I realized I've never posted this playbook to my blog... I needed to grab it for a project I'm working on, so I figured I'd post it here for future reference.
Basically, I need a playbook I can run whenever, that will ensure all packages are upgraded, then checks if a reboot is required, and if so, reboots the server. Afterwards, it removes any dependencies no longer required.
---
- hosts: all
gather_facts: yes
become: yes
tasks:
- name: Perform a dist-upgrade.
ansible.builtin.apt:
upgrade: dist
update_cache: yes
- name: Check if a reboot is required.
ansible.builtin.stat:
path: /var/run/reboot-required
get_md5: no
register: reboot_required_file
- name: Reboot the server (if required).
ansible.builtin.reboot:
when: reboot_required_file.stat.exists == true
- name: Remove dependencies that are no longer required.
ansible.builtin.apt:
autoremove: yes
Comments
This might reboot Ubuntu servers where not applicable (those running Canonical Livepatch service) and misses needed reboots on UCS servers (Univention Corporate Server – groupware server based on Debian and most probably not known outside of Europe/Germany).
That's why I ended up writing an own check whether Ubuntu/Debian servers really need a reboot or not :)
https://github.com/ThomasKaiser/Check_MK/blob/master/mrpe/check-for-reb…
Do you have any good solutions for notifying the admin that a reboot is needed instead of blindly rebooting?
I have some servers that is a bit more reboot sensitive but I have not found a good solution.
Use a monitoring system that notifies/escalates based on rules?
Yeah that could work.
I already use Telegram-bots for Nagios notifications and found the community.general.telegram module for Ansible.
So I just added a task that sends me a Telegram message when a server should be rebooted.
What about the /etc/apt/sources.list file? Shouldn't that be updated to reflect the new debian/ubuntu version?
imo, this has to be added. at least i built a more complex role for this. consider checking the debian wiki [0] also, i am sending notifications using plain old email using `community.general.mail` [1]
[0]: https: wiki.debian.org/DebianUpgrade
[1]: https: docs.ansible.com/ansible/latest/collections/community/general/mail_module.html
*edit:* can't paste links...