add manual/update_all-stg.yml

Signed-off-by: Vít Smolík <me@smoliicek.cz>

playbooks/manual/update_all-stg.yml

@@ -0,0 +1,62 @@
+---
+- name: Set downtime
+  hosts: staging:!copr*:!openqa*:!ocp*:!worker*
+  gather_facts: false
+  user: root
+  serial: 1
+
+  tasks:
+
+  - name: Schedule regular host downtime
+    nagios: action=downtime minutes=30 service=host host={{ inventory_hostname_short }}{{ env_suffix }}
+    delegate_to: noc01.rdu3.fedoraproject.org
+    ignore_errors: true
+    failed_when: no
+    when: nonagios is not defined or not "true" in nonagios
+
+- name: Update staging systems
+  hosts: staging:!copr*:!openqa*:!ocp*:!worker*
+  user: root
+  
+  tasks:
+  
+    - name: Apply updates
+    ansible.builtin.package:
+      state: latest
+      name: "*"
+      update_cache: true
+    async: 7200
+    poll: 30
+    when: package_excludes is not defined
+
+  - debug:
+      msg:
+      - '!!!!!!!!!!!!!!!!!!! host {{ inventory_hostname }} has EXCLUDES OF {{ package_excludes }} !!!!!!!!!!!!!'
+      - '!!!!!!!!!!!!!!!!!!! DANGER DANGER DANGER ^ CHECK THAT EXCLUDES ARE STILL NEEDED ^ !!!!!!!!!!!!!!!!!!!!'
+    when: package_excludes is defined
+    changed_when: true
+
+  - name: Apply updates with excludes
+    ansible.builtin.package:
+      state: latest
+      name: "*"
+      update_cache: true
+      exclude: "{{ package_excludes }}"
+    async: 7200
+    poll: 30
+    when: package_excludes is defined
+
+
+- name: Run rkhunter if installed
+  hosts: staging:!copr*:!openqa*:!ocp*:!worker*
+  user: root
+
+  tasks:
+  - name: Check for rkhunter
+    ansible.builtin.command: /usr/bin/test -f /usr/bin/rkhunter
+    register: rkhunter
+    ignore_errors: true
+
+  - name: Run rkhunter --propupd
+    ansible.builtin.command: /usr/bin/rkhunter --propupd
+    when: rkhunter is success