forked from RedHatInsights/insights-frontend-assets
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathamq-sg-rule-insights-34313-1522195131560.yml
76 lines (69 loc) · 2.79 KB
/
amq-sg-rule-insights-34313-1522195131560.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
---
# Red Hat Insights has recommended one or more actions for you, a system administrator, to review and if you
# deem appropriate, deploy on your systems running Red Hat software. Based on the analysis, we have automatically
# generated an Ansible Playbook for you. Please review and test the recommended actions and the Playbook as
# they may contain configuration changes, updates, reboots and/or other changes to your systems. Red Hat is not
# responsible for any adverse outcomes related to these recommendations or Playbooks.
#
# Generated by Red Hat Insights on Tue, 08 May 2018 23:58:51 GMT
# Recommendation:
# You must add an ICMP rule to your inbound security group rules to ensure that your instance can receive and does
# not drop the following ICMP message: 'Destination Unreachable: Fragmentation Needed and Don't Fragment was Set'.
- name: Add Security Group Rule
hosts: apache0
become: True
gather_facts: False
vars:
rule_list:
- { proto: icmp, type: 3, code: 4, src_cidr_ip: 0.0.0.0/0 }
ec2_group_region: 'us-east-2'
ec2_group_vpc: 'vpc-295720575'
ec2_group_description: 'Incoming AMQ'
ec2_group_name: 'incoming_amq'
vars_files:
- vars/aws_config.yml
tasks:
- name: set reboot fact
set_fact:
insights_needs_reboot: False
- name: update security group rule
ec2_group:
name: '{{ ec2_group_name }}'
description: '{{ ec2_group_description }}'
vpc_id: '{{ ec2_group_vpc }}'
aws_access_key: '{{ access_key }}'
aws_secret_key: '{{ secret_key }}'
region: '{{ ec2_group_region }}'
rules: '{{ rule_list }}'
# Reboots a system if any of the preceeding plays sets the 'insights_needs_reboot' variable to true.
# The variable can be overridden to suppress this behavior.
- name: Reboot system (if applicable)
hosts: apache0
become: True
gather_facts: False
tasks:
- when:
- insights_needs_reboot is defined
- insights_needs_reboot
block:
- name: Reboot system
shell: sleep 2 && shutdown -r now "Ansible triggered reboot"
async: 1
poll: 0
ignore_errors: true
- name: Wait for system to boot up
local_action:
module: wait_for
host: "{{ hostvars[inventory_hostname]['ansible_host'] | default(hostvars[inventory_hostname]['ansible_ssh_host'], true) | default(inventory_hostname, true) }}"
port: "{{ hostvars[inventory_hostname]['ansible_port'] | default(hostvars[inventory_hostname]['ansible_ssh_port'], true) | default('22', true) }}"
delay: 15
timeout: 300
become: false
- name: run insights
hosts: apache0
become: True
gather_facts: False
tasks:
- name: run insights
command: redhat-access-insights
changed_when: false