v1

roles/kernelcare/tasks/housekeep_log.yml

@@ -0,0 +1,10 @@
+---
+# tasks file for kernalcare
+
+- name: Housekeeping kcare log file or directory
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - /var/log/kcarectl.log
+    - /var/log/libcare

roles/kernelcare/tasks/install_CentOS.yml

@@ -0,0 +1,71 @@
+---
+# tasks file for kernalcare
+
+- block:
+  - name: Include site environment
+    include_vars: "{{ ansEnv }}.yml"
+  
+  - include_tasks: housekeep_log.yml
+  
+  - name: Remove packages if exists
+    ansible.builtin.yum:
+      name: "{{ item }}"
+      state: absent
+    loop:
+      - kernelcare
+      - pyOpenSSL
+  
+  - name: Download the installation shell script
+    ansible.builtin.get_url:
+      url: "{{ eportal_srv }}/install-kernelcare"
+      dest: /tmp/kc-install.sh
+      mode: '0700'
+      validate_certs: false
+    register: kc_downloadresult
+      
+  - block:
+    - name: Copy RPM files to target host
+      ansible.builtin.copy:
+        src: "{{ item }}"
+        dest: /root/
+        owner: root
+        group: root
+        mode: '0755'
+      loop:
+        - kernelcare-2.66-1.el7.x86_64.rpm
+        - pyOpenSSL-0.13.1-4.el7.x86_64.rpm
+    
+    - name: "Customized the install script for offline install"
+      ansible.builtin.lineinfile:
+        dest: "/tmp/kc-install.sh"
+        regexp: "{{ item.regexp | default(omit) }}"
+        line: "{{ item.line }}"
+        insertafter: "{{ item.insertafter | default(omit) }}"
+        insertbefore: "{{ item.insertbefore | default(omit) }}" 
+        state: "{{ item.state | default('present') }}"
+      loop:
+        - line: 'curl -s "$eportal_url/installer" | bash'
+          state: absent
+        - line: |
+            #curl -s "$eportal_url/installer" | bash
+            curl -L "$eportal_url/installer" -o /tmp/kc-installer.sh
+            sed -i 's/^PACKAGE_NAME=\${KCARE_PACKAGE_NAME:-\"kernelcare\"}/PACKAGE_NAME=\"\/root\/kernelcare-2.66-1.el7.x86_64.rpm \/root\/pyOpenSSL-0.13.1-4.el7.x86_64.rpm\"/g' /tmp/kc-installer.sh
+            bash /tmp/kc-installer.sh
+
+          insertbefore: "^echo \"Updating kernelcare repo...\""
+          
+    when: downloadMode == "offline"
+
+  - name: Run the installation shell script
+    ansible.builtin.shell: /tmp/kc-install.sh
+    register: kc_execresult
+
+  - name: register KernelCare agents
+    ansible.builtin.shell: /usr/bin/kcarectl --register "{{ activation_key }}" --tag "{{ kernelcare_tagname }}"
+    when: kc_execresult.changed
+    notify:
+      - "Start KernelCare agent"
+      - "Disable libcare.socket"
+      - "Disable libcare.service"
+
+  when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"

roles/kernelcare/tasks/main.yml

@@ -0,0 +1,21 @@
+---
+# tasks file for kernalcare
+
+- name: Gather facts
+  ansible.builtin.setup:
+    gather_subset: "{{ gfacts_fliter }}"
+
+- block:
+  - name: "Trigger install task if selected option is install"
+    include_tasks: install_CentOS.yml
+    when: ansOption == "install"
+    
+  - name: "Trigger uninstall task if selected option is uninstall"
+    include_tasks: uninstall_CentOS.yml
+    when: ansOption == "uninstall"
+
+  - name: "Trigger update HTTPS task if selected option is update_https"
+    include_tasks: updateHTTPS_CentOS.yml
+    when: ansOption == "update_https"
+  
+  when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"

roles/kernelcare/tasks/uninstall_CentOS.yml

@@ -0,0 +1,20 @@
+---
+# tasks file for kernalcare
+
+- block:
+  - name: unregister KernelCare agents
+    ansible.builtin.command: /usr/bin/kcarectl --unregister
+    ignore_errors: yes
+    args:
+      removes: /usr/bin/kcarectl
+  
+  - name: remove kernelcare package
+    ansible.builtin.package:
+      name: 
+        - kernelcare
+        - libcare
+      state: absent
+    
+  - include_tasks: housekeep_log.yml
+
+  when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"

roles/kernelcare/tasks/updateHTTPS_CentOS.yml

@@ -0,0 +1,43 @@
+---
+# tasks file for kernalcare
+# Update from HTTP to HTTPS 
+
+- block:
+  - name: "Check /etc/sysconfig/kcare/kcare.conf if exists"
+    ansible.builtin.stat:
+      path: "/etc/sysconfig/kcare/kcare.conf"
+    register: result_config
+    
+  - name: "Update to HTTPS in /etc/sysconfig/kcare/kcare.conf"
+    ansible.builtin.replace:
+      path: "/etc/sysconfig/kcare/kcare.conf"
+      regexp: "{{ item.regexp | default(omit) }}"
+      replace: "{{ item.replace | default(omit) }}"
+    loop:
+      - regexp: "^PATCH_SERVER=http"
+        replace: "PATCH_SERVER=https"
+      - regexp: "^REGISTRATION_URL=http"
+        replace: "REGISTRATION_URL=https"
+    notify:
+      - "Restart KernelCare agent"
+    when: result_config.stat.exists
+          
+
+  - name: "Check /etc/yum.repos.d/kernelcare.repo if exists"
+    ansible.builtin.stat:
+      path: "/etc/yum.repos.d/kernelcare.repo"
+    register: result_yumrepo
+    
+  - name: "Update to HTTPS in /etc/yum.repos.d/kernelcare.repo"
+    ansible.builtin.replace:
+      path: "/etc/yum.repos.d/kernelcare.repo"
+      regexp: "{{ item.regexp | default(omit) }}"
+      replace: "{{ item.replace | default(omit) }}"
+    loop:
+      - regexp: "^baseurl=http"
+        replace: "baseurl=https"
+      - regexp: "^gpgkey=http"
+        replace: "gpgkey=https"
+    when: result_yumrepo.stat.exists
+
+  when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"