update patch report

collections/ansible_collections/demo/patching/roles/patch_linux/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+exclude_packages: []
+allow_reboot: true

collections/ansible_collections/demo/patching/roles/patch_linux/tasks/main.yml

@@ -0,0 +1,36 @@
+---
+- name: Scan packages
+  demo.patching.scan_packages:
+    os_family: "{{ ansible_os_family }}"
+
+- name: Scan services
+  demo.patching.scan_services:
+
+- name: upgrade packages (yum)
+  yum:
+    name: '*'
+    state: latest
+    exclude: "{{ exclude_packages }}"
+  when: ansible_pkg_mgr == "yum"
+  register: patchingresult_yum
+
+- name: upgrade packages (dnf)
+  ansible.builtin.dnf:
+    name: '*'
+    state: latest
+    exclude: "{{ exclude_packages }}"
+  when: ansible_pkg_mgr == "dnf"
+  register: patchingresult_dnf
+
+- name: Check to see if we need a reboot
+  ansible.builtin.command: needs-restarting -r
+  register: result
+  changed_when: result.rc == 1
+  failed_when: result.rc > 1
+  check_mode: no
+
+- name: Reboot Server if Necessary
+  ansible.builtin.reboot:
+  when:
+   - result.rc == 1
+   - allow_reboot is true

collections/ansible_collections/demo/patching/roles/report_linux_patching/templates/report.j2

@@ -35,17 +35,17 @@
             <td>{{hostvars[linux_host]['ansible_distribution_version']|default("none")}}</td>
             <td>
               <ul>
-{% if hostvars[linux_host].patchingresult.changed|default("false",true) == true %}
+{% if hostvars[linux_host].patchingresult_yum.changed|default("false",true) == true %}
-{% for packagename in hostvars[linux_host].patchingresult.changes.updated|sort %}
+{% for packagename in hostvars[linux_host].patchingresult_yum.changes.updated|sort %}
         <li> {{ packagename[0] }} - {{ packagename[1] }} </li>
 {% endfor %}
-{% elif hostvars[linux_host].patchingresultdnf.changed|default("false",true) == true %}
+{% elif hostvars[linux_host].patchingresult_dnf.changed|default("false",true) == true %}
-{% for packagename in hostvars[linux_host].patchingresultdnf.results|sort %}
+{% for packagename in hostvars[linux_host].patchingresult_dnf.results|sort %}
         <li> {{ packagename }} </li>
 {% endfor %}
-{% elif hostvars[linux_host].patchingresultdnf.changed is undefined %}
+{% elif hostvars[linux_host].patchingresult_dnf.changed is undefined %}
         <li> Patching Failed </li>
-{% elif hostvars[linux_host].patchingresult.changed is undefined %}
+{% elif hostvars[linux_host].patchingresult_yum.changed is undefined %}
         <li> Patching Failed </li>
 {% else %}
         <li> Compliant </li>
@@ -56,9 +56,7 @@
 {% endfor %}
     </tbody>
 </table>
-{% for host in ansible_play_hosts %}
 <center><p>Created with Ansible on {{hostvars[host].ansible_date_time.iso8601}}</p></center>
-{% endfor %}
 <script type="text/javascript">
 function tableToCSV() {
 

linux/patching_report.yml

@@ -5,30 +5,24 @@
     report_server: node1
   
   tasks:
-  - name: Ensure Unix/Linux platforms only
+  - include_role:
-    assert:
+      name: demo.patching.patch_linux
-      that: ansible_os_family != "Windows"
-
-  - name: Scan packages (Unix/Linux)
-    demo.patching.scan_packages:
-      os_family: "{{ ansible_os_family }}"
-
-  - name: Scan services (Unix/Linux)
-    demo.patching.scan_services:
 
   - block:
     - yum:
         name: httpd
         state: latest
+      check_mode: no
 
     - service:
         name: httpd
         state: started
+      check_mode: no
 
     - include_role:
-        name: demo.patching.build_report_linux
+        name: demo.patching.report_linux
 
     - include_role:
-        name: demo.patching.build_report_linux_patch
+        name: demo.patching.report_linux_patch
     delegate_to: "{{ report_server }}"
     run_once: yes