updateUpgradeReboot.yml

---
- hosts: all
  serial: 1
  become: True

  tasks:
  - name: stop beats
    service: name={{item}} state=stopped
    with_items:
      - metricbeat
      - filebeat
      - auditbeat
    ignore_errors: true

  - name: Update Apt cache
    apt:
      update-cache: yes
    changed_when: 0

  - name: Get list of pending upgrades
    command: apt-get --simulate dist-upgrade
    args:
      warn: false # don't warn us about apt having its own plugin
    register: apt_simulate
    changed_when: 0

  - name: Parse apt-get output to get list of changed packages
    set_fact:
      updates: '{{ apt_simulate.stdout_lines | select("match", "^Inst ") | list | sort }}'
    changed_when: 0

  - name: Show pending updates
    debug:
      var: updates
    changed_when: updates.0 is defined

  - name: Install required updates 
    apt: upgrade=dist 
    when: updates.0 is defined

  - name:  Check if a reboot is required
    command: ls /var/run/reboot-required
    register: needsreboot
    ignore_errors: True

  - name:  Reboot the machine if it needs it
    command: shutdown -r now "Ansible updates triggered"
    become: True
    async: 1
    poll: 0
    ignore_errors: true
    when: "'No such file or directory' not in needsreboot.stderr"

  - name: start beats
    service: name={{item}} state=started
    with_items:
      - metricbeat
      - filebeat
      - auditbeat
    ignore_errors: true
    when: "'No such file or directory' in needsreboot.stderr"


  - name: waiting for server to come back
    local_action: wait_for host={{ ansible_ssh_host }} port=22 state=started delay=10 timeout=300
    become: false