--- - name: Base system setup hosts: servers gather_facts: true become: true serial: "100%" pre_tasks: - name: Update apt cache and upgrade system ansible.builtin.apt: update_cache: true cache_valid_time: 3600 upgrade: dist register: apt_upgrade tags: system, updates - name: Autoremove and clean ansible.builtin.apt: autoremove: true autoclean: true tags: system, updates - name: Check system requirements block: - name: Verify Python 3 is available ansible.builtin.command: which python3 register: python_check changed_when: false failed_when: python_check.rc != 0 - name: Check available memory ansible.builtin.setup: filter: ansible_memtotal_mb register: memory_info failed_when: memory_info.ansible_facts.ansible_memtotal_mb < 512 tags: validation roles: - role: common tags: common, system, bootstrap - role: security tags: security, harden - role: monitoring when: monitoring_enabled | bool tags: monitoring post_tasks: - name: Display system summary ansible.builtin.debug: msg: | System setup completed on {{ inventory_hostname }} OS: {{ ansible_distribution }} {{ ansible_distribution_version }} Kernel: {{ ansible_kernel }} Architecture: {{ ansible_architecture }} Memory: {{ ansible_memtotal_mb }}MB CPUs: {{ ansible_processor_vcpus }} Storage: {{ ansible_devices.vda.size if ansible_devices.vda is defined else (ansible_devices.sda.size if ansible_devices.sda is defined else 'N/A') }} tags: always, info - name: Check if a reboot is required after updates ansible.builtin.stat: path: /var/run/reboot-required register: reboot_required_file tags: system - name: Reboot if required ansible.builtin.reboot: msg: "Reboot triggered by Ansible for system updates" connect_timeout: 10 reboot_timeout: 600 pre_reboot_delay: 5 post_reboot_delay: 45 test_command: uptime when: reboot_required_file.stat.exists register: reboot_result async: 600 poll: 0 tags: system - name: Wait for reboot to complete ansible.builtin.wait_for_connection: connect_timeout: 20 sleep: 5 delay: 5 timeout: 600 when: reboot_required_file.stat.exists tags: system