skamithi/postvalidate.yml

## postvalidate.yml
---
- hosts: all
  vars:
  tasks:
    - block:
      - name: get interface status
        shell:  /usr/sbin/ip -o link show | awk '{print $2 $3 }'
        register: iface_output
        changed_when: false

      - name: full fstab output
        shell: cat /etc/fstab
        register: full_fstab_output
        changed_when: false

      - name: capture etc/fstab output
        shell: awk '!/^#/ { print $2 }' /etc/fstab
        register: fstab_output
        changed_when: false

      - name: set fstab entries into a variable called fstab_mountpoints.
        set_fact:
          fstab_mountpoints: "{{ fstab_output.stdout_lines | difference(['','swap']) }}"

      - name: get list of mount points
        set_fact:
          devices_mounted: "{{ ansible_mounts | map(attribute='mount') | list }}"

      - name: get a list of fstab mounts that are not active
        set_fact:
          mounts_not_active: "{{ fstab_mountpoints | difference(devices_mounted) }}"


      - name: use yum check-updates because yum-utils may be not installed on these RHEL systems
        shell: yum check-updates -q
        register: yum_updates
        failed_when: yum_updates.rc != 100
        changed_when: false

      - name: grab df output for printing to the report
        shell: df -Ph
        register: df_output
        changed_when: false

      - name: list packages that need to be updated in the package_updates variable
        set_fact:
          package_updates: "{{ yum_updates.stdout_lines | difference(['']) }}"

      - name: check any yum updates are not finished and list it.
        assert:
          that: "package_updates|length|int == 0"
          msg: "{{ package_updates|length|int }} packages are not updated. See report for more details"

      - name: fail if not all fstab mounts are not active
        assert:
          that: "mounts_not_active == []"
          msg: "Some mounts in /etc/fstab are not active - mount point list {{ mounts_not_active }}"

      - name: check if any interfaces are down
        assert:
          that: "item|search(',UP') and not item|search('NO-CARRIER')"
          msg: "{{ item.split(':')[0] }} on {{ inventory_hostname }} is not UP"
        with_items: "{{ iface_output.stdout_lines }}"

      - name: "check if memory is below {{ memory_threshold }} MB"
        assert:
          that: "ansible_memory_mb.real.free  > memory_threshold "
          msg: "Free memory is {{ ansible_memory_mb.real.free }} MB and is less than the pre-validation threshold of {{ memory_threshold }} MB"

      - name: "check if swap is below {{ swap_threshold }} MB"
        assert:
          that: "ansible_memory_mb.swap.free  > swap_threshold"
          msg: "Free Swap space is {{ ansible_memory_mb.swap.free }} MB and is less than the pre-validation threshold of {{ swap_threshold }} MB"


      - block:
          - name: clean all yum caches. Must be a become user to execute this
            shell: yum clean all
            changed_when: false
        become: true
      always:
        - name: generate a report. Do not do this way if using Ansible Tower. Use the a notification module like 'mail'
          template:
            src: postvalidation-report.j2
            dest: /tmp/{{inventory_hostname}}_postvalidation-report.txt

        - name: |
            fetch the report and place on the local ansible server.
            Do not do this step if running this task from Ansible Tower.
            It will break the Tower Project repository Sync process
          fetch:
            src: /tmp/{{inventory_hostname}}_postvalidation-report.txt
            dest: "./{{inventory_hostname}}_posvalidation-report.txt"
            flat: yes


## postvalidate_report.j2
POST-VALIDATION REPORT
=====================

Hostname: {{ inventory_hostname }}
Kernel Version: {{ ansible_kernel }}

Packages Not Updated:
-------------------

{% for entry in package_updates %}
{{ entry }}
{% endfor%}

Disk Layout and Sizing:
------------------------

{{ df_output.stdout }}

/etc/fstab
----------

{{ full_fstab_output.stdout }}
	---
	- hosts: all
	vars:
	tasks:
	- block:
	- name: get interface status
	shell: /usr/sbin/ip -o link show \| awk '{print $2 $3 }'
	register: iface_output
	changed_when: false

	- name: full fstab output
	shell: cat /etc/fstab
	register: full_fstab_output
	changed_when: false

	- name: capture etc/fstab output
	shell: awk '!/^#/ { print $2 }' /etc/fstab
	register: fstab_output
	changed_when: false

	- name: set fstab entries into a variable called fstab_mountpoints.
	set_fact:
	fstab_mountpoints: "{{ fstab_output.stdout_lines \| difference(['','swap']) }}"

	- name: get list of mount points
	set_fact:
	devices_mounted: "{{ ansible_mounts \| map(attribute='mount') \| list }}"

	- name: get a list of fstab mounts that are not active
	set_fact:
	mounts_not_active: "{{ fstab_mountpoints \| difference(devices_mounted) }}"


	- name: use yum check-updates because yum-utils may be not installed on these RHEL systems
	shell: yum check-updates -q
	register: yum_updates
	failed_when: yum_updates.rc != 100
	changed_when: false

	- name: grab df output for printing to the report
	shell: df -Ph
	register: df_output
	changed_when: false

	- name: list packages that need to be updated in the package_updates variable
	set_fact:
	package_updates: "{{ yum_updates.stdout_lines \| difference(['']) }}"

	- name: check any yum updates are not finished and list it.
	assert:
	that: "package_updates\|length\|int == 0"
	msg: "{{ package_updates\|length\|int }} packages are not updated. See report for more details"

	- name: fail if not all fstab mounts are not active
	assert:
	that: "mounts_not_active == []"
	msg: "Some mounts in /etc/fstab are not active - mount point list {{ mounts_not_active }}"

	- name: check if any interfaces are down
	assert:
	that: "item\|search(',UP') and not item\|search('NO-CARRIER')"
	msg: "{{ item.split(':')[0] }} on {{ inventory_hostname }} is not UP"
	with_items: "{{ iface_output.stdout_lines }}"

	- name: "check if memory is below {{ memory_threshold }} MB"
	assert:
	that: "ansible_memory_mb.real.free > memory_threshold "
	msg: "Free memory is {{ ansible_memory_mb.real.free }} MB and is less than the pre-validation threshold of {{ memory_threshold }} MB"

	- name: "check if swap is below {{ swap_threshold }} MB"
	assert:
	that: "ansible_memory_mb.swap.free > swap_threshold"
	msg: "Free Swap space is {{ ansible_memory_mb.swap.free }} MB and is less than the pre-validation threshold of {{ swap_threshold }} MB"


	- block:
	- name: clean all yum caches. Must be a become user to execute this
	shell: yum clean all
	changed_when: false
	become: true
	always:
	- name: generate a report. Do not do this way if using Ansible Tower. Use the a notification module like 'mail'
	template:
	src: postvalidation-report.j2
	dest: /tmp/{{inventory_hostname}}_postvalidation-report.txt

	- name: \|
	fetch the report and place on the local ansible server.
	Do not do this step if running this task from Ansible Tower.
	It will break the Tower Project repository Sync process
	fetch:
	src: /tmp/{{inventory_hostname}}_postvalidation-report.txt
	dest: "./{{inventory_hostname}}_posvalidation-report.txt"
	flat: yes
	POST-VALIDATION REPORT
	=====================

	Hostname: {{ inventory_hostname }}
	Kernel Version: {{ ansible_kernel }}

	Packages Not Updated:
	-------------------

	{% for entry in package_updates %}
	{{ entry }}
	{% endfor%}

	Disk Layout and Sizing:
	------------------------

	{{ df_output.stdout }}

	/etc/fstab
	----------

	{{ full_fstab_output.stdout }}