How to install the Kernel Patching on Linux Hosts.

---
#### Ansible Playbook to perform Kernel Patching on RHEL/CentOS and Ubuntu/Debian Servers ####

- hosts:  Nodes
  become: yes
  serial: 4

  tasks:

    - name:  Task 1 - verify web/database processes are not running
      shell: if ps -eaf | egrep 'apache|http|nginx|mysql|postgresql|mariadb'|grep -v grep > /dev/null ;then echo 'process_running';else echo 'process_not_running';fi
      ignore_errors: true
      register: app_process_check


    - name:  Task 2 - decision point to start patching
      fail: msg="{{ inventory_hostname }} have running Application. Please stop the application processes first, then attempt patching."
      when: app_process_check.stdout == "process_running"


    - name:  Task 3 - upgrade kernel package on RHEL/CentOS server
      yum:
       name="kernel"
       state=latest
      when: app_process_check.stdout == "process_not_running" and ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
      register: yum_update

    - name:  Task 4 - upgrade kernel package on Ubuntu server
      apt:
        update_cache: yes
        force_apt_get: yes
        cache_valid_time: 3600
        name: linux-image-generic
        state: latest
      when: app_process_check.stdout == "process_not_running" and ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
      register: apt_update

    - name: Task 5 - check if reboot required after kernel update on CentOS/RedHat servers
      shell: KERNEL_NEW=$(rpm -q --last kernel |head -1 | awk '{print $1}' | sed 's/kernel-//'); KERNEL_NOW=$(uname -r); if [[ $KERNEL_NEW != $KERNEL_NOW ]]; then echo "reboot_needed"; else echo "reboot_not_needed"; fi
      when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
      ignore_errors: true
      register: reboot_required

    - name: Task 6 - Check if a reboot is required after kernel update on Ubuntu/Debian servers
      register: reboot_required_file
      stat: path=/var/run/reboot-required get_md5=no
      when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'

    - name: Task 7 - Reboot CentOS/RedHat systems if kernel updated
      command: shutdown -r +1  "Rebooting CentOS/RedHat Servers After Kernel Patching"
      async: 0
      poll: 0
      when: reboot_required.stdout == "reboot_needed" and (ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux')
      register: reboot_started
      ignore_errors: true

    - name: Task 8 - Reboot Ubuntu/Debian Servers if kernel updated
      reboot:
        msg: "Rebooting Ubuntu/Debian Servers After Kernel Patching"
        connect_timeout: 5
        reboot_timeout: 300
        pre_reboot_delay: 0
        post_reboot_delay: 30
        test_command: uptime
      when: reboot_required_file.stat.exists and (ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian')
      register: reboot_started_ubuntu
      ignore_errors: true

    - name: Task 9 - pause for 180 secs
      pause:
        minutes: 3

    - name: Task 10 - check if all the systems responding to ssh
      local_action:
        module: wait_for
          host={{ (ansible_ssh_host|default(ansible_host))|default(inventory_hostname) }}
          port=22
          search_regex=OpenSSH
          delay=15
          timeout=300
          state=started