{ ansible_user }}" -e ansible_password="{{ ansible_password }}" "{{ playbook_dir }}/{{ item.item }}-remediation-{{ insights_adv_host_data.display_name }}.yml"
-    #   loop: "{{ pbs_per_host.results }}"
-    #   when:
-    #     - hostvars[inventory_hostname].insights_provider_type == 'aws'
-    #     - ansible_os_family == 'RedHat'
-    #     - ansible_facts['distribution'] == "RedHat"
-    #     - ansible_password is defined
-    #   delegate_to: localhost
-
-    # - name: Send notification message via Mattermost of CVE resolved
-    #   community.general.mattermost:
-    #     url: "{{ mattermost_url }}"
-    #     api_key: "{{ mattermost_api_key }}"
-    #     attachments:
-    #       - text: "! ALERT !"
-    #         color: '#ff00dd'
-    #         title: "CVE Issue"
-    #         fields:
-    #           - title: Issue
-    #             value: "CVE Issue Resolved"
-    #             short: true
-    #           - title: Details
-    #             value: "CVE {{ item.item }} resolved on host {{ insights_adv_target_host }}."
-    #             short: true
-    #   loop: "{{ pbs_per_host.results }}"
-    #   when:
-    #     - hostvars[inventory_hostname].insights_provider_type == 'aws'
-    #     - ansible_os_family == 'RedHat'
-    #     - ansible_facts['distribution'] == "RedHat"
-    #     - ansible_password is defined
-    #   delegate_to: localhost
-
 - name: If no CVE_list
   when: cve_list is not defined
   block:

roles/insights_cve/tasks/remediation.yml

@@ -17,3 +17,20 @@
     name: "Insights Remediation"
     wait: true
   delegate_to: localhost
+
+- name: Send notification message via Mattermost of CVE resolved
+  community.general.mattermost:
+    url: "{{ mattermost_url }}"
+    api_key: "{{ mattermost_api_key }}"
+    attachments:
+      - text: "! ALERT !"
+        color: '#ff00dd'
+        title: "CVE Issue"
+        fields:
+          - title: Issue
+            value: "CVE Issue Resolved"
+            short: true
+          - title: Details
+            value: "CVE {{ item }} resolved on host {{ insights_adv_target_host }}."
+            short: true
+  delegate_to: localhost