2 # file: roles/kernel/tasks/ubuntu_jammy.yaml
4 - name: Get Available Kernel Versions
5 ansible.builtin.command: "apt-cache showpkg linux-headers-*"
7 register: apt_kernel_list
11 - name: Get installed packages with APT
12 ansible.builtin.command: "dpkg -l"
14 register: apt_packages_list
18 - name: Set target APT kernel version
19 ansible.builtin.set_fact:
20 _kernel: "{{ apt_kernel_list | deb_kernel(
21 kernel_version, ansible_kernel) }}"
25 - name: Disable APT auto upgrade
26 ansible.builtin.lineinfile:
27 path: "/etc/apt/apt.conf.d/20auto-upgrades"
29 regexp: "APT::Periodic::Unattended-Upgrade \"[0-9]\";"
30 line: "APT::Periodic::Unattended-Upgrade \"0\";"
36 - name: Ensure Packages Versions
38 name: "{{ apt_kernel_list | deb_kernel_pkg(
39 kernel_version, ansible_kernel, ansible_distribution,
40 ansible_architecture, item) }}"
41 loop: "{{ kernel_packages }}"
45 - name: Ensure Any Other Kernel Packages Are Removed
47 name: "{{ apt_packages_list | deb_installed_kernel(
48 apt_kernel_list, kernel_version, ansible_kernel) }}"
56 - name: Ensure Any Microcode Is Absent
58 name: "{{ absent_packages }}"