| 1 | --- |
| 2 | # @TODO: Remove pins |
| 3 | # @TODO: Should 3rd party sources be removed? |
| 4 | # @TODO: Ensure kernel package is installed |
| 5 | # @TODO: Should a 2nd sshd be started on a non-standard port in case of failure? |
| 6 | - name: dpkg audit |
| 7 | command: |
| 8 | cmd: 'dpkg --audit' |
| 9 | - name: show holds |
| 10 | command: |
| 11 | cmd: 'apt-mark showhold' |
| 12 | - name: remove all holds |
| 13 | command: |
| 14 | cmd: "apt-mark unhold '*'" |
| 15 | - name: Replace release in apt sources.list |
| 16 | replace: |
| 17 | regexp: "{{ansible_distribution_release}}" |
| 18 | replace: "{{next_release}}" |
| 19 | path: /etc/apt/sources.list |
| 20 | - name: Replace release in apt sources.list.d |
| 21 | shell: |
| 22 | cmd: "sed -i 's/{{ansible_distribution_release}}/{{next_release}}/' /etc/apt/sources.list.d/*" |
| 23 | warn: false |
| 24 | ignore_errors: true |
| 25 | - apt: |
| 26 | update_cache: true |
| 27 | # @TODO: Check required disk space and available disk space |
| 28 | - name: Download packages |
| 29 | command: |
| 30 | cmd: 'apt-get -y -d upgrade' |
| 31 | warn: false |
| 32 | environment: "{{apt_noninteractive_environment}}" |
| 33 | - name: Minimal upgrade run |
| 34 | command: |
| 35 | cmd: 'apt upgrade -y --without-new-pkgs' |
| 36 | warn: false |
| 37 | environment: "{{apt_noninteractive_environment}}" |
| 38 | - name: Full upgrade run |
| 39 | command: |
| 40 | cmd: 'apt full-upgrade -y' |
| 41 | warn: false |
| 42 | environment: "{{apt_noninteractive_environment}}" |
| 43 | # @TODO: reconfigure grub if installed |
| 44 | # `dpkg-reconfigure grub-pc` on many systems, but not all |
| 45 | # @TODO: Our instances often have an OS version identifier, |
| 46 | # it would be handy to do a replace in /etc/hostname |
| 47 | # before rebooting |
| 48 | - name: Reboot |
| 49 | command: /usr/sbin/reboot |
| 50 | async: 0 |
| 51 | poll: 0 |
| 52 | ignore_errors: true |
| 53 | register: last_result |
| 54 | - name: wait for the server to reboot |
| 55 | local_action: wait_for host={{ inventory_hostname }} |
| 56 | port=22 |
| 57 | delay=1 |
| 58 | timeout=300 |
| 59 | state=started |
| 60 | when: last_result.changed |
| 61 | become: false |
| 62 | - name: Purge configuration of removed packages |
| 63 | command: |
| 64 | cmd: "apt -y purge '~c'" |
| 65 | warn: false |
| 66 | environment: "{{apt_noninteractive_environment}}" |
| 67 | - name: Purge obsolete packages |
| 68 | command: |
| 69 | cmd: "apt -y purge '~o'" |
| 70 | warn: false |
| 71 | environment: "{{apt_noninteractive_environment}}" |