# Red Hat Insights has recommended one or more actions for you, a system administrator, to review and if you
# deem appropriate, deploy on your systems running Red Hat software. Based on the analysis, we have automatically
# generated an Ansible Playbook for you. Please review and test the recommended actions and the Playbook as
# they may contain configuration changes, updates, reboots and/or other changes to your systems. Red Hat is not
# responsible for any adverse outcomes related to these recommendations or Playbooks.
#
# Addresses maintenance plan 38439429 (demo)
# https://access.redhat.com/insights/planner/438294928
# Generated by Red Hat Insights on Wed, 18 Apr 2018 07:54:18 GMT
# Warning: Some of the rules in the plan do not have Ansible support and this playbook does not address them!

# Kernel vulnerable to denial of service via Bluetooth stack (CVE-2017-1000251/Blueborne)
# Identifier: (CVE_2017_1000251_kernel_blueborne|KERNEL_CVE_2017_1000251_POSSIBLE_DOS,105,fix)
# Version: 43787ds87s78d87s87438787s87ds87ds87
- name: Update system to the latest kernel and reboot
  hosts: "juana-sensel.lobatolan.home"
  become: true
  vars:
    # determine if we need to update the 'kernel' package or 'kernel-rt' package
    kernel_pkg: "{{'kernel-rt' if 'rt' in ansible_kernel else 'kernel'}}"

  tasks:
    - name: Update kernel
      yum:
        name: "{{kernel_pkg}}"
        state: latest
      register: yum

    - when: yum|changed
      name: set reboot fact
      set_fact:
        insights_needs_reboot: True

    - when: not yum|changed
      # The latest kernel is already installed so boot from it.  Sort the installed kernels
      # by buildtime and select the one with the most recent build time
      block:
      - name: get latest installed {{kernel_pkg}} package version
        shell: rpm -q {{kernel_pkg}} --queryformat="%{buildtime}\t%{version}-%{release}.%{arch}\n" | sort -nr | head -1 | cut -f2
        register: latest_kernel
        check_mode: no

      - name: get configured default kernel
        command: /sbin/grubby --default-kernel
        register: default_kernel
        check_mode: no

      - when: default_kernel.stdout.split('-', 1)[1] != latest_kernel.stdout
        name: set the default kernel to the latest installed
        command: /sbin/grubby --set-default /boot/vmlinuz-{{latest_kernel.stdout}}
        register: grub_change
        check_mode: no

      - when: grub_change|changed
        name: set reboot fact
        set_fact:
          insights_needs_reboot: True


# Automatic system reboot was suppressed for this playbook.
# This play lists the systems that need to be rebooted manually for the changes to take effect.
- name: Reboot reminder
  hosts: juana-sensel.lobatolan.home
  gather_facts: False
  tasks:
    - debug:
        msg: "Automatic system reboot was suppressed for this playbook. Reboot {{inventory_hostname}} manually for the changes to take effect."
      when:
        - insights_needs_reboot is defined
        - insights_needs_reboot

- name: run insights
  hosts: juana-sensel.lobatolan.home
  become: True
  gather_facts: False
  tasks:
    - name: run insights
      command: redhat-access-insights
      changed_when: false