{"id":5900,"sha1":"f9ac5339c4bd42b93c0bffb80421e1bfbe175756","playbook":{"id":3780,"items":{"plays":1,"tasks":18,"results":18,"hosts":2,"files":1,"records":0},"arguments":{"version":null,"verbosity":0,"private_key_file":"/home/ssh-gateway/.ssh/id_rsa","remote_user":"root","connection":"ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":false,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/ssh-gateway/ansible/kuly/bash-kvm-inventory-dev.sh"],"listhosts":false,"subset":"great-wren.man-1.solus.stage.town","extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":20,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["zz-kvm_patching_workflow.yml"]},"labels":[{"id":1,"name":"remote_user:root"},{"id":2,"name":"check:False"},{"id":3,"name":"tags:all"},{"id":227,"name":"subset:great-wren.man-1.solus.stage.town"}],"started":"2025-09-15T16:48:27.059843+01:00","ended":"2025-09-15T16:48:45.446813+01:00","duration":"00:00:18.386970","name":null,"ansible_version":"2.16.11","client_version":"1.7.3","python_version":"3.10.10","server_version":"1.7.3","status":"completed","path":"/home/ssh-gateway/ansible/kuly/zz-kvm_patching_workflow.yml","controller":"ssh-gw-4.layershift.com","user":"root"},"content":"---\n- name: KVM Host Pre-Patching Health Check\n  hosts: all\n  gather_facts: false\n  serial: 1  # Process one host at a time\n\n  vars:\n    min_available_ram_mb: 2048\n\n  tasks:\n    - name: Perform comprehensive pre-patching health check\n      kvm_upgrade_utils:\n        action: pre_patch_check\n        min_available_ram_mb: \"{{ min_available_ram_mb }}\"\n      register: health_check\n\n    - name: Display health check results\n      ansible.builtin.debug:\n        msg: |\n          === KVM Host Health Check Results ===\n          Ready for Patching: {{ health_check.health_status.ready_for_patching }}\n          VM Count: {{ health_check.health_status.vm_count }}\n          Updates Available: {{ health_check.health_status.updates_available }}\n          Security Updates: {{ health_check.health_status.security_updates }}\n\n          Issues Found ({{ health_check.health_status.issues | length }}):\n          {% for issue in health_check.health_status.issues %}\n            \u274c {{ issue }}\n          {% endfor %}\n\n          Warnings ({{ health_check.health_status.warnings | length }}):\n          {% for warning in health_check.health_status.warnings %}\n            \u26a0\ufe0f  {{ warning }}\n          {% endfor %}\n      delegate_to: localhost\n\n    - name: Fail if system is not ready for patching\n      ansible.builtin.assert:\n        that:\n          - health_check.health_status.ready_for_patching\n        fail_msg: \"System not ready for patching. Check health check results above.\"\n      when: not health_check.health_status.ready_for_patching\n\n    - name: Check if system needs restarting (before patching)\n      kvm_upgrade_utils:\n        action: check_restart\n      register: restart_status_before\n\n    - name: Display restart status before patching\n      ansible.builtin.debug:\n        msg: |\n          {% if restart_status_before.needs_restarting %}\n          \u26a0\ufe0f  System already requires restart before patching\n          {% else %}\n          \u2705 System does not require restart before patching\n          {% endif %}\n\n    - name: Check MariaDB version and lock status\n      kvm_upgrade_utils:\n        action: check_mariadb_version\n      register: mariadb_status\n\n    - name: Warn about unlocked MariaDB\n      ansible.builtin.debug:\n        msg: \"\u26a0\ufe0f  MariaDB version is not locked - consider locking to prevent major upgrades\"\n      when: mariadb_status.mariadb_info.installed and not mariadb_status.mariadb_info.locked\n\n    - name: Check VM count for canary classification\n      kvm_upgrade_utils:\n        action: check_vm_count\n      register: vm_status\n\n    - name: Classify host for canary deployment\n      ansible.builtin.set_fact:\n        canary_group: |\n          {% if vm_status.vm_count <= 1 %}\n            \"Group 1: Single VM customers (canary)\"\n          {% elif vm_status.vm_count <= 5 %}\n            \"Group 2: Small customers (early adopters)\"\n          {% else %}\n            \"Group 3: Large customers (later deployment)\"\n          {% endif %}\n\n    - name: Display canary classification\n      ansible.builtin.debug:\n        msg: \"Canary Group: {{ canary_group }} ({{ vm_status.vm_count }} VMs)\"\n\n    - name: Validate system resources before patching\n      kvm_upgrade_utils:\n        action: validate_resources\n        min_available_ram_mb: \"{{ min_available_ram_mb }}\"\n      register: resource_status\n\n    - name: Ensure sufficient memory for patching\n      ansible.builtin.assert:\n        that:\n          - resource_status.resource_status.sufficient_memory\n        fail_msg: \"Insufficient memory for safe patching: {{ resource_status.resource_status.available_ram_mb }}MB available, {{ min_available_ram_mb }}MB required\"\n\n    # Here you would add the actual patching tasks\n    - name: Check for available updates\n      kvm_upgrade_utils:\n        action: check_updates\n      register: update_status\n\n    - name: Display update availability\n      ansible.builtin.debug:\n        msg: |\n          {% if update_status.updates_available %}\n          \ud83d\udce6 {{ update_status.update_count }} package updates available\n          {% else %}\n          \u2705 No package updates available\n          {% endif %}\n\n    - name: Check for security updates\n      kvm_upgrade_utils:\n        action: check_security_updates\n      register: security_status\n\n    - name: Display security update status\n      ansible.builtin.debug:\n        msg: |\n          {% if security_status.security_updates_available %}\n          \ud83d\udd12 {{ security_status.security_update_count }} security updates available - URGENT!\n          {% else %}\n          \u2705 No security updates available\n          {% endif %}\n\n    # Add your actual patching logic here\n    # - name: Apply updates\n    #   ansible.builtin.yum:\n    #     name: \"*\"\n    #     state: latest\n    #   when: update_status.updates_available\n\n  post_tasks:\n    - name: Check if system needs restarting (after patching)\n      kvm_upgrade_utils:\n        action: check_restart\n      register: restart_status_after\n\n    - name: Display restart status after patching\n      ansible.builtin.debug:\n        msg: |\n          {% if restart_status_after.needs_restarting %}\n          \u26a0\ufe0f  System REQUIRES restart after patching\n          {% else %}\n          \u2705 System does not require restart after patching\n          {% endif %}\n","created":"2025-09-15T16:48:27.082020+01:00","updated":"2025-09-15T16:48:27.082049+01:00","path":"/home/ssh-gateway/ansible/kuly/zz-kvm_patching_workflow.yml"}