generate_playbook
Generate a suggest-only Ansible playbook that remediates CVE matches and compliance gaps without executing it. Review with ansible-playbook --check before applying.
Instructions
Generate a suggest-only Ansible playbook from findings. Does NOT run it.
`system`: object from inventory_host. `cve_matches`: entries from
check_cves you want remediated (each becomes a package-upgrade task
citing the CVE). `compliance_areas`: topic hints (e.g. ["ssh", "sudo"])
- each resolved via map_compliance and, where a matching
konstruktoid.hardening role exists, referenced in the playbook's
`roles:` list instead of reimplemented. The header also cites the MITRE
ATT&CK techniques/mitigations each area addresses. Always review the
output with `ansible-playbook --check --diff` before applying.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| system | Yes | ||
| cve_matches | No | ||
| hosts_alias | No | ||
| compliance_areas | No |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |