We are using Ansible to build a base Red Hat OS. after this SOE Build we need to apply the patches for that we install BigFix agent in post task. Now, is there a way we can trigger patching with Ansible and use BigFix base line. please share any reference, thanks in advance.
Depends on your situation, In the past I templated down a configuration file on the endpoints to add them to a new build group. With an ongoing patching policy looking at group membership, the server would then be patched and kicked out of the group based on relevance.
We just completed an almost identical project. Using Ansible, drop a file to tag the machine as being ready for patching. That tag can either cause the computer to join a group or directly cause the relevance of the patching action previously opened. In your Ansible sequence, if you want to do more following the completion of the patching, just leverage the SOAP API to query the state of open action for the computer and when completed, proceed to the next phase. Ansible does have some problems with the sequence failing to re-connect to the computer following reboots so it worked best just leveraging the SOAP API.