Ansible APT update

apt-update.yaml

---
## tasks file for apt-update
# This role will perform both full and security only updates on APT based distros with a possible reboot
# Tags:
# - full - Performs a full update
# - security - Performs security update only
# - reboot - Triggers reboot if needed

# Security Updates -------------------------------------------------------------

- block:
  - name: Update APT cache
    apt: update_cache=yes

  - name: Run APT upgrade
    shell: apt-get -s dist-upgrade | grep "^Inst" | grep -i securi | awk -F " " {'print $2'} | xargs sudo apt-get install -y
    register: apt_output

  - name: Displays APT output
    debug:
      var: apt_output

  - name: Checking if reboot is required
    stat:
      path: /var/run/reboot-required
    register: reboot_required

  tags: security

# Full Updates -----------------------------------------------------------------

- block:
  - name: Running APT updates
    apt:
      upgrade: yes
      update_cache: yes
    register: apt_output

  - name: Displays YUM output
    debug:
      var: apt_output

  - name: Checking if reboot is required
    stat:
      path: /var/run/reboot-required
    register: reboot_required

  tags: full

# Reboot -----------------------------------------------------------------------

- when: apt_output.changed == true and reboot_required.stat.exists
  block:
    - name: Rebooting the server
      shell: shutdown -r now "Ansible APT Updates Triggered"
      ignore_errors: true
      changed_when: false
      async: 1
      poll: 0
    - name: Waiting for server to come back after reboot
      wait_for_connection:
        connect_timeout: 60
        sleep: 5
        delay: 5
        timeout: 300
      register: reboot_result
    - name: Displaying reboot time
      debug:
        msg: "The system rebooted in {{ reboot_result.elapsed }} seconds."
  tags: reboot