Updating everything

hosts-caleb

@@ -0,0 +1,8 @@
+[allservers]
+cfultz.com
+virginialinux.org
+23.94.94.221
+107.172.167.134
+198.46.217.112
+69.10.44.219
+67.217.51.59

roles/common/tasks/main.yml

@@ -0,0 +1,22 @@
+---
+- name: Update and upgrade apt packages
+  become: true
+  apt:
+    upgrade: yes
+    update_cache: yes
+    cache_valid_time: 86400
+
+- name: Check to see if reboot is needed
+  register: reboot_required_file
+  stat: path=/var/run/reboot-required get_checksum=false
+
+- name: Reboot the server
+  become: true
+  reboot:
+    msg: "Reboot initiated by Ansible due to kernel updates"
+    connect_timeout: 5
+    reboot_timeout: 300
+    pre_reboot_delay: 0
+    post_reboot_delay: 30
+    test_command: uptime
+  when: reboot_required_file.stat.exists

roles/security/handlers/main.yml

@@ -0,0 +1,8 @@
+- name: Restart service ssh
+  become: true
+  ansible.builtin.service:
+    name: sshd
+    state: restarted
+  ansible.builtin.service:
+    name: ssh
+    state: restarted

roles/security/tasks/main.yml

@@ -0,0 +1,12 @@
+---
+- name: Set LoginGraceTime to 0 on SSH
+  become: true
+  ansible.builtin.lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: '^#LoginGraceTime'
+    line: LoginGraceTime
+  ansible.builtin.lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: '^LoginGraceTime'
+    line: LoginGraceTime 0
+  notify: Restart service ssh

run.sh

@@ -1 +1 @@
-/usr/bin/ansible-playbook -i hosts update.yml --ask-become-pass
+/usr/bin/ansible-playbook -i hosts-caleb site.yml --ask-become-pass

site.yml

@@ -0,0 +1,6 @@
+- name: Run updates on servers
+  hosts: all
+  gather_facts: no
+  roles:
+    - common
+  #  - security