Compare commits
9 Commits
5fccdbe432
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
|
0ef603638c | ||
|
|
1c84ea5fcc | ||
|
|
c9010fcf0c | ||
|
|
b83d413077 | ||
|
|
e9f2f82822 | ||
|
|
43ffe4eb4b | ||
|
|
5e710fbf45 | ||
|
|
9241a12420 | ||
|
|
00e8da3777 |
@@ -1,6 +1,6 @@
|
|||||||
- hosts: all
|
- hosts: all
|
||||||
vars:
|
# vars:
|
||||||
good_keys: "{{ lookup('env', 'good_keys') | from_json }}"
|
# good_keys: "{{ lookup('env', 'good_keys') | from_json }}"
|
||||||
bad_keys: "{{ lookup('env', 'bad_keys') | from_json }}"
|
# bad_keys: "{{ lookup('env', 'bad_keys') | from_json }}"
|
||||||
roles:
|
roles:
|
||||||
- role: manage-ssh-keys
|
- role: manage-ssh-keys
|
||||||
17
playbooks/os-updates-deb.yml
Normal file
17
playbooks/os-updates-deb.yml
Normal file
@@ -0,0 +1,17 @@
|
|||||||
|
- hosts: all
|
||||||
|
become: true
|
||||||
|
tasks:
|
||||||
|
- name: Verify if system is Debian
|
||||||
|
debug:
|
||||||
|
msg: "This playbook is running on a Debian system."
|
||||||
|
when: ansible_os_family == "Debian"
|
||||||
|
|
||||||
|
- name: Stop playbook if system is not Debian
|
||||||
|
fail:
|
||||||
|
msg: "This playbook only supports Debian."
|
||||||
|
when: ansible_os_family != "Debian"
|
||||||
|
|
||||||
|
- name: Include OS update role
|
||||||
|
include_role:
|
||||||
|
name: os-updates
|
||||||
|
when: ansible_os_family == "Debian"
|
||||||
@@ -7,17 +7,17 @@
|
|||||||
|
|
||||||
- name: Check if a kernel update is available
|
- name: Check if a kernel update is available
|
||||||
shell: |
|
shell: |
|
||||||
dpkg -l | grep -E 'linux-image-[0-9]' | awk '{print $2}' | sort | tail -n 1
|
dpkg -l | grep -E '^ii' | grep 'linux-image-[0-9]' | awk '{print $2}' | sort | tail -n 1
|
||||||
register: latest_kernel
|
register: latest_kernel
|
||||||
|
|
||||||
- name: Check if running kernel matches the latest installed kernel
|
- name: Check if running kernel matches the latest installed kernel
|
||||||
shell: uname -r | grep -c "{{ latest_kernel.stdout }}"
|
shell: |
|
||||||
|
echo "{{ latest_kernel.stdout }}" | grep -c $(uname -r)
|
||||||
register: kernel_match
|
register: kernel_match
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
ignore_errors: true
|
||||||
|
|
||||||
- name: Mark reboot required if a new kernel is installed
|
- name: Mark reboot required if a new kernel is installed
|
||||||
set_fact:
|
set_fact:
|
||||||
reboot_required: "yes"
|
reboot_required: "yes"
|
||||||
notify:
|
|
||||||
- Reboot system
|
|
||||||
when: kernel_match.stdout == "0"
|
when: kernel_match.stdout == "0"
|
||||||
5
roles/os-updates/templates/sources.list.j2
Normal file
5
roles/os-updates/templates/sources.list.j2
Normal file
@@ -0,0 +1,5 @@
|
|||||||
|
# {{ ansible_managed }}
|
||||||
|
deb {{ os_update_mirrors[0] }} {{ os_update_version_codename }} main contrib non-free non-free-firmware
|
||||||
|
deb {{ os_update_mirrors[0] }} {{ os_update_version_codename }}-updates main contrib non-free non-free-firmware
|
||||||
|
deb {{ os_update_mirrors[0] }} {{ os_update_version_codename }}-backports main contrib non-free non-free-firmware
|
||||||
|
deb {{ os_update_mirrors[1] }} {{ os_update_version_codename }}-security main contrib non-free non-free-firmware
|
||||||
Reference in New Issue
Block a user