Add Alpine apk support to linux_patch role — update check, upgrade, reboot detection

2026-03-11 12:03:58 -07:00
parent de36867075
commit e5fd6a56b6
1 changed files with 26 additions and 0 deletions
--- a/roles/linux_patch/tasks/main.yml
+++ b/roles/linux_patch/tasks/main.yml
@@ -30,6 +30,13 @@
  failed_when: upgradable_packages.rc not in [0, 100]
  when: ansible_os_family == "RedHat"

+- name: Get list of upgradable packages (Alpine)
+  ansible.builtin.shell: |
+    apk list --upgradable 2>/dev/null | awk -F'-[0-9]' '{print $1}'
+  register: upgradable_packages
+  changed_when: false
+  when: ansible_os_family == "Alpine"
+
 - name: Log packages to be updated
  ansible.builtin.debug:
    msg: "Packages to be updated on {{ inventory_hostname }}: {{ upgradable_packages.stdout_lines | length }} packages"
@@ -53,6 +60,13 @@
  register: dnf_upgrade_result
  when: ansible_os_family == "RedHat"

+- name: Perform upgrade (Alpine)
+  ansible.builtin.shell: |
+    apk update && apk upgrade
+  register: apk_upgrade_result
+  changed_when: "'OK' in apk_upgrade_result.stdout"
+  when: ansible_os_family == "Alpine"
+
 - name: Gather package facts after patching
  ansible.builtin.package_facts:
    manager: auto
@@ -116,6 +130,18 @@
    host_reboot_required: "{{ reboot_required_post.stat.exists | default(false) }}"
  when: ansible_os_family == "Debian"

+- name: Check if reboot is required after patching (Alpine)
+  ansible.builtin.shell: |
+    apk version -l = 2>/dev/null | grep -q kernel && echo "yes" || echo "no"
+  register: alpine_reboot_check
+  changed_when: false
+  when: ansible_os_family == "Alpine"
+
+- name: Update reboot required fact (Alpine)
+  ansible.builtin.set_fact:
+    host_reboot_required: "{{ alpine_reboot_check.stdout | trim == 'yes' }}"
+  when: ansible_os_family == "Alpine"
+
 - name: Reboot if required and auto_reboot is enabled
  ansible.builtin.reboot:
    reboot_timeout: 300