---
# As an additional safeguard, this playbook requires the
# 'apply_security_hardening' boolean set to True for it to apply security
# hardening standards to a system.
- name: Apply security hardening configurations
hosts: "{{ security_host_group|default('hosts') }}"
gather_facts: "{{ osa_gather_facts | default(True) }}"
user: root
roles:
- role: "ansible-hardening"
when: apply_security_hardening | bool
environment: "{{ deployment_environment_variables | default({}) }}"
tags:
- security
Then run with:
# Pass the flag directly via extra-vars
ansible-playbook -i environments/prod/hosts hardening.yml --extra-vars '{"apply_security_hardening": True}'
# If you need to pass more than a few arguments you can also specify the name of a json file that
# contains the necessary overrides:
ansible-playbook -i environments/prod/hosts hardening.yml --extra-vars "@parameters.json"