# This playboook updates a virthost and all it's guests.
#
# requires --extra-vars="target=somevhostname yumcommand=update"
# Might add nodns=true or nonagios=true at extra-vars
#

---
- name: Find instances
  vars_prompt:
  - name: target
    prompt: What is the target vhost (to upgrade)
    private: false
  # Use a simple regexp to ignore spaces people might accidentally paste.
  hosts: "{{ target | regex_search('[-a-z0-9.]+')}}"
  gather_facts: false
  user: root

  tasks:
  - name: Get list of guests
    virt: command=list_vms
    register: vmlist

  - name: Add them to myvms_new group
    local_action: add_host hostname={{ item }} groupname=myvms_new
    with_items: '{{vmlist.list_vms}}'

  - name: Add the vmhost to target group
    # Use a simple regexp to ignore spaces people might accidentally paste.
    local_action: add_host hostname={{ target | regex_search('[-a-z0-9.]+') }} groupname=target

# Call out to another playbook.  Disable any proxies that may live here
# - include_playbook: update-proxy-dns.yml status=disable proxies=myvms_new:&proxies

- name: Set downtime
  hosts: "target:myvms_new"
  gather_facts: false
  user: root
  serial: 1

  tasks:

  - name: Schedule regular host downtime
    nagios: action=downtime minutes=30 service=host host={{ inventory_hostname_short }}{{ env_suffix }}
    delegate_to: noc01.iad2.fedoraproject.org
    ignore_errors: true
    failed_when: no
    when: nonagios is not defined or not "true" in nonagios

- name: Update the system
  hosts: "target:myvms_new"
  gather_facts: true
  user: root

  tasks:

  - name: Apply updates
    ansible.builtin.package:
      state: latest
      name: "*"
      update_cache: true
    async: 7200
    poll: 30
    when: package_excludes is not defined

  - debug:
      msg:
      - '!!!!!!!!!!!!!!!!!!! host {{ inventory_hostname }} has EXCLUDES OF {{ package_excludes }} !!!!!!!!!!!!!'
      - '!!!!!!!!!!!!!!!!!!! DANGER DANGER DANGER ^ CHECK THAT EXCLUDES ARE STILL NEEDED ^ !!!!!!!!!!!!!!!!!!!!'
    when: package_excludes is defined
    changed_when: true

  - name: Apply updates with excludes
    ansible.builtin.package:
      state: latest
      name: "*"
      update_cache: true
      exclude: "{{ package_excludes }}"
    async: 7200
    poll: 30
    when: package_excludes is defined

- name: Run rkhunter if installed
  hosts: "target:myvms_new"
  user: root

  tasks:
  - name: Check for rkhunter
    ansible.builtin.command: /usr/bin/test -f /usr/bin/rkhunter
    register: rkhunter
    ignore_errors: true

  - name: Run rkhunter --propupd
    ansible.builtin.command: /usr/bin/rkhunter --propupd
    when: rkhunter is success