Added a playbook for OS patching

2026-04-04 21:27:17 -04:00
parent dd478bcfa8
commit d32d98adf7
1 changed files with 61 additions and 0 deletions
--- a/playbooks/os_patching.yml
+++ b/playbooks/os_patching.yml
@@ -0,0 +1,61 @@
+---
+
+- name: Patch Debian and RedHat systems
+  hosts: all
+  become: true
+  gather_facts: true
+
+  vars:
+    reboot_if_required: true
+
+  tasks:
+    - name: Update apt cache (Debian)
+      ansible.builtin.apt:
+        update_cache: yes
+        cache_valid_time: 3600
+      when: ansible_os_family == "Debian"
+
+    - name: Upgrade all packages (Debian)
+      ansible.builtin.apt:
+        upgrade: dist
+        autoremove: yes
+        autoclean: yes
+      when: ansible_os_family == "Debian"
+
+    - name: Upgrade all packages (RedHat)
+      ansible.builtin.dnf:
+        name: "*"
+        state: latest
+        update_cache: yes
+      when: ansible_os_family == "RedHat"
+
+    - name: Check if reboot is required (Debian)
+      ansible.builtin.stat:
+        path: /var/run/reboot-required
+      register: reboot_required_debian
+      when: ansible_os_family == "Debian"
+
+    - name: Check if reboot is required (RedHat)
+      ansible.builtin.command: needs-restarting -r
+      register: reboot_required_redhat
+      failed_when: False
+      changed_when: False
+      when: ansible_os_family == "RedHat"
+
+    - name: Reboot Debian systems if required
+      ansible.builtin.reboot:
+        msg: "Rebooting after patching"
+        reboot_timeout: 600
+      when:
+        - reboot_if_required
+        - ansible_os_family == "Debian"
+        - reboot_required_debian.stat.exists
+
+    - name: Reboot RedHat systems if required
+      ansible.builtin.reboot:
+        msg: "Rebooting after patching"
+        reboot_timeout: 600
+      when:
+        - reboot_if_required
+        - ansible_os_family == "RedHat"
+        - reboot_required_redhat.rc == 1