Ansible Playbook to dist-upgrade Debian
1 min readI know it's not considered best practice to do unattended dist upgrades for servers. However, I have a handful of servers and VM's that have very few packages installed. The bare metal servers run VM's using kvm. The VM's run docker and ssh, and most of them are just build nodes for Jenkins.
I failed to find a playbook for this. So here it is. The playbook upgrades from Debian Bullseye to Debian Bookworm
Note that the script assumes that the machines are already up to date with the latest updates for the installed version of Debian. I have another script to handle that.
dist-upgrade.yaml
1---
2- hosts: bld-worker2
3 become: true
4 remote_user: jgaa
5 become_user: root
6 vars_prompt:
7 - name: "ansible_become_pass"
8 prompt: "Su password"
9 private: yes
10 tasks:
11 - name: Prepare. Autoremove old packages
12 apt:
13 autoremove: true
14 clean: true
15
16 - name: Upgrade to latest release (apt-get dist-upgrade)
17 ansible.builtin.shell: |
18 sed -i 's/bullseye/bookworm/g' /etc/apt/sources.list
19 sed -i 's/non-free non-free-firmware-firmware//g' /etc/apt/sources.list
20 if ! grep non-free-firmware /etc/apt/sources.list
21 then
22 sed -i 's/non-free/non-free non-free-firmware/g' /etc/apt/sources.list
23 fi
24
25 - name: Update apt repo and cache on all Debian/Ubuntu boxes
26 apt:
27 update_cache: yes
28 force_apt_get: yes
29 cache_valid_time: 0
30
31 - name: Upgrade all packages on servers
32 apt: upgrade=dist force_apt_get=yes
33
34 - name: Check if a reboot is needed on all servers
35 register: reboot_required_file
36 stat: path=/var/run/reboot-required get_md5=no
37
38 - name: Reboot the box if kernel updated
39 reboot:
40 msg: "Reboot initiated by Ansible for kernel updates"
41 connect_timeout: 5
42 reboot_timeout: 300
43 pre_reboot_delay: 0
44 post_reboot_delay: 30
45 test_command: uptime
46 when: reboot_required_file.stat.exists
47
I don't allow root access via ssh, so ansible connects as me, and then su to root.