From ea377dcd0ddcd990285ce0d6c3dc6835eb75963d Mon Sep 17 00:00:00 2001 From: Harald Pfeiffer Date: Sun, 14 Apr 2024 14:24:27 +0200 Subject: patch: reboot if needrestart cannot determine reboot requirement --- roles/patch_debian/tasks/main.yaml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) (limited to 'roles/patch_debian') diff --git a/roles/patch_debian/tasks/main.yaml b/roles/patch_debian/tasks/main.yaml index b6ab193..6e19050 100644 --- a/roles/patch_debian/tasks/main.yaml +++ b/roles/patch_debian/tasks/main.yaml @@ -26,9 +26,6 @@ ignore_errors: true no_log: true changed_when: false - # - rkhex.stat is defined - # - rkhex.stat.executable is defined - # - rkhex.stat.executable == true - name: rkhunter pre-check shell: rkhunter -c --sk --rwo --ns become: true @@ -44,7 +41,6 @@ apt: upgrade: dist become: true - # when: aue.stdout|int > 0 - name: Remove dependencies that are no longer required apt: autoremove: "yes" @@ -63,14 +59,12 @@ - name: Check for outdated kernel shell: /usr/sbin/needrestart -pk register: kernout - #changed_when: "kernout.rc|int == 1" changed_when: false # failed_when necessary to not fail on RC 1 instead of a true failure failed_when: kernout.rc > 2 - name: Check for outdated services shell: /usr/sbin/needrestart -pl register: svcout - #changed_when: "svcout.rc|int == 1" changed_when: false # failed_when necessary to not fail on RC 1 instead of a true failure failed_when: svcout.rc > 2 @@ -99,4 +93,5 @@ test_command: uptime reboot_command: "/bin/systemctl reboot" become: true - when: ( kernout.rc is defined and kernout.rc > 2 ) or ( svcout.rc is defined and svcout.rc > 2 ) + when: ( kernout.rc is defined and kernout.rc|int == 1 ) or ( svcout.rc is defined and svcout.r|int == 1 ) or + ( kernout.rc is not defined and svcout.rc is not defined ) -- cgit v1.2.3