---
# patching.yml
#
# This playbook can be used to patch all the servers in an inventory to the latest software available.
# Because we typically encrypt our disk storage, we don't wait for the connection to become available again.
# Variables: 
# - target: the host grouper in the inventory -- default: all
#
# Patch then restart a node
- hosts: "{{ target | default('all') }}"
  order: sorted
  ignore_unreachable: true
  serial: 1
  vars: 
    ansible_become: yes
    ansible_become_user: root
    ansible_become_method: sudo
  vars_files:
    - "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
  tasks:
    - name: Check /var free percentage
      command: /bin/bash -c "df -m /var | tail -n 1 | awk '{ print $5; }' | sed 's/%//' "
      become: no
      register: df_output

    - name: Verify /var space
      assert: 
        that: 
          - 90 > {{ df_output.stdout }}
        fail_msg: "Not enough free space"

    - name: Patching all packages (ArchLinux)
      ignore_errors: yes
      when: ansible_os_family == "Archlinux"
      pacman:
        upgrade: yes
        update_cache: yes

    - name: Patching all packages (Debian)
      ignore_errors: yes
      when: ansible_os_family == "Debian"
      apt:
        upgrade: yes
        update_cache: yes

    - name: Reboot
      ignore_errors: yes
      reboot:
          reboot_timeout: 2