added os-update playbook for debian

2024-11-22 22:03:31 +01:00
parent ba83e096b8
commit da473e67ff
8 changed files with 123 additions and 0 deletions
--- a/roles/os-updates/tasks/main.yml
+++ b/roles/os-updates/tasks/main.yml
@@ -0,0 +1,9 @@
+- name: Update mirrors if necessary
+  include_tasks: update_mirrors.yaml
+
+- name: Upgrade to new major version if enabled
+  when: os_update_major_version
+  include_tasks: update_major_version.yaml
+
+- name: Upgrade all packages
+  include_tasks: upgrade_packages.yaml
--- a/roles/os-updates/tasks/update_major_version.yaml
+++ b/roles/os-updates/tasks/update_major_version.yaml
@@ -0,0 +1,34 @@
+- name: Backup existing sources in /etc/apt
+  copy:
+    src: "{{ item }}"
+    dest: "{{ item }}.bak"
+    remote_src: yes
+  loop: "{{ lookup('ansible.builtin.fileglob', '/etc/apt/sources.list.d/*.list') + ['/etc/apt/sources.list'] }}"
+  when: item | file
+
+- name: Update sources.list for new major version
+  template:
+    src: sources.list.j2
+    dest: /etc/apt/sources.list
+  vars:
+    os_update_version_codename: "{{ new_version_codename }}" # Variable gets passed by main.yml task
+
+- name: Update additional repositories in /etc/apt/sources.list.d
+  lineinfile:
+    path: "{{ item }}"
+    regexp: '^(deb .* )({{ os_update_version_codename }})'
+    line: '\1{{ new_version_codename }}'
+  loop: "{{ lookup('ansible.builtin.fileglob', '/etc/apt/sources.list.d/*.list') }}"
+  when: item | file
+
+- name: Update apt cache
+  apt:
+    update_cache: yes
+
+- name: Perform distribution upgrade
+  apt:
+    upgrade: yes
+    allow_unauthenticated: yes
+  notify:
+    - Reboot system
+    - apt cleanup
--- a/roles/os-updates/tasks/update_mirrors.yaml
+++ b/roles/os-updates/tasks/update_mirrors.yaml
@@ -0,0 +1,16 @@
+- name: Backup existing sources.list
+  copy:
+    src: /etc/apt/sources.list
+    dest: /etc/apt/sources.list.bak
+    remote_src: yes
+    force: yes
+
+
+- name: Update sources.list with new mirrors
+  template:
+    src: sources.list.j2
+    dest: /etc/apt/sources.list
+
+- name: Update apt cache
+  apt:
+    update_cache: yes
--- a/roles/os-updates/tasks/upgrade_packages.yml
+++ b/roles/os-updates/tasks/upgrade_packages.yml
@@ -0,0 +1,23 @@
+- name: Upgrade all installed packages
+  apt:
+    upgrade: full
+    update_cache: yes
+  notify: 
+    - apt cleanup
+
+- name: Check if a kernel update is available
+  shell: |
+    dpkg -l | grep -E '^ii' | grep 'linux-image-[0-9]' | awk '{print $2}' | sort | tail -n 1
+  register: latest_kernel
+
+- name: Check if running kernel matches the latest installed kernel
+  shell: |
+    echo "{{ latest_kernel.stdout }}" | grep -c $(uname -r)
+  register: kernel_match
+  changed_when: false
+  ignore_errors: true
+
+- name: Mark reboot required if a new kernel is installed
+  set_fact:
+    reboot_required: "yes"
+  when: kernel_match.stdout == "0"