Role Name

This role applies security or full patching to Red Hat, Ubuntu, and Alpine machines.

It can:

• Perform security or full patching
• Clean up old kernel versions
• Detect when a reboot is needed and perform the reboot (see variables)

I only work with AWX (v20.0.1), and it has only been tested with the latest Ansible versions.

Requirements

The machines should have a working internet connection and proper repository configuration.

Supported Operating Systems:

• RHEL, CentOS, Rocky, Alma

  • Version: 6-9

• Ubuntu LTS: 20.04, 22.04

• Alpine: stable-latest

• Debian should work, but I only use LTS distributions, which can have SLA.

• Mint works, but it’s not a focus area (personal preference).

Role Variables

• gather_facts is turned off because we first need to check if the host is online.
  We do this multiple times to avoid load and connectivity issues.
  Please check the tests folder.

Most variables have a varname_default equivalent that can be used to override the defaults at the playbook level.
This allows you to define the default behavior for all targets without specific variables set, e.g., full or security patching.

Example:

• Default os_update_reboot in defaults/main.yml is set to True
• In your playbook, you set os_update_reboot_default to False
• In your inventory, you set os_update_reboot to True for the host group testing So all your hosts will avoid rebooting after patching, except for the host group testing... simple, right?

Note: varname is always enforced, while varname_default only overrides the role's default behavior.

• os_update_level: security
  available options: [none|security|full]

• os_update_reboot: true
  available options: [true|false]

• os_update_remove_old_kernel: true
  available options: [true|false]

• os_update_keep_kernel_nr: 2

Dependencies

None so far.

Example Playbook

Check the test directory for examples.

License

GPLv3