From 6b1d139f5e921006fff1f66ee3e88ab8748a069b Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@geeklabor.de>
Date: Thu, 15 Nov 2018 21:38:39 +0100
Subject: [PATCH] initial commit

---
 defaults/main.yml                  | 15 ++++++
 handlers/main.yml                  | 15 ++++++
 tasks/main.yml                     |  3 ++
 tasks/repository.yml               | 15 ++++++
 tasks/yum_cron.yml                 | 51 ++++++++++++++++++
 templates/etc/cron.d/x-yum.j2      | 12 +++++
 templates/etc/yum/yum-cron.conf.j2 | 83 ++++++++++++++++++++++++++++++
 7 files changed, 194 insertions(+)
 create mode 100644 defaults/main.yml
 create mode 100644 handlers/main.yml
 create mode 100644 tasks/main.yml
 create mode 100644 tasks/repository.yml
 create mode 100644 tasks/yum_cron.yml
 create mode 100644 templates/etc/cron.d/x-yum.j2
 create mode 100644 templates/etc/yum/yum-cron.conf.j2

diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..fabada9
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,15 @@
+---
+yum_cron_custom_cronjob: False
+yum_cron_apply_updates: no
+yum_cron_download_updates: yes
+yum_cron_email_from: root@localhost
+yum_cron_email_to: root
+yum_cron_emit_via: stdio
+
+# yum_repositories: (defaults to not set)
+#   epel:
+#     filename: Extra-EPEL
+#     desc: Extra Packages for Enterprise Linux (EPEL)
+#     baseurl: "http://download.fedoraproject.org/pub/epel/$releasever/$basearch/"
+#     gpgkey: "http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-$releasever/"
+#     enabled: True
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..8400860
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,15 @@
+---
+- block:
+    - name: Upgrade all packages
+      yum:
+        name: "*"
+        state: latest
+      listen: __yum_upgrade
+
+    - name: Restart yum-cron
+      service:
+        name: yum-cron
+        state: restarted
+      listen: __yum_cron_restart
+  become: True
+  become_user: root
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..3253b3c
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,3 @@
+---
+- import_tasks: yum_cron.yml
+- import_tasks: repository.yml
diff --git a/tasks/repository.yml b/tasks/repository.yml
new file mode 100644
index 0000000..7a59fe8
--- /dev/null
+++ b/tasks/repository.yml
@@ -0,0 +1,15 @@
+---
+- name: Add common yum repositories
+  yum_repository:
+    name: "{{ item.key }}"
+    file: "{{ item.value.filename }}"
+    description: "{{ item.value.desc }}"
+    baseurl: "{{ item.value.baseurl }}"
+    gpgkey: "{{ item.value.gpgkey }}"
+    enabled: "{{ item.value.enabled }}"
+  with_dict: "{{ yum_repositories | default({}) }}"
+  loop_control:
+    label: "{{ item.key }}"
+  notify: __yum_upgrade
+  become: True
+  become_user: root
diff --git a/tasks/yum_cron.yml b/tasks/yum_cron.yml
new file mode 100644
index 0000000..dce64be
--- /dev/null
+++ b/tasks/yum_cron.yml
@@ -0,0 +1,51 @@
+---
+- block:
+    - name: Install yum-cron
+      package:
+        name: yum-cron
+        state: latest
+
+    - name: Ensure yum-cron is enabled and running
+      service:
+        name: yum-cron
+        state: started
+
+    - name: Adjust yum-cron config file
+      template:
+        src: etc/yum/yum-cron.conf.j2
+        dest: /etc/yum/yum-cron.conf
+        owner: root
+        group: root
+        mode: 0644
+      notify: __yum_cron_restart
+  become: True
+  become_user: root
+
+- block:
+    - name: Remove default cronjobs for yum-cron
+      file:
+        path: "{{ item }}"
+        state: absent
+      with_items:
+        - /etc/cron.daily/0yum-daily.cron
+        - /etc/cron.hourly/0yum-hourly.cron
+
+    - name: Add custom cronjob for yum-cron
+      template:
+        src: etc/cron.d/x-yum.j2
+        dest: /etc/cron.d/x-yum
+        owner: root
+        group: root
+        mode: 0755
+
+    - name: Configure crontab to use custom yum-cron cronjob
+      cron:
+        name: yum-cron
+        minute: 0
+        hour: 3
+        user: root
+        cron_file: /etc/crontab
+        job: "/bin/sh /etc/cron.d/x-yum"
+  become: True
+  become_user: root
+  when: yum_cron_custom_cronjob
diff --git a/templates/etc/cron.d/x-yum.j2 b/templates/etc/cron.d/x-yum.j2
new file mode 100644
index 0000000..afef152
--- /dev/null
+++ b/templates/etc/cron.d/x-yum.j2
@@ -0,0 +1,12 @@
+#!/bin/bash
+# {{ ansible_managed }}
+
+# Only run if this flag is set. The flag is created by the yum-cron init
+# script when the service is started -- this allows one to use chkconfig and
+# the standard "service stop|start" commands to enable or disable yum-cron.
+if [[ ! -f /var/lock/subsys/yum-cron ]]; then
+  exit 0
+fi
+
+# Action!
+exec /usr/sbin/yum-cron
diff --git a/templates/etc/yum/yum-cron.conf.j2 b/templates/etc/yum/yum-cron.conf.j2
new file mode 100644
index 0000000..818ff61
--- /dev/null
+++ b/templates/etc/yum/yum-cron.conf.j2
@@ -0,0 +1,83 @@
+# {{ ansible_managed }}
+
+[commands]
+#  What kind of update to use:
+# default                            = yum upgrade
+# security                           = yum --security upgrade
+# security-severity:Critical         = yum --sec-severity=Critical upgrade
+# minimal                            = yum --bugfix update-minimal
+# minimal-security                   = yum --security update-minimal
+# minimal-security-severity:Critical =  --sec-severity=Critical update-minimal
+update_cmd = default
+
+# Whether a message should be emitted when updates are available,
+# were downloaded, or applied.
+update_messages = yes
+
+# Whether updates should be downloaded when they are available.
+download_updates = {{ yum_cron_download_updates }}
+
+# Whether updates should be applied when they are available.  Note
+# that download_updates must also be yes for the update to be applied.
+apply_updates = {{ yum_cron_apply_updates }}
+
+# Maximum amout of time to randomly sleep, in minutes.  The program
+# will sleep for a random amount of time between 0 and random_sleep
+# minutes before running.  This is useful for e.g. staggering the
+# times that multiple systems will access update servers.  If
+# random_sleep is 0 or negative, the program will run immediately.
+# 6*60 = 360
+random_sleep = 360
+
+
+[emitters]
+# Name to use for this system in messages that are emitted.  If
+# system_name is None, the hostname will be used.
+system_name = None
+
+# How to send messages.  Valid options are stdio and email.  If
+# emit_via includes stdio, messages will be sent to stdout; this is useful
+# to have cron send the messages.  If emit_via includes email, this
+# program will send email itself according to the configured options.
+# If emit_via is None or left blank, no messages will be sent.
+emit_via = {{ yum_cron_emit_via }}
+
+# The width, in characters, that messages that are emitted should be
+# formatted to.
+output_width = 80
+
+
+[email]
+# The address to send email messages from.
+# NOTE: 'localhost' will be replaced with the value of system_name.
+email_from = {{ yum_cron_email_from }}
+
+# List of addresses to send messages to.
+email_to = {{ yum_cron_email_to }}
+
+# Name of the host to connect to to send email messages.
+email_host = localhost
+
+
+[groups]
+# NOTE: This only works when group_command != objects, which is now the default
+# List of groups to update
+group_list = None
+
+# The types of group packages to install
+group_package_types = mandatory, default
+
+[base]
+# This section overrides yum.conf
+
+# Use this to filter Yum core messages
+# -4: critical
+# -3: critical+errors
+# -2: critical+errors+warnings (default)
+debuglevel = -2
+
+# skip_broken = True
+mdpolicy = group:main
+
+# Uncomment to auto-import new gpg keys (dangerous)
+# assumeyes = True