94 lines
2.6 KiB
YAML
94 lines
2.6 KiB
YAML
# This playboook updates a virthost and all it's guests.
|
|
#
|
|
# requires --extra-vars="target=somevhostname yumcommand=update"
|
|
# Might add nodns=true or nonagios=true at extra-vars
|
|
#
|
|
|
|
---
|
|
- name: Find instances
|
|
vars_prompt:
|
|
- name: target
|
|
prompt: What is the target vhost (to upgrade)
|
|
private: false
|
|
# Use a simple regexp to ignore spaces people might accidentally paste.
|
|
hosts: "{{ target | regex_search('[-a-z0-9.]+')}}"
|
|
gather_facts: false
|
|
user: root
|
|
|
|
tasks:
|
|
- name: Get list of guests
|
|
virt: command=list_vms
|
|
register: vmlist
|
|
|
|
- name: Add them to myvms_new group
|
|
local_action: add_host hostname={{ item }} groupname=myvms_new
|
|
with_items: '{{vmlist.list_vms}}'
|
|
|
|
- name: Add the vmhost to target group
|
|
# Use a simple regexp to ignore spaces people might accidentally paste.
|
|
local_action: add_host hostname={{ target | regex_search('[-a-z0-9.]+') }} groupname=target
|
|
|
|
# Call out to another playbook. Disable any proxies that may live here
|
|
# - include_playbook: update-proxy-dns.yml status=disable proxies=myvms_new:&proxies
|
|
|
|
- name: Set downtime
|
|
hosts: "target:myvms_new"
|
|
gather_facts: false
|
|
user: root
|
|
serial: 1
|
|
|
|
tasks:
|
|
|
|
- name: Schedule regular host downtime
|
|
nagios: action=downtime minutes=30 service=host host={{ inventory_hostname_short }}{{ env_suffix }}
|
|
delegate_to: noc01.iad2.fedoraproject.org
|
|
ignore_errors: true
|
|
failed_when: no
|
|
when: nonagios is not defined or not "true" in nonagios
|
|
|
|
- name: Update the system
|
|
hosts: "target:myvms_new"
|
|
gather_facts: true
|
|
user: root
|
|
|
|
tasks:
|
|
|
|
- name: Apply updates
|
|
ansible.builtin.package:
|
|
state: latest
|
|
name: "*"
|
|
update_cache: true
|
|
async: 7200
|
|
poll: 30
|
|
when: package_excludes is not defined
|
|
|
|
- debug:
|
|
msg:
|
|
- '!!!!!!!!!!!!!!!!!!! host {{ inventory_hostname }} has EXCLUDES OF {{ package_excludes }} !!!!!!!!!!!!!'
|
|
- '!!!!!!!!!!!!!!!!!!! DANGER DANGER DANGER ^ CHECK THAT EXCLUDES ARE STILL NEEDED ^ !!!!!!!!!!!!!!!!!!!!'
|
|
when: package_excludes is defined
|
|
changed_when: true
|
|
|
|
- name: Apply updates with excludes
|
|
ansible.builtin.package:
|
|
state: latest
|
|
name: "*"
|
|
update_cache: true
|
|
exclude: "{{ package_excludes }}"
|
|
async: 7200
|
|
poll: 30
|
|
when: package_excludes is defined
|
|
|
|
- name: Run rkhunter if installed
|
|
hosts: "target:myvms_new"
|
|
user: root
|
|
|
|
tasks:
|
|
- name: Check for rkhunter
|
|
ansible.builtin.command: /usr/bin/test -f /usr/bin/rkhunter
|
|
register: rkhunter
|
|
ignore_errors: true
|
|
|
|
- name: Run rkhunter --propupd
|
|
ansible.builtin.command: /usr/bin/rkhunter --propupd
|
|
when: rkhunter is success
|