I realized I've never posted this playbook to my blog... I needed to grab it for a project I'm working on, so I figured I'd post it here for future reference.
Basically, I need a playbook I can run whenever, that will ensure all packages are upgraded, then checks if a reboot is required, and if so, reboots the server. Afterwards, it removes any dependencies no longer required.
--- - hosts: all gather_facts: yes become: yes tasks: - name: Perform a dist-upgrade. ansible.builtin.apt: upgrade: dist update_cache: yes - name: Check if a reboot is required. ansible.builtin.stat: path: /var/run/reboot-required get_md5: no register: reboot_required_file - name: Reboot the server (if required). ansible.builtin.reboot: when: reboot_required_file.stat.exists == true - name: Remove dependencies that are no longer required. ansible.builtin.apt: autoremove: yes
This might reboot Ubuntu servers where not applicable (those running Canonical Livepatch service) and misses needed reboots on UCS servers (Univention Corporate Server – groupware server based on Debian and most probably not known outside of Europe/Germany).
That's why I ended up writing an own check whether Ubuntu/Debian servers really need a reboot or not :)
Do you have any good solutions for notifying the admin that a reboot is needed instead of blindly rebooting?
I have some servers that is a bit more reboot sensitive but I have not found a good solution.
Use a monitoring system that notifies/escalates based on rules?
Yeah that could work.
I already use Telegram-bots for Nagios notifications and found the community.general.telegram module for Ansible.
So I just added a task that sends me a Telegram message when a server should be rebooted.
What about the /etc/apt/sources.list file? Shouldn't that be updated to reflect the new debian/ubuntu version?