ansible_plays/quick_test
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

New stuffs again

Browse Source
This commit is contained in:
Chris Hammer
2025-07-08 10:50:08 -04:00
parent 7502dbbd84
commit 49b98451a3
16 changed files with 548 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ansible.cfg
View File

@ -20,6 +20,9 @@ deprecation_warnings = false
callback_whitelist = ansible.posix.profile_tasks, ansible.posix.timer
callbacks_enabled = ansible.posix.profile_tasks, ansible.posix.timer
# *shrug*
show_custom_stats = true
[ssh_connection]
pipelining = True
ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o PreferredAuthentications=publickey

13
ansible_host.yml Normal file
View File

@ -0,0 +1,13 @@
---
- name: Ansible Host
hosts: all
gather_facts: true
tasks:
- name: Inventory hostname
ansible.builtin.debug:
var: inventory_hostname
- name: Ansible hostname
ansible.builtin.debug:
var: ansible_hostname

15
hosts
View File

@ -1,9 +1,9 @@
[bigboot]
# bigboot-test-custom-1 ansible_host=10.10.42.5
# bigboot-test-custom-2 ansible_host=10.10.42.13
# bigboot-test-custom-4 ansible_host=10.10.42.15
bigboot-test-custom-4 ansible_host=10.10.42.15
# bigboot-test-custom-5 ansible_host=10.10.42.16
bigboot-test-custom-6 ansible_host=10.10.42.91
# bigboot-test-custom-6 ansible_host=10.10.42.91
# bigboot-test-custom-7 ansible_host=10.10.42.2
# bigboot-test-custom-8 ansible_host=10.10.42.216
# bigboot-test-custom-9 ansible_host=10.1.1.80
@ -24,7 +24,7 @@ ifcfg-alias-test ansible_host=10.10.42.112
ifcfg-alias-test2 ansible_host=10.10.42.66
ifcfg-alias-test3 ansible_host=10.10.42.103
ifcfg-alias-test4 ansible_host=10.10.42.113
bigboot-test-custom-5 ansible_host=10.10.42.16
; bigboot-test-custom-5 ansible_host=10.10.42.16
[ipalias:vars]
ansible_user=root
@ -37,6 +37,15 @@ ansible_user=root
[temp]
ipu-test-1 ansible_host=10.10.42.186
# versionlock-test ansible_host=10.10.42.187
[temp:vars]
ansible_user=root
[ifcfg]
ip-alias-test-1 ansible_host=10.10.42.57 ansible_user=root
[ipv6]
testing ansible_host=10.10.42.72 ansible_user=root

43
ifcfg_find.yml Normal file
View File

@ -0,0 +1,43 @@
---
- name: Ifcfg Find
hosts: ifcfg
become: false
gather_facts: false
vars:
find_search_path: /etc/sysconfig/network-scripts
tasks:
- name: "Find ifcfg alias files under {{ find_search_path }}"
ansible.builtin.find:
paths: "{{ find_search_path }}"
use_regex: true
patterns:
- '.*ifcfg-.*$'
excludes:
- '^.*:\d+$'
register: r_find_ifcfg
- name: Append results to list
ansible.builtin.set_fact:
find_res: "{{ find_res | default([]) + [item['path']] }}"
loop: "{{ r_find_ifcfg['files'] }}"
- name: Debug r_find_ifcfg
ansible.builtin.debug:
var: r_find_ifcfg
verbosity: 1
- name: Debug find_res
ansible.builtin.debug:
var: find_res
verbosity: 1
- name: Find Results
ansible.builtin.debug:
msg: >
Searched files: {{ r_find_ifcfg['examined'] }}
Matches Found: {{ r_find_ifcfg['matched'] }}
Files:
{{ find_res | join(', ') }}

34
ip-alias-test.yml
View File

@ -13,20 +13,20 @@
- "'lo' not in item"
- hostvars[inventory_hostname]['ansible_' + item]['ipv4_secondaries'] is defined
- name: Log IP alias check to syslogger
community.general.syslogger:
# msg: "{{ inventory_hostname }} has IP aliases defined for {{ item }}."
msg: "{{ lookup('template', 'syslog.j2') | replace('\n', ' ') }}"
ident: ansbl_ipu_precheck
vars:
actor: "check_ip_aliases"
title: "Use of IP aliases detected"
summary: "IP alias in use for interface: {{ ipv4_item }}"
severity: "high"
flags: ["inhibitor"]
loop: "{{ ansible_interfaces }}"
loop_control:
loop_var: ipv4_item
when:
- "'lo' not in ipv4_item"
- hostvars[inventory_hostname]['ansible_' + ipv4_item]['ipv4_secondaries'] is defined
# - name: Log IP alias check to syslogger
# community.general.syslogger:
# # msg: "{{ inventory_hostname }} has IP aliases defined for {{ item }}."
# msg: "{{ lookup('template', 'syslog.j2') | replace('\n', ' ') }}"
# ident: ansbl_ipu_precheck
# vars:
# actor: "check_ip_aliases"
# title: "Use of IP aliases detected"
# summary: "IP alias in use for interface: {{ ipv4_item }}"
# severity: "high"
# flags: ["inhibitor"]
# loop: "{{ ansible_interfaces }}"
# loop_control:
# loop_var: ipv4_item
# when:
# - "'lo' not in ipv4_item"
# - hostvars[inventory_hostname]['ansible_' + ipv4_item]['ipv4_secondaries'] is defined

23
ipv6_check.yml Normal file
View File

@ -0,0 +1,23 @@
---
- name: IPv6 Check
hosts: ipv6
gather_facts: true
tasks:
- name: Check host
ansible.builtin.debug:
var: ansible_hostname
- name: Check for IPv6 configuration
ansible.builtin.shell:
cmd: grep -i ipv6 /etc/sysconfig/network-scripts/ifcfg-*
failed_when: false
changed_when: false
register: ipv6_interfaces
- name: Debug ipv6_interfaces
ansible.builtin.debug:
var: ipv6_interfaces
when:
- ipv6_interfaces['stdout_lines'] is defined
- ipv6_interfaces['stdout_lines'] | length > 0

34
logic_select.yml Normal file
View File

@ -0,0 +1,34 @@
---
- name: Logic Select
hosts: localhost
connection: local
become: false
vars:
selected_option: 4
boot_sizes:
- 1G
- 1.25G
- 1.5G
- 1.75G
- 2G
- 2.25G
- 2.5G
- 2.75G
- 3G
tasks:
- name: Selected option
ansible.builtin.debug:
var: selected_option
- name: Print the chosen size
ansible.builtin.debug:
msg: "{{ boot_sizes[selected_option] }}"
- name: Set stats test
ansible.builtin.set_stats:
aggregate: true
data:
misc_shit: "{{ boot_sizes | join(', ') }}"

17
prompt_test.yml Normal file
View File

@ -0,0 +1,17 @@
---
- name: Prompt test
hosts: localhost
connection: local
gather_facts: false
vars_prompt:
- name: "wut_want"
prompt: "What do you want?!"
tasks:
- name: Debug wut_want if defined
ansible.builtin.debug:
var: wut_want
when:
- wut_want is defined
- (wut_want | length) != 0

34
syslog_size_used.yml Normal file
View File

@ -0,0 +1,34 @@
---
- name: Syslog - Log Size Used
hosts: bigboot
become: false
gather_facts: true
tasks:
- name: Get filesystem info
ansible.builtin.set_fact:
boot_mount: "{{ ansible_mounts | selectattr('mount', 'equalto', '/boot') | first | default() }}"
root_mount: "{{ ansible_mounts | selectattr('mount', 'equalto', '/') | first | default() }}"
home_mount: "{{ ansible_mounts | selectattr('mount', 'equalto', '/home') | first | default() }}"
- name: Debug boot_mount
ansible.builtin.debug:
msg: "{{ boot_mount }}"
- name: Show size used -- /boot
ansible.builtin.debug:
msg: "{{ (boot_mount['block_used'] * boot_mount['block_size']) | human_readable }}"
when:
- boot_mount['block_used'] is defined
- name: Show size used -- /
ansible.builtin.debug:
msg: "{{ (root_mount['block_used'] * root_mount['block_size']) | human_readable }}"
when:
- root_mount | length > 0
- name: Show size used -- /home
ansible.builtin.debug:
msg: "{{ (home_mount['block_used'] * home_mount['block_size']) | human_readable }}"
when:
- home_mount | length > 0

98
tasks/lock_pkg copy.yml Normal file
View File

@ -0,0 +1,98 @@
---
# httpd-2.4.6-18.el7_0
# item | regex_replace('(\\w+-\\d+)\\..*$', '\\1')
- name: Debug item
ansible.builtin.debug:
var: item
# - name: Regex test 1
# ansible.builtin.debug:
# msg: "{{ item | regex_replace('(\\w+.?)-(\\d+\\..*)(\\.el.*$)', '\\1 + \\2 + \\3') }}"
# - name: Regex test 2
# ansible.builtin.debug:
# msg: "{{ item | regex_replace('^.*?-(\\d+.*$)', '\\1') }}"
# - name: Regex test 3
# ansible.builtin.debug:
# msg: "{{ item | regex_replace('^(\\w+.*?)-\\d+.*?$', '\\1') }}"
# - name: Regex test
# ansible.builtin.debug:
# msg: "{{ item | regex_replace('(\\w+.?)-(\\d+\\..*$)', '\\1 + \\2') }}"
# - name: Set package name and version facts
# ansible.builtin.set_fact:
# pkg_name: "{{ item | regex_replace('(\\w+.?)-\\d+\\..*$', '\\1') }}"
# pkg_vers: "{{ item | regex_replace('\\w+.?-(\\d+\\..*$)', '\\1') }}"
- name: Set package name and version facts
ansible.builtin.set_fact:
pkg_name: "{{ item | regex_replace('^(\\w+.*?)-\\d+.*?$', '\\1') }}"
pkg_vers: "{{ item | regex_replace('^.*?-(\\d+.*$)', '\\1') }}"
- name: Display package name and version
ansible.builtin.debug:
msg: "Package: {{ pkg_name }} || Version: {{ pkg_vers }}"
# this is the right track...
# conditions:
# - versionlock doesnt exist for pkg
# - add versionlock
# - versionlock exists for pkg and version matches
# - move on
# - versionlock exists for pkg and version mismatch
# - clear current lock
# - add new lock for new version
# - pkg doesnt exist
# - fail with message stating to check pkg name/version
# - name: End host
# ansible.builtin.meta: end_host
# - name: "Check if lock currently exists for {{ item }}"
# ansible.builtin.command:
# cmd: "grep -c {{ item | regex_replace('(\\w+-\\d+)\\..*$', '\\1') }} /etc/yum/pluginconf.d/versionlock.list"
# failed_when: versionlock_check['rc'] not in [0, 1]
# changed_when: false
# register: versionlock_check
# - name: Debug versionlock_check
# ansible.builtin.debug:
# var: versionlock_check
# # verbosity: 1
# - name: "Clear old version lock if present for {{ item }}"
# when:
# - versionlock_check['rc'] == 0
# block:
# - name: "Clear existing locks via wildcard match for {{ item }}" # noqa: command-instead-of-module
# ansible.builtin.command: "yum versionlock delete '{{ item | regex_replace('(\\w+-\\d+)\\..*$', '\\1') }}*'"
# register: versionlock_rm
# - name: Debug versionlock_rm
# ansible.builtin.debug:
# var: versionlock_rm
# - name: "Version lock package: {{ item }}"
# # when:
# # - versionlock_check['rc'] == 1
# block:
# - name: "Version locking: {{ item }}" # noqa: command-instead-of-module
# ansible.builtin.command: "yum versionlock {{ item }}"
# # changed_when: "'Adding versionlock on:' in versionlock_pkg['stdout']"
# # failed_when: "'Package already locked' in versionlock_pkg['stdout']"
# changed_when: "'versionlock added: 1' in versionlock_pkg['stdout']"
# failed_when: "'versionlock added: 0' in versionlock_pkg['stdout']"
# register: versionlock_pkg
# - name: Debug versionlock_pkg
# ansible.builtin.debug:
# var: versionlock_pkg
# verbosity: 1
# rescue:
# - name: Failed to add versionlock
# ansible.builtin.fail:
# msg: "Failed to add versionlock for item: {{ item }}. Please re-check package name/version."

70
tasks/lock_pkg.yml Normal file
View File

@ -0,0 +1,70 @@
---
# conditions:
# - versionlock doesnt exist for pkg ***
# - add versionlock
# - versionlock exists for pkg and version matches ***
# - move on
# - versionlock exists for pkg and version mismatch ***
# - clear current lock
# - add new lock for new version
# - pkg doesnt exist ***
# - fail with message stating to check pkg name/version
#
# package examples:
# - httpd-2.4.6-18.el7_0
# - httpd-tools-2.4.6-18.el7_0
###############################################################################
- name: Set package name fact
ansible.builtin.set_fact:
r_pkg_name: "{{ item | regex_replace('^(\\w+.*?)-\\d+.*?$', '\\1') }}"
- name: "Check if versionlock currently exists: {{ r_pkg_name }}"
ansible.builtin.command:
cmd: "grep '^0:{{ r_pkg_name }}-[[:digit:]]' /etc/yum/pluginconf.d/versionlock.list"
failed_when: r_versionlock_check['rc'] not in [0, 1]
changed_when: false
register: r_versionlock_check
- name: "Check existing versionlock: {{ item }}"
when:
- r_versionlock_check['rc'] == 0
block:
- name: Update package lock
when:
- item not in r_versionlock_check['stdout']
block:
- name: "Clear existing lock due to version mismatch: {{ item }}" # noqa: command-instead-of-module
ansible.builtin.command: "yum versionlock delete '{{ r_versionlock_check['stdout'] }}'"
register: versionlock_rm
- name: "Version locking: {{ item }}" # noqa: command-instead-of-module
ansible.builtin.command: "yum versionlock {{ item }}"
changed_when: "'versionlock added: 1' in r_versionlock_pkg['stdout']"
failed_when: "'versionlock added: 0' in r_versionlock_pkg['stdout']"
register: r_versionlock_pkg
rescue:
- name: Failed to add versionlock
ansible.builtin.fail:
msg: "Failed to add versionlock for item: {{ item }}. Please re-check package name/version."
- name: "Add new versionlock: {{ item }}"
when:
- r_versionlock_check['rc'] == 1
block:
- name: "Version locking: {{ item }}" # noqa: command-instead-of-module
ansible.builtin.command: "yum versionlock {{ item }}"
changed_when: "'versionlock added: 1' in r_versionlock_pkg['stdout']"
failed_when: "'versionlock added: 0' in r_versionlock_pkg['stdout']"
register: r_versionlock_pkg
- name: Debug r_versionlock_pkg
ansible.builtin.debug:
var: r_versionlock_pkg
verbosity: 1
rescue:
- name: Failed to add versionlock
ansible.builtin.fail:
msg: "Failed to add versionlock for item: {{ item }}. Please re-check package name/version."

33
uuid_target.yml Normal file
View File

@ -0,0 +1,33 @@
---
- name: UUID Target
hosts: bigboot
become: false
gather_facts: true
vars:
uuid_target: /dev/mapper/system-swap
tasks:
- name: Debug uuid_target
ansible.builtin.debug:
var: uuid_target
- name: Capture UUID for target volume
ansible.builtin.set_fact:
bigboot_lv_uuid: "{{ ansible_facts['mounts'] | selectattr('device', 'equalto', uuid_target) | map(attribute='uuid') | first }}"
- name: Display something
ansible.builtin.debug:
msg: "{{ ansible_devices['dm-1']['links']['uuids'][0] }} <-> {{ bigboot_lv_uuid }}"
- name: Capture block device information for target logical volume
ansible.builtin.set_fact:
bigboot_lv_dm: "{{ ansible_device_links['uuids'] | dict2items | selectattr('value', 'contains', bigboot_lv_uuid) | map(attribute='key') | first }}"
- name: Debug bigboot_lv_dm
ansible.builtin.debug:
var: bigboot_lv_dm
- name: "Check out sizing for {{ uuid_target + ' (' + bigboot_lv_dm + ')' }}"
ansible.builtin.debug:
msg: "{{ ansible_devices[bigboot_lv_dm]['sectors'] | int * ansible_devices[bigboot_lv_dm]['sectorsize'] | int }}"

42
versionlock copy.yml Normal file
View File

@ -0,0 +1,42 @@
---
- name: Version Lock
hosts: temp
become: false
gather_facts: false
vars:
lock_pkgs:
- httpd-2.4.57-5.el9
- httpd-tools-2.4.57-5.el9
# - httpd-2.4.6-18.el7_0
# - httpd-tools-2.4.6-18.el7_0
# lock_pkgs:
# - leapp-0.17.0-2.el7_9
# - leapp-upgrade-el7toel8-0.20.0-13.el7_9
# - leapp-upgrade-el7toel8-deps-0.20.0-13.el7_9
# - leapp-deps-0.17.0-2.el7_9
# - python2-leapp-0.17.0-2.el7_9
tasks:
- name: Check if versionlock.list exists
ansible.builtin.stat:
path: /etc/yum/pluginconf.d/versionlock.list
register: r_versionlock_list
- name: Touch versionlock.list if it doesn't exist
ansible.builtin.file:
path: /etc/yum/pluginconf.d/versionlock.list
state: touch
mode: "0644"
when:
- not r_versionlock_list['stat']['exists'] | bool
- name: Install yum-plugin-versionlock
ansible.builtin.package:
name: yum-plugin-versionlock
state: present
- name: Check list of packages and lock their version if needed
ansible.builtin.include_tasks: tasks/lock_pkg.yml
loop: "{{ lock_pkgs }}"

44
versionlock.md
View File

@ -101,6 +101,7 @@ Observations:
-------------
Use either yum-plugin-versionlock or yum.conf to lock
```
# cat /etc/yum/pluginconf.d/versionlock.list
@ -119,3 +120,46 @@ Use either yum-plugin-versionlock or yum.conf to lock
# Added locks on Tue Jan 28 15:58:15 2025
0:python2-leapp-0.17.0-2.el7_9.*
```
leapp role
- included in epp2 maintenance
- disabled during freeze
- os patching does yum update all
- does all pkgs, includes leapp
```
Available Packages
httpd.x86_64 2.4.6-17.el7 rhel-7-server-rpms
httpd.x86_64 2.4.6-18.el7_0 rhel-7-server-rpms
httpd.x86_64 2.4.6-19.el7_0 rhel-7-server-rpms
httpd.x86_64 2.4.6-31.el7 rhel-7-server-rpms
httpd.x86_64 2.4.6-31.el7_1.1 rhel-7-server-rpms
httpd.x86_64 2.4.6-40.el7 rhel-7-server-rpms
httpd.x86_64 2.4.6-40.el7_2.1 rhel-7-server-rpms
httpd.x86_64 2.4.6-40.el7_2.4 rhel-7-server-rpms
httpd.x86_64 2.4.6-45.el7 rhel-7-server-rpms
httpd.x86_64 2.4.6-45.el7_3.4 rhel-7-server-rpms
httpd.x86_64 2.4.6-67.el7 rhel-7-server-rpms
httpd.x86_64 2.4.6-67.el7_4.2 rhel-7-server-rpms
httpd.x86_64 2.4.6-67.el7_4.5 rhel-7-server-rpms
httpd.x86_64 2.4.6-67.el7_4.6 rhel-7-server-rpms
httpd.x86_64 2.4.6-80.el7 rhel-7-server-rpms
httpd.x86_64 2.4.6-80.el7_5.1 rhel-7-server-rpms
httpd.x86_64 2.4.6-88.el7 rhel-7-server-rpms
httpd.x86_64 2.4.6-89.el7_6 rhel-7-server-rpms
httpd.x86_64 2.4.6-89.el7_6.1 rhel-7-server-rpms
httpd.x86_64 2.4.6-90.el7 rhel-7-server-rpms
httpd.x86_64 2.4.6-93.el7 rhel-7-server-rpms
httpd.x86_64 2.4.6-95.el7 rhel-7-server-rpms
httpd.x86_64 2.4.6-97.el7_9 rhel-7-server-rpms
httpd.x86_64 2.4.6-97.el7_9.1 rhel-7-server-rpms
httpd.x86_64 2.4.6-97.el7_9.2 rhel-7-server-rpms
httpd.x86_64 2.4.6-97.el7_9.4 rhel-7-server-rpms
httpd.x86_64 2.4.6-97.el7_9.5 rhel-7-server-rpms
httpd.x86_64 2.4.6-98.el7_9.6 rhel-7-server-rpms
httpd.x86_64 2.4.6-98.el7_9.7 rhel-7-server-rpms
httpd.x86_64 2.4.6-99.el7_9.1 rhel-7-server-rpms
```

19
versionlock.yml
View File

@ -6,6 +6,8 @@
vars:
lock_pkgs:
- httpd-2.4.6-80.el7
- httpd-tools-2.4.6-80.el7
- leapp-0.17.0-2.el7_9
- leapp-upgrade-el7toel8-0.20.0-13.el7_9
- leapp-upgrade-el7toel8-deps-0.20.0-13.el7_9
@ -13,16 +15,11 @@
- python2-leapp-0.17.0-2.el7_9
tasks:
- name: Install yum-plugin-versionlock
ansible.builtin.package:
name: yum-plugin-versionlock
state: present
# - name: Install yum-plugin-versionlock
# ansible.builtin.package:
# name: yum-plugin-versionlock
# state: present
- name: "Version lock: {{ item }}" # noqa: command-instead-of-module
ansible.builtin.command: "yum versionlock {{ item }}"
register: r_lock_pkgs
- name: Check provided list of packages and versionlock as needed
ansible.builtin.include_tasks: tasks/lock_pkg.yml
loop: "{{ lock_pkgs }}"
# - name: Debug r_lock_pkgs
# ansible.builtin.debug:
# var: r_lock_pkgs

57
versionlock2.yml Normal file
View File

@ -0,0 +1,57 @@
---
- name: Version Lock
hosts: temp
become: false
gather_facts: false
vars:
lock_pkgs:
- leapp*
- python2-leapp
tasks:
- name: Check for existing excludes in /etc/yum.conf
ansible.builtin.command:
cmd: "grep -i exclude= /etc/yum.conf"
register: yum_exclude_check
failed_when: yum_exclude_check['rc'] not in [0, 1]
changed_when: false
- name: Capture current excludes if present
ansible.builtin.set_fact:
yum_current_excludes: "{{ yum_exclude_check['stdout'] | regex_replace('^exclude=', '') }}"
- name: Debug yum_current_excludes
ansible.builtin.debug:
var: yum_current_excludes
- name: Update yum.conf if Leapp excludes are needed
ansible.builtin.lineinfile:
path: /etc/yum.conf
regexp: "^exclude="
line: "exclude={{ lock_pkgs | join(' ') }} {{ yum_current_excludes }}"
when:
- lock_pkgs | join(' ') not in yum_current_excludes
- name: Re-check for existing excludes
ansible.builtin.command:
cmd: "grep -i exclude= /etc/yum.conf"
register: yum_exclude_recheck
failed_when: yum_exclude_recheck['rc'] not in [0, 1]
changed_when: false
- name: Capture current excludes if present
ansible.builtin.set_fact:
yum_post_excludes: "{{ yum_exclude_recheck['stdout'] | regex_replace('^exclude=', '') }}"
- name: Debug yum_current_excludes
ansible.builtin.debug:
var: yum_post_excludes
- name: Set fact
ansible.builtin.set_fact:
foo_bar: "{{ lock_pkgs | join(' ') }}"
- name: Debug yum_current_excludes minus lock_pkgs
ansible.builtin.debug:
msg: "{{ yum_post_excludes | regex_replace(foo_bar) }} -> {{ foo_bar }}"