diff --git a/roles/linux_patch/tasks/main.yml b/roles/linux_patch/tasks/main.yml index 8b28be8..47e1bc2 100644 --- a/roles/linux_patch/tasks/main.yml +++ b/roles/linux_patch/tasks/main.yml @@ -2,7 +2,6 @@ - name: Gather package facts before patching ansible.builtin.package_facts: manager: auto - register: packages_before - name: Store pre-patch package versions ansible.builtin.set_fact: @@ -30,11 +29,6 @@ failed_when: upgradable_packages.rc not in [0, 100] when: ansible_os_family == "RedHat" -- name: Normalize upgradable count (RHEL) - ansible.builtin.set_fact: - upgradable_count: "{{ dnf_upgradable.stdout_lines | default([]) | length }}" - when: os_family in ['rhel', 'centos', 'rocky'] - - name: Get list of upgradable packages (Alpine) ansible.builtin.shell: | apk list --upgradable 2>/dev/null | awk -F'-[0-9]' '{print $1}' @@ -66,11 +60,6 @@ - ansible_os_family == "Debian" - patch_mode == "full" or patch_mode == "security" -- name: Normalize upgradable count (Debian) - ansible.builtin.set_fact: - upgradable_count: "{{ apt_upgradable.stdout_lines | default([]) | length }}" - when: os_family in ['debian', 'ubuntu'] - - name: Perform security-only upgrade (RHEL/CentOS) ansible.builtin.dnf: name: "*" @@ -95,20 +84,6 @@ ansible.builtin.set_fact: packages_post_patch: "{{ ansible_facts.packages }}" -- name: Calculate changed packages - ansible.builtin.set_fact: - packages_updated: >- - {{ - packages_post_patch | dict2items - | selectattr('key', 'in', packages_pre_patch) - | selectattr('value', '!=', packages_pre_patch[item.key] | default([])) - | list - | map(attribute='key') - | list - }} - loop: "{{ packages_post_patch | dict2items }}" - when: false - - name: Build packages updated list ansible.builtin.set_fact: packages_updated: >- @@ -175,3 +150,4 @@ - name: Patching complete ansible.builtin.debug: msg: "Patching complete on {{ inventory_hostname }} — {{ packages_updated | length }} packages updated" +