---
title: "Debian updates with Ansible"
date: 2016-01-31T01:00:00+01:00
draft: false
share: false
---

I've recently bought a [HP Proliant Microserver Gen8](http://www8.hp.com/us/en/products/proliant-servers/product-detail.html?oid=5379860) to play around with LXC and try new stuff.

From the 4 Debian machines I had to keep up-to-date, I now have 7, so it became quite time-consumming to manually SSH to each of them whenever an update became available.

I ended up looking at [Ansible](http://www.ansible.com/) to speed up the process and, within an hour, I had a working playbook that updates the debian packages, pip packages and git repos installed on all of my servers with a single command.

I figured I'd share the playbook I use to update the Debian packages !

## The playbook

I modified [this gist](https://gist.github.com/maethor/380676f6b1cec8cc7439) to only use apt-get instead of both apt-get and aptitude.

```yaml
- hosts: all
  tasks:

    - name: update cache
      apt: update_cache=yes

    - name: list packages to upgrade (1/2)
      shell: apt-get upgrade -s -V | awk '/=>/{print $1}'
      register: updates
      changed_when: False

    - name: list packages to upgrade (2/2)
      debug: msg="{{ updates.stdout_lines | count }} packages to upgrade ({{ updates.stdout_lines | join(', ') }})"
      when: (updates.stdout_lines)

    - name: upgrade packages
      apt: upgrade=dist
      when: (updates.stdout_lines)

    - name: check what the new version is
      shell: lsb_release -r | awk '{print $2}'
      changed_when: False
      register: new_release

    - name: notify distribution version upgrade
      debug: msg="Debian has been upgraded from {{ ansible_lsb.release }} to {{ new_release.stdout }}"
      when: ansible_lsb.release != new_release.stdout

    - name: /wheezy/ install the debian-goodies package if it is missing
      apt: name=debian-goodies state=present
      when: ansible_distribution_release == 'wheezy'

    - name: /jessie/ install the needrestart package if it is missing
      apt: name=needrestart state=present default_release=jessie-backports
      when: ansible_distribution_release == 'jessie'

    - name: /wheezy/ list services to restart (1/3)
      shell: checkrestart | awk '/^service/{print $2}'
      register: wheezy_services
      changed_when: False
      when: ansible_distribution_release == 'wheezy'

    - name: /jessie/ list services to restart (1/3)
      shell: needrestart -blrl | awk '/^NEEDRESTART-SVC/{print $2}'
      register: jessie_services
      changed_when: False
      when: ansible_distribution_release != 'wheezy'

    - name: merge services list (2/3)
      set_fact:
        services: "{{ wheezy_services if ansible_distribution_release == 'wheezy' else jessie_services }}"

    - name: list services to restart (3/3)
      debug: msg="{{ services.stdout_lines | count }} services to restart ({{ services.stdout_lines | join (', ') }})"
      when: (services.stdout_lines)

    - name: cache cleanup
      shell: apt-get autoclean
```

## Conclusion

That's all ! Please leave a comment if you've found this playbook helpful !