-1

from the command line in ubuntu i can run:

apt list --upgradable | grep security | cut -d/ -f1 | xargs sudo apt-get install -y

but the ansible I have is :

hosts: all
become: true
become_user: root
tasks:
    name: Update apt repo and cache on all Debian/Ubuntu boxes
    apt: update_cache=yes force_apt_get=yes cache_valid_time=3600

    name: Upgrade all packages on servers
    apt: upgrade=dist force_apt_get=yes

    name: Check if a reboot is needed on all servers
    register: reboot_required_file
    stat: path=/var/run/reboot-required get_checksum=no

    name: Reboot the box if kernel updated
    reboot:
    msg: “Reboot initiated by Ansible for kernel updates”
    connect_timeout: 5
    reboot_timeout: 300
    pre_reboot_delay: 0
    post_reboot_delay: 30
    test_command: uptime
    when: reboot_required_file.stat.exists

how should I modify :

apt: update_cache=yes force_apt_get=yes cache_valid_time=3600

Improve this question
2
  • 1
    If you enable unattended-upgrade it will do security patches by default. Commented Dec 19, 2025 at 13:24
  • 1
    The blog Ubuntu unattended updates with Ansible - Luis Johnstone has an example of setting up unattended upgrade using ansible. Commented Dec 19, 2025 at 13:44

1 Answer 1

Reset to default
1

You need shell and the regular Ubuntu command for apt

- name: Ubuntu - Install the security updates
  shell: apt update && apt upgrade -o Dir::Etc::SourceList=/etc/apt/security.sources.list

Assuming /etc/apt/security.sources.list is your sources list for "security".

Improve this answer
1
  • OK I will try that but since I know my original command works couldn't I just use this? shell: apt list --upgradable | grep security | cut -d/ -f1 | xargs sudo apt-get install -y Commented Dec 21, 2025 at 7:00

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.