{"id":19963724,"url":"https://github.com/cyberark/cpm","last_synced_at":"2026-03-15T21:05:52.981Z","repository":{"id":38195184,"uuid":"155053767","full_name":"cyberark/cpm","owner":"cyberark","description":"Ansible role to deploy Cyberark Central Policy Manager","archived":false,"fork":false,"pushed_at":"2023-08-01T23:02:13.000Z","size":146,"stargazers_count":14,"open_issues_count":8,"forks_count":12,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-06-12T04:52:54.881Z","etag":null,"topics":["ansible-role","automation","conjbot-skip-stalepr","cyberark"],"latest_commit_sha":null,"homepage":"https://www.cyberark.com/products/privileged-account-security-solution/enterprise-password-vault/","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cyberark.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-10-28T09:20:51.000Z","updated_at":"2024-03-09T14:40:07.000Z","dependencies_parsed_at":"2023-02-14T02:31:08.861Z","dependency_job_id":null,"html_url":"https://github.com/cyberark/cpm","commit_stats":null,"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Fcpm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Fcpm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Fcpm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Fcpm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cyberark","download_url":"https://codeload.github.com/cyberark/cpm/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224374728,"owners_count":17300702,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible-role","automation","conjbot-skip-stalepr","cyberark"],"created_at":"2024-11-13T02:17:13.269Z","updated_at":"2026-03-15T21:05:47.954Z","avatar_url":"https://github.com/cyberark.png","language":"PowerShell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# CPM Ansible Role\nThis Ansible Role will deploy and install CyberArk Central Policy Manager including the pre-requisites, application, hardening and connect to an existing Vault environment.\n\n\n## Requirements\n------------\n- Windows 2016 installed on the remote host\n- WinRM open on port 5986 (**not 5985**) on the remote host \n- Pywinrm is installed on the workstation running the playbook\n- The workstation running the playbook must have network connectivity to the remote host\n- The remote host must have Network connectivity to the CyberArk vault and the repository server\n  - 443 port outbound\n  - 1858 port outbound \n- Administrator access to the remote host \n- CPM CD image\n\n\n## Role Variables\nThese are the variables used in this playbook:\n\n### Flow Variables\nVariable                         | Required     | Default                                   | Comments\n:--------------------------------|:-------------|:------------------------------------------|:---------\ncpm_prerequisites                | no           | false                                     | Install CPM pre requisites\ncpm_install                      | no           | false                                     | Install CPM\ncpm_hardening                    | no           | false                                     | Apply CPM hardening \ncpm_registration                 | no           | false                                     | Connect CPM to the Vault\ncpm_clean                        | no           | false                                     | N/A\n\n### Deployment Variables\nVariable                         | Required     | Default                                              | Comments\n:--------------------------------|:-------------|:-----------------------------------------------------|:---------\nvault_ip                         | yes          | None                                                 | Vault IP to perform registration\nvault_port                       | no           | **1858**                                             | Vault port\nvault_username                   | no           | **administrator**                                    | Vault username to perform registration\nvault_password                   | yes          | None                                                 | Vault password to perform registration\nsecure_vault_password            | no           | None                                                 | Secure Vault password to perform registration\ndr_vault_ip                      | no           | None                                                 | Vault DR IP address to perform registration\naccept_eula                      | yes          | **\"No\"**                                             | Accepting EULA condition \ncpm_zip_file_path                | yes          | None                                                 | CyberArk CPM installation Zip file package path\ncpm_installation_drive           | no           | **C:**                                               | Destination installation drive\ncpm_username                     | no           | **PasswordManager**                                  | Vault Component's username\n\n## Dependencies\nNone\n\n## Usage\nThe role consists of a number of different tasks which can be enabled or disabled for the particular\nrun.\n\n`cpm_install`\n\nThis task will deploy the CPM to required folder and validate successful deployment.\n\n`cpm_hardening`\n\nThis task will run the CPM hardening process.\n\n`cpm_registration`\n\nThis task will perform registration with active Vault.\n\n`cpm_validateparameters`\n\nThis task will validate which CPM steps have already occurred on the server to prevent repetition.\n\n`cpm_clean`\n\nThis task will clean the configuration (inf) files from the installation, delete the\nCPM installation logs from the Temp folder and delete the cred files.\n\n## Example Playbook\nBelow is an example of how you can incorporate this role into an Ansible playbook\nto call the CPM role with several parameters:\n\n```\n---\n- include_role:\n    name: cpm\n  vars:\n    - cpm_prerequisites: true\n    - cpm_install: true\n    - cpm_hardening: true\n    - cpm_registration: true\n```\n\n## Running the  playbook:\nFor an example of how to incorporate this role into a complete playbook, please see the\n**[pas-orchestrator](https://github.com/cyberark/pas-orchestrator)** example.\n\n## License\nApache License, Version 2.0\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyberark%2Fcpm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcyberark%2Fcpm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyberark%2Fcpm/lists"}