diff --git a/playbooks/groups/mailman.yml b/playbooks/groups/mailman.yml index 78f22afdf9..765f5eddc2 100644 --- a/playbooks/groups/mailman.yml +++ b/playbooks/groups/mailman.yml @@ -33,6 +33,7 @@ - /srv/web/infra/ansible/roles/denyhosts - /srv/web/infra/ansible/roles/nagios_client - /srv/web/infra/ansible/roles/fas_client + - /srv/web/infra/ansible/roles/yum-cron tasks: # this is how you include other task lists diff --git a/roles/yum-cron/tasks/main.yml b/roles/yum-cron/tasks/main.yml new file mode 100644 index 0000000000..9e82a09a5d --- /dev/null +++ b/roles/yum-cron/tasks/main.yml @@ -0,0 +1,25 @@ +--- + +# +# This role adds yum cron package and configuration. +# We want this on any public facing Fedora installs so we +# can pick up security updates. +# + +- name: install yum-cron + yum: name=yum-cron state=present + tags: + - packages + when: ansible_distribution == 'Fedora' + +- name: install yum-cron.conf + template: src=yum-cron.conf.j2 dest=/etc/yum/yum-cron.conf mode=0644 + tags: + - config + when: ansible_distribution == 'Fedora' + +- name: enable yum-cron + copy: content="enable yum cron" dest=/var/lock/subsys/yum-cron mode=0644 + tags: + - config + when: ansible_distribution == 'Fedora' diff --git a/roles/yum-cron/templates/yum-cron.conf.j2 b/roles/yum-cron/templates/yum-cron.conf.j2 new file mode 100644 index 0000000000..ecefacff82 --- /dev/null +++ b/roles/yum-cron/templates/yum-cron.conf.j2 @@ -0,0 +1,76 @@ +[commands] +# What kind of update to use: +# default = yum upgrade +# security = yum --security upgrade +# security-severity:Critical = yum --sec-severity=Critical upgrade +# minimal = yum --bugfix upgrade-minimal +# minimal-security = yum --security upgrade-minimal +# minimal-security-severity:Critical = --sec-severity=Critical upgrade-minimal +update_cmd = security + +# Whether a message should emitted when updates are available. +update_messages = yes + +# Whether updates should be downloaded when they are available. Note +# that updates_messages must also be yes for updates to be downloaded. +download_updates = yes + +# Whether updates should be applied when they are available. Note +# that both update_messages and download_updates must also be yes for +# the update to be applied +apply_updates = yes + +# Maximum amout of time to randomly sleep, in minutes. The program +# will sleep for a random amount of time between 0 and random_sleep +# minutes before running. This is useful for e.g. staggering the +# times that multiple systems will access update servers. If +# random_sleep is 0 or negative, the program will run immediately. +random_sleep = 0 + + +[emitters] +# Name to use for this system in messages that are emitted. If +# system_name is None, the hostname will be used. +system_name = None + +# How to send messages. Valid options are stdio and email. If +# emit_via includes stdio, messages will be sent to stdout; this is useful +# to have cron send the messages. If emit_via includes email, this +# program will send email itself according to the configured options. +# If emit_via is None or left blank, no messages will be sent. +emit_via = stdio + +# The width, in characters, that messages that are emitted should be +# formatted to. +ouput_width = 80 + + +[email] +# The address to send email messages from. +email_from = root@localhost + +# List of addresses to send messages to. +email_to = root + +# Name of the host to connect to to send email messages. +email_host = localhost + + +[groups] +# List of groups to update +group_list = None + +# The types of group packages to install +group_package_types = mandatory, default + +[base] +# Use this to filter Yum core messages +# -4: critical +# -3: critical+errors +# -2: critical+errors+warnings (default) +debuglevel = -2 + +# override yum options of the same name +# skip_broken = True + +mdpolicy = group:main