debian-apt-all2latest.yml

#   _  __                   _ _ ____             _             
#  | |/ /__ ___      ____ _(_|_)  _ \ __ _ _ __ | |_ ___ _   _ 
#  | ' // _` \ \ /\ / / _` | | | |_) / _` | '_ \| __/ __| | | |
#  | . \ (_| |\ V  V / (_| | | |  __/ (_| | | | | |_\__ \ |_| |
#  |_|\_\__,_| \_/\_/ \__,_|_|_|_|   \__,_|_| |_|\__|___/\__,_|
#                   ____  _             _                 _        
#  [   ANSIBLE   ] |  _ \| | __ _ _   _| |__   ___   ___ | | _____ 
#  Please only use | |_) | |/ _` | | | | '_ \ / _ \ / _ \| |/ / __|
#  playbooks if    |  __/| | (_| | |_| | |_) | (_) | (_) |   <\__ \
#  you know what   |_|   |_|\__,_|\__, |_.__/ \___/ \___/|_|\_\___/
#  they change/do                 |___/ 
# 
#  .---------| Debian APT Up2Date Playbook
#  |
#  | This playbook will do the following:
#  | - apt-get update (cached for 3600sec)
#  | - apt-get upgrade && apt-get dist-ugprade
#  | - Reboots system if needed
#  `---------------------------------------------------------------
---

- hosts: debian
  tasks:
    - name: Update apt repo and cache on all Debian/Ubuntu boxes
      apt: update_cache=yes force_apt_get=yes cache_valid_time=3600
      when: ansible_os_family == 'Debian'

    - name: List packages to upgrade (1/2)
      shell: aptitude -q -F%p --disable-columns search "~U"
      register: updates
      changed_when: False
      when: ansible_os_family == 'Debian'

    - name: List packages to upgrade (2/2)
      debug: msg="{{ updates.stdout_lines | count }} packages to upgrade ({{ updates.stdout_lines | join(', ') }})"
      when: (ansible_os_family == 'Debian' and updates.stdout_lines)

    - name: Update all packages to their latest version
      ansible.builtin.apt:
        name: "*"
        state: latest
      when: ansible_os_family == 'Debian'

    - name: List services to restart (1/2)
      shell: checkrestart | grep ^service | awk '{print $2}'
      register: services
      changed_when: False
      when: ansible_os_family == 'Debian'

    - name: List services to restart (2/2)
      debug: msg="{{ services.stdout_lines | count }} services to restart ({{ services.stdout_lines | join (', ') }})"
      when: (ansible_os_family == 'Debian' and services.stdout_lines)

    - name: Check if a reboot is needed on all servers
      register: reboot_required_file
      stat: path=/var/run/reboot-required get_md5=no
      when: ansible_os_family == 'Debian'

    - name: Reboot the box if kernel updated
      reboot:
        msg: "Reboot initiated by Ansible for kernel updates"
        connect_timeout: 5
        reboot_timeout: 300
        pre_reboot_delay: 0
        post_reboot_delay: 30
        test_command: uptime
      when: reboot_required_file.stat.exists and ansible_os_family == 'Debian'