ansible/playbooks/host_update.yml

# This playbook updates hosts without guests.
#
# requires --extra-vars="target=somehostname yumcommand=update"


---

- name: Update the system
  hosts: "{{ target }}"
  gather_facts: true
  user: root

  tasks:

  - name: Apply updates
    ansible.builtin.package:
      state: latest
      name: "*"
      update_cache: true
    async: 7200
    poll: 30
    when: package_excludes is not defined

  - debug:
      msg:
      - '!!!!!!!!!!!!!!!!!!! host {{ inventory_hostname }} has EXCLUDES OF {{ package_excludes }} !!!!!!!!!!!!!'
      - '!!!!!!!!!!!!!!!!!!! DANGER DANGER DANGER ^ CHECK THAT EXCLUDES ARE STILL NEEDED ^ !!!!!!!!!!!!!!!!!!!!'
    when: package_excludes is defined
    changed_when: true

  - name: Apply updates with excludes
    ansible.builtin.package:
      state: latest
      name: "*"
      update_cache: true
      exclude: "{{ package_excludes }}"
    async: 7200
    poll: 30
    when: package_excludes is defined

- name: Run rkhunter if installed
  hosts: "{{ target }}"
  user: root

  tasks:
  - name: Check for rkhunter
    ansible.builtin.command: /usr/bin/test -f /usr/bin/rkhunter
    register: rkhunter
    ignore_errors: true

  - name: Run rkhunter --propupd
    ansible.builtin.command: /usr/bin/rkhunter --propupd
    when: rkhunter is success