---
# patching.yml
#
# This playbook can be used to patch all the servers in an inventory to the latest software available.
# Because we typically encrypt our disk storage, we don't wait for the connection to become available again.
# Variables: 
# - target: the host grouper in the inventory -- default: all
#
# Patch then restart a node
#
#
- hosts: physical,virtual
  order: sorted
  serial: 4
  vars:
    ansible_become: yes
    ansible_become_method: sudo
  tasks:
       - package:
             name: archlinux-keyring
             state: latest

- hosts: virtual,geth-hubs
  order: sorted
  serial: 4
  vars: 
    ansible_become: yes
    ansible_become_method: sudo
  vars_files:
    - "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
  roles:
    - patching

- hosts: physical
  order: sorted
  ignore_unreachable: true
  serial: 4
  vars: 
    ansible_become: yes
    ansible_become_method: sudo
  vars_files:
    - "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
  roles:
    - patching