Optimize Ansible patching playbook, for using ansible.facts by default and fix error-handling

2024-07-02 12:58:20 +02:00 · 2024-07-02 12:58:20 +02:00 · 9ea0a8bd67
commit 9ea0a8bd67
parent 53f2ff5bc1
1 changed files with 61 additions and 32 deletions
--- a/patch_servers.yml
+++ b/patch_servers.yml
@ -1,9 +1,11 @@
 ---
- name: Patch servers to the latest patch level
+- name: Patch servers to the latest patch level and check if reboot is required
  hosts: all
  become: yes
+  gather_facts: yes
+
  tasks:
-    - name: Determine if the system is RPM based or Debian based
+    - name: Determine if the system is RPM or Debian based
      ansible.builtin.shell: |
        if [ -f /etc/redhat-release ]; then
          echo "rpm"
@ -13,46 +15,73 @@
          echo "unknown"
        fi
      register: distro_type
+      changed_when: false

-    - name: Update RPM based systems
-      when: distro_type.stdout == "rpm"
-      yum:
-        name: '*'
-        state: latest
+    - name: Update systems and check for reboot requirement
+      block:
+        - name: Update RPM based systems and check for reboot
+          when: ansible_facts['os_family'] == "RedHat"
+          block:
+            - name: Update RPM based systems
+              ansible.builtin.dnf:
+                name: '*'
+                state: latest

-    - name: Update Debian based systems
-      when: distro_type.stdout == "deb"
-      apt:
-        upgrade: dist
-        update_cache: yes
+            - name: Check if reboot is required (RPM based systems)
+              ansible.builtin.shell: needs-restarting -r
+              register: reboot_needed_rpm
+              failed_when: reboot_needed_rpm.rc not in [0, 1, 3]
+              changed_when: reboot_needed_rpm.rc == 1
+              ignore_errors: yes

-    - name: Check if reboot is required (RPM based systems)
-      when: distro_type.stdout == "rpm"
-      ansible.builtin.shell: needs-restarting -r
-      register: reboot_needed_rpm
-      failed_when: reboot_needed_rpm.rc not in [0, 1, 3]
+            - name: Set fact if reboot is required for RPM based systems
+              set_fact:
+                reboot_required: "{{ reboot_needed_rpm.rc == 1 }}"

-    - name: Check if reboot is required (Debian based systems)
-      when: distro_type.stdout == "deb"
-      stat:
-        path: /var/run/reboot-required
-      register: reboot_needed_deb
+        - name: Update Debian based systems and check for reboot
+          when: ansible_facts['os_family'] == "Debian"
+          block:
+            - name: Update Debian based systems
+              ansible.builtin.apt:
+                upgrade: dist
+                update_cache: yes

-    - name: Reboot the system if required (RPM based systems)
-      when: reboot_needed_rpm.rc == 1 and "'elasticsearch' not in ansible_facts.services"
+            - name: Check if reboot is required (Debian based systems)
+              stat:
+                path: /var/run/reboot-required
+              register: reboot_needed_deb
+              changed_when: reboot_needed_deb.stat.exists
+              ignore_errors: yes
+
+            - name: Set fact if reboot is required for Debian based systems
+              set_fact:
+                reboot_required: "{{ reboot_needed_deb.stat.exists }}"
+
+    - name: Check if Elasticsearch is installed
+      shell: |
+        if systemctl list-units --type=service --state=active | grep -q elasticsearch; then
+          echo "yes"
+        else
+          echo "no"
+        fi
+      register: elasticsearch_installed
+      changed_when: false
+
+    - name: Reboot the system if required
+      when: reboot_required | default(false) and elasticsearch_installed.stdout != "yes"
      reboot:

-    - name: Notify user about required reboot (RPM based systems with Elasticsearch)
-      when: reboot_needed_rpm.rc == 1 and "'elasticsearch' in ansible_facts.services"
+    - name: Notify user about required reboot (with Elasticsearch)
+      when: reboot_required | default(false) and elasticsearch_installed.stdout == "yes"
      debug:
        msg: "Server {{ inventory_hostname }} requires a reboot due to updates, but it has Elasticsearch installed. Please reboot manually."

-    - name: Reboot the system if required (Debian based systems)
-      when: reboot_needed_deb.stat.exists and "'elasticsearch' not in ansible_facts.services"
-      reboot:
+    - name: Print uptime of each server
+      ansible.builtin.command: uptime
+      register: uptime_result
+      changed_when: false

-    - name: Notify user about required reboot (Debian based systems with Elasticsearch)
-      when: reboot_needed_deb.stat.exists and "'elasticsearch' in ansible_facts.services"
+    - name: Display uptime results
      debug:
-        msg: "Server {{ inventory_hostname }} requires a reboot due to updates, but it has Elasticsearch installed. Please reboot manually."
+        msg: "Uptime for {{ inventory_hostname }}: {{ uptime_result.stdout }}"