added again ansible-role-security

roles/ansible-role-security/tasks/autoupdate-RedHat.yml

@@ -0,0 +1,35 @@
+---
+- name: Set correct automatic update utility vars (RHEL >= 8).
+  set_fact:
+    update_utility: dnf-automatic
+    update_service: dnf-automatic-install.timer
+    update_conf_path: /etc/dnf/automatic.conf
+  when: ansible_distribution_major_version | int >= 8
+
+- name: Set correct automatic update utility vars (RHEL <= 7).
+  set_fact:
+    update_utility: yum-cron
+    update_service: yum-cron
+    update_conf_path: /etc/yum/yum-cron.conf
+  when: ansible_distribution_major_version | int <= 7
+
+- name: Install automatic update utility.
+  package:
+    name: '{{ update_utility }}'
+    state: present
+
+- name: Ensure automatic update utility is running and enabled on boot.
+  service:
+    name: '{{ update_service }}'
+    state: started
+    enabled: true
+
+- name: Configure autoupdates.
+  lineinfile:
+    dest: '{{ update_conf_path }}'
+    regexp: '^apply_updates = .+'
+    line: 'apply_updates = yes'
+    mode: 0644
+  when:
+    - security_autoupdate_enabled
+    - ansible_distribution_major_version | int in [7, 8]