ansible/playbooks/universe_update.yml

#
# This playboook updates every host in inventory
#

- name: set downtime
  hosts: all
  gather_facts: False
  user: root
  serial: 1

  tasks:

  - name: silence nagios completely
    nagios: action=silence
    delegate_to: noc01.iad2.fedoraproject.org
    ignore_errors: true
    failed_when: no
    when: nonagios is not defined or not "true" in nonagios

- name: update the world
  hosts: all
  gather_facts: True
  user: root

  tasks:

  - name: Apply updates
    package:
        state: latest
        name: "*"
        update_cache: true
    async: 7200
    poll: 30
    when: package_excludes is not defined
  
  - debug:
        msg: 
        - '!!!!!!!!!!!!!!!!!!! host {{ inventory_hostname }} has EXCLUDES OF {{ package_excludes }} !!!!!!!!!!!!!'
        - '!!!!!!!!!!!!!!!!!!! DANGER DANGER DANGER ^ CHECK THAT EXCLUDES ARE STILL NEEDED ^ !!!!!!!!!!!!!!!!!!!!'
    when: package_excludes is defined
    changed_when: true
  
  - name: Apply updates with excludes
    package:
        state: latest
        name: "*"
        update_cache: true
        exclude: "{{ package_excludes }}"
    async: 7200
    poll: 30
    when: package_excludes is defined

- name: run rkhunter if installed
  hosts:  all
  user: root

  tasks:
  - name: check for rkhunter
    command: /usr/bin/test -f /usr/bin/rkhunter
    register: rkhunter
    ignore_errors: true

  - name: run rkhunter --propupd
    command: /usr/bin/rkhunter --propupd
    when: rkhunter is success