--- /dev/null
+---
+# file: roles/kernel/tasks/ubuntu_jammy.yaml
+
+- name: Get Available Kernel Versions
+ command: "apt-cache showpkg linux-headers-*"
+ changed_when: false
+ register: apt_kernel_list
+ tags:
+ - kernel-inst
+
+- name: Get installed packages with APT
+ command: "dpkg -l"
+ changed_when: false
+ register: apt_packages_list
+ tags:
+ - kernel-inst
+
+- name: Set target APT kernel version
+ set_fact:
+ _kernel: "{{ apt_kernel_list | deb_kernel(
+ kernel_version, ansible_kernel) }}"
+ tags:
+ - kernel-inst
+
+- name: Disable APT auto upgrade
+ lineinfile:
+ path: "/etc/apt/apt.conf.d/20auto-upgrades"
+ state: "present"
+ regexp: "APT::Periodic::Unattended-Upgrade \"[0-9]\";"
+ line: "APT::Periodic::Unattended-Upgrade \"0\";"
+ create: true
+ mode: 0644
+ tags:
+ - kernel-inst
+
+- name: Ensure Packages Versions
+ apt:
+ name: "{{ apt_kernel_list | deb_kernel_pkg(
+ kernel_version, ansible_kernel, ansible_distribution,
+ ansible_architecture, item) }}"
+ loop: "{{ kernel_packages }}"
+ tags:
+ - kernel-inst
+
+- name: Ensure Any Other Kernel Packages Are Removed
+ apt:
+ name: "{{ apt_packages_list | deb_installed_kernel(
+ apt_kernel_list, kernel_version, ansible_kernel) }}"
+ state: absent
+ purge: true
+ notify:
+ - "Reboot Server"
+ tags:
+ - kernel-inst
+
+- name: Ensure Any Microcode Is Absent
+ apt:
+ name: "{{ absent_packages }}"
+ state: absent
+ purge: true
+ tags:
+ - kernel-inst