Hey, Brian.
I was using the "l" switch, thereby limiting the playbook run to a subset
of servers. In this case, there was no need for such limiting (and, in
fact, it caused the playbook to work incorrectly). How stupid of me. So,
allow me to post the entire playbook:
---
- hosts: admin2
gather_facts: false
sudo: yes
tasks:
- nagios: action=downtime minutes=20 author="Dimitri Yioulos"
service=host host={{item}}
with_items: "{{ groups['sqlservers'] }}"
delegate_to: admin2
tags:
- nagios_downtime
- nagios: action=downtime minutes=20 author="Dimitri Yioulos"
service=all host={{item}}
with_items: "{{ groups['sqlservers'] }}"
delegate_to: admin2
tags:
- nagios_downtime
- hosts: sqlservers
gather_facts: false
tasks:
- name: copy logoff script to servers
win_copy: src=/etc/ansible/files/Logoff-Users.ps1
dest='c:\temp\Logoff-Users.ps1'
tags:
- copy_script
- name: log off users
raw: '@powershell c:\temp\Logoff-Users.ps1'
tags:
- userlogoff
- name: win update
win_updates:
category:
['SecurityUpdates','CriticalUpdates','Updates','Tools','DefinitionUpdates','UpdateRollups']
register: reboot_hint
tags:
- update
- hosts: lyris
gather_facts: false
tasks:
- name: check for Lyris service
raw: sc query ListManager
register: lyris_hint
failed_when: lyris_hint.rc not in [0,1060] # 1060 == Service not
installed
tags:
- lyris_stop
- name: stop Lyris services
win_service: name={{ item }} state=stopped start_mode=manual
with_items: ["ListManager", "LyrisAlert"]
when: lyris_hint.rc == 0 # ie, the ListManager service is installed
tags:
- lyris_stop
- name: kill LyrisConsole process
raw: taskill /f /im LyrisConsole.exe
tags:
- lyris_stop
- hosts: sqlservers
gather_facts: false
tasks:
- name: reboot server
raw: 'cmd /c shutdown /r /t 0'
when: reboot_hint.reboot_required == true
As you can see, there are several things going on here: put servers in
downtime in Nagios; put a remote user logout script on the servers, run the
script, then apply Windows updates; stop a particular service, and stop a
small program, on another set of servers (must be done; I'll skip the
explanation) and, finally; reboot the servers if the installed updates
require same. Some of this is based on answers to previous questions I've
posted (thanks, all, so much). I'm not sure if it's the cleanest, or most
elegant, way to do all of that stuff, but the playbook does work. At the
end of the day, that's what counts.
Dimitri
On Thursday, October 1, 2015 at 3:18:38 PM UTC-4, Dimitri Yioulos wrote:
>
> I'm creating a playbook to update, then reboot, a group of windows servers
> (serversA). Prior to reboot, however, I have to stop a couple of services
> on another group of windows servers (serversB). This is what I'd like to
> happen when I run "ansible-playbook -l serversA playbook.yml":
>
> where playbook.yml:
>
> - hosts: *serversA*
> gather_facts: false
> tasks:
> - name: win update
> win_updates:
> category:
> ['SecurityUpdates','CriticalUpdates','Updates','Tools','DefinitionUpdates','UpdateRollups']
> register: reboot_hint
>
> - hosts: *serversB*
> gather_facts: false
> tasks:
> - name: check for XYZ service
> raw: sc query XYZ
> register: xyz_hint
> failed_when: xyz_hint.rc not in [0,1060]
> - name: stop XYZ and ABC services <-- if XYZ service
> is installed, so is ABC
> win_service: name={{ item }} state=stopped
> with_items: ["XYZ", "ABC"]
> when: xyz_hint.rc == 0
>
> - hosts: *serversA*
> gather_facts: false
> tasks:
> - name: reboot server
> raw: 'cmd /c shutdown /r /t 0'
> when: reboot_hint.reboot_required == true
>
> Can I do this in a single playbook? If not (or if this is set up
> incorrectly, and I'm sure it is), then how?
>
> Thanks!
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/53d38dc3-d1f4-46c0-8fba-a0c20cd3fe9e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
