Add yum-cron role, add to mailman-stg group.

2013-08-21 17:09:40 +00:00 · 2013-08-21 17:09:40 +00:00 · 4dbcf3f226
commit 4dbcf3f226
parent 236acce903
3 changed files with 102 additions and 0 deletions
--- a/playbooks/groups/mailman.yml
+++ b/playbooks/groups/mailman.yml
@ -33,6 +33,7 @@
  - /srv/web/infra/ansible/roles/denyhosts
  - /srv/web/infra/ansible/roles/nagios_client
  - /srv/web/infra/ansible/roles/fas_client
+  - /srv/web/infra/ansible/roles/yum-cron

  tasks:
  # this is how you include other task lists
--- a/roles/yum-cron/tasks/main.yml
+++ b/roles/yum-cron/tasks/main.yml
@ -0,0 +1,25 @@
+---
+
+#
+# This role adds yum cron package and configuration. 
+# We want this on any public facing Fedora installs so we 
+# can pick up security updates. 
+#
+
+- name: install yum-cron
+  yum: name=yum-cron state=present
+  tags:
+  - packages
+  when: ansible_distribution == 'Fedora'
+
+- name: install yum-cron.conf
+  template: src=yum-cron.conf.j2 dest=/etc/yum/yum-cron.conf mode=0644
+  tags:
+  - config
+  when: ansible_distribution == 'Fedora'
+
+- name: enable yum-cron
+  copy: content="enable yum cron" dest=/var/lock/subsys/yum-cron mode=0644
+  tags:
+  - config
+  when: ansible_distribution == 'Fedora'
--- a/roles/yum-cron/templates/yum-cron.conf.j2
+++ b/roles/yum-cron/templates/yum-cron.conf.j2
@ -0,0 +1,76 @@
+[commands]
+#  What kind of update to use:
+# default                            = yum upgrade
+# security                           = yum --security upgrade
+# security-severity:Critical         = yum --sec-severity=Critical upgrade
+# minimal                            = yum --bugfix upgrade-minimal
+# minimal-security                   = yum --security upgrade-minimal
+# minimal-security-severity:Critical =  --sec-severity=Critical upgrade-minimal
+update_cmd = security
+
+# Whether a message should emitted when updates are available.
+update_messages = yes
+
+# Whether updates should be downloaded when they are available. Note
+# that updates_messages must also be yes for updates to be downloaded.
+download_updates = yes
+
+# Whether updates should be applied when they are available.  Note
+# that both update_messages and download_updates must also be yes for
+# the update to be applied
+apply_updates = yes
+
+# Maximum amout of time to randomly sleep, in minutes.  The program
+# will sleep for a random amount of time between 0 and random_sleep
+# minutes before running.  This is useful for e.g. staggering the
+# times that multiple systems will access update servers.  If
+# random_sleep is 0 or negative, the program will run immediately.
+random_sleep = 0
+
+
+[emitters]
+# Name to use for this system in messages that are emitted.  If
+# system_name is None, the hostname will be used.
+system_name = None
+
+# How to send messages.  Valid options are stdio and email.  If
+# emit_via includes stdio, messages will be sent to stdout; this is useful
+# to have cron send the messages.  If emit_via includes email, this
+# program will send email itself according to the configured options.
+# If emit_via is None or left blank, no messages will be sent.
+emit_via = stdio
+
+# The width, in characters, that messages that are emitted should be
+# formatted to.
+ouput_width = 80
+
+
+[email]
+# The address to send email messages from.
+email_from = root@localhost
+
+# List of addresses to send messages to.
+email_to = root
+
+# Name of the host to connect to to send email messages.
+email_host = localhost
+
+
+[groups]
+# List of groups to update
+group_list = None
+
+# The types of group packages to install
+group_package_types = mandatory, default
+
+[base]
+# Use this to filter Yum core messages
+# -4: critical
+# -3: critical+errors
+# -2: critical+errors+warnings (default)
+debuglevel = -2
+
+# override yum options of the same name
+# skip_broken = True
+
+mdpolicy = group:main