jeet/OCI_Build
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d2e8cc6e70775df9b43d83070a28fda3c58f3e64
OCI_Build/playbooks/update_upgrade.yml
T
jeet d2e8cc6e70 Fix issues 3,5,6,7,8,9,11,15,16: security hardening and reliability improvements 
- ansible.cfg: enable host_key_checking (closes #1)
- update_upgrade.yml: fix reboot crash on non-Debian hosts, exclude AnsibleHost from targets (closes #2, #7)
- deploy.yml: replace silent ignore_errors with real container health assertion (closes #3)
- redeploy.yml: same assertion fix + restic --overwrite always + RESTIC_RESTORE_PATH variable (closes #3, #4, #5)
- disaster.yml: same fixes as redeploy.yml (closes #3, #4, #5)
- docker_update_containers.yml: create missing playbook (closes #6)
- fresh_install.yml: add safety guard to abort if containers already running (closes #8)
- docker_status.yml: add become: true (closes #9)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-22 14:14:14 -04:00

53 lines
1.5 KiB
YAML
Raw Blame History

---
- hosts: "all:!AnsibleHost"
gather_facts: true
tasks:
- name: "Updating and Upgrading Apt Packages"
apt:
update_cache: yes
upgrade: safe
when: ansible_os_family == "Debian"
become: true
- name: Check if a reboot is required.
ansible.builtin.stat:
path: /var/run/reboot-required
get_checksum: no
register: reboot_required_file
when: ansible_os_family == "Debian"
- name: Reboot the server (if required).
ansible.builtin.reboot:
when: reboot_required_file is defined and reboot_required_file.stat.exists
- name: "Updating and Upgrading Yum Packages"
yum:
name: '*'
state: latest
when: ansible_os_family == "RedHat"
become: true
# For DNF-based systems (e.g., Fedora), you can add a similar task:
- name: "Updating and Upgrading Dnf Packages"
dnf:
name: '*'
state: latest
when: ansible_distribution == "Fedora"
become: true
# For Windows Hosts
- name: Install all updates and reboot as many times as needed
ansible.windows.win_updates:
category_names: '*'
reboot: true
when: ansible_os_family == "Windows"
- name: Upgrade installed packages
win_chocolatey:
name: all
state: latest
when: ansible_os_family == "Windows"
# Specific adjustments for Raspbian can be made here, if necessary
# Raspbian will typically be covered by the Debian task, but if you have specific needs, you can specify them here.
Reference in New Issue View Git Blame Copy Permalink