Created
January 7, 2024 14:29
-
-
Save cytrinox/d07942a8cf995ae20bd3ecfe550439dd to your computer and use it in GitHub Desktop.
Ansible playbook for Debian dist-upgrade and upgrade
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Upgrades Debian-based machines | |
| # | |
| # Example: | |
| # ansible-playbook -i inventory.yaml playbooks/debian-upgrade.yml --skip-tags reboot -e verbose=true -e dist_upgrade=true | |
| --- | |
| - name: Upgrade Debian-based machines | |
| hosts: all | |
| # become: true | |
| vars: | |
| verbose: false | |
| dist_upgrade: false | |
| log_dir: "logs/dist-upgrade/{{ inventory_hostname }}" | |
| pre_tasks: | |
| - name: Ensure minimal requirements | |
| when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' | |
| block: | |
| - name: Ansible setup | |
| ansible.builtin.setup: | |
| rescue: | |
| - name: Install required python-minimal package | |
| changed_when: true | |
| ansible.builtin.raw: "apt-get update && apt-get install -y --force-yes python3-apt" | |
| - name: Ansible setup | |
| ansible.builtin.setup: | |
| tasks: | |
| - name: Upgrade Debian/Ubuntu machines | |
| when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' | |
| block: | |
| - name: Update apt repo and cache on all Debian/Ubuntu boxes | |
| ansible.builtin.apt: | |
| update_cache: true | |
| force_apt_get: true | |
| cache_valid_time: 3600 | |
| autoclean: true | |
| - name: "Upgrade all packages on servers, mode: {{ 'dist-upgrade' if dist_upgrade else '(safe-)upgrade' }}" | |
| ansible.builtin.apt: | |
| upgrade: "{{ 'dist' if dist_upgrade else 'yes' }}" | |
| force_apt_get: true | |
| # Do not autoremove any packages, possibly productive system | |
| fail_on_autoremove: true | |
| register: apt_output | |
| - name: Check for changes | |
| ansible.builtin.set_fact: | |
| updated: true | |
| when: apt_output.stdout is not ansible.builtin.search("0 upgraded, 0 newly installed") | |
| - name: Display changes | |
| ansible.builtin.debug: | |
| msg: "{{ apt_output.stdout_lines }}" | |
| when: verbose or updated is defined | |
| - name: Write log files | |
| when: updated is defined or verbose | |
| connection: local | |
| block: | |
| - name: "Create log directory" | |
| ansible.builtin.file: | |
| path: "{{ log_dir }}" | |
| state: directory | |
| mode: '0755' | |
| changed_when: false | |
| - name: "Write changes to logfile" | |
| ansible.builtin.copy: | |
| content: "{{ apt_output.stdout }}" | |
| dest: "{{ log_dir }}/dist-upgrade_{{ ansible_date_time.iso8601 }}.log" | |
| mode: '0644' | |
| changed_when: false | |
| - name: Check if a reboot is needed | |
| register: reboot_required_file | |
| ansible.builtin.stat: | |
| path: /var/run/reboot-required | |
| get_checksum: false | |
| - name: Print hostnames when reboot is needed | |
| ansible.builtin.debug: | |
| msg: "{{ ansible_hostname }}: {{ reboot_required_file.stat.exists }}" | |
| when: reboot_required_file.stat.exists | |
| - name: Reboot the box if kernel updated | |
| ansible.builtin.reboot: | |
| msg: "Reboot initiated by Ansible for kernel updates" | |
| connect_timeout: 5 | |
| reboot_timeout: 300 | |
| pre_reboot_delay: 0 | |
| post_reboot_delay: 30 | |
| test_command: uptime | |
| when: reboot_required_file.stat.exists | |
| tags: | |
| - reboot | |
| - name: Autoremove old packages | |
| ansible.builtin.apt: | |
| autoremove: true | |
| force_apt_get: true | |
| clean: true | |
| tags: | |
| - autoremove |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment