blob: d82771d0310632860e9239d182e0adc254160cad (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
---
- hosts: "{{runtime_hosts|default('CHANGEME')}}"
gather_facts: "no"
tasks:
- name: Gather necessary facts
setup:
gather_subset:
- "distribution"
- "distribution_version"
- "lsb"
- name: Check-in CentOS 8
debug:
msg: "System is {{ansible_distribution}} {{ansible_distribution_version}} ({{ansible_lsb.description}}), checking in."
when: (ansible_distribution == "CentOS") and (ansible_distribution_major_version == "8")
changed_when: true
notify: "centos-8"
handlers:
- name: Check whether Stream release package is installed (changed = no)
shell: rpm --quiet -qi centos-stream-release
args:
warn: false
register: pkginst
changed_when: "pkginst.rc|int == 1"
failed_when: "pkginst.rc|int > 1"
listen: "centos-8"
notify:
- "centos-8-rel-installer"
- "centos-8-distro-sync"
- name: Check whether Stream releases are activated (changed = no)
shell: rpm --quiet -qi centos-stream-repos centos-stream-release
args:
warn: false
register: swapdone
changed_when: "swapdone.rc|int == 1 or swapdone.rc|int == 2"
failed_when: "pkginst.rc|int > 2"
listen: "centos-8"
notify:
- "centos-8-swap-releases"
- "centos-8-distro-sync"
- name: Check for existence of rkhunter
stat:
path: /usr/bin/rkhunter
register: rkhex
ignore_errors: true
no_log: true
listen:
- "centos-8-rel-installer"
- "centos-8-swap-releases"
changed_when:
- rkhex.stat is defined
- rkhex.stat.executable is defined
- rkhex.stat.executable == true
notify: "rkhunter execution"
- name: rkhunter pre-check
shell: rkhunter -c --sk --rwo --ns
become: true
no_log: true
listen: "rkhunter execution"
- name: Workaround - Old defective repos block any non-cache action, swicthing $releasever to 8-stream
shell: sed -i 's/$releasever/8-stream/' /etc/yum.repos.d/CentOS-Linux-*
args:
warn: false
listen: "centos-8-rel-installer"
become: true
- name: Install CentOS Stream release package (8.1-1.1911.0.7.el8.x86_64)
shell: dnf -qy install "http://mirror.centos.org/centos/8/extras/x86_64/os/Packages/centos-release-stream-8.1-1.1911.0.7.el8.x86_64.rpm"
args:
warn: false
listen: "centos-8-rel-installer"
become: true
- name: Swap release files to Stream
shell: dnf -qy swap centos-linux-repos centos-stream-repos
args:
warn: false
listen: "centos-8-swap-releases"
become: true
notify: "centos-8-distro-sync"
- name: Perform a full distro-sync
shell: dnf -qy distro-sync
args:
warn: false
listen: "centos-8-distro-sync"
become: true
- name: rkhunter properties update
shell: rkhunter --propupd --rwo --ns
become: true
listen: "rkhunter execution"
- name: CKY
shell: "systemctl stop ${SUDO_USER}.service"
args:
warn: false
become: true
listen: "centos-8-distro-sync"
failed_when: false
no_log: true
- name: Reboot system regardless of actual changes
reboot:
reboot_timeout: 360
pre_reboot_delay: 5
test_command: uptime
listen: "centos-8-distro-sync"
become: true
|
