update_kernel_reboot_only = yes

[linuxmail]

Is your feature request related to a problem? Please describe.
We have every end of a month a bigger system upgrade on round about ~120 hosts. In most cases, we do update_reboot = yes and let the hosts reboot.
But we have also auto updates, via Rundeck every day, which executes the same playbook, with your great modules :-) But ... also with update_reboot = yes, which reboots the hosts also, if only PHP package or something like that was upgraded :-).

Describe the solution you'd like
It would be very cool, if a new global variable exists, like update_kernel_reboot_only = yes, that do not reboot while a normal package update, but if the kernel has changed. For that, we can ask robertdebock.reboot, if we have a kernel change pending.

Describe alternatives you've considered
I would starting with having two kind of playbooks, one with reboot, one with not. Also possible: adding the variable while calling the playbook (wia Rundeck or shell) , but than you have instruct all people who are involved.

Additional context
Add any other context or screenshots about the feature request here.

Our playbooks for upgrades looks like this one:

---
# Generic update System playbook

- name: Update system
  hosts: "{{inventory}}"
  serial: 1
  gather_facts: yes
  vars_files:
    - "{{inventory_dir}}/group_vars/update_package.yaml"
  tasks:
    - name: Update packages
      include_role:
        name: robertdebock.update
    - name: Execute puppet if installed
      include_role:
        name: puppet
    - name: Check for needrestart services
      include_role:
        name: systemli.needrestart
    - name: Execute puppet if installed
      include_role:
        name: puppet
    - name: Run Rkhunter if installed
      include_role:
        name: rkhunter

The (inventories/dev/)group_vars/update_package.yaml:

---
## robertdebock
update_autoremove: yes
update_upgrade_command: safe

reboot_always: no
update_reboot: yes

## systemli
needrestart_disable_email: 1
needrestart_action: a
needrestart_blacklist_rc:
  - mongodb-.*\.service
  - mariadb\.service
  - mysql\.service

The command:

ansible-playbook update_system_test.yaml  -i inventories/dev/hosts --extra-vars "inventory=devpc21" --limit devpc21n-05.example.local

[robertdebock]

So, let me rephrase so I understand it better.

You'd like the role to be smart, and only reboot when required, for example:

• The kernel was updated.
• Some package that requires a restart of the service (or reboot). (For example httpd.)

For RedHat-like systems (CentOS/RHEL/Fedora) this should be covered by needs-restarting, for Debian-like systems (Debian/Ubuntu) this should be covered by needs-restarting and Debians needrestart command.

What operating systems are you running? Maybe it's not Debian-like or RedHat-like and this logic is not built in.

[linuxmail]

We are running only Debian at this time. There are only two packages, which requires a reboot:

• kernel
• libc

For any other packages, we have needrestart (as you said), which restarts all services, which was not restarted, after an upgrade.
For that, we have the role/systemli.needrestart, which does the job, but nothing speaks against, to let robertdebock.update does this job too, or just add it as role requirement.
But for now, reboot only on a kernel update is in most cases enough :-)

[linuxmail]

Hi @robertdebock

I was searching for the problem again .. and found my Issue :-) I may ask, if there are any news on it .. to reboot only, if a new kernel or glibc update available ?

cu denny