doc: update Ansible Role documentation

README.md

@@ -4,9 +4,9 @@ lucab85.ansible_role_log4shell
 [![CI](https://github.com/lucab85/ansible-role-log4shell/actions/workflows/ci.yml/badge.svg)](https://github.com/lucab85/ansible-role-log4shell/actions/workflows/ci.yml)
 [![Release](https://github.com/lucab85/ansible-role-log4shell/actions/workflows/release.yml/badge.svg)](https://github.com/lucab85/ansible-role-log4shell/actions/workflows/release.yml)
 
-Ansible playbook to verify target Linux hosts using the official Red Hat Log4j detector script RHSB-2021-009 for Log4Shell (CVE-2021-44228).
+Ansible role to scan target Linux hosts using the official Red Hat Log4j detector script RHSB-2021-009 for Log4Shell (CVE-2021-44228).
 
-[Red Hat version 1.2 detector 2021-12-20](https://access.redhat.com/security/vulnerabilities/RHSB-2021-009).
+Tested with [Red Hat version 1.2 detector 2021-12-20](https://access.redhat.com/security/vulnerabilities/RHSB-2021-009).
 
 Ansible Playbook
 ------------
@@ -21,7 +21,7 @@ ansible 2.9+
 Role Variables
 --------------
 
-default values:
+The default variable values - `defaults/main.yml`:
 
 ```yaml
 sh_detector: "cve-2021-44228--2021-12-20-1836.sh"
@@ -32,22 +32,24 @@ detector_dir: "/opt/cve-2021-44228/"
 detector_run_dir: 'tmp'
 detector_options: '-n -d --no-progress --scan {{ detector_path }}'
 gpg_keyid: '7514F77D8366B0D9'
+gpg_server: "pgp.mit.edu"
 clean_run_before: true
 delete_after: true
-verify_gpg: true
+verify_gpg: false
 ```
 
-- sh_detector: the filename of the detector bash script file
-- sh_signature: the filename of the detector GPG signature file
-- detector_baseurl: the base URL to download the previous files
-- detector_path: the path to inspect (default `/var/`)
-- detector_dir: the download path of the detector (default `detector_dir`)
-- detector_run_dir: the subdirectory to create before the run (default `opt`)
-- detector_options: the command lines options for detector script (default `-n -d --no-progress --scan {{ detector_path }}`)
-- gpg_keyid: the GPG public key to download for the verification (default Red Hat Product Security `7514F77D8366B0D9`)
-- clean_run_before: remove the run directory and recreate before the execution - detector requires empty directory (default `true`)
-- delete_after: remove the _detector_dir_ the execution (default `true`)
-- verify_gpg: perform the GPG signature donwload and verification (default: `true`)
+- `sh_detector`: the filename of the detector bash script file
+- `sh_signature`: the filename of the detector GPG signature file
+- `detector_baseurl`: the base URL to download the previous files
+- `detector_path`: the path to inspect (default `/var/`)
+- `detector_dir`: the download path of the detector (default `detector_dir` - `/opt/cve-2021-44228/`) Note: volume requires exec permission!
+- `detector_run_dir`: the subdirectory to create before the run (default `tmp`)
+- `detector_options`: the command lines options for detector script (default `-n -d --no-progress --scan {{ detector_path }}`)
+- `gpg_keyid`: the GPG public key to download for the verification (default Red Hat Product Security `7514F77D8366B0D9`)
+- `gpg_server`: the GPG server where to download the GPG public key (default `pgp.mit.edu`)
+- `clean_run_before`: remove the run directory and recreate before the execution - detector requires an empty directory (default `true`)
+- `delete_after`: remove the _detector_dir_ after the execution (default `false`)
+- `verify_gpg`: perform the GPG signature download and verification (default: `false`)
 
 
 Dependencies
@@ -58,7 +60,7 @@ None.
 Download
 ------------
 
-Code also available in Ansible Galaxy role [lucab85.ansible_role_log4shell](https://galaxy.ansible.com/lucab85/ansible_role_log4shell)
+First download the latest version of Ansible role [lucab85.ansible_role_log4shell](https://galaxy.ansible.com/lucab85/ansible_role_log4shell) Ansible Galaxy:
 
 ```bash
 ansible-galaxy install lucab85.ansible_role_log4shell
@@ -68,7 +70,7 @@ ansible-galaxy install lucab85.ansible_role_log4shell
 Example Playbook
 ----------------
 
-Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+This is an example of how to use the `lucab85.ansible_role_log4shell` role (with variables passed in as parameters):
 
 ```yaml
 ---