Metaunix/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added a playbook for OS patching

Browse Source
This commit is contained in:
Gregory Ballantine
2026-04-04 21:27:17 -04:00
parent dd478bcfa8
commit d32d98adf7
1 changed files with 61 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
playbooks/os_patching.yml Normal file
View File

@@ -0,0 +1,61 @@
---
- name: Patch Debian and RedHat systems
hosts: all
become: true
gather_facts: true
vars:
reboot_if_required: true
tasks:
- name: Update apt cache (Debian)
ansible.builtin.apt:
update_cache: yes
cache_valid_time: 3600
when: ansible_os_family == "Debian"
- name: Upgrade all packages (Debian)
ansible.builtin.apt:
upgrade: dist
autoremove: yes
autoclean: yes
when: ansible_os_family == "Debian"
- name: Upgrade all packages (RedHat)
ansible.builtin.dnf:
name: "*"
state: latest
update_cache: yes
when: ansible_os_family == "RedHat"
- name: Check if reboot is required (Debian)
ansible.builtin.stat:
path: /var/run/reboot-required
register: reboot_required_debian
when: ansible_os_family == "Debian"
- name: Check if reboot is required (RedHat)
ansible.builtin.command: needs-restarting -r
register: reboot_required_redhat
failed_when: False
changed_when: False
when: ansible_os_family == "RedHat"
- name: Reboot Debian systems if required
ansible.builtin.reboot:
msg: "Rebooting after patching"
reboot_timeout: 600
when:
- reboot_if_required
- ansible_os_family == "Debian"
- reboot_required_debian.stat.exists
- name: Reboot RedHat systems if required
ansible.builtin.reboot:
msg: "Rebooting after patching"
reboot_timeout: 600
when:
- reboot_if_required
- ansible_os_family == "RedHat"
- reboot_required_redhat.rc == 1