From 461adeaac14feb64bd930b6104917d6a56f4b4ca Mon Sep 17 00:00:00 2001 From: Harald Pfeiffer Date: Sun, 12 Dec 2021 13:41:38 +0100 Subject: Integration of Arch --- patch.yml | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 63 insertions(+), 6 deletions(-) diff --git a/patch.yml b/patch.yml index 92f86b2..e4c26c4 100644 --- a/patch.yml +++ b/patch.yml @@ -29,6 +29,12 @@ when: ansible_distribution_file_variety == "SUSE" or ansible_distribution_file_variety == "SuSE" changed_when: true notify: "suse upd" + - name: Set up Arch and derivatives + debug: + msg: "System is {{ansible_distribution}} ({{ansible_distribution_file_variety}}), checking in." + when: ansible_distribution_file_variety == "Archlinux" + changed_when: true + notify: "arch upd" handlers: - name: Update yum/dnf cache (RHEL) # We want to see a dedicated failure if the repos cannot be fetched already. @@ -43,9 +49,14 @@ listen: "redhat upd" - name: Update repository cache (Debian) apt: - update_cache: yes + update_cache: "yes" become: true listen: "debian upd" + - name: Update repository cache (Arch) + pacman: + update_cache: "yes" + become: true + listen: "arch upd" - name: Check for upgrades (RHEL) # yum check-upgrade would normally throw an RC 100 if updates are available. # But through ansible: RC0! Weeeee @@ -72,6 +83,17 @@ - "debian updates available" - "rkhunter" listen: "debian upd" + - name: Check for upgrades (Arch) + # TODO: pikaur + shell: /usr/bin/pacman -Qu + become: true + register: pue + failed_when: pue.rc|int > 1 + changed_when: pue.rc|int == 0 + notify: + - "arch updates available" + - "rkhunter" + listen: "arch upd" - name: Check for existence of rkhunter stat: path: /usr/bin/rkhunter @@ -131,7 +153,39 @@ become: true # we listen to "debian upd" here in case a previous cleanup was skipped. Change to "debian updates available" if undesired. listen: "debian upd" - - name: Check for existence of needrestart (Debian) +# - name: Check for existence of needrestart (Debian) +# stat: +# path: /usr/sbin/needrestart +# register: nrex +# ignore_errors: "yes" +# no_log: true +# failed_when: false +# changed_when: +# - nrex.stat.exists == true +# - nrex.stat.executable == true +# # we listen to "debian upd" here in case a previous reboot was not executed. If undesired, change to "debian updates available". +# notify: "debian needrestart" +# listen: "debian upd" +# - name: Check for outdated kernel (Debian) +# shell: /usr/sbin/needrestart -pk +# register: kernout +# when: +# - nrex.stat.exists == true +# - nrex.stat.executable == true +# become: true +# changed_when: "kernout.rc|int == 1" +# listen: "debian needrestart" +# notify: "Reboot if required" +# # failed_when necessary to have a change for RC 1 instead of a failure +# failed_when: kernout.rc > 1 + - name: Upgrade packages (Arch) + pacman: + # DO NOT RUN payman -Sy instead of pacman -Syu, i.e. avoid partial upgrades: + update_cache: "yes" + upgrade: "yes" + become: true + listen: "arch updates available" + - name: Check for existence of needrestart (Debian, Arch) stat: path: /usr/sbin/needrestart register: nrex @@ -142,9 +196,12 @@ - nrex.stat.exists == true - nrex.stat.executable == true # we listen to "debian upd" here in case a previous reboot was not executed. If undesired, change to "debian updates available". - notify: "debian needrestart" - listen: "debian upd" - - name: Check for outdated kernel (Debian) + notify: + - "debian arch needrestart" + listen: + - "debian upd" + - "arch upd" + - name: Check for outdated kernel (Debian, Arch) shell: /usr/sbin/needrestart -pk register: kernout when: @@ -152,7 +209,7 @@ - nrex.stat.executable == true become: true changed_when: "kernout.rc|int == 1" - listen: "debian needrestart" + listen: "debian arch needrestart" notify: "Reboot if required" # failed_when necessary to have a change for RC 1 instead of a failure failed_when: kernout.rc > 1 -- cgit v1.2.3