--- - name: Prüfe OS-Typ und Version debug: msg: "OS: {{ ansible_facts['os_family'] }} Version: {{ ansible_facts['distribution_version'] }}" - name: Erstelle Log-Verzeichnis file: path: "{{ log_dir }}" state: directory mode: '0755' register: logdir_result ignore_errors: true - name: Breche ab, wenn Log-Verzeichnis nicht erstellt werden kann fail: msg: "Log-Verzeichnis konnte nicht erstellt werden: {{ logdir_result.msg | default('Unbekannter Fehler') }}" when: logdir_result is failed - name: Konfiguriere mailx (Absender) lineinfile: path: /etc/mail.rc line: "set from=auto-upgrade@{{ inventory_hostname }}" create: yes state: present become: true register: mailx_from_result ignore_errors: true - name: Logge Fehler bei mailx-Konfiguration (Absender) copy: content: "mailx-Konfigurations-Fehler: {{ mailx_from_result.msg | default('Unbekannter Fehler') }}" dest: "{{ log_dir }}/mailx_error_{{ inventory_hostname }}.log" when: mailx_from_result is failed - name: Konfiguriere mailx für externen SMTP-Server (optional) blockinfile: path: /etc/mail.rc block: | set smtp=smtp://{{ mail_smtp_host }}:{{ mail_smtp_port }} set smtp-auth=login set smtp-auth-user={{ mail_smtp_user }} set smtp-auth-password={{ mail_smtp_pass }} set ssl-verify=ignore set nss-config-dir=/etc/pki/nssdb when: mail_smtp_host is defined and mail_smtp_user is defined and mail_smtp_pass is defined become: true register: mailx_smtp_result ignore_errors: true - name: Logge Fehler bei mailx-Konfiguration (SMTP) copy: content: "mailx-SMTP-Konfigurations-Fehler: {{ mailx_smtp_result.msg | default('Unbekannter Fehler') }}" dest: "{{ log_dir }}/mailx_error_{{ inventory_hostname }}.log" when: mailx_smtp_result is failed - name: Sende Failsafe-Mail an app_mail und host_email bei Fehler mail: host: "localhost" port: 25 to: | {{ app_mail | default('') }}{{ ',' if app_mail is defined and app_mail != '' else '' }}{{ host_email | default(mail_to) }} subject: "[FAILSAFE] Fehler beim Patch/Upgrade auf {{ inventory_hostname }}" body: | Es ist ein Fehler beim Patch/Upgrade auf {{ inventory_hostname }} (FQDN: {{ ansible_fqdn }}) aufgetreten. Siehe Log-Verzeichnis: {{ log_dir }} Zeit: {{ ansible_date_time.iso8601 }} when: (ansible_failed_result is defined and ansible_failed_result is not none) or (rollback is defined and rollback) ignore_errors: true - name: Extrahiere Log-Summary für Admin-Mail shell: | tail -n 20 {{ log_dir }}/rhel_upgrade_check.log 2>/dev/null; tail -n 20 {{ log_dir }}/sles_upgrade_check.log 2>/dev/null; tail -n 20 {{ log_dir }}/rhel_upgrade_error_{{ inventory_hostname }}.log 2>/dev/null; tail -n 20 {{ log_dir }}/sles_upgrade_error_{{ inventory_hostname }}.log 2>/dev/null register: log_summary changed_when: false ignore_errors: true - name: Setze dynamische Liste der Log-Attachments set_fact: log_attachments: >- {{ [ log_dir + '/rhel_upgrade_check.log', log_dir + '/sles_upgrade_check.log', log_dir + '/rhel_upgrade_error_' + inventory_hostname + '.log', log_dir + '/sles_upgrade_error_' + inventory_hostname + '.log', log_dir + '/snapshot_error_' + inventory_hostname + '.log', log_dir + '/suma_api_error_' + inventory_hostname + '.log', log_dir + '/mailx_error_' + inventory_hostname + '.log', log_dir + '/package_report_' + inventory_hostname + '.log' ] | select('fileexists') | list }} - name: Sende Log an Linux-Admins (immer, mit Anhang und Summary) mail: host: "localhost" port: 25 to: "{{ linux_admins_mail }}" subject: "[LOG] Patch/Upgrade-Log für {{ inventory_hostname }} am {{ ansible_date_time.iso8601 }}" body: | Patch/Upgrade-Log für {{ inventory_hostname }} (FQDN: {{ ansible_fqdn }}) Zeit: {{ ansible_date_time.iso8601 }} --- Log-Summary: {{ log_summary.stdout | default('Keine Logdaten gefunden.') }} --- Siehe Anhang für Details. attach: "{{ log_attachments }}" ignore_errors: true - name: Slack-Benachrichtigung bei kritischen Fehlern (optional) slack: token: "{{ slack_token | default('xoxb-...') }}" msg: "[CRITICAL] Fehler beim Patch/Upgrade auf {{ inventory_hostname }}: {{ ansible_failed_result.msg | default('Unbekannter Fehler') }}" channel: "#linux-admins" when: slack_enabled | default(false) and (ansible_failed_result is defined and ansible_failed_result is not none) ignore_errors: true - name: Dokumentiere Änderung im CHANGELOG lineinfile: path: "{{ playbook_dir }}/../CHANGELOG.md" line: "{{ ansible_date_time.iso8601 }}: Patch/Upgrade auf {{ inventory_hostname }} (FQDN: {{ ansible_fqdn }}) durchgeführt. Ergebnis: {{ 'OK' if (ansible_failed_result is not defined or ansible_failed_result is none) else 'FEHLER' }}" create: yes delegate_to: localhost ignore_errors: true - name: Erfasse installierte Paketversionen (RHEL) shell: rpm -qa --qf '%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\n' register: rpm_list when: ansible_facts['os_family'] == 'RedHat' changed_when: false ignore_errors: true - name: Erfasse installierte Paketversionen (SLES) shell: rpm -qa --qf '%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\n' register: rpm_list when: ansible_facts['os_family'] == 'Suse' changed_when: false ignore_errors: true - name: Schreibe Paket-Report ins Log copy: content: "{{ rpm_list.stdout | default('Keine Paketdaten gefunden.') }}" dest: "{{ log_dir }}/package_report_{{ inventory_hostname }}.log" when: rpm_list is defined ignore_errors: true - name: Sende Paket-Report an Linux-Admins mail: host: "localhost" port: 25 to: "{{ linux_admins_mail }}" subject: "[REPORT] Paketversionen nach Patch für {{ inventory_hostname }} am {{ ansible_date_time.iso8601 }}" body: | Paket-Report für {{ inventory_hostname }} (FQDN: {{ ansible_fqdn }}) Zeit: {{ ansible_date_time.iso8601 }} Siehe Anhang für Details. attach: - "{{ log_dir }}/package_report_{{ inventory_hostname }}.log" when: rpm_list is defined ignore_errors: true