jonheese/linux_patching.yml

## linux_patching.yml
---
- hosts: linux
  become: true
  become_user: root
  tasks:
    - name: Clear yum cache on CentOS boxes
      command:
        cmd: 'yum clean all'
        warn: no
      when:
      - ansible_facts['os_family'] == "RedHat"

    - name: Upgrade all packages on CentOS boxes
      yum:
        name: '*'
        state: latest
      when:
      - ansible_facts['os_family'] == "RedHat"

    - name: Check if reboot is needed on CentOS boxes
      shell: /usr/bin/needs-restarting -r
      register: needs_reboot
      failed_when:
      - needs_reboot.rc != 0
      - needs_reboot.rc != 1
      when:
      - ansible_facts['os_family'] == "RedHat"

    - name: Reboot CentOS node if kernel updated
      reboot:
        msg: "Reboot initiated by Ansible for kernel updates"
        connect_timeout: 5
        reboot_timeout: 600
        pre_reboot_delay: "{{ reboot_delay }}"
        post_reboot_delay: 30
        test_command: uptime
      when:
      - ansible_facts['os_family'] == "RedHat"
      - needs_reboot.rc != 0
      - ansible_facts['nodename'] != "ansible1"

    - name: Upgrade all packages on Ubuntu/Debian boxes
      apt:
        upgrade: dist
        force_apt_get: yes
        cache_valid_time: 3600
      when:
      - ansible_facts['os_family'] == "Debian"

    - name: Check if a reboot is needed on Ubuntu/Debian boxes
      register: reboot_required_file
      stat:
        path: /var/run/reboot-required
        get_md5: no
      when:
      - ansible_facts['os_family'] == "Debian"

    - name: Reboot Ubuntu/Debian node if kernel updated
      reboot:
        msg: "Reboot initiated by Ansible for kernel updates"
        connect_timeout: 5
        reboot_timeout: 600
        pre_reboot_delay: "{{ reboot_delay }}"
        post_reboot_delay: 60
        test_command: uptime
      when:
      - ansible_facts['os_family'] == "Debian"
      - reboot_required_file.stat.exists
	---
	- hosts: linux
	become: true
	become_user: root
	tasks:
	- name: Clear yum cache on CentOS boxes
	command:
	cmd: 'yum clean all'
	warn: no
	when:
	- ansible_facts['os_family'] == "RedHat"

	- name: Upgrade all packages on CentOS boxes
	yum:
	name: '*'
	state: latest
	when:
	- ansible_facts['os_family'] == "RedHat"

	- name: Check if reboot is needed on CentOS boxes
	shell: /usr/bin/needs-restarting -r
	register: needs_reboot
	failed_when:
	- needs_reboot.rc != 0
	- needs_reboot.rc != 1
	when:
	- ansible_facts['os_family'] == "RedHat"

	- name: Reboot CentOS node if kernel updated
	reboot:
	msg: "Reboot initiated by Ansible for kernel updates"
	connect_timeout: 5
	reboot_timeout: 600
	pre_reboot_delay: "{{ reboot_delay }}"
	post_reboot_delay: 30
	test_command: uptime
	when:
	- ansible_facts['os_family'] == "RedHat"
	- needs_reboot.rc != 0
	- ansible_facts['nodename'] != "ansible1"

	- name: Upgrade all packages on Ubuntu/Debian boxes
	apt:
	upgrade: dist
	force_apt_get: yes
	cache_valid_time: 3600
	when:
	- ansible_facts['os_family'] == "Debian"

	- name: Check if a reboot is needed on Ubuntu/Debian boxes
	register: reboot_required_file
	stat:
	path: /var/run/reboot-required
	get_md5: no
	when:
	- ansible_facts['os_family'] == "Debian"

	- name: Reboot Ubuntu/Debian node if kernel updated
	reboot:
	msg: "Reboot initiated by Ansible for kernel updates"
	connect_timeout: 5
	reboot_timeout: 600
	pre_reboot_delay: "{{ reboot_delay }}"
	post_reboot_delay: 60
	test_command: uptime
	when:
	- ansible_facts['os_family'] == "Debian"
	- reboot_required_file.stat.exists