patch_vm.yml

---

- name: Update VM
  block:

    - name: Extract Node and VM ID for VM {{ item.vm_name }}
      ansible.builtin.set_fact:
        vm_id: "{{ proxmox_cluster_information.json.data | selectattr('name', 'equalto', item.vm_name) | map(attribute='vmid') | first }}"
        vm_node: "{{ proxmox_cluster_information.json.data | selectattr('name', 'equalto', item.vm_name) | map(attribute='node') | first }}"
        vm_type: "{{ proxmox_cluster_information.json.data | selectattr('name', 'equalto', item.vm_name) | map(attribute='type') | first }}"

    - name: Get VM Status
      ansible.builtin.uri:
        method: GET
        validate_certs: false
        url: "https://{{ proxmox_api_host }}:{{ proxmox_api_port }}/api2/json/nodes/{{ vm_node }}/{{ vm_type }}/{{ vm_id }}/status/current"
        headers: "{{ proxmox_api_cookie }}"
      register: vm_status

    - name: Start qemu VM {{ item.vm_name }}
      ansible.builtin.uri:
        method: POST
        validate_certs: false
        url: "https://{{ proxmox_api_host }}:{{ proxmox_api_port }}/api2/json/nodes/{{ vm_node }}/{{ vm_type }}/{{ vm_id }}/status/start"
        headers: "{{ proxmox_api_cookie }}"
        body_format: form-urlencoded
        body:
          timeout: "{{ boot_time }}"
      when: vm_status.json.data.status == 'stopped' and vm_type == 'qemu'

    - name: Start lxc VM {{ item.vm_name }}
      ansible.builtin.uri:
        method: POST
        validate_certs: false
        url: "https://{{ proxmox_api_host }}:{{ proxmox_api_port }}/api2/json/nodes/{{ vm_node }}/{{ vm_type }}/{{ vm_id }}/status/start"
        headers: "{{ proxmox_api_cookie }}"
        body_format: form-urlencoded
      when: vm_status.json.data.status == 'stopped' and vm_type == 'lxc'

    - name: Waiting for the VM to boot up
      ansible.builtin.pause:
        seconds: "{{ boot_time }}"
      when: vm_status.json.data.status == 'stopped'

    - name: Gather VM Facts
      ansible.builtin.gather_facts:
      register: vm_facts
      delegate_to: "{{ item.vm_name }}"

    - name: Take a VM Snapshot of qemu VM {{ item.vm_name }}
      ansible.builtin.uri:
        method: POST
        validate_certs: false
        url: "https://{{ proxmox_api_host }}:{{ proxmox_api_port }}/api2/json/nodes/{{ vm_node }}/{{ vm_type }}/{{ vm_id }}/snapshot"
        headers: "{{ proxmox_api_cookie }}"
        body_format: form-urlencoded
        body:
          snapname: "snap_before_patch-{{ ansible_date_time.date }}"
          description: "Snapshot taken by Update Automation"
          vmstate: 1
      when: (item.snapshot|default(false)) and vm_type == 'qemu'

    - name: Take a VM Snapshot of lxc VM {{ item.vm_name }}
      ansible.builtin.uri:
        method: POST
        validate_certs: false
        url: "https://{{ proxmox_api_host }}:{{ proxmox_api_port }}/api2/json/nodes/{{ vm_node }}/{{ vm_type }}/{{ vm_id }}/snapshot"
        headers: "{{ proxmox_api_cookie }}"
        body_format: form-urlencoded
        body:
          snapname: "snap_before_patch-{{ ansible_date_time.date }}"
          description: "Snapshot taken by Update Automation"
      when: (item.snapshot|default(false)) and vm_type == 'lxc'

    - name: Waiting for the VM to finish Snapshot
      ansible.builtin.pause:
        seconds: "{{ boot_time }}"
      when: (item.snapshot|default(false))

    - name: Update VM {{ item.vm_name }} with apt
      ansible.builtin.apt:
        force_apt_get: true
        name: "*"
        state: latest
        update_cache: true
      become: true
      delegate_to: "{{ item.vm_name }}"
      when: vm_facts.ansible_facts.ansible_os_family == 'Debian' and not (dist_upgrade|default(false))

    - name: Dist Upgrade VM {{ item.vm_name }} with apt
      ansible.builtin.apt:
        upgrade: dist
        update_cache: true
      become: true
      delegate_to: "{{ item.vm_name }}"
      when: vm_facts.ansible_facts.ansible_os_family == 'Debian' and (dist_upgrade|default(false))

    - name: Update VM {{ item.vm_name }} with yum
      ansible.builtin.yum:
        name: "*"
        state: latest
        update_cache: true
        lock_timeout: 120
      become: true
      delegate_to: "{{ item.vm_name }}"
      when: vm_facts.ansible_facts.ansible_os_family == 'RedHat'

    - name: Install Prerequisite Packages for OpenSuse / SLES
      ansible.builtin.package:
        name:
          - python-xml
          - zypper
          - rpm
        state: present
      become: true
      delegate_to: "{{ item.vm_name }}"
      when: vm_facts.ansible_facts.ansible_os_family == 'Suse'

    - name: Update VM {{ item.vm_name }} with zypper
      community.general.zypper:
        name: "*"
        state: latest
        update_cache: true
        type: patch
      become: true
      delegate_to: "{{ item.vm_name }}"
      when: vm_facts.ansible_facts.ansible_os_family == 'Suse'

    - name: Shutdown VM {{ item.vm_name }} when it was stopped before patching
      ansible.builtin.uri:
        method: POST
        validate_certs: false
        url: "https://{{ proxmox_api_host }}:{{ proxmox_api_port }}/api2/json/nodes/{{ vm_node }}/{{ vm_type }}/{{ vm_id }}/status/shutdown"
        headers: "{{ proxmox_api_cookie }}"
        body_format: form-urlencoded
        body:
          forceStop: 1
      when: vm_status.json.data.status == 'stopped'

    - name: Check if a Reboot is required for Debian / Ubuntu
      ansible.builtin.stat:
        path: /var/run/reboot-required
      become: true
      register: reboot_required
      delegate_to: "{{ item.vm_name }}"
      when:
        - (not vm_status.json.data.status == 'stopped')
        - (item.reboot_if_required|default(false))
        - (vm_facts.ansible_facts.ansible_os_family == 'Debian')

    - name: Reboot VM after Update
      ansible.builtin.reboot:
      become: true
      delegate_to: "{{ item.vm_name }}"
      when: (reboot_required.stat.exists|default(false))

  rescue:
    - ansible.builtin.debug:
        msg:
          - "There was an Error during Patch Installation on {{ item.vm_name }}."
          - "Maybe you misspelled the VM Name. Be aware, that Proxmox VM Names are case sensitive!"