ensure_os_patch/tasks/main.yml

---
# tasks file for ensure_os_patch
- name: 'package discovery'
  when:
    - ansible_system == 'Linux'
    - packages is not defined
  ansible.builtin.package_facts:
- name: 'service discovery'
  when:
    - ansible_system == 'Linux'
    - services is not defined
  ansible.builtin.service_facts:
- name: 'ensure patch'
  when:
    - ansible_system == 'Linux'
    - ansible_pkg_mgr == 'dnf' or ansible_pkg_mgr == 'yum'
  ansible.builtin.package:
    name: '*'
    state: 'latest'
  notify:
    - 'ensure_os_patch.package_facts'
    - 'ensure_os_patch.service_facts'
- name: 'ensure patch'
  when:
    - ansible_system == 'Linux'
    - ansible_pkg_mgr == 'apt'
  ansible.builtin.apt:
    autoclean: 'yes'
    autoremove: 'yes'
    upgrade: 'dist'
  notify:
    - 'ensure_os_patch.package_facts'
    - 'ensure_os_patch.service_facts'
- name: 'Ensure dnf-automatic installation'
  when:
    - ansible_system == 'Linux'
    - ansible_distribution == 'Fedora'
    - ansible_distribution_major_version is version('21', '>=')
  ansible.builtin.package:
    name:
      - 'dnf-automatic'
    state: 'present'
  notify:
    - 'ensure_os_patch.package_facts'
    - 'ensure_os_patch.service_facts'
- name: 'Ensure dnf-automatic runs'
  when:
    - ansible_system == 'Linux'
    - ansible_distribution == 'Fedora'
    - ansible_distribution_major_version is version('21', '>=')
  ansible.builtin.service:
    enabled: 'yes'
    name: 'dnf-automatic-install.timer'
    state: 'started'
  notify:
    - 'ensure_os_patch.package_facts'
    - 'ensure_os_patch.service_facts'
- name: 'flush handlers'
  meta: 'flush_handlers'