62 lines
1.6 KiB
YAML
62 lines
1.6 KiB
YAML
---
|
|
|
|
- name: Patch Debian and RedHat systems
|
|
hosts: all
|
|
become: true
|
|
gather_facts: true
|
|
|
|
vars:
|
|
reboot_if_required: true
|
|
|
|
tasks:
|
|
- name: Update apt cache (Debian)
|
|
ansible.builtin.apt:
|
|
update_cache: yes
|
|
cache_valid_time: 3600
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Upgrade all packages (Debian)
|
|
ansible.builtin.apt:
|
|
upgrade: dist
|
|
autoremove: yes
|
|
autoclean: yes
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Upgrade all packages (RedHat)
|
|
ansible.builtin.dnf:
|
|
name: "*"
|
|
state: latest
|
|
update_cache: yes
|
|
when: ansible_os_family == "RedHat"
|
|
|
|
- name: Check if reboot is required (Debian)
|
|
ansible.builtin.stat:
|
|
path: /var/run/reboot-required
|
|
register: reboot_required_debian
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Check if reboot is required (RedHat)
|
|
ansible.builtin.command: needs-restarting -r
|
|
register: reboot_required_redhat
|
|
failed_when: False
|
|
changed_when: False
|
|
when: ansible_os_family == "RedHat"
|
|
|
|
- name: Reboot Debian systems if required
|
|
ansible.builtin.reboot:
|
|
msg: "Rebooting after patching"
|
|
reboot_timeout: 600
|
|
when:
|
|
- reboot_if_required
|
|
- ansible_os_family == "Debian"
|
|
- reboot_required_debian.stat.exists
|
|
|
|
- name: Reboot RedHat systems if required
|
|
ansible.builtin.reboot:
|
|
msg: "Rebooting after patching"
|
|
reboot_timeout: 600
|
|
when:
|
|
- reboot_if_required
|
|
- ansible_os_family == "RedHat"
|
|
- reboot_required_redhat.rc == 1
|