23.32. os-other - RedHat O/S

The following documentation is for RedHat O/S (os-other) content package at version v4.6.0-beta01.97+g1e33864277dc9bbb839f71f1eff994a0c4f05c23.

The OS Other content pack contains examples of Digital Rebar Provision content to install and maintaining other Linux distributions not maintained in the main DRP Community Content.

OS versions include RHEL Server, VMware Photon, etc.

23.32.1. Object Specific Documentation

23.32.1.1. stages

The content package provides the following stages.

23.32.1.1.1. rhel-server-8-dvd-install

Uses the RHEL 8 server full dvd ISO to install. Enables installation from local ISO as the repo source.

Note that centos-drp-only-repos is valid with Redhat systems.

23.32.1.1.2. rhel-to-sledgehammer

RHEL Make Sure To Go To Sledgehammer

23.32.1.1.3. redhat-subscription-register

Register the machine to Redhat Subscription Manager, and activate the repos specified in redhat/subscription-repos Param.

If the redhat/subscription-skip-activation is false (the default value), then you MUST set the redhat/subscription-username and redhat/subscription-password Params. Your subscription entitlement must have an active subscription right for Red Hat Enterprise Linux.

If no valid entitlement is found, the register process will fail and the workflow will stop.

23.32.1.1.4. redhat-subscription-unregister

Unregister the system from the Red Hat Subscription management service.

Used for decommission workflow to cleanly release an activated subscription for reuse elsewhere. If you do not run this process, then you must release the subscription from the Redhat portal at:

https://access.redhat.com/management/systems

If the redhat/subscription-skip-activation Param is set to true, then unregister process will also skip.

23.32.1.1.5. rhel-server-7-install

Uses the RHEL 7 server DVD ISO to install. Enables installation from local ISO as the repo source.

Note that centos-drp-only-repos is valid with Redhat systems.

23.32.1.1.6. rhel-server-8-boot-install

Uses the RHEL 8 server boot ISO (minimal) to install. Enables installation from local ISO as the repo source.

Note that centos-drp-only-repos is valid with Redhat systems.

23.32.1.2. tasks

The content package provides the following tasks.

23.32.1.2.1. redhat-subscription-register

A task to register this Machine for Redhat Subscription Network and repos

23.32.1.2.2. redhat-subscription-unregister

A task to unregister machine from Redhat Subscription Network

23.32.1.2.3. systemd-networkd-bootif-only

If the Param systemd-networkd-bootif-only is set to true, then the current booted NIC will be left enabled, and all other NICs will be forced to be ignored (unmanaged).

This may be necessary in some environments where the system has multiple NICs on the same Layer 2 network, allowing them to all receive IP address assignments via DHCP, causing confusion to the network stack.

23.32.1.3. workflows

The content package provides the following workflows.

23.32.1.3.1. photon-3-base

This workflow includes the DRP Runner in Photon OS provisioning process for DRP.

After the install completes, the workflow installs the runner in a waiting state so that DRP will automatically detect and start a new workflow if the Machine.Workflow is updated.

23.32.1.3.2. photon-4-base

This workflow includes the DRP Runner in Photon OS provisioning process for DRP.

After the install completes, the workflow installs the runner in a waiting state so that DRP will automatically detect and start a new workflow if the Machine.Workflow is updated.

23.32.1.3.3. rhel-server-7-install

Warning

DEPRECATED - This workflow will be removed from future versions of DRP. Please use the universal content pack and workflows. See kb-00061: Deploying Linux with Universal Workflows and Deprecations.

This workflow includes the DRP Runner in RHEL provisioning process for DRP.

After the install completes, the workflow installs the runner in a waiting state so that DRP will automatically detect and start a new workflow if the Machine.Workflow is updated.

NOTE: To enable, upload the RHEL ISO as per the rhel-7-install BootEnv

23.32.1.3.4. rhel-server-7-reset

Warning

DEPRECATED - This workflow will be removed from future versions of DRP. Please use the universal content pack and workflows. See kb-00061: Deploying Linux with Universal Workflows and Deprecations.

This workflow includes the DRP Runner in RHEL provisioning process for DRP. It also will register the system with Redhat Subscription Manager. Requires the redhat/subscription-username and redhat/subscription-password Params are specified with values that have entitlement for Redhat Server subscritpion.

After the install completes, the workflow installs the runner in a waiting state so that DRP will automatically detect and start a new workflow if the Machine.Workflow is updated.

NOTE: To enable, upload the RHEL ISO as per the rhel-7-install BootEnv

23.32.1.3.5. rhel-server-8-dvd-install

Warning

DEPRECATED - This workflow will be removed from future versions of DRP. Please use the universal content pack and workflows. See kb-00061: Deploying Linux with Universal Workflows and Deprecations.

This workflow includes the DRP Runner in RHEL provisioning process for DRP.

After the install completes, the workflow installs the runner in a waiting state so that DRP will automatically detect and start a new workflow if the Machine.Workflow is updated.

Note

To enable, upload the RHEL ISO as per the rhel-server-8-dvd-install BootEnv

23.32.1.4. bootenvs

The content package provides the following bootenvs.

23.32.1.4.3. rhel-server-7-install

This BootEnv installs the RHEL Server 7.9 operating system from the DVD ISO.

The ISO can be downloaded from the RedHat Access website with an authorized login and account. The website is typically found at:

23.32.1.4.4. rhel-server-7.7-install

This BootEnv installs the RHEL Server 7.7 operating system from the DVD ISO.

The ISO can be downloaded from the RedHat Access website with an authorized login and account. The website is typically found at:

23.32.1.4.5. rhel-server-8-boot-install

This BootEnv installs the RHEL Server 8 operating system from the boot (minimal) ISO.

23.32.1.4.6. rhel-server-8-dvd-install

This BootEnv installs the RHEL Server 8 operating system from the full dvd ISO. By default, it will install as a trial with no registration. This is specified by the redhat/subscription-username parameter with the default username of “trial” and redhat/subscription-password blank. Adding a password and/or changing the username will be verified by RedHat’s servers and the install will hang if it fails. You can also completely skip registration even with the username and password parameters set by adding the redhat/subscription-skip-activation parameter.

The ISO can be downloaded from the RedHat Access website with an authorized login and account. The website is typically found at:

23.32.1.4.7. rhel-server-8.2-dvd-install

This BootEnv installs the RHEL Server 8.2 operating system from the full dvd ISO. By default, it will install as a trial with no registration. This is specified by the redhat/subscription-username parameter with the default username of “trial” and redhat/subscription-password blank. Adding a password and/or changing the username will be verified by RedHat’s servers and the install will hang if it fails. You can also completely skip registration even with the username and password parameters set by adding the redhat/subscription-skip-activation parameter.

The ISO can be downloaded from the RedHat Access website with an authorized login and account. The website is typically found at:

23.32.1.5. params

The content package provides the following params.

23.32.1.5.1. redhat/kickstart-shell

During the Kickstart installation process, it is now possible in RHEL and CentOS to activate an SSH login and shell for debugging or troubleshooting while the system is installing.

This param by default will activate the SSH Shell and use the defaults of rocketskates for username, and password of RocketSkates for that user. These values can be overridden with the use of the provisioner-default-user and provisioner-default-password-hash Params.

Additionally, if an SSH Public key half is provided in provisioner-access-key, then that SSH Public key half will be added to the authorized_keys.

23.32.1.5.2. photon-network-template

This string contains the name of a Photon network configuration template. The Photon OS network configuration is based on JSON syntax, and documentation can be found at:

The Template must be in correct JSON format, and should follow the same format as found in the default partitioning template:

  • photon-network-default.json.tmpl (the default value)
  • or photon-network-static_EXAMPLE.json.tmpl
  • or photon-network-vlan_EXAMPLE.json.tmpl

Warning

You must include the trailing JSON comma in custom partitioning templates, see the above EXAMPLE marked templates for … well … examples.

The string will be expanded into the following template name:

photon-network-<string>.json.tmpl

e.g. a value of static_EXAMPLE would expand to use the template photon-network-static_EXAMPLE.json.tmpl.

23.32.1.5.3. photon-bootmode

Define the BIOS / EFI boot mode, can be one of:

bios
efi
dualboot

Defaults to dualboot.

23.32.1.5.4. redhat/pwpolicy

This Param is an array of configuration values to add in to the Kickstart to define the pwpolicy directive. By default, the password policy will be set to:

pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty

Here are some examples of setting this Param:

YAML format:

redhat/pwpolicy:
  - "pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty"
  - "pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok"
  - "pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty"
JSON format:
[
  "pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty",
  "pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok",
  "pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty"
]

23.32.1.5.5. redhat/subscription-skip-activation

Boolean value that tells the redhat subscription mananger stage to skip setting up and activating. Mainly used in debugging workflows.

Additionally, if this is set to true, the unregister process will skip as well.

23.32.1.5.6. systemd-networkd-bootif-only

If this param is set to true, then all interfaces except the identified Booting Interface will be disabled. The SystemD network rules file (99-dhcp-en.network) will have the Name= stanza modified to only support the found boot interface NIC.

Defaults to false.

23.32.1.5.7. oscap/enabled

This param enables or disables rendering OpenSCAP configuration elements in to the Kickstart or Preseed files during OS installation.

By default, this is disabled (false).

In addition to setting this to true, the operator must define which OpenSCAP profile, packages, and configuration should be supported. This is done by setting the oscap/configuration map on the Machine. Examples can be found in the oscap/configuration Param documentation.

Additional details about the OpenSCAP system an possible values can be found in Redhat’s RHEL guides and the OpenSCAP websites:

23.32.1.5.8. redhat/rhsm-additional

Specifies the Redhat Subscription Network information used by the installation process to register systems during installs.

The the subscription must be activated in advance for systems to be registered during installation. This is typically done through the RHSN web portal, or other tools.

The redhat/rhsm-organization and redhat/rhsm-activation values are required Params if the install time activation is requested.

The additional RHSN install time options can be added to the kickstart rhsm directive via the use of this Param. Specify the free-form command line options to supplement the Organization and Activation details.

Example value for this string:

  • --connect-to-insights --proxy=https://proxy.local:8080

The currently documented list of options are as follows:

--organization=       - Uses the organization id to register and install RHEL from the CDN.
--activation-key=     - Uses the activation key to register and install RHEL from the CDN.
                        Multiple keys can be used, as long as the activation keys are
                        registered to your subscription.
--connect-to-insights - Connects the target system to Red Hat Insights.
--proxy=              - Sets the HTTP proxy.
--server-hostname=    - Sets the server hostname. Use this option if you are running
                        Satellite Server or performing internal testing.
--rhsm-baseurl=       - Sets the rhs

23.32.1.5.9. redhat/subscription-repos

This is an array of strings where each string a repo name to apply to the subscription-manager repos ... command.

If not specified the following repos will be enabled automatically:

  • rhel-7-server-rpms
  • rhel-7-server-extras-rpms
  • rhel-7-server-optional-rpms
  • rhel-7-server-ansible-2.8-rpms
  • rhel-7-server-rhn-tools-rpms
  • rhel-7-server-rh-common-rpms
  • rhel-7-server-supplementary-rpms

The following list is the current list as of June 11 2020, as provided by the following command, on a RHEL Server 8.2 system:

  • subscription-manager repos --list | egrep "^Repo ID: " | awk ' { print $NF } ' | sort -n
ansible-2.8-for-rhel-8-x86_64-debug-rpms
ansible-2.8-for-rhel-8-x86_64-rpms
ansible-2.8-for-rhel-8-x86_64-source-rpms
ansible-2.9-for-rhel-8-x86_64-debug-rpms
ansible-2.9-for-rhel-8-x86_64-rpms
ansible-2.9-for-rhel-8-x86_64-source-rpms
ansible-2-for-rhel-8-x86_64-debug-rpms
ansible-2-for-rhel-8-x86_64-rpms
ansible-2-for-rhel-8-x86_64-source-rpms
codeready-builder-for-rhel-8-x86_64-debug-rpms
codeready-builder-for-rhel-8-x86_64-eus-debug-rpms
codeready-builder-for-rhel-8-x86_64-eus-rpms
codeready-builder-for-rhel-8-x86_64-eus-source-rpms
codeready-builder-for-rhel-8-x86_64-rpms
codeready-builder-for-rhel-8-x86_64-source-rpms
openstack-15-tools-for-rhel-8-x86_64-debug-rpms
openstack-15-tools-for-rhel-8-x86_64-rpms
openstack-15-tools-for-rhel-8-x86_64-source-rpms
openstack-16-tools-for-rhel-8-x86_64-debug-rpms
openstack-16-tools-for-rhel-8-x86_64-rpms
openstack-16-tools-for-rhel-8-x86_64-source-rpms
rhel-8-for-x86_64-appstream-debug-rpms
rhel-8-for-x86_64-appstream-e4s-debug-rpms
rhel-8-for-x86_64-appstream-e4s-rpms
rhel-8-for-x86_64-appstream-e4s-source-rpms
rhel-8-for-x86_64-appstream-eus-debug-rpms
rhel-8-for-x86_64-appstream-eus-rpms
rhel-8-for-x86_64-appstream-eus-source-rpms
rhel-8-for-x86_64-appstream-rpms
rhel-8-for-x86_64-appstream-source-rpms
rhel-8-for-x86_64-baseos-debug-rpms
rhel-8-for-x86_64-baseos-e4s-debug-rpms
rhel-8-for-x86_64-baseos-e4s-rpms
rhel-8-for-x86_64-baseos-e4s-source-rpms
rhel-8-for-x86_64-baseos-eus-debug-rpms
rhel-8-for-x86_64-baseos-eus-rpms
rhel-8-for-x86_64-baseos-eus-source-rpms
rhel-8-for-x86_64-baseos-rpms
rhel-8-for-x86_64-baseos-source-rpms
rhel-8-for-x86_64-highavailability-debug-rpms
rhel-8-for-x86_64-highavailability-e4s-debug-rpms
rhel-8-for-x86_64-highavailability-e4s-rpms
rhel-8-for-x86_64-highavailability-e4s-source-rpms
rhel-8-for-x86_64-highavailability-eus-debug-rpms
rhel-8-for-x86_64-highavailability-eus-rpms
rhel-8-for-x86_64-highavailability-eus-source-rpms
rhel-8-for-x86_64-highavailability-rpms
rhel-8-for-x86_64-highavailability-source-rpms
rhel-8-for-x86_64-resilientstorage-debug-rpms
rhel-8-for-x86_64-resilientstorage-eus-debug-rpms
rhel-8-for-x86_64-resilientstorage-eus-rpms
rhel-8-for-x86_64-resilientstorage-eus-source-rpms
rhel-8-for-x86_64-resilientstorage-rpms
rhel-8-for-x86_64-resilientstorage-source-rpms
rhel-8-for-x86_64-rt-debug-rpms
rhel-8-for-x86_64-rt-rpms
rhel-8-for-x86_64-rt-source-rpms
rhel-8-for-x86_64-sap-netweaver-debug-rpms
rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms
rhel-8-for-x86_64-sap-netweaver-e4s-rpms
rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms
rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms
rhel-8-for-x86_64-sap-netweaver-eus-rpms
rhel-8-for-x86_64-sap-netweaver-eus-source-rpms
rhel-8-for-x86_64-sap-netweaver-rpms
rhel-8-for-x86_64-sap-netweaver-source-rpms
rhel-8-for-x86_64-sap-solutions-debug-rpms
rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms
rhel-8-for-x86_64-sap-solutions-e4s-rpms
rhel-8-for-x86_64-sap-solutions-e4s-source-rpms
rhel-8-for-x86_64-sap-solutions-eus-debug-rpms
rhel-8-for-x86_64-sap-solutions-eus-rpms
rhel-8-for-x86_64-sap-solutions-eus-source-rpms
rhel-8-for-x86_64-sap-solutions-rpms
rhel-8-for-x86_64-sap-solutions-source-rpms
rhel-8-for-x86_64-supplementary-debug-rpms
rhel-8-for-x86_64-supplementary-eus-debug-rpms
rhel-8-for-x86_64-supplementary-eus-rpms
rhel-8-for-x86_64-supplementary-eus-source-rpms
rhel-8-for-x86_64-supplementary-rpms
rhel-8-for-x86_64-supplementary-source-rpms
rhel-atomic-7-cdk-2.3-debug-rpms
rhel-atomic-7-cdk-2.3-rpms
rhel-atomic-7-cdk-2.3-source-rpms
rhel-atomic-7-cdk-2.4-debug-rpms
rhel-atomic-7-cdk-2.4-rpms
rhel-atomic-7-cdk-2.4-source-rpms
rhel-atomic-7-cdk-3.0-beta-debug-rpms
rhel-atomic-7-cdk-3.0-beta-source-rpms
rhel-atomic-7-cdk-3.0-debug-rpms
rhel-atomic-7-cdk-3.0-rpms
rhel-atomic-7-cdk-3.0-source-rpms
rhel-atomic-7-cdk-3.10-rpms
rhel-atomic-7-cdk-3.11-rpms
rhel-atomic-7-cdk-3.12-rpms
rhel-atomic-7-cdk-3.1-debug-rpms
rhel-atomic-7-cdk-3.1-rpms
rhel-atomic-7-cdk-3.1-source-rpms
rhel-atomic-7-cdk-3.2-debug-rpms
rhel-atomic-7-cdk-3.2-rpms
rhel-atomic-7-cdk-3.2-source-rpms
rhel-atomic-7-cdk-3.3-debug-rpms
rhel-atomic-7-cdk-3.3-rpms
rhel-atomic-7-cdk-3.3-source-rpms
rhel-atomic-7-cdk-3.4-debug-rpms
rhel-atomic-7-cdk-3.4-rpms
rhel-atomic-7-cdk-3.4-source-rpms
rhel-atomic-7-cdk-3.5-debug-rpms
rhel-atomic-7-cdk-3.5-rpms
rhel-atomic-7-cdk-3.5-source-rpms
rhel-atomic-7-cdk-3.6-debug-rpms
rhel-atomic-7-cdk-3.6-rpms
rhel-atomic-7-cdk-3.6-source-rpms
rhel-atomic-7-cdk-3.7-rpms
rhel-atomic-7-cdk-3.8-rpms
rhel-atomic-7-cdk-3.9-rpms
rh-gluster-3-client-for-rhel-8-x86_64-debug-rpms
rh-gluster-3-client-for-rhel-8-x86_64-rpms
rh-gluster-3-client-for-rhel-8-x86_64-source-rpms
rhv-4-tools-beta-for-rhel-8-x86_64-debug-rpms
rhv-4-tools-beta-for-rhel-8-x86_64-rpms
rhv-4-tools-beta-for-rhel-8-x86_64-source-rpms
rhv-4-tools-for-rhel-8-x86_64-debug-rpms
rhv-4-tools-for-rhel-8-x86_64-rpms
rhv-4-tools-for-rhel-8-x86_64-source-rpms
satellite-tools-6.5-for-rhel-8-x86_64-debug-rpms
satellite-tools-6.5-for-rhel-8-x86_64-e4s-debug-rpms
satellite-tools-6.5-for-rhel-8-x86_64-e4s-rpms
satellite-tools-6.5-for-rhel-8-x86_64-e4s-source-rpms
satellite-tools-6.5-for-rhel-8-x86_64-eus-debug-rpms
satellite-tools-6.5-for-rhel-8-x86_64-eus-rpms
satellite-tools-6.5-for-rhel-8-x86_64-eus-source-rpms
satellite-tools-6.5-for-rhel-8-x86_64-rpms
satellite-tools-6.5-for-rhel-8-x86_64-source-rpms
satellite-tools-6.6-for-rhel-8-x86_64-debug-rpms
satellite-tools-6.6-for-rhel-8-x86_64-e4s-debug-rpms
satellite-tools-6.6-for-rhel-8-x86_64-e4s-rpms
satellite-tools-6.6-for-rhel-8-x86_64-e4s-source-rpms
satellite-tools-6.6-for-rhel-8-x86_64-eus-debug-rpms
satellite-tools-6.6-for-rhel-8-x86_64-eus-rpms
satellite-tools-6.6-for-rhel-8-x86_64-eus-source-rpms
satellite-tools-6.6-for-rhel-8-x86_64-rpms
satellite-tools-6.6-for-rhel-8-x86_64-source-rpms
satellite-tools-6.7-for-rhel-8-x86_64-debug-rpms
satellite-tools-6.7-for-rhel-8-x86_64-e4s-debug-rpms
satellite-tools-6.7-for-rhel-8-x86_64-e4s-rpms
satellite-tools-6.7-for-rhel-8-x86_64-e4s-source-rpms
satellite-tools-6.7-for-rhel-8-x86_64-eus-debug-rpms
satellite-tools-6.7-for-rhel-8-x86_64-eus-rpms
satellite-tools-6.7-for-rhel-8-x86_64-eus-source-rpms
satellite-tools-6.7-for-rhel-8-x86_64-rpms
satellite-tools-6.7-for-rhel-8-x86_64-source-rpms
satellite-tools-6-beta-for-rhel-8-x86_64-debug-rpms
satellite-tools-6-beta-for-rhel-8-x86_64-rpms
satellite-tools-6-beta-for-rhel-8-x86_64-source-rpms

23.32.1.5.10. photon-base-packages

This is an array of strings where each string is a package or meta package name to install during the initial OS install.

Defaults to:

minimal
linux
initramfs

23.32.1.5.11. redhat/rhsm-activation-key

Specifies the Redhat Subscription Network information used by the installation process to register systems during installs.

The the subscription must be activated in advance for systems to be registered during installation. This is typically done through the RHSN web portal, or other tools.

The redhat/rhsm-organization and redhat/rhsm-activation values are BOTH required Params if the install time activation is requested.

The activation key is specific to each machine being activated, it must not be applied to any more than one Machine.

23.32.1.5.12. redhat/rhsm-organization

Specifies the Redhat Subscription Network information used by the installation process to register systems during installs.

The the subscription must be activated in advance for systems to be registered during installation. This is typically done through the RHSN web portal, or other tools.

This Params does NOT have a defined default value, as the kickstart template uses the non-existence (.ParamExists) check to trigger injecting the rhsm directive.

Note

The redhat/rhsm-organization and redhat/rhsm-activation values are BOTH required Params if the install time activation is requested.

23.32.1.5.13. redhat/subscription-gpg-keys

This is an array of strings where each string is a Yum Repo GPG key to import. Specify either rendered keys (file path) on the system, or a URL reference to the key.

If not specified, the primary Redhat keys will be added, as referenced at https://access.redhat.com/security/team/key

23.32.1.5.14. redhat/subscription-password

Specifies the Redhat Subscription Manager password for activating this redhat server with.

23.32.1.5.15. redhat/subscription-username

Specifies the Redhat Subscription Manager username for activating this redhat server with.

Defaults to “trial” and combined with no password parameter will install the system in trial mode with no registration. Changing the username and/or password parameter will cause a subscription attempt with the specified parameters. Registration can be skipped even with a username and password specified by setting the “redhat/subscription-skip-activation” parameter to true.

The username must have entitlement rights to actiave a subscription for Redhat Server Enterprise Linux.

23.32.1.5.16. oscap/configuration

OpenSCAP is a framework for providing security auditing of an Operating System. This Param contains sections to be used to control the OpenSCAP profile installation options.

Use of this Param requires that the oscap/enabled Param is set to true.

There are two primary configuration sections of this Param object; the packages, and the profile.

packages section

The Packages section defines an array of additional packages that should be installed during the kickstart/preseed process in support of the selected OpenSCAP profile that is installed. This is an array (list) of packages; one per element in the list.

profile section

The profile section utilized key = value pairs which are directly mapped in to the Kickstart/Preseed to be used by the OpenSCAP tool to define the configuration. This is an array (list) of strings, that should each contain a key = value configuration setting.

example

Example configurations that complies with the PCI-DSS OpenSCAP profile configuration are below.

YAML Format example:
packages:
  - aide
  - libreswan
  - opensc
  - openscap
  - openscap-scanner
  - pcsc-lite
  - scap-security-guide
profile:
  - "content-type = scap-security-guide"
  - "profile = xccdf_org.ssgproject.content_profile_pci-dss"
JSON Format example:
{
  "packages": [
    "aide",
    "libreswan",
    "opensc",
    "openscap",
    "openscap-scanner",
    "pcsc-lite",
    "scap-security-guide"
  ],
  "profile": [
    "content-type = scap-security-guide",
    "profile = xccdf_org.ssgproject.content_profile_pci-dss"
  ]
}