From cc18794646e3292bdb992ce697aecfbc3d517431 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20H=C3=BCgel?= <christian.huegel@stonebyte.de>
Date: Sun, 19 Nov 2023 19:13:49 +0100
Subject: [PATCH] update_pgcluster.yml: Reboot node if it's required, e.g.
 kernel or security updates (#510)

---
 roles/update/tasks/system.yml | 26 ++++++++++++++++++++++++++
 vars/RedHat.yml               |  3 +++
 2 files changed, 29 insertions(+)

diff --git a/roles/update/tasks/system.yml b/roles/update/tasks/system.yml
index 14643bb02..a942306f1 100644
--- a/roles/update/tasks/system.yml
+++ b/roles/update/tasks/system.yml
@@ -30,4 +30,30 @@
   delay: 5
   retries: 3
   ignore_errors: true
+
+- name: Check if a reboot is required
+  ansible.builtin.stat:
+    path: /var/run/reboot-required
+  register: reboot_required_debian
+  changed_when: false
+  when:
+    - ansible_os_family == "Debian"
+    - ansible_virtualization_type not in ['container', 'docker', 'lxc', 'podman']  # exclude for containers to prevent test failures in CI.
+
+- name: Check if a reboot is required
+  ansible.builtin.command: needs-restarting -r
+  register: reboot_required_rhel
+  failed_when: false
+  changed_when: false
+  when:
+    - ansible_os_family == "RedHat"
+    - ansible_virtualization_type not in ['container', 'docker', 'lxc', 'podman']  # exclude for containers to prevent test failures in CI.
+
+- name: Rebooting host
+  ansible.builtin.reboot:
+    msg: "Reboot initiated by Ansible due to required system updates"
+    reboot_timeout: 1800 # 30 minutes
+    test_command: uptime
+  when: (reboot_required_debian.stat.exists is defined and reboot_required_debian.stat.exists) or
+        (reboot_required_rhel.rc is defined and reboot_required_rhel.rc != 0)
 ...
diff --git a/vars/RedHat.yml b/vars/RedHat.yml
index 1b386b944..44da8d23e 100644
--- a/vars/RedHat.yml
+++ b/vars/RedHat.yml
@@ -38,15 +38,18 @@ os_specific_packages:
     - libselinux-python
     - libsemanage-python
     - policycoreutils-python
+    - yum-utils
   RedHat-8:
     - python2
     - python3-libselinux
     - python3-libsemanage
     - python3-policycoreutils
+    - dnf-utils
   RedHat-9:
     - python3-libselinux
     - python3-libsemanage
     - python3-policycoreutils
+    - dnf-utils
 system_packages:
   - "{{ os_specific_packages[ansible_os_family ~ '-' ~ ansible_distribution_major_version] }}"
   - python3