51 lines
1.3 KiB
YAML
51 lines
1.3 KiB
YAML
---
|
|
# patching.yml
|
|
#
|
|
# This playbook can be used to patch all the servers in an inventory to the latest software available.
|
|
# Because we typically encrypt our disk storage, we don't wait for the connection to become available again.
|
|
# Variables:
|
|
# - target: the host grouper in the inventory -- default: all
|
|
#
|
|
# Patch then restart a node
|
|
- hosts: "{{ target | default('all') }}"
|
|
order: sorted
|
|
ignore_unreachable: true
|
|
serial: 1
|
|
vars:
|
|
ansible_become: yes
|
|
ansible_become_user: root
|
|
ansible_become_method: sudo
|
|
vars_files:
|
|
- "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
|
|
tasks:
|
|
- name: Check /var free percentage
|
|
command: /bin/bash -c "df -m /var | tail -n 1 | awk '{ print $5; }' | sed 's/%//' "
|
|
become: no
|
|
register: df_output
|
|
|
|
- name: Verify /var space
|
|
assert:
|
|
that:
|
|
- 90 > {{ df_output.stdout }}
|
|
fail_msg: "Not enough free space"
|
|
|
|
- name: Patching all packages (ArchLinux)
|
|
ignore_errors: yes
|
|
when: ansible_os_family == "Archlinux"
|
|
pacman:
|
|
upgrade: yes
|
|
update_cache: yes
|
|
|
|
- name: Patching all packages (Debian)
|
|
ignore_errors: yes
|
|
when: ansible_os_family == "Debian"
|
|
apt:
|
|
upgrade: yes
|
|
update_cache: yes
|
|
|
|
- name: Reboot
|
|
ignore_errors: yes
|
|
reboot:
|
|
reboot_timeout: 2
|
|
|