ilia/ansible
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Update inventory and playbook configurations to reflect new host addresses and user settings. Modify the Makefile for improved maintenance task execution, including unified command options for maintenance operations. Enhance README.md with updated usage instructions for the maintenance system and clarify host group definitions. Adjust group_vars for maintenance settings, ensuring proper handling of reboot conditions and cache management.

Browse Source
This commit is contained in:
ilia 2025-09-02 11:32:16 -04:00
parent 5e4428447c
commit f85945c8f7
11 changed files with 431 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

178
Makefile
View File

@ -19,8 +19,12 @@ help: ## Show this help message
@echo " make bootstrap # Set up dependencies"
@echo " make check # Dry run all hosts"
@echo " make apply # Run on all dev hosts"
@echo " make dev HOST=devVM # Run on specific host"
@echo " make dev HOST=dev01 # Run on specific host"
@echo " make local # Run local playbook"
@echo " make maintenance # Run maintenance on all hosts"
@echo " make maintenance GROUP=dev # Run maintenance on dev group"
@echo " make maintenance HOST=dev01 # Run maintenance on specific host"
@echo " make maintenance CHECK=true # Dry-run maintenance on all hosts"
@echo ""
bootstrap: ## Install required collections and dependencies
@ -37,6 +41,7 @@ test: lint ## Run all tests (lint + syntax check)
@echo "$(YELLOW)Testing playbook syntax...$(RESET)"
ansible-playbook dev-playbook.yml --syntax-check
ansible-playbook local-playbook.yml --syntax-check
ansible-playbook maintenance-playbook.yml --syntax-check
@echo "$(GREEN)✓ Syntax check passed$(RESET)"
check: ## Dry-run the development playbook (--check mode)
@ -56,10 +61,10 @@ local: ## Run the local playbook on localhost
ansible-playbook local-playbook.yml -K
# Host-specific targets
dev: ## Run on specific host (usage: make dev HOST=devVM)
dev: ## Run on specific host (usage: make dev HOST=dev01)
ifndef HOST
@echo "$(RED)Error: HOST parameter required$(RESET)"
@echo "Usage: make dev HOST=devVM"
@echo "Usage: make dev HOST=dev01"
@exit 1
endif
@echo "$(YELLOW)Running on host: $(HOST)$(RESET)"
@ -70,9 +75,62 @@ security: ## Run only security-related roles
@echo "$(YELLOW)Running security roles...$(RESET)"
ansible-playbook dev-playbook.yml --tags security
maintenance: ## Run only maintenance tasks
@echo "$(YELLOW)Running maintenance...$(RESET)"
ansible-playbook dev-playbook.yml --tags maintenance
# Unified maintenance target with intelligent parameter detection
maintenance: ## Run maintenance (usage: make maintenance [GROUP=dev] [HOST=dev01] [SERIAL=1] [CHECK=true])
@$(MAKE) _maintenance-run
_maintenance-run:
@# Determine target and build command
@TARGET="all"; \
ANSIBLE_CMD="ansible-playbook maintenance-playbook.yml"; \
DESCRIPTION="all hosts"; \
NEED_SUDO=""; \
\
if [ -n "$(HOST)" ]; then \
TARGET="host $(HOST)"; \
ANSIBLE_CMD="$$ANSIBLE_CMD --limit $(HOST)"; \
DESCRIPTION="host $(HOST)"; \
if [ "$(HOST)" = "localhost" ]; then \
NEED_SUDO="-K"; \
fi; \
elif [ -n "$(GROUP)" ]; then \
TARGET="$(GROUP) group"; \
ANSIBLE_CMD="$$ANSIBLE_CMD -e target_group=$(GROUP)"; \
DESCRIPTION="$(GROUP) group"; \
if [ "$(GROUP)" = "local" ]; then \
NEED_SUDO="-K"; \
fi; \
else \
NEED_SUDO="-K"; \
fi; \
\
if [ -n "$(SERIAL)" ]; then \
ANSIBLE_CMD="$$ANSIBLE_CMD -e maintenance_serial=$(SERIAL)"; \
DESCRIPTION="$$DESCRIPTION (serial=$(SERIAL))"; \
fi; \
\
if [ "$(CHECK)" = "true" ]; then \
ANSIBLE_CMD="$$ANSIBLE_CMD --check --diff"; \
echo "$(YELLOW)Dry-run maintenance on $$DESCRIPTION...$(RESET)"; \
else \
echo "$(YELLOW)Running maintenance on $$DESCRIPTION...$(RESET)"; \
fi; \
\
if [ -n "$(GROUP)" ] && [ "$(GROUP)" != "dev" ] && [ "$(GROUP)" != "local" ]; then \
echo "$(BLUE)Available groups: dev, gitea, portainer, homepage, ansible, local$(RESET)"; \
fi; \
\
$$ANSIBLE_CMD $$NEED_SUDO
# Legacy/convenience aliases
maintenance-dev: ## Run maintenance on dev group (legacy alias)
@$(MAKE) maintenance GROUP=dev
maintenance-all: ## Run maintenance on all hosts (legacy alias)
@$(MAKE) maintenance
maintenance-check: ## Dry-run maintenance (legacy alias, usage: make maintenance-check [GROUP=dev])
@$(MAKE) maintenance CHECK=true GROUP=$(GROUP)
docker: ## Install/configure Docker only
@echo "$(YELLOW)Running Docker setup...$(RESET)"
@ -86,10 +144,42 @@ apps: ## Install applications only
@echo "$(YELLOW)Installing applications...$(RESET)"
ansible-playbook dev-playbook.yml --tags apps
# Utility targets
status: ## Check connectivity to all hosts
@echo "$(YELLOW)Checking host connectivity...$(RESET)"
ansible all -m ping
# Connectivity targets
ping: ## Ping hosts with colored output (usage: make ping [GROUP=dev] [HOST=dev01])
ifdef HOST
@echo "$(YELLOW)Pinging host: $(HOST)$(RESET)"
@ansible $(HOST) -m ping --one-line | while read line; do \
if echo "$$line" | grep -q "SUCCESS"; then \
echo "$(GREEN)$$line$(RESET)"; \
elif echo "$$line" | grep -q "UNREACHABLE"; then \
echo "$(RED)$$line$(RESET)"; \
else \
echo "$(YELLOW)? $$line$(RESET)"; \
fi; \
done
else ifdef GROUP
@echo "$(YELLOW)Pinging $(GROUP) group...$(RESET)"
@ansible $(GROUP) -m ping --one-line | while read line; do \
if echo "$$line" | grep -q "SUCCESS"; then \
echo "$(GREEN)$$line$(RESET)"; \
elif echo "$$line" | grep -q "UNREACHABLE"; then \
echo "$(RED)$$line$(RESET)"; \
else \
echo "$(YELLOW)? $$line$(RESET)"; \
fi; \
done
else
@echo "$(YELLOW)Pinging all hosts...$(RESET)"
@ansible all -m ping --one-line | while read line; do \
if echo "$$line" | grep -q "SUCCESS"; then \
echo "$(GREEN)$$line$(RESET)"; \
elif echo "$$line" | grep -q "UNREACHABLE"; then \
echo "$(RED)$$line$(RESET)"; \
else \
echo "$(YELLOW)? $$line$(RESET)"; \
fi; \
done
endif
facts: ## Gather facts from all hosts
@echo "$(YELLOW)Gathering facts...$(RESET)"
@ -115,10 +205,74 @@ quick: test check ## Quick test and check before applying
@echo "$(GREEN)✓ Ready to apply changes$(RESET)"
# Vault management
edit-vault: ## Edit encrypted host vars (usage: make edit-vault HOST=devVM)
edit-vault: ## Edit encrypted host vars (usage: make edit-vault HOST=dev01)
ifndef HOST
@echo "$(RED)Error: HOST parameter required$(RESET)"
@echo "Usage: make edit-vault HOST=devVM"
@echo "Usage: make edit-vault HOST=dev01"
@exit 1
endif
ansible-vault edit host_vars/$(HOST).yml
test-connectivity: ## Test network connectivity and SSH access to all hosts
@echo "$(BOLD)Testing Connectivity to All Hosts$(RESET)"
@echo ""
@echo "$(YELLOW)1. Testing network connectivity (ping)...$(RESET)"
@for host in giteaVM portainerVM homepageVM dev01 bottom debianDesktopVM; do \
ip=$$(ansible-inventory --list | jq -r ".$$host.ansible_host // empty" 2>/dev/null || echo "unknown"); \
if [ "$$ip" != "unknown" ] && [ "$$ip" != "null" ] && [ "$$ip" != "" ]; then \
echo -n " $$host ($$ip): "; \
if ping -c 1 -W 2 $$ip >/dev/null 2>&1; then \
echo "$(GREEN)✓ Network OK$(RESET)"; \
else \
echo "$(RED)✗ Network FAIL$(RESET)"; \
fi; \
else \
echo " $$host: $(YELLOW)? IP not found in inventory$(RESET)"; \
fi; \
done
@echo ""
@echo "$(YELLOW)2. Testing SSH connectivity...$(RESET)"
@ansible all -m ping --one-line 2>/dev/null | while read line; do \
if echo "$$line" | grep -q "SUCCESS"; then \
echo " $(GREEN)$$line$(RESET)"; \
elif echo "$$line" | grep -q "UNREACHABLE"; then \
echo " $(RED)$$line$(RESET)"; \
else \
echo " $(YELLOW)? $$line$(RESET)"; \
fi; \
done || true
@echo ""
@echo "$(YELLOW)3. SSH key status...$(RESET)"
@if [ -f ~/.ssh/id_rsa.pub ]; then \
echo " $(GREEN)✓ SSH public key found: ~/.ssh/id_rsa.pub$(RESET)"; \
elif [ -f ~/.ssh/id_ed25519.pub ]; then \
echo " $(GREEN)✓ SSH public key found: ~/.ssh/id_ed25519.pub$(RESET)"; \
else \
echo " $(RED)✗ No SSH public key found$(RESET)"; \
echo " $(YELLOW) Run: ssh-keygen -t ed25519 -C 'your_email@example.com'$(RESET)"; \
fi
@echo ""
@echo "$(BOLD)Troubleshooting Tips:$(RESET)"
@echo " • For network failures: Check if VMs are running and IPs are correct"
@echo " • For SSH failures: Copy your SSH key to the target hosts"
@echo " • Run: ssh-copy-id user@host (for each failing host)"
@echo " • Or: make copy-ssh-key HOST=hostname"
copy-ssh-key: ## Copy SSH key to specific host (usage: make copy-ssh-key HOST=giteaVM)
ifndef HOST
@echo "$(RED)Error: HOST parameter required$(RESET)"
@echo "Usage: make copy-ssh-key HOST=giteaVM"
@exit 1
endif
@echo "$(YELLOW)Copying SSH key to $(HOST)...$(RESET)"
@ip=$$(ansible-inventory --list | jq -r "._meta.hostvars.$(HOST).ansible_host // empty" 2>/dev/null); \
user=$$(ansible-inventory --list | jq -r "._meta.hostvars.$(HOST).ansible_user // empty" 2>/dev/null); \
if [ -n "$$ip" ] && [ "$$ip" != "null" ] && [ -n "$$user" ] && [ "$$user" != "null" ]; then \
echo "Target: $$user@$$ip"; \
ssh-copy-id $$user@$$ip; \
else \
echo "$(RED)Could not determine IP or user for $(HOST)$(RESET)"; \
echo "Check your inventory and host_vars"; \
fi

69
README.md
View File

@ -5,7 +5,7 @@ This Ansible playbook automates the setup of development environments across mul
## 🏗️ Architecture
### Host Groups
- `dev`: Development machines (devVM, bottom, debianDesktopVM)
- `dev`: Development machines (dev01, bottom, debianDesktopVM)
- `gitea`: Gitea server
- `portainer`: Portainer container management
- `homepage`: Homepage dashboard
@ -43,7 +43,7 @@ make check
make apply
# Run on specific host
make dev HOST=devVM
make dev HOST=dev01
# Run locally
make local
@ -78,7 +78,7 @@ ansible-playbook dev-playbook.yml
ansible-playbook dev-playbook.yml --ask-vault-pass
# Run on specific host
ansible-playbook dev-playbook.yml --limit devVM
ansible-playbook dev-playbook.yml --limit dev01
# Skip reboots for specific host
ansible-playbook dev-playbook.yml --limit bottom
@ -98,8 +98,12 @@ make shell
# Applications only
make apps
# Maintenance only
make maintenance
# Maintenance (unified system)
make maintenance # All hosts
make maintenance GROUP=dev # Specific group
make maintenance HOST=dev01 # Specific host
make maintenance CHECK=true # Dry-run all hosts
make maintenance GROUP=dev SERIAL=1 # Serial execution
# Check connectivity
make status
@ -135,10 +139,10 @@ Control debug information display with the `ansible_debug_output` variable:
```bash
# Default: No debug output (clean, production-ready output)
ansible-playbook dev-playbook.yml --limit devVM
ansible-playbook dev-playbook.yml --limit dev01
# Enable debug output (shows detailed status information)
ansible-playbook dev-playbook.yml --limit devVM -e "ansible_debug_output=true"
ansible-playbook dev-playbook.yml --limit dev01 -e "ansible_debug_output=true"
# Set permanently in group_vars/all.yml
ansible_debug_output: true
@ -271,19 +275,51 @@ fd "main.yml" roles/ -x cat
## 🔄 Maintenance
### Automatic Updates
### Unified Maintenance System
The maintenance system provides a single, intelligent command for all maintenance operations:
```bash
# Basic usage
make maintenance # Run on all hosts
make maintenance GROUP=dev # Run on specific group
make maintenance HOST=dev01 # Run on specific host
# Advanced options
make maintenance CHECK=true # Dry-run (safe testing)
make maintenance GROUP=dev SERIAL=1 # One host at a time
make maintenance GROUP=local # Local machine (auto-sudo)
# Legacy support (still works)
make maintenance-all # Same as: make maintenance
make maintenance-check GROUP=dev # Same as: make maintenance GROUP=dev CHECK=true
```
### Available Host Groups
- `dev`: Development machines (dev01, bottom, debianDesktopVM)
- `gitea`: Gitea server
- `portainer`: Portainer container management
- `homepage`: Homepage dashboard
- `ansible`: Ansible control node
- `local`: Localhost (with automatic sudo handling)
### Maintenance Features
The maintenance role handles:
- Package updates (`apt upgrade`)
- Unused package removal (`apt autoremove`)
- Cache cleanup (`apt autoclean`)
- Conditional reboots
- Conditional reboots (respects `skip_reboot` setting)
- System information reporting
- Intelligent sudo password handling
### Manual Maintenance
### Direct Ansible Commands
```bash
# Update only maintenance role
ansible-playbook dev-playbook.yml --tags maintenance
# Using the dedicated maintenance playbook
ansible-playbook maintenance-playbook.yml -e "target_group=dev"
ansible-playbook maintenance-playbook.yml --limit "dev01"
ansible-playbook maintenance-playbook.yml --check --diff # Dry-run
# Skip maintenance
# Using tags with development playbook
ansible-playbook dev-playbook.yml --tags maintenance
ansible-playbook dev-playbook.yml --skip-tags maintenance
```
@ -348,8 +384,8 @@ make apply # Deploy to all hosts
### Host-Specific Operations
```bash
make dev HOST=devVM # Deploy to specific host
make edit-vault HOST=devVM # Edit encrypted host variables
make dev HOST=dev01 # Deploy to specific host
make edit-vault HOST=dev01 # Edit encrypted host variables
```
### Maintenance and Utilities
@ -365,10 +401,11 @@ Run `make help` for the complete list of available commands.
```
ansible/
├── ansible.cfg # Enhanced Ansible configuration
├── Makefile # Workflow automation
├── Makefile # Workflow automation with unified maintenance
├── hosts # Inventory file
├── dev-playbook.yml # Main development playbook
├── local-playbook.yml # Local machine setup
├── maintenance-playbook.yml # Dedicated maintenance playbook
├── collections/
│ └── requirements.yml # Required Ansible collections
├── group_vars/

5
group_vars/all.yml
View File

@ -11,3 +11,8 @@ ansible_debug_output: false
fail2ban_bantime: 3600
fail2ban_findtime: 600
fail2ban_maxretry: 3
# Maintenance settings
maintenance_default_serial: "100%" # Default serial execution for maintenance
maintenance_reboot_timeout: 300 # Reboot timeout in seconds
maintenance_pre_reboot_delay: 5 # Delay before reboot in seconds

6
host_vars/giteaVM.yml Normal file
View File

@ -0,0 +1,6 @@
$ANSIBLE_VAULT;1.1;AES256
35613535653633616433383235306131326139313335323039393662313066613966633934333864
6465656334383738393565613033653230323264363933370a623036393963393833376333383635
62636466383165383439623736613831663761336662383138386666336365636166373338666232
6164616262383764340a326530393662383632623538333535353962313138633639653933303564
3939

6
host_vars/homepageVM.yml Normal file
View File

@ -0,0 +1,6 @@
$ANSIBLE_VAULT;1.1;AES256
32353034343864393663363666306566396464626335363133316432633832616561336234323138
6535373836623837323266376539633937326365393730300a303963663165353536656133636663
63323966353039663531626434303939313137383734363538616564646638353030643130613632
3131353132336261650a653361333235643130333330346366656637303332666361386461616331
3132

6
host_vars/portainerVM.yml Normal file
View File

@ -0,0 +1,6 @@
$ANSIBLE_VAULT;1.1;AES256
35386435346434313638656334393931363832396538626361633237653134303639323662353165
3131653934353233626136386236363565363835373535320a373932343630303363656363346138
33366161623833366666326161383964396463636633323361333066383066633838636438633364
3131306263323038370a616432303966323065646466646430356365653334316564333364376535
3364

10
hosts
View File

@ -1,19 +1,19 @@
[gitea]
giteaVM ansible_host=10.0.10.10
giteaVM ansible_host=10.0.30.169 ansible_user=gitea
[portainer]
portainerVM ansible_host=10.0.10.20
portainerVM ansible_host=10.0.30.69 ansible_user=ladmin
[homepage]
homepageVM ansible_host=10.0.10.30
homepageVM ansible_host=10.0.30.12 ansible_user=homepage
[dev]
devVM ansible_host=10.0.30.105 ansible_user=ladmin
dev01 ansible_host=10.0.30.105 ansible_user=ladmin
bottom ansible_host=10.0.10.156 ansible_user=beast
debianDesktopVM ansible_host=10.0.10.206 ansible_user=user skip_reboot=true
[ansible]
ansible-controlVM ansible_host=localhost ansible_user=master
ansible-controlVM ansible_host=10.0.10.157 ansible_user=master
[local]
localhost ansible_connection=local

58
maintenance-playbook.yml Normal file
View File

@ -0,0 +1,58 @@
---
- name: Run system maintenance
hosts: "{{ target_group | default('all') }}"
become: true
gather_facts: true
serial: "{{ maintenance_serial | default(maintenance_default_serial | default('100%')) }}"
vars:
# Default maintenance options
maintenance_update_cache: true
maintenance_upgrade_packages: true
maintenance_autoremove: true
maintenance_autoclean: true
maintenance_check_reboot: true
maintenance_allow_reboot: true
pre_tasks:
- name: Display maintenance target information
ansible.builtin.debug:
msg: |
Starting maintenance on: {{ inventory_hostname }}
Group: {{ group_names | join(', ') }}
Skip reboot: {{ skip_reboot | default(false) | bool }}
- name: Update apt cache
ansible.builtin.apt:
update_cache: true
cache_valid_time: 3600
when: maintenance_update_cache | bool
roles:
- { role: maintenance, tags: ['maintenance'] }
post_tasks:
- name: Display maintenance completion
ansible.builtin.debug:
msg: |
Maintenance completed for: {{ inventory_hostname }}
Reboot required: {{ maintenance_reboot_required.stat.exists | default(false) }}
{% if maintenance_reboot_required.stat.exists | default(false) and not (skip_reboot | default(false) | bool) %}
System will reboot automatically.
{% elif maintenance_reboot_required.stat.exists | default(false) and (skip_reboot | default(false) | bool) %}
System requires reboot but skip_reboot is set to true.
{% else %}
No reboot required.
{% endif %}
- name: Gather package facts after maintenance
ansible.builtin.package_facts:
manager: auto
- name: Display system information
ansible.builtin.debug:
msg: |
System: {{ ansible_facts['distribution'] }} {{ ansible_facts['distribution_version'] }}
Kernel: {{ ansible_facts['kernel'] }}
Architecture: {{ ansible_facts['architecture'] }}
Uptime: {{ ansible_facts['uptime_seconds'] | int // 3600 }}h {{ (ansible_facts['uptime_seconds'] | int % 3600) // 60 }}m

127
roles/maintenance/README.md
View File

@ -1,38 +1,121 @@
Role Name
=========
# Maintenance Role
A brief description of the role goes here.
Handles system maintenance tasks including package updates, cleanup, and conditional reboots.
Requirements
------------
## Requirements
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
- Debian/Ubuntu-based systems with `apt` package manager
- `sudo` privileges for package management and system operations
Role Variables
--------------
## Role Variables
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
### Default Variables (`defaults/main.yml`)
Dependencies
------------
```yaml
# Package management
maintenance_update_cache: true # Update apt cache before operations
maintenance_upgrade_packages: true # Perform dist-upgrade
maintenance_autoremove: true # Remove unused packages
maintenance_autoclean: true # Clean apt cache
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
# Reboot handling
maintenance_check_reboot: true # Check if reboot is required
maintenance_allow_reboot: true # Allow automatic reboots
```
Example Playbook
----------------
### Host Variables
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
```yaml
skip_reboot: true # Skip reboots for this host (optional)
```
- hosts: servers
### Playbook Variables
```yaml
maintenance_serial: "100%" # Serial execution (e.g., "1" for one-at-a-time)
target_group: "all" # Target host group
```
## Dependencies
None.
## Example Playbook
### Basic Usage
```yaml
- hosts: servers
become: true
roles:
- { role: username.rolename, x: 42 }
- maintenance
```
License
-------
### With Custom Variables
```yaml
- hosts: servers
become: true
vars:
maintenance_allow_reboot: false # Disable automatic reboots
roles:
- maintenance
```
### Using the Dedicated Maintenance Playbook
```bash
# Run on all hosts
ansible-playbook maintenance-playbook.yml
# Run on specific group
ansible-playbook maintenance-playbook.yml -e "target_group=dev"
# Run with serial execution
ansible-playbook maintenance-playbook.yml -e "target_group=dev" -e "maintenance_serial=1"
# Dry-run
ansible-playbook maintenance-playbook.yml --check --diff
```
### Using Makefile (Recommended)
```bash
# Basic usage
make maintenance # All hosts
make maintenance GROUP=dev # Specific group
make maintenance HOST=dev01 # Specific host
make maintenance CHECK=true # Dry-run
# Advanced options
make maintenance GROUP=dev SERIAL=1 # Serial execution
make maintenance GROUP=local # Local machine (auto-sudo)
```
## Tasks Performed
1. **Package Updates**: Performs `apt dist-upgrade` to update all packages
2. **Cleanup**: Removes unused packages (`apt autoremove`) and cleans cache (`apt autoclean`)
3. **Reboot Check**: Checks if `/var/run/reboot-required` exists
4. **Conditional Reboot**: Reboots system if required (unless `skip_reboot=true`)
## Reboot Behavior
The role respects the following reboot conditions:
- Only reboots if `/var/run/reboot-required` exists
- Only on `apt`-based systems (`ansible_facts['pkg_mgr'] == "apt"`)
- Skips reboot if `skip_reboot` is set to `true` in host variables
- Provides informative reboot message
## Integration with Maintenance Playbook
This role is designed to work with the dedicated `maintenance-playbook.yml` which provides:
- Flexible host targeting
- Serial execution support
- Detailed progress reporting
- System information display
- Intelligent sudo handling
## License
BSD
Author Information
------------------
## Author Information
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
Part of the Ansible Development Environment Setup project.

13
roles/maintenance/defaults/main.yml
View File

@ -1,2 +1,15 @@
---
# defaults file for maintenance
# Package management settings
maintenance_update_cache: true # Update apt cache before operations
maintenance_upgrade_packages: true # Perform dist-upgrade
maintenance_autoremove: true # Remove unused packages
maintenance_autoclean: true # Clean apt cache
# Reboot handling settings
maintenance_check_reboot: true # Check if reboot is required
maintenance_allow_reboot: true # Allow automatic reboots
# Cache settings
maintenance_cache_valid_time: 3600 # Cache valid time in seconds (1 hour)

2
roles/maintenance/tasks/main.yml
View File

@ -19,6 +19,8 @@
- name: Reboot if required
ansible.builtin.reboot:
msg: "Reboot triggered by Ansible after system changes."
reboot_timeout: "{{ maintenance_reboot_timeout | default(300) }}"
pre_reboot_delay: "{{ maintenance_pre_reboot_delay | default(5) }}"
when:
- ansible_facts['pkg_mgr'] == "apt"
- maintenance_reboot_required.stat.exists