---
# patching.yml
#
# This playbook can be used to patch all the servers in an inventory to the latest on the repo servers
# Variables: 
# - hosts: the host grouper in the inventory -- default: all
# - action: update or upgrade -- default: update
# - delay: minutes to wait after a reboot -- default 5
# 
#
# Patch then restart a node
- hosts: "{{ hosts | default('all') }}"
  order: sorted
  ignore_unreachable: true
  serial: 1
  vars: 
    ansible_become: yes
    ansible_become_user: root
    ansible_become_method: sudo
  vars_files:
    - "{{ playbook_dir }}/../.vault"
  tasks:
    - name: Check /var free percentage
      command: /bin/bash -c "df -m /var | tail -n 1 | awk '{ print $5; }' | sed 's/%//' "
      become: no
      register: df_output

    - name: Verify /var space
      assert: 
        that: 
          - 90 > {{ df_output.stdout }}
        fail_msg: "Not enough free space"

    - name: Patching
      ignore_errors: yes
      yum: 
        name: '*' 
        state: latest
        update_cache: yes
        # disablerepo: '*'
        enablerepo: rhel-7-server-rpms-nist

      register: patching_output
          
    - debug: 
        msg: "{{ patching_output }}" 

    - name: Reboot
      reboot:
        
    - name: Wait for reboot
      wait_for_connection: