mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-03-20 03:57:02 +08:00
67 lines
1.5 KiB
YAML
67 lines
1.5 KiB
YAML
#
|
|
# This playboook updates every host in inventory
|
|
#
|
|
|
|
---
|
|
- name: Set downtime
|
|
hosts: all
|
|
gather_facts: false
|
|
user: root
|
|
serial: 1
|
|
|
|
tasks:
|
|
|
|
- name: Silence nagios completely
|
|
nagios: action=silence
|
|
delegate_to: noc01.rdu3.fedoraproject.org
|
|
ignore_errors: true
|
|
failed_when: no
|
|
when: nonagios is not defined or not "true" in nonagios
|
|
|
|
- name: Update the world
|
|
hosts: all
|
|
gather_facts: true
|
|
user: root
|
|
|
|
tasks:
|
|
|
|
- name: Apply updates
|
|
ansible.builtin.package:
|
|
state: latest
|
|
name: "*"
|
|
update_cache: true
|
|
async: 7200
|
|
poll: 30
|
|
when: package_excludes is not defined
|
|
|
|
- debug:
|
|
msg:
|
|
- '!!!!!!!!!!!!!!!!!!! host {{ inventory_hostname }} has EXCLUDES OF {{ package_excludes }} !!!!!!!!!!!!!'
|
|
- '!!!!!!!!!!!!!!!!!!! DANGER DANGER DANGER ^ CHECK THAT EXCLUDES ARE STILL NEEDED ^ !!!!!!!!!!!!!!!!!!!!'
|
|
when: package_excludes is defined
|
|
changed_when: true
|
|
|
|
- name: Apply updates with excludes
|
|
ansible.builtin.package:
|
|
state: latest
|
|
name: "*"
|
|
update_cache: true
|
|
exclude: "{{ package_excludes }}"
|
|
async: 7200
|
|
poll: 30
|
|
when: package_excludes is defined
|
|
|
|
- name: Run rkhunter if installed
|
|
hosts: all
|
|
user: root
|
|
|
|
tasks:
|
|
- name: Check for rkhunter
|
|
ansible.builtin.command: /usr/bin/test -f /usr/bin/rkhunter
|
|
register: rkhunter
|
|
ignore_errors: true
|
|
|
|
- name: Run rkhunter --propupd
|
|
ansible.builtin.command: /usr/bin/rkhunter --propupd
|
|
when: rkhunter is success
|