Ansible playbook to upgrade Ubuntu/Debian servers and reboot if needed

I realized I've never posted this playbook to my blog... I needed to grab it for a project I'm working on, so I figured I'd post it here for future reference.

Basically, I need a playbook I can run whenever, that will ensure all packages are upgraded, then checks if a reboot is required, and if so, reboots the server. Afterwards, it removes any dependencies no longer required.

- hosts: all
  gather_facts: yes
  become: yes

    - name: Perform a dist-upgrade.
        upgrade: dist
        update_cache: yes

    - name: Check if a reboot is required.
        path: /var/run/reboot-required
        get_checksum: no
      register: reboot_required_file

    - name: Reboot the server (if required).
      when: reboot_required_file.stat.exists == true

    - name: Remove dependencies that are no longer required.
        autoremove: yes


This might reboot Ubuntu servers where not applicable (those running Canonical Livepatch service) and misses needed reboots on UCS servers (Univention Corporate Server – groupware server based on Debian and most probably not known outside of Europe/Germany).

That's why I ended up writing an own check whether Ubuntu/Debian servers really need a reboot or not :)…

Do you have any good solutions for notifying the admin that a reboot is needed instead of blindly rebooting?

I have some servers that is a bit more reboot sensitive but I have not found a good solution.

Yeah that could work.

I already use Telegram-bots for Nagios notifications and found the community.general.telegram module for Ansible.
So I just added a task that sends me a Telegram message when a server should be rebooted.

What about the /etc/apt/sources.list file? Shouldn't that be updated to reflect the new debian/ubuntu version?

imo, this has to be added. at least i built a more complex role for this. consider checking the debian wiki [0] also, i am sending notifications using plain old email using `community.general.mail` [1]

[0]: https:
[1]: https:

*edit:* can't paste links...

Understand that this is an old thread but my need for assistance (i.e. training is contemporary). Using the above playbook, I get the following message for some select computers in the farm that is assorted RPi machines running Raspbian, RPi OS, one Kali and Ubuntu:

fatal: []: FAILED! => {"msg": "Missing sudo password"}

The Ansible server can connect to ALL these errant machines using a password-less SSH connection with an account that has sudo privileges. I tried the supplementary Ansible variables for become but made a total mess (since my knowledge has a very short ceiling).

The common denominator for the Kali and Ubuntu machines is that I had to append the sudo user to the sudoers group whereas for RPi the imager allowed me to create the user during the imaging process.

Would appreciate some suggestions to evaluate. Thanks.

The condition of the task is not working in case there is no file to begin with, I changed the condition to catch this case:

- name: Reboot the server (if required).
when: reboot_required_file.stat.exists and reboot_required_file is defined