From 49b98451a399c27e57d05487eae2e5e75c57817e Mon Sep 17 00:00:00 2001 From: Chris Hammer Date: Tue, 8 Jul 2025 10:50:08 -0400 Subject: [PATCH] New stuffs again --- ansible.cfg | 3 ++ ansible_host.yml | 13 ++++++ hosts | 15 +++++-- ifcfg_find.yml | 43 ++++++++++++++++++ ip-alias-test.yml | 34 +++++++------- ipv6_check.yml | 23 ++++++++++ logic_select.yml | 34 ++++++++++++++ prompt_test.yml | 17 +++++++ syslog_size_used.yml | 34 ++++++++++++++ tasks/lock_pkg copy.yml | 98 +++++++++++++++++++++++++++++++++++++++++ tasks/lock_pkg.yml | 70 +++++++++++++++++++++++++++++ uuid_target.yml | 33 ++++++++++++++ versionlock copy.yml | 42 ++++++++++++++++++ versionlock.md | 44 ++++++++++++++++++ versionlock.yml | 19 ++++---- versionlock2.yml | 57 ++++++++++++++++++++++++ 16 files changed, 548 insertions(+), 31 deletions(-) create mode 100644 ansible_host.yml create mode 100644 ifcfg_find.yml create mode 100644 ipv6_check.yml create mode 100644 logic_select.yml create mode 100644 prompt_test.yml create mode 100644 syslog_size_used.yml create mode 100644 tasks/lock_pkg copy.yml create mode 100644 tasks/lock_pkg.yml create mode 100644 uuid_target.yml create mode 100644 versionlock copy.yml create mode 100644 versionlock2.yml diff --git a/ansible.cfg b/ansible.cfg index 04c9fcf..73fcdfe 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -20,6 +20,9 @@ deprecation_warnings = false callback_whitelist = ansible.posix.profile_tasks, ansible.posix.timer callbacks_enabled = ansible.posix.profile_tasks, ansible.posix.timer +# *shrug* +show_custom_stats = true + [ssh_connection] pipelining = True ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o PreferredAuthentications=publickey diff --git a/ansible_host.yml b/ansible_host.yml new file mode 100644 index 0000000..3f25aae --- /dev/null +++ b/ansible_host.yml @@ -0,0 +1,13 @@ +--- +- name: Ansible Host + hosts: all + gather_facts: true + + tasks: + - name: Inventory hostname + ansible.builtin.debug: + var: inventory_hostname + + - name: Ansible hostname + ansible.builtin.debug: + var: ansible_hostname diff --git a/hosts b/hosts index faaf906..c9d2348 100644 --- a/hosts +++ b/hosts @@ -1,9 +1,9 @@ [bigboot] # bigboot-test-custom-1 ansible_host=10.10.42.5 # bigboot-test-custom-2 ansible_host=10.10.42.13 -# bigboot-test-custom-4 ansible_host=10.10.42.15 +bigboot-test-custom-4 ansible_host=10.10.42.15 # bigboot-test-custom-5 ansible_host=10.10.42.16 -bigboot-test-custom-6 ansible_host=10.10.42.91 +# bigboot-test-custom-6 ansible_host=10.10.42.91 # bigboot-test-custom-7 ansible_host=10.10.42.2 # bigboot-test-custom-8 ansible_host=10.10.42.216 # bigboot-test-custom-9 ansible_host=10.1.1.80 @@ -24,7 +24,7 @@ ifcfg-alias-test ansible_host=10.10.42.112 ifcfg-alias-test2 ansible_host=10.10.42.66 ifcfg-alias-test3 ansible_host=10.10.42.103 ifcfg-alias-test4 ansible_host=10.10.42.113 -bigboot-test-custom-5 ansible_host=10.10.42.16 +; bigboot-test-custom-5 ansible_host=10.10.42.16 [ipalias:vars] ansible_user=root @@ -37,6 +37,15 @@ ansible_user=root [temp] ipu-test-1 ansible_host=10.10.42.186 +# versionlock-test ansible_host=10.10.42.187 [temp:vars] ansible_user=root + +[ifcfg] +ip-alias-test-1 ansible_host=10.10.42.57 ansible_user=root + + +[ipv6] +testing ansible_host=10.10.42.72 ansible_user=root + diff --git a/ifcfg_find.yml b/ifcfg_find.yml new file mode 100644 index 0000000..0c4558e --- /dev/null +++ b/ifcfg_find.yml @@ -0,0 +1,43 @@ +--- +- name: Ifcfg Find + hosts: ifcfg + become: false + gather_facts: false + + vars: + find_search_path: /etc/sysconfig/network-scripts + + + tasks: + - name: "Find ifcfg alias files under {{ find_search_path }}" + ansible.builtin.find: + paths: "{{ find_search_path }}" + use_regex: true + patterns: + - '.*ifcfg-.*$' + excludes: + - '^.*:\d+$' + register: r_find_ifcfg + + - name: Append results to list + ansible.builtin.set_fact: + find_res: "{{ find_res | default([]) + [item['path']] }}" + loop: "{{ r_find_ifcfg['files'] }}" + + - name: Debug r_find_ifcfg + ansible.builtin.debug: + var: r_find_ifcfg + verbosity: 1 + + - name: Debug find_res + ansible.builtin.debug: + var: find_res + verbosity: 1 + + - name: Find Results + ansible.builtin.debug: + msg: > + Searched files: {{ r_find_ifcfg['examined'] }} + Matches Found: {{ r_find_ifcfg['matched'] }} + Files: + {{ find_res | join(', ') }} diff --git a/ip-alias-test.yml b/ip-alias-test.yml index d502022..a5c6562 100644 --- a/ip-alias-test.yml +++ b/ip-alias-test.yml @@ -13,20 +13,20 @@ - "'lo' not in item" - hostvars[inventory_hostname]['ansible_' + item]['ipv4_secondaries'] is defined - - name: Log IP alias check to syslogger - community.general.syslogger: - # msg: "{{ inventory_hostname }} has IP aliases defined for {{ item }}." - msg: "{{ lookup('template', 'syslog.j2') | replace('\n', ' ') }}" - ident: ansbl_ipu_precheck - vars: - actor: "check_ip_aliases" - title: "Use of IP aliases detected" - summary: "IP alias in use for interface: {{ ipv4_item }}" - severity: "high" - flags: ["inhibitor"] - loop: "{{ ansible_interfaces }}" - loop_control: - loop_var: ipv4_item - when: - - "'lo' not in ipv4_item" - - hostvars[inventory_hostname]['ansible_' + ipv4_item]['ipv4_secondaries'] is defined + # - name: Log IP alias check to syslogger + # community.general.syslogger: + # # msg: "{{ inventory_hostname }} has IP aliases defined for {{ item }}." + # msg: "{{ lookup('template', 'syslog.j2') | replace('\n', ' ') }}" + # ident: ansbl_ipu_precheck + # vars: + # actor: "check_ip_aliases" + # title: "Use of IP aliases detected" + # summary: "IP alias in use for interface: {{ ipv4_item }}" + # severity: "high" + # flags: ["inhibitor"] + # loop: "{{ ansible_interfaces }}" + # loop_control: + # loop_var: ipv4_item + # when: + # - "'lo' not in ipv4_item" + # - hostvars[inventory_hostname]['ansible_' + ipv4_item]['ipv4_secondaries'] is defined diff --git a/ipv6_check.yml b/ipv6_check.yml new file mode 100644 index 0000000..93e1c54 --- /dev/null +++ b/ipv6_check.yml @@ -0,0 +1,23 @@ +--- +- name: IPv6 Check + hosts: ipv6 + gather_facts: true + + tasks: + - name: Check host + ansible.builtin.debug: + var: ansible_hostname + + - name: Check for IPv6 configuration + ansible.builtin.shell: + cmd: grep -i ipv6 /etc/sysconfig/network-scripts/ifcfg-* + failed_when: false + changed_when: false + register: ipv6_interfaces + + - name: Debug ipv6_interfaces + ansible.builtin.debug: + var: ipv6_interfaces + when: + - ipv6_interfaces['stdout_lines'] is defined + - ipv6_interfaces['stdout_lines'] | length > 0 diff --git a/logic_select.yml b/logic_select.yml new file mode 100644 index 0000000..f0feebe --- /dev/null +++ b/logic_select.yml @@ -0,0 +1,34 @@ +--- +- name: Logic Select + hosts: localhost + connection: local + become: false + + vars: + selected_option: 4 + boot_sizes: + - 1G + - 1.25G + - 1.5G + - 1.75G + - 2G + - 2.25G + - 2.5G + - 2.75G + - 3G + + tasks: + - name: Selected option + ansible.builtin.debug: + var: selected_option + + - name: Print the chosen size + ansible.builtin.debug: + msg: "{{ boot_sizes[selected_option] }}" + + - name: Set stats test + ansible.builtin.set_stats: + aggregate: true + data: + misc_shit: "{{ boot_sizes | join(', ') }}" + diff --git a/prompt_test.yml b/prompt_test.yml new file mode 100644 index 0000000..8df4d68 --- /dev/null +++ b/prompt_test.yml @@ -0,0 +1,17 @@ +--- +- name: Prompt test + hosts: localhost + connection: local + gather_facts: false + + vars_prompt: + - name: "wut_want" + prompt: "What do you want?!" + + tasks: + - name: Debug wut_want if defined + ansible.builtin.debug: + var: wut_want + when: + - wut_want is defined + - (wut_want | length) != 0 diff --git a/syslog_size_used.yml b/syslog_size_used.yml new file mode 100644 index 0000000..db55b4f --- /dev/null +++ b/syslog_size_used.yml @@ -0,0 +1,34 @@ +--- +- name: Syslog - Log Size Used + hosts: bigboot + become: false + gather_facts: true + + tasks: + - name: Get filesystem info + ansible.builtin.set_fact: + boot_mount: "{{ ansible_mounts | selectattr('mount', 'equalto', '/boot') | first | default() }}" + root_mount: "{{ ansible_mounts | selectattr('mount', 'equalto', '/') | first | default() }}" + home_mount: "{{ ansible_mounts | selectattr('mount', 'equalto', '/home') | first | default() }}" + + - name: Debug boot_mount + ansible.builtin.debug: + msg: "{{ boot_mount }}" + + - name: Show size used -- /boot + ansible.builtin.debug: + msg: "{{ (boot_mount['block_used'] * boot_mount['block_size']) | human_readable }}" + when: + - boot_mount['block_used'] is defined + + - name: Show size used -- / + ansible.builtin.debug: + msg: "{{ (root_mount['block_used'] * root_mount['block_size']) | human_readable }}" + when: + - root_mount | length > 0 + + - name: Show size used -- /home + ansible.builtin.debug: + msg: "{{ (home_mount['block_used'] * home_mount['block_size']) | human_readable }}" + when: + - home_mount | length > 0 diff --git a/tasks/lock_pkg copy.yml b/tasks/lock_pkg copy.yml new file mode 100644 index 0000000..9d43924 --- /dev/null +++ b/tasks/lock_pkg copy.yml @@ -0,0 +1,98 @@ +--- +# httpd-2.4.6-18.el7_0 +# item | regex_replace('(\\w+-\\d+)\\..*$', '\\1') + +- name: Debug item + ansible.builtin.debug: + var: item + +# - name: Regex test 1 +# ansible.builtin.debug: +# msg: "{{ item | regex_replace('(\\w+.?)-(\\d+\\..*)(\\.el.*$)', '\\1 + \\2 + \\3') }}" + +# - name: Regex test 2 +# ansible.builtin.debug: +# msg: "{{ item | regex_replace('^.*?-(\\d+.*$)', '\\1') }}" + +# - name: Regex test 3 +# ansible.builtin.debug: +# msg: "{{ item | regex_replace('^(\\w+.*?)-\\d+.*?$', '\\1') }}" + +# - name: Regex test +# ansible.builtin.debug: +# msg: "{{ item | regex_replace('(\\w+.?)-(\\d+\\..*$)', '\\1 + \\2') }}" + +# - name: Set package name and version facts +# ansible.builtin.set_fact: +# pkg_name: "{{ item | regex_replace('(\\w+.?)-\\d+\\..*$', '\\1') }}" +# pkg_vers: "{{ item | regex_replace('\\w+.?-(\\d+\\..*$)', '\\1') }}" + +- name: Set package name and version facts + ansible.builtin.set_fact: + pkg_name: "{{ item | regex_replace('^(\\w+.*?)-\\d+.*?$', '\\1') }}" + pkg_vers: "{{ item | regex_replace('^.*?-(\\d+.*$)', '\\1') }}" + +- name: Display package name and version + ansible.builtin.debug: + msg: "Package: {{ pkg_name }} || Version: {{ pkg_vers }}" + +# this is the right track... +# conditions: +# - versionlock doesnt exist for pkg +# - add versionlock +# - versionlock exists for pkg and version matches +# - move on +# - versionlock exists for pkg and version mismatch +# - clear current lock +# - add new lock for new version +# - pkg doesnt exist +# - fail with message stating to check pkg name/version + + +# - name: End host +# ansible.builtin.meta: end_host + +# - name: "Check if lock currently exists for {{ item }}" +# ansible.builtin.command: +# cmd: "grep -c {{ item | regex_replace('(\\w+-\\d+)\\..*$', '\\1') }} /etc/yum/pluginconf.d/versionlock.list" +# failed_when: versionlock_check['rc'] not in [0, 1] +# changed_when: false +# register: versionlock_check + +# - name: Debug versionlock_check +# ansible.builtin.debug: +# var: versionlock_check +# # verbosity: 1 + +# - name: "Clear old version lock if present for {{ item }}" +# when: +# - versionlock_check['rc'] == 0 +# block: +# - name: "Clear existing locks via wildcard match for {{ item }}" # noqa: command-instead-of-module +# ansible.builtin.command: "yum versionlock delete '{{ item | regex_replace('(\\w+-\\d+)\\..*$', '\\1') }}*'" +# register: versionlock_rm + +# - name: Debug versionlock_rm +# ansible.builtin.debug: +# var: versionlock_rm + +# - name: "Version lock package: {{ item }}" +# # when: +# # - versionlock_check['rc'] == 1 +# block: +# - name: "Version locking: {{ item }}" # noqa: command-instead-of-module +# ansible.builtin.command: "yum versionlock {{ item }}" +# # changed_when: "'Adding versionlock on:' in versionlock_pkg['stdout']" +# # failed_when: "'Package already locked' in versionlock_pkg['stdout']" +# changed_when: "'versionlock added: 1' in versionlock_pkg['stdout']" +# failed_when: "'versionlock added: 0' in versionlock_pkg['stdout']" +# register: versionlock_pkg + +# - name: Debug versionlock_pkg +# ansible.builtin.debug: +# var: versionlock_pkg +# verbosity: 1 +# rescue: +# - name: Failed to add versionlock +# ansible.builtin.fail: +# msg: "Failed to add versionlock for item: {{ item }}. Please re-check package name/version." diff --git a/tasks/lock_pkg.yml b/tasks/lock_pkg.yml new file mode 100644 index 0000000..f8727c9 --- /dev/null +++ b/tasks/lock_pkg.yml @@ -0,0 +1,70 @@ +--- +# conditions: +# - versionlock doesnt exist for pkg *** +# - add versionlock +# - versionlock exists for pkg and version matches *** +# - move on +# - versionlock exists for pkg and version mismatch *** +# - clear current lock +# - add new lock for new version +# - pkg doesnt exist *** +# - fail with message stating to check pkg name/version +# +# package examples: +# - httpd-2.4.6-18.el7_0 +# - httpd-tools-2.4.6-18.el7_0 +############################################################################### + +- name: Set package name fact + ansible.builtin.set_fact: + r_pkg_name: "{{ item | regex_replace('^(\\w+.*?)-\\d+.*?$', '\\1') }}" + +- name: "Check if versionlock currently exists: {{ r_pkg_name }}" + ansible.builtin.command: + cmd: "grep '^0:{{ r_pkg_name }}-[[:digit:]]' /etc/yum/pluginconf.d/versionlock.list" + failed_when: r_versionlock_check['rc'] not in [0, 1] + changed_when: false + register: r_versionlock_check + +- name: "Check existing versionlock: {{ item }}" + when: + - r_versionlock_check['rc'] == 0 + block: + - name: Update package lock + when: + - item not in r_versionlock_check['stdout'] + block: + - name: "Clear existing lock due to version mismatch: {{ item }}" # noqa: command-instead-of-module + ansible.builtin.command: "yum versionlock delete '{{ r_versionlock_check['stdout'] }}'" + register: versionlock_rm + + - name: "Version locking: {{ item }}" # noqa: command-instead-of-module + ansible.builtin.command: "yum versionlock {{ item }}" + changed_when: "'versionlock added: 1' in r_versionlock_pkg['stdout']" + failed_when: "'versionlock added: 0' in r_versionlock_pkg['stdout']" + register: r_versionlock_pkg + + rescue: + - name: Failed to add versionlock + ansible.builtin.fail: + msg: "Failed to add versionlock for item: {{ item }}. Please re-check package name/version." + + +- name: "Add new versionlock: {{ item }}" + when: + - r_versionlock_check['rc'] == 1 + block: + - name: "Version locking: {{ item }}" # noqa: command-instead-of-module + ansible.builtin.command: "yum versionlock {{ item }}" + changed_when: "'versionlock added: 1' in r_versionlock_pkg['stdout']" + failed_when: "'versionlock added: 0' in r_versionlock_pkg['stdout']" + register: r_versionlock_pkg + + - name: Debug r_versionlock_pkg + ansible.builtin.debug: + var: r_versionlock_pkg + verbosity: 1 + rescue: + - name: Failed to add versionlock + ansible.builtin.fail: + msg: "Failed to add versionlock for item: {{ item }}. Please re-check package name/version." diff --git a/uuid_target.yml b/uuid_target.yml new file mode 100644 index 0000000..39c09b4 --- /dev/null +++ b/uuid_target.yml @@ -0,0 +1,33 @@ +--- +- name: UUID Target + hosts: bigboot + become: false + gather_facts: true + + vars: + uuid_target: /dev/mapper/system-swap + + tasks: + - name: Debug uuid_target + ansible.builtin.debug: + var: uuid_target + + - name: Capture UUID for target volume + ansible.builtin.set_fact: + bigboot_lv_uuid: "{{ ansible_facts['mounts'] | selectattr('device', 'equalto', uuid_target) | map(attribute='uuid') | first }}" + + - name: Display something + ansible.builtin.debug: + msg: "{{ ansible_devices['dm-1']['links']['uuids'][0] }} <-> {{ bigboot_lv_uuid }}" + + - name: Capture block device information for target logical volume + ansible.builtin.set_fact: + bigboot_lv_dm: "{{ ansible_device_links['uuids'] | dict2items | selectattr('value', 'contains', bigboot_lv_uuid) | map(attribute='key') | first }}" + + - name: Debug bigboot_lv_dm + ansible.builtin.debug: + var: bigboot_lv_dm + + - name: "Check out sizing for {{ uuid_target + ' (' + bigboot_lv_dm + ')' }}" + ansible.builtin.debug: + msg: "{{ ansible_devices[bigboot_lv_dm]['sectors'] | int * ansible_devices[bigboot_lv_dm]['sectorsize'] | int }}" diff --git a/versionlock copy.yml b/versionlock copy.yml new file mode 100644 index 0000000..4dccf8a --- /dev/null +++ b/versionlock copy.yml @@ -0,0 +1,42 @@ +--- +- name: Version Lock + hosts: temp + become: false + gather_facts: false + + vars: + lock_pkgs: + - httpd-2.4.57-5.el9 + - httpd-tools-2.4.57-5.el9 + # - httpd-2.4.6-18.el7_0 + # - httpd-tools-2.4.6-18.el7_0 + + # lock_pkgs: + # - leapp-0.17.0-2.el7_9 + # - leapp-upgrade-el7toel8-0.20.0-13.el7_9 + # - leapp-upgrade-el7toel8-deps-0.20.0-13.el7_9 + # - leapp-deps-0.17.0-2.el7_9 + # - python2-leapp-0.17.0-2.el7_9 + + tasks: + - name: Check if versionlock.list exists + ansible.builtin.stat: + path: /etc/yum/pluginconf.d/versionlock.list + register: r_versionlock_list + + - name: Touch versionlock.list if it doesn't exist + ansible.builtin.file: + path: /etc/yum/pluginconf.d/versionlock.list + state: touch + mode: "0644" + when: + - not r_versionlock_list['stat']['exists'] | bool + + - name: Install yum-plugin-versionlock + ansible.builtin.package: + name: yum-plugin-versionlock + state: present + + - name: Check list of packages and lock their version if needed + ansible.builtin.include_tasks: tasks/lock_pkg.yml + loop: "{{ lock_pkgs }}" diff --git a/versionlock.md b/versionlock.md index ee2da45..730aa6f 100644 --- a/versionlock.md +++ b/versionlock.md @@ -101,6 +101,7 @@ Observations: ------------- Use either yum-plugin-versionlock or yum.conf to lock + ``` # cat /etc/yum/pluginconf.d/versionlock.list @@ -119,3 +120,46 @@ Use either yum-plugin-versionlock or yum.conf to lock # Added locks on Tue Jan 28 15:58:15 2025 0:python2-leapp-0.17.0-2.el7_9.* ``` + + +leapp role +- included in epp2 maintenance +- disabled during freeze +- os patching does yum update all +- does all pkgs, includes leapp + + + +``` +Available Packages +httpd.x86_64 2.4.6-17.el7 rhel-7-server-rpms +httpd.x86_64 2.4.6-18.el7_0 rhel-7-server-rpms +httpd.x86_64 2.4.6-19.el7_0 rhel-7-server-rpms +httpd.x86_64 2.4.6-31.el7 rhel-7-server-rpms +httpd.x86_64 2.4.6-31.el7_1.1 rhel-7-server-rpms +httpd.x86_64 2.4.6-40.el7 rhel-7-server-rpms +httpd.x86_64 2.4.6-40.el7_2.1 rhel-7-server-rpms +httpd.x86_64 2.4.6-40.el7_2.4 rhel-7-server-rpms +httpd.x86_64 2.4.6-45.el7 rhel-7-server-rpms +httpd.x86_64 2.4.6-45.el7_3.4 rhel-7-server-rpms +httpd.x86_64 2.4.6-67.el7 rhel-7-server-rpms +httpd.x86_64 2.4.6-67.el7_4.2 rhel-7-server-rpms +httpd.x86_64 2.4.6-67.el7_4.5 rhel-7-server-rpms +httpd.x86_64 2.4.6-67.el7_4.6 rhel-7-server-rpms +httpd.x86_64 2.4.6-80.el7 rhel-7-server-rpms +httpd.x86_64 2.4.6-80.el7_5.1 rhel-7-server-rpms +httpd.x86_64 2.4.6-88.el7 rhel-7-server-rpms +httpd.x86_64 2.4.6-89.el7_6 rhel-7-server-rpms +httpd.x86_64 2.4.6-89.el7_6.1 rhel-7-server-rpms +httpd.x86_64 2.4.6-90.el7 rhel-7-server-rpms +httpd.x86_64 2.4.6-93.el7 rhel-7-server-rpms +httpd.x86_64 2.4.6-95.el7 rhel-7-server-rpms +httpd.x86_64 2.4.6-97.el7_9 rhel-7-server-rpms +httpd.x86_64 2.4.6-97.el7_9.1 rhel-7-server-rpms +httpd.x86_64 2.4.6-97.el7_9.2 rhel-7-server-rpms +httpd.x86_64 2.4.6-97.el7_9.4 rhel-7-server-rpms +httpd.x86_64 2.4.6-97.el7_9.5 rhel-7-server-rpms +httpd.x86_64 2.4.6-98.el7_9.6 rhel-7-server-rpms +httpd.x86_64 2.4.6-98.el7_9.7 rhel-7-server-rpms +httpd.x86_64 2.4.6-99.el7_9.1 rhel-7-server-rpms +``` diff --git a/versionlock.yml b/versionlock.yml index c65466e..3d37034 100644 --- a/versionlock.yml +++ b/versionlock.yml @@ -6,6 +6,8 @@ vars: lock_pkgs: + - httpd-2.4.6-80.el7 + - httpd-tools-2.4.6-80.el7 - leapp-0.17.0-2.el7_9 - leapp-upgrade-el7toel8-0.20.0-13.el7_9 - leapp-upgrade-el7toel8-deps-0.20.0-13.el7_9 @@ -13,16 +15,11 @@ - python2-leapp-0.17.0-2.el7_9 tasks: - - name: Install yum-plugin-versionlock - ansible.builtin.package: - name: yum-plugin-versionlock - state: present + # - name: Install yum-plugin-versionlock + # ansible.builtin.package: + # name: yum-plugin-versionlock + # state: present - - name: "Version lock: {{ item }}" # noqa: command-instead-of-module - ansible.builtin.command: "yum versionlock {{ item }}" - register: r_lock_pkgs + - name: Check provided list of packages and versionlock as needed + ansible.builtin.include_tasks: tasks/lock_pkg.yml loop: "{{ lock_pkgs }}" - - # - name: Debug r_lock_pkgs - # ansible.builtin.debug: - # var: r_lock_pkgs diff --git a/versionlock2.yml b/versionlock2.yml new file mode 100644 index 0000000..5355bf9 --- /dev/null +++ b/versionlock2.yml @@ -0,0 +1,57 @@ +--- +- name: Version Lock + hosts: temp + become: false + gather_facts: false + + vars: + lock_pkgs: + - leapp* + - python2-leapp + + tasks: + - name: Check for existing excludes in /etc/yum.conf + ansible.builtin.command: + cmd: "grep -i exclude= /etc/yum.conf" + register: yum_exclude_check + failed_when: yum_exclude_check['rc'] not in [0, 1] + changed_when: false + + - name: Capture current excludes if present + ansible.builtin.set_fact: + yum_current_excludes: "{{ yum_exclude_check['stdout'] | regex_replace('^exclude=', '') }}" + + - name: Debug yum_current_excludes + ansible.builtin.debug: + var: yum_current_excludes + + - name: Update yum.conf if Leapp excludes are needed + ansible.builtin.lineinfile: + path: /etc/yum.conf + regexp: "^exclude=" + line: "exclude={{ lock_pkgs | join(' ') }} {{ yum_current_excludes }}" + when: + - lock_pkgs | join(' ') not in yum_current_excludes + + - name: Re-check for existing excludes + ansible.builtin.command: + cmd: "grep -i exclude= /etc/yum.conf" + register: yum_exclude_recheck + failed_when: yum_exclude_recheck['rc'] not in [0, 1] + changed_when: false + + - name: Capture current excludes if present + ansible.builtin.set_fact: + yum_post_excludes: "{{ yum_exclude_recheck['stdout'] | regex_replace('^exclude=', '') }}" + + - name: Debug yum_current_excludes + ansible.builtin.debug: + var: yum_post_excludes + + - name: Set fact + ansible.builtin.set_fact: + foo_bar: "{{ lock_pkgs | join(' ') }}" + + - name: Debug yum_current_excludes minus lock_pkgs + ansible.builtin.debug: + msg: "{{ yum_post_excludes | regex_replace(foo_bar) }} -> {{ foo_bar }}"