-
Notifications
You must be signed in to change notification settings - Fork 0
/
CTASK0010806.yml
134 lines (128 loc) · 7.64 KB
/
CTASK0010806.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
---
# Red Hat Insights has recommended one or more actions for you, a system administrator, to review and if you
# deem appropriate, deploy on your systems running Red Hat software. Based on the analysis, we have automatically
# generated an Ansible Playbook for you. Please review and test the recommended actions and the Playbook as
# they may contain configuration changes, updates, reboots and/or other changes to your systems. Red Hat is not
# responsible for any adverse outcomes related to these recommendations or Playbooks.
# Upgrade packages affected by CVE-2023-28486
# Identifier: (vulnerabilities:CVE-2023-28486,fix)
# Version: unknown
- name: update vulnerable packages
hosts: "ec2-54-176-168-9.us-west-1.compute.amazonaws.com"
vars:
insights_issues: "--cve CVE-2023-28486"
insights_signature_exclude: /hosts,/vars/insights_signature,/vars/insights_issues
insights_signature: !!binary |
TFMwdExTMUNSVWRKVGlCUVIxQWdVMGxIVGtGVVZWSkZMUzB0TFMwS1ZtVnljMmx2YmpvZ1IyNTFV
RWNnZGpFS0NtbFJTVlpCZDFWQldrWjZORlJqZG5jMU9FUXJhalZ3VGtGUmFUVm9aeTh2VTBKTmNY
RnZRekYzVFRWU1JFUk9ibFYwUVRoRE9XZG5UVlV2UVhObVMwMEtZMXBKY0c1aVIyWnhhbEkzYzJw
NFFYSXpkWGxZUWxReVQyOTBOVUp5V0dOQlQyTXdhblJJVDJ0UlJFTmhlR1ozYmxZeVVWSldiVUkw
WWxOSllYbFNRZ3BKY1U5aE1tbEhSREZSTlN0bmVVUnNkM1poZEhkSmRFaEViME4wZGs1QmVFRkJi
bmRrVUVkWlJEVnJSMWNyZEdFNVExQkJaa2RaVTNsQ1RIRm9PVFZuQ21zMFlrNTBkMHRVUzFOYVNV
WTJVbWN5TUdKWFRFdzBUa1l4ZUVJeGJ6VlJWMmxqVDBwaGNtVlphazhyZW01TFZEVTJiMDQyUzFC
TlRtSnNVV0ppYVRrS1NFTk1SMjVaYmtFMWJVdzNSbkJTYm1jMVIySlRVRVJyV2sxUWFURlBURzF4
U3prdlpWWnFhMXBsWVhoWFpUWkdRamR0Vm5ST2FtTnFZM2xUUTNkcU9RcHFORVI1WVVSclNrOUJX
a0pzYkhKc1lVczNUbEE0UmpkVk5rMHlWbVYyWTNGS1lsUXllbkUzZFZWcWVITjJNV2d4ZGpoSFN6
UkpkbWhWY25sT2NsWk5Da3hHYUU1MlZtSm9UV3R5VGpoRVpVNVRSMUp1YWxadGFWQkRkbmw1UWtK
NlEyOTBiVXBaZDFFMUsyTkxNbUZ1VVZKUFNWQnRVVFpHZURoamRrRkhSa2NLT1hwWVEyZE1TRGhu
WTFSV2JHaFZORFJtZFdORlJ6TXZXbEpwVjFsNFpuaG5aR3BZV1N0MlZFTktNbWxUY1hGUEsyRlBS
WEp2Y2s5eGRFZHNNVmx4ZVFwalVWTnNlbkI0T1U0NWJXSklMM0prWTFaSVVUTXJPREZsVG1WeWMx
SlphSGhVWlhvck5reFRkRGt2YVM5YU4wMWxOMkpUWjB4aVVuVlhhVkJrVFRCU0NucHlRelUzTlVj
MVpqSXhiV05UVERGak0wdExhRWRwVVdNM1pFeEtZbmh3T1hvd05rVkZUMmhXVTNNeE5VaEtTbFEw
T0RkT1kzcFRRVFIxWlhrclQzWUtaRmQ0VkcweVFVWnhORVZyTTBWTmIxaGpRblZIZWtwTE4zRXJT
VXBCVGtOU1VqWjVNVlZHWWpZckt6WnRheXMzYjNSRFNHcDVWMlZsYkVaaVExbFNlUXBuU1ZONFlt
RjZiSEpLVlQwS1BUbEtZbFFLTFMwdExTMUZUa1FnVUVkUUlGTkpSMDVCVkZWU1JTMHRMUzB0Q2c9
PQ==
become: true
tasks:
- name: check for update
shell: "{{ ansible_facts['pkg_mgr'] }} check-update -q {{ insights_issues | regex_search('(--cve (CVE-[0-9]{4}-[0-9]+)\\s*)+') }}"
check_mode: no
register: check_out
failed_when: check_out.rc != 0 and check_out.rc != 100
- when: check_out.rc == 100
name: upgrade package
shell: "{{ ansible_facts['pkg_mgr'] }} upgrade -v -y {{ insights_issues | regex_search('(--cve (CVE-[0-9]{4}-[0-9]+)\\s*)+') }}"
- when: check_out.rc == 100
name: set reboot fact
set_fact:
insights_needs_reboot: true
# Reboots a system if any of the preceeding plays sets the 'insights_needs_reboot' variable to true.
# The variable can be overridden to suppress this behavior.
- name: Reboot system (if applicable)
hosts: "ec2-54-176-168-9.us-west-1.compute.amazonaws.com"
become: true
gather_facts: false
vars:
insights_signature_exclude: /hosts,/vars/insights_signature
insights_signature: !!binary |
TFMwdExTMUNSVWRKVGlCUVIxQWdVMGxIVGtGVVZWSkZMUzB0TFMwS1ZtVnljMmx2YmpvZ1IyNTFV
RWNnZGpFS0NtbFJTVlpCZDFWQldVaHBRMVk0ZG5jMU9FUXJhalZ3VGtGUmFrMUVRa0ZCYTJOeE1W
WlhVbEF3VUVoMGRIRjBWMGt4UkZSdU4zcE1kbFUyU0hKd2QxSUtUbkJ3Um5SWGJWRktiM2xxYm1w
bE5XUmFSemMxUTNCU1kzZGFPRU5XVW5sRlRVRXpVREExZW1Kc1UzSnFWbTUxVW5oNlpVeG1SbTFy
YW1SRVJWcHdjZ3ByWTJ0d2FFazJSVUpIYWtJemEyaGFUalJ5YTNwUWRWQm1PR1pMUVdsSE1ESmxk
SGhXVFZWV01tZHRkV3c0UjBJMmRIcEpkRk5uVFRGQlFYQkdORTFRQ2s1NFRDOUpUMlY2ZFdRMGFt
VlFaV05KZWpGS1dtMTVkVGgzWTNoVFZqWkpTbTVPU1VGSGVHYzVWRUpVYzNNMFEwbHVaVlZXY0RG
VWRrUlFPUzlHVXk4S2VGaFlaMFphWlM5VlZuQjBaRzA1ZDJkbmRVOXRiR2hvWVZCTVZHNU5Tbkoy
UVRsV2FVUnZRVzV2WWt0b1VIbEtZMHBSYjJOTFdrRlRjVTF6ZWs1VWNncHVNek5JYlRoUk9IQnRW
VTFLYldobU9VRnZkM2x4VW5GWVVHeHpXVGwzT0UxRU1WQkZjR3htY2pJeVlYTjFMMHhvYjNGNlIz
TmtOMUUxTTJwdFMyNXBDaXM1Y0VjeWEzVkNSVXhpVVhoblRHcERiVlZsUzFCdmJuaFhjM0JuVFZs
M2VYQjFaVFJvYnl0dmFsZG5WRGR2ZG1GbFRFNVRTMkV2UkZOS2JEWldRaThLZEd4YUwxUXJPRFZr
Ym5ZclNWb3phbEJTZFM5bVpuZFBkVVpVV2xoNmVGTkJUalZSV1M5ak15c3hhbUZSTDBKeFdYTmhi
M2RpUkZreGRXUXZVeXRsYVFwa2FEa3JWRkV5TlVKa1NYa3hibGh3ZWpoV1JHbHpjbEp3Y0VrNWFs
SldWakkwTVVVelRVWkhka1ZaTm1aVFYzSlZWMWMzY0RKbFpUbGphelpOVlUweUNrNUZjRXBLWm5G
UFNFdHBjRXRPZVRKdVFVRTJURmcxTHpNeGFWSk9VSEZZVXpKRVdqSlpkbVZTUTJOMmVDOHZPVTlo
UzFWd1FsZElZVmxYYW5STU4wWUtSWFJWVEZGeFZESkJPVTF3WjFSU1RtOU5WbEZ4Y1haQ01GUlBP
WE00TmxoTmRuUkdRa1IzYW5SbWIxSm9NRnBEYlUwME1FRlhRMHBxT0RKNlduTlRZUXBCYXpkUEsy
UkpkMFl5VVQwS1BWcEtiallLTFMwdExTMUZUa1FnVUVkUUlGTkpSMDVCVkZWU1JTMHRMUzB0Q2c9
PQ==
tasks:
- when:
- insights_needs_reboot is defined
- insights_needs_reboot
block:
- name: Reboot system
shell: sleep 2 && shutdown -r now "Ansible triggered reboot"
async: 1
poll: 0
ignore_errors: true
- name: Wait for system to boot up
local_action:
module: wait_for
host: "{{ hostvars[inventory_hostname]['ansible_host'] | default(hostvars[inventory_hostname]['ansible_ssh_host'], true) | default(inventory_hostname, true) }}"
port: "{{ hostvars[inventory_hostname]['ansible_port'] | default(hostvars[inventory_hostname]['ansible_ssh_port'], true) | default('22', true) }}"
delay: 15
search_regex: OpenSSH
timeout: 300
become: false
- name: run insights
hosts: "ec2-54-176-168-9.us-west-1.compute.amazonaws.com"
become: true
gather_facts: false
vars:
insights_signature_exclude: /hosts,/vars/insights_signature
insights_signature: !!binary |
TFMwdExTMUNSVWRKVGlCUVIxQWdVMGxIVGtGVVZWSkZMUzB0TFMwS1ZtVnljMmx2YmpvZ1IyNTFV
RWNnZGpFS0NtbFJTVlpCZDFWQldVaHBRaXR6ZG5jMU9FUXJhalZ3VGtGUmFXdDRaeTh2WmtaRFoz
QXlTblIxVEd0UU5qQnNTa3BZYm1GU1JGTjVjVVYwU0ZSNlRGY0tOVlZSVlc5MWEyUmpVRFJVUlZn
d01EaDFhRkJHUzFaSmVrdFVTR2RsYTFOaU1UUXlkMjlQYm5sR2VUUnpRbEJrZEZoaGREVlliWEp0
VGxsR1EwaEVWZ28xYVhSdlNrcDBPVzg1UWtkQlJVaDVZMFJ3SzBoNVNqWXphM0paZVRGUk1rOXVU
azF3VjJaSmNtYzJUakJXVTJoa1JtVk1lR0ppTjBaMlpFaEpjbFo2Q2pJNGFrdHhOemx1Tm13eUx6
aDZZVkJSTDFkWVZIWkNaMDVhUkVWTFJ6TmhSSFl3WVRkbWIyUnlPRWhEZGxseE5tNUhNRkZOY1RO
U1ZFOXBkbFZtTTFnS1JuQnlhVTh2TDNKSlRDOVlSelE1TTA1NGFWSjBRakVyZEhSUk0wZHNhM1ZE
ZFVwck1EQkdaREp0ZDNZNFprRnZaR2xUUW5aelQydEpZekZyV25adFN3cEJjR3BEY1ZKMWVHaExU
MDgzYWxZM1FYSnRTV0p6TkhobVJrUkJVMkZaV2t4R01VMHZhME42ZWs1d1MwTjFhbE5hVUUxRlVt
WlhhV2RHVGpGMWRqRjNDalpQSzB0b1pTdFJVRU5hUm5CV1kwVndSbTFSTVdwcWFrOVFPV2haSzNW
alZWSnhSVEkyTlhGTWRuWnFSWE4wUW5WQk4xQkZNRVZ3UkRsaU5VaFZSM1lLTkZKemJXc3pNbFpC
Vnl0WE5IWk1VRWQwZG1sQ00wSXpUbE0wZUhCdVIzSmlObGs1Y1cwNFZuVTJSRUZIV2xOYWRsbFlk
bWQwTm1WR2N6RTVTVFZZUWdvMGVtcFVSRUlyTW1sT2NrcE9jM2d5YURoU1VGVnJMMmhZUzFKMGEy
WnZZMlpKZVRkcGNWY3hiMGRsTlZSMmFqTTFSbXRqUld0YU9VRnpSMjl6WXpWMENuUlZkVlZJWWpS
ME5EVTFSSE5EWlZWc1ZEZFNOakJDTTB4d1Z6TmlTRTF0YzFCMEx6RktNRFEwYm1KS2RFTkhUM1Jy
UVVWWVRsVTJlbGxUTDNBMFFqSUtaSFYxY2tZdlNHUnFWWFJNVDNSdlNFTnlZVWd2WkZwaFRVNTZk
MVZpZUc1VFZXUkdZU3R6TTBaNFJHczFVVkU0VVRaMVVucFpRbWw0WkcxeWREZGpUQXBKYTA1NlEy
aHBRMDlrY3owS1BVMVZOMk1LTFMwdExTMUZUa1FnVUVkUUlGTkpSMDVCVkZWU1JTMHRMUzB0Q2c9
PQ==
tasks:
- name: run insights
command: insights-client
changed_when: false