73 lines
3.2 KiB
YAML
73 lines
3.2 KiB
YAML
|
---
|
||
|
|
- name: Update and reboot all hosts
|
||
|
|
hosts: all, !stephanie
|
||
|
|
gather_facts: true
|
||
|
|
become: true
|
||
|
|
|
||
|
|
tasks:
|
||
|
|
- name: Perform a dist-upgrade.
|
||
|
|
ansible.builtin.apt:
|
||
|
|
upgrade: dist
|
||
|
|
update_cache: true
|
||
|
|
when: ansible_distribution in debian_derivatives
|
||
|
|
# This is equivalent to: apk update && apk upgrade
|
||
|
|
- name: Update cache and upgrade packages
|
||
|
|
community.general.apk:
|
||
|
|
upgrade: true
|
||
|
|
update_cache: true
|
||
|
|
when: ansible_distribution == "Alpine"
|
||
|
|
|
||
|
|
- name: Check if a reboot is required.
|
||
|
|
ansible.builtin.stat:
|
||
|
|
path: /var/run/reboot-required
|
||
|
|
get_checksum: true
|
||
|
|
register: reboot_required_file
|
||
|
|
# Set a variable for the currently *installed* linux-lts package version.
|
||
|
|
# Importantly, the shell command reformats the package version string using
|
||
|
|
# awk and sed into a string that we can match against what will be reported
|
||
|
|
# by `uname -r`.
|
||
|
|
#
|
||
|
|
# I am no awk or sed expert and perhaps my abomination is overly verbose, but
|
||
|
|
# it works and I can understand it. Longer awk/sed programs tend to confuse me.
|
||
|
|
- name: Register installed linux-lts kernel version
|
||
|
|
register: installed_kernel_version
|
||
|
|
ansible.builtin.shell: |
|
||
|
|
set -o pipefail
|
||
|
|
apk list linux-lts --installed | awk '{ print $1 }' | sed 's/linux-lts-//' | sed 's/-r/\n/g' | awk '{printf("%s-",$0)}' | awk '{printf("%slts", $0)}'
|
||
|
|
changed_when: installed_kernel_version != ""
|
||
|
|
when: ansible_distribution == "Alpine"
|
||
|
|
# Set a variable for the currently *running* linux-lts kernel version. We use
|
||
|
|
# sed to strip off the arch.
|
||
|
|
- name: Register running linux-lts kernel version
|
||
|
|
register: running_kernel_version
|
||
|
|
ansible.builtin.shell: |
|
||
|
|
set -o pipefail
|
||
|
|
uname -r | sed 's/-ARCH//'
|
||
|
|
changed_when: running_kernel_version != ""
|
||
|
|
when: ansible_distribution == "Alpine"
|
||
|
|
# This is debugging output to tell us when the installed kernel version doesn't
|
||
|
|
# match the running kernel version. The real magic happens in the following task.
|
||
|
|
- name: Check installed_kernel_version != running_kernel_version = ???
|
||
|
|
ansible.builtin.debug:
|
||
|
|
msg: "{{ installed_kernel_version.stdout }} !=
|
||
|
|
{{ running_kernel_version.stdout }} =
|
||
|
|
{{ installed_kernel_version.stdout != running_kernel_version.stdout }}"
|
||
|
|
when: ansible_distribution == "Alpine"
|
||
|
|
# Now compare installed_kernel_version with running_kernel_version. When they
|
||
|
|
# don't match, this means that we need to reboot. This is not a very sophisticated
|
||
|
|
# heuristic, but it works.
|
||
|
|
- name: Reboot if the running kernel version is not the installed kernel version
|
||
|
|
ansible.builtin.reboot:
|
||
|
|
reboot_timeout: 30 # These are very simple Alpine servers. They should boot extremely fast.
|
||
|
|
when: (ansible_distribution == "Alpine") and (installed_kernel_version.stdout != running_kernel_version.stdout)
|
||
|
|
|
||
|
|
|
||
|
|
- name: Reboot the server (if required).
|
||
|
|
ansible.builtin.reboot:
|
||
|
|
when: reboot_required_file.stat.exists
|
||
|
|
|
||
|
|
- name: Remove dependencies that are no longer required.
|
||
|
|
ansible.builtin.apt:
|
||
|
|
autoremove: true
|
||
|
|
when: ansible_distribution in debian_derivatives
|