Execution
Date
15 Sep 2025 16:48:27 +0100
Duration
00:00:18.38
Controller
ssh-gw-4.layershift.com
User
root
Versions
Ansible
2.16.11
ara
1.7.3 / 1.7.3
Python
3.10.10
Summary
2
Hosts
18
Tasks
18
Results
1
Plays
1
Files
0
Records
File: /home/ssh-gateway/ansible/kuly/zz-kvm_patching_workflow.yml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 | --- - name: KVM Host Pre-Patching Health Check hosts: all gather_facts: false serial: 1 # Process one host at a time vars: min_available_ram_mb: 2048 tasks: - name: Perform comprehensive pre-patching health check kvm_upgrade_utils: action: pre_patch_check min_available_ram_mb: "{{ min_available_ram_mb }}" register: health_check - name: Display health check results ansible.builtin.debug: msg: | === KVM Host Health Check Results === Ready for Patching: {{ health_check.health_status.ready_for_patching }} VM Count: {{ health_check.health_status.vm_count }} Updates Available: {{ health_check.health_status.updates_available }} Security Updates: {{ health_check.health_status.security_updates }} Issues Found ({{ health_check.health_status.issues | length }}): {% for issue in health_check.health_status.issues %} ❌ {{ issue }} {% endfor %} Warnings ({{ health_check.health_status.warnings | length }}): {% for warning in health_check.health_status.warnings %} ⚠️ {{ warning }} {% endfor %} delegate_to: localhost - name: Fail if system is not ready for patching ansible.builtin.assert: that: - health_check.health_status.ready_for_patching fail_msg: "System not ready for patching. Check health check results above." when: not health_check.health_status.ready_for_patching - name: Check if system needs restarting (before patching) kvm_upgrade_utils: action: check_restart register: restart_status_before - name: Display restart status before patching ansible.builtin.debug: msg: | {% if restart_status_before.needs_restarting %} ⚠️ System already requires restart before patching {% else %} ✅ System does not require restart before patching {% endif %} - name: Check MariaDB version and lock status kvm_upgrade_utils: action: check_mariadb_version register: mariadb_status - name: Warn about unlocked MariaDB ansible.builtin.debug: msg: "⚠️ MariaDB version is not locked - consider locking to prevent major upgrades" when: mariadb_status.mariadb_info.installed and not mariadb_status.mariadb_info.locked - name: Check VM count for canary classification kvm_upgrade_utils: action: check_vm_count register: vm_status - name: Classify host for canary deployment ansible.builtin.set_fact: canary_group: | {% if vm_status.vm_count <= 1 %} "Group 1: Single VM customers (canary)" {% elif vm_status.vm_count <= 5 %} "Group 2: Small customers (early adopters)" {% else %} "Group 3: Large customers (later deployment)" {% endif %} - name: Display canary classification ansible.builtin.debug: msg: "Canary Group: {{ canary_group }} ({{ vm_status.vm_count }} VMs)" - name: Validate system resources before patching kvm_upgrade_utils: action: validate_resources min_available_ram_mb: "{{ min_available_ram_mb }}" register: resource_status - name: Ensure sufficient memory for patching ansible.builtin.assert: that: - resource_status.resource_status.sufficient_memory fail_msg: "Insufficient memory for safe patching: {{ resource_status.resource_status.available_ram_mb }}MB available, {{ min_available_ram_mb }}MB required" # Here you would add the actual patching tasks - name: Check for available updates kvm_upgrade_utils: action: check_updates register: update_status - name: Display update availability ansible.builtin.debug: msg: | {% if update_status.updates_available %} 📦 {{ update_status.update_count }} package updates available {% else %} ✅ No package updates available {% endif %} - name: Check for security updates kvm_upgrade_utils: action: check_security_updates register: security_status - name: Display security update status ansible.builtin.debug: msg: | {% if security_status.security_updates_available %} 🔒 {{ security_status.security_update_count }} security updates available - URGENT! {% else %} ✅ No security updates available {% endif %} # Add your actual patching logic here # - name: Apply updates # ansible.builtin.yum: # name: "*" # state: latest # when: update_status.updates_available post_tasks: - name: Check if system needs restarting (after patching) kvm_upgrade_utils: action: check_restart register: restart_status_after - name: Display restart status after patching ansible.builtin.debug: msg: | {% if restart_status_after.needs_restarting %} ⚠️ System REQUIRES restart after patching {% else %} ✅ System does not require restart after patching {% endif %} |