upgrade_and_reboot.yml

# Update operating system packages and reboot the server if required.
# Optionally, you can only update, only upgrade, only reboot, or force a reboot,
# everything using a rolling approach.
#
# The rolling deploy strategy is:
# - keepalived - change weigh setting
# - iptables - close traffic that comes from load balancer
# - health check - runs Makefile `healthcheck` target before going to next node
#
# Inspired by:
# - https://luktom.net/en/e1497-how-to-update-centos-rhel-using-ansible
# - https://www.cyberciti.biz/faq/ansible-apt-update-all-packages-on-ubuntu-debian-linux/
#
# Example - update a group of servers and reboot if needed:
#   ansible-playbook -i nau-data/envs/<>/hosts.ini upgrade_and_reboot.yml --limit <some group of servers>
#
---
- hosts: all
  # ansible by default run parallel for every server, but we change this to run on synchronous mode.
  serial: "{{ serial_number | default(1) }}"
  become: True
  gather_facts: True
  vars:
    reboot_enabled: true
    force_reboot: false
    rolling_deploy_enabled: true
    upgrade_enabled: true
    update_enabled: true
    wait_next_node_in_seconds: 5
  tasks:
    - import_tasks: tasks/close_node.yml

    # CentOS 7
    - when: ansible_distribution == 'CentOS' and ansible_distribution_major_version|int >= 7
      block:
        - name: check packages for updates
          shell: yum list updates | awk 'f;/Updated Packages/{f=1;}' | awk '{ print $1 }'
          changed_when: updates.stdout_lines | length > 0
          args:
            warn: false
          register: updates
          when: (upgrade_enabled | bool)
        - name: display count
          debug:
            msg: "Found {{ updates.stdout_lines | length }} packages to be updated:\n\n{{ updates.stdout }}"
          when: (upgrade_enabled | bool)
        - when: (upgrade_enabled | bool) and ( updates.stdout_lines | length > 0 )
          block:
            - name: install updates using yum
              yum:
                name: "*"
                state: latest
            - name: install yum-utils
              package:
                name: yum-utils
            - name: check if reboot is required
              shell: needs-restarting -r
              failed_when: false
              register: reboot_required
              changed_when: false
        - when: (reboot_enabled | bool) and ( force_reboot or ( updates.stdout_lines | length > 0 and reboot_required.rc != 0 ) )
          block:
            - name: reboot the server if required
              shell: sleep 3; reboot
              ignore_errors: true
              changed_when: false
              async: 1
              poll: 0
            - name: wait for server to come back after reboot
              wait_for_connection:
                timeout: 600
                delay: 20
              register: reboot_result
            - name: reboot time
              debug:
                msg: "The system rebooted in {{ reboot_result.elapsed }} seconds."

    - when: ansible_distribution == 'Ubuntu'
      block:
        - name: Update cache packages list
          apt:
            update_cache: yes
          when: (update_enabled | bool)

        - name: List upgradable packages
          shell: apt list --upgradable
          register: updates
          when: (update_enabled | bool)
        - name: Display upgradable count
          debug:
            msg: "Found {{ updates.stdout_lines | length }} packages to be upgradable"
          when: (update_enabled | bool)
        - name: List upgradable packages
          debug:
            var: updates.stdout_lines
          when: (update_enabled | bool) and ( updates.stdout_lines | length > 0)

        - name: Upgrade packages
          apt:
            upgrade: yes
            autoremove: yes
          when: (upgrade_enabled | bool)

        - name: Check if a reboot is needed for Debian and Ubuntu boxes
          register: reboot_required_file
          stat:
            path: /var/run/reboot-required 
            get_md5: no
          when: (reboot_enabled | bool)

        - name: Reboot the Debian or Ubuntu server
          reboot:
            msg: "Reboot initiated by Ansible due to kernel updates"
            connect_timeout: 10
            reboot_timeout: 600 # in seconds
            pre_reboot_delay: 0
            post_reboot_delay: 60
            test_command: uptime
          when: (reboot_enabled | bool) and ( force_reboot or ( reboot_required_file is defined and reboot_required_file.stat.exists ) )

    - import_tasks: tasks/healthcheck.yml
    - import_tasks: tasks/open_node.yml

    - name: sleep for {{ wait_next_node_in_seconds }} seconds and continue for next node
      wait_for:
        timeout: "{{ wait_next_node_in_seconds }}"