From d32d98adf7924f7fd2b86b2cf782eafdcc7dcdd5 Mon Sep 17 00:00:00 2001 From: Gregory Ballantine Date: Sat, 4 Apr 2026 21:27:17 -0400 Subject: [PATCH] Added a playbook for OS patching --- playbooks/os_patching.yml | 61 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 playbooks/os_patching.yml diff --git a/playbooks/os_patching.yml b/playbooks/os_patching.yml new file mode 100644 index 0000000..0e872a8 --- /dev/null +++ b/playbooks/os_patching.yml @@ -0,0 +1,61 @@ +--- + +- name: Patch Debian and RedHat systems + hosts: all + become: true + gather_facts: true + + vars: + reboot_if_required: true + + tasks: + - name: Update apt cache (Debian) + ansible.builtin.apt: + update_cache: yes + cache_valid_time: 3600 + when: ansible_os_family == "Debian" + + - name: Upgrade all packages (Debian) + ansible.builtin.apt: + upgrade: dist + autoremove: yes + autoclean: yes + when: ansible_os_family == "Debian" + + - name: Upgrade all packages (RedHat) + ansible.builtin.dnf: + name: "*" + state: latest + update_cache: yes + when: ansible_os_family == "RedHat" + + - name: Check if reboot is required (Debian) + ansible.builtin.stat: + path: /var/run/reboot-required + register: reboot_required_debian + when: ansible_os_family == "Debian" + + - name: Check if reboot is required (RedHat) + ansible.builtin.command: needs-restarting -r + register: reboot_required_redhat + failed_when: False + changed_when: False + when: ansible_os_family == "RedHat" + + - name: Reboot Debian systems if required + ansible.builtin.reboot: + msg: "Rebooting after patching" + reboot_timeout: 600 + when: + - reboot_if_required + - ansible_os_family == "Debian" + - reboot_required_debian.stat.exists + + - name: Reboot RedHat systems if required + ansible.builtin.reboot: + msg: "Rebooting after patching" + reboot_timeout: 600 + when: + - reboot_if_required + - ansible_os_family == "RedHat" + - reboot_required_redhat.rc == 1