--- # file: tasks/ubuntu_jammy.yaml - name: Get Available Kernel Versions ansible.builtin.command: "apt-cache showpkg linux-headers-*" changed_when: false register: apt_kernel_list tags: - kernel-inst - name: Get installed packages with APT ansible.builtin.command: "dpkg -l" changed_when: false register: apt_packages_list tags: - kernel-inst - name: Set target APT kernel version ansible.builtin.set_fact: _kernel: "{{ apt_kernel_list | deb_kernel( kernel_version, ansible_kernel) }}" tags: - kernel-inst - name: Disable APT auto upgrade ansible.builtin.lineinfile: path: "/etc/apt/apt.conf.d/20auto-upgrades" state: "present" regexp: "APT::Periodic::Unattended-Upgrade \"[0-9]\";" line: "APT::Periodic::Unattended-Upgrade \"0\";" create: true mode: 0644 tags: - kernel-inst - name: Ensure Packages Versions ansible.builtin.apt: name: "{{ apt_kernel_list | deb_kernel_pkg( kernel_version, ansible_kernel, ansible_distribution, ansible_architecture, item) }}" loop: "{{ kernel_packages }}" tags: - kernel-inst - name: Ensure Any Other Kernel Packages Are Removed ansible.builtin.apt: name: "{{ apt_packages_list | deb_installed_kernel( apt_kernel_list, kernel_version, ansible_kernel) }}" state: "absent" purge: true notify: - "Reboot Server" tags: - kernel-inst - name: Ensure Any Microcode Is Absent ansible.builtin.apt: name: "{{ absent_packages }}" state: "absent" purge: true tags: - kernel-inst