VOICE1/ansible-msp-automations
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Alpine apk support to linux_patch role — update check, upgrade, reboot detection

Browse Source
This commit is contained in:
Semaphore
2026-03-11 12:03:58 -07:00
parent de36867075
commit e5fd6a56b6
1 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
roles/linux_patch/tasks/main.yml
View File

@@ -30,6 +30,13 @@
failed_when: upgradable_packages.rc not in [0, 100] failed_when: upgradable_packages.rc not in [0, 100]
when: ansible_os_family == "RedHat" when: ansible_os_family == "RedHat"
- name: Get list of upgradable packages (Alpine)
ansible.builtin.shell: |
apk list --upgradable 2>/dev/null | awk -F'-[0-9]' '{print $1}'
register: upgradable_packages
changed_when: false
when: ansible_os_family == "Alpine"
- name: Log packages to be updated - name: Log packages to be updated
ansible.builtin.debug: ansible.builtin.debug:
msg: "Packages to be updated on {{ inventory_hostname }}: {{ upgradable_packages.stdout_lines | length }} packages" msg: "Packages to be updated on {{ inventory_hostname }}: {{ upgradable_packages.stdout_lines | length }} packages"
@@ -53,6 +60,13 @@
register: dnf_upgrade_result register: dnf_upgrade_result
when: ansible_os_family == "RedHat" when: ansible_os_family == "RedHat"
- name: Perform upgrade (Alpine)
ansible.builtin.shell: |
apk update && apk upgrade
register: apk_upgrade_result
changed_when: "'OK' in apk_upgrade_result.stdout"
when: ansible_os_family == "Alpine"
- name: Gather package facts after patching - name: Gather package facts after patching
ansible.builtin.package_facts: ansible.builtin.package_facts:
manager: auto manager: auto
@@ -116,6 +130,18 @@
host_reboot_required: "{{ reboot_required_post.stat.exists | default(false) }}" host_reboot_required: "{{ reboot_required_post.stat.exists | default(false) }}"
when: ansible_os_family == "Debian" when: ansible_os_family == "Debian"
- name: Check if reboot is required after patching (Alpine)
ansible.builtin.shell: |
apk version -l = 2>/dev/null | grep -q kernel && echo "yes" || echo "no"
register: alpine_reboot_check
changed_when: false
when: ansible_os_family == "Alpine"
- name: Update reboot required fact (Alpine)
ansible.builtin.set_fact:
host_reboot_required: "{{ alpine_reboot_check.stdout | trim == 'yes' }}"
when: ansible_os_family == "Alpine"
- name: Reboot if required and auto_reboot is enabled - name: Reboot if required and auto_reboot is enabled
ansible.builtin.reboot: ansible.builtin.reboot:
reboot_timeout: 300 reboot_timeout: 300