Commit 800cd3d1 authored by Jonas Carlo Jansen's avatar Jonas Carlo Jansen
Browse files

initial commit

parents
# Parameters
| Variable | Default | Description |
------------------------------------
| excluded_packages | - | Packages to exclude from update. May include * |
| disabled_repos | - | Repositorys to exclude during update |
| enabled_repos | - | repositorys to enable during update |
| security_updates_only | yes | may be "yes" or "no", wheter to install only security updates or all |
\ No newline at end of file
security_updates_only: "yes"
\ No newline at end of file
- name: Check if system needs a reboot
command: needs-restarting -r
register: reboot_required
failed_when: reboot_required.rc not in [0,1]
changed_when: false
tags:
- check-reboot
- debug: "msg='Reboot required?: {{ reboot_required.stdout }}'"
- name: restart server
shell: sleep 2 && shutdown -r now "Ansible system package upgraded"
async: 1
poll: 0
ignore_errors: true
when: 'reboot_required.rc == 1'
tags:
- reboot
- name: waiting for server to come back
wait_for:
host: "{{ ansible_default_ipv4.address }}"
port: 22
state: started
delay: 30
timeout: 300
become: false
delegate_to: localhost
when: reboot_required.rc == 1
tags: reboot
galaxy_info:
role_name: os-update
author: Jonas Jansen
description:
company: RWTH Aachen University. IT Center
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Some suggested licenses:
# - BSD (default)
# - MIT
# - GPLv2
# - GPLv3
# - Apache
# - CC-BY
license: MIT
min_ansible_version: 1.2
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
# Optionally specify the branch Galaxy will use when accessing the GitHub
# repo for this role. During role install, if no tags are available,
# Galaxy will use this branch. During import Galaxy will access files on
# this branch. If Travis integration is configured, only notifications for this
# branch will be accepted. Otherwise, in all cases, the repo's default branch
# (usually master) will be used.
#github_branch:
#
# platforms is a list of platforms, and each platform has a name and a list of versions.
#
platforms:
- name: EL
versions:
- 7
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.
- name: install yum-utils
package:
name: yum-utils
state: present
register: yum_utils_install
until: yum_utils_install is succeeded
- name: Security updates only
command: yum -y --security update --exclude="{{ excluded_packages }}"
args:
warn: False
when: security_updates_only == "yes"
tags:
- security_updates
register: updates_install
changed_when: "'No packages needed for security;' not in updates_install.stdout"
until: updates_install is succeeded
- debug:
msg: "{{ updates_install.stdout_lines }}"
when: security_updates_only == "yes"
- name: update all
yum:
update_cache: yes
name: '*'
state: latest
exclude: '{{ excluded_packages | default(omit, true) }}'
disablerepo: '{{ disabled_repos | default(omit, true) }}'
enablerepo: '{{ enabled_repos | default(omit, true) }}'
when: security_updates_only == "no"
tags:
- update_all
register: updates_install
until: updates_install is succeeded
- debug:
msg: "{{ updates_install.results }}"
when: security_updates_only == "no"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment