Require explicit confirmation to run Ansible playbook


  # As an additional safeguard, this playbook requires the
  # 'apply_security_hardening' boolean set to True for it to apply security
  # hardening standards to a system.
- name: Apply security hardening configurations
  hosts: "{{ security_host_group|default('hosts') }}"
  gather_facts: "{{ osa_gather_facts | default(True) }}"
  user: root
    - role: "ansible-hardening"
      when: apply_security_hardening | bool
  environment: "{{ deployment_environment_variables | default({}) }}"
    - security

Then run with:

# Pass the flag directly via extra-vars
ansible-playbook -i environments/prod/hosts hardening.yml --extra-vars '{"apply_security_hardening": True}'

# If you need to pass more than a few arguments you can also specify the name of a json file that 
# contains the necessary overrides:
ansible-playbook -i environments/prod/hosts hardening.yml --extra-vars "@parameters.json"