role_proxmox/tasks/node_update.yml

---

- name: Update apt cache
  ansible.builtin.apt:
    update_cache: true
  become: true

- name: List upgradable packages
  ansible.builtin.command:
    argv:
      - apt
      - list
      - --upgradable
  register: apt_upgradable
  changed_when: apt_upgradable.stdout_lines | length > 1

- name: Upgrade tasks
  when: apt_upgradable.stdout_lines | length > 1
  block:
    - name: List instance on the current node
      community.proxmox.proxmox_vm_info:
        api_host: "{{ proxmox_api_host }}"
        api_token_id: "{{ proxmox_api_token_id }}"
        api_token_secret: "{{ proxmox_api_token_secret }}"
        api_user: "{{ proxmox_api_user }}"
        node: "{{ inventory_hostname_short }}"
        type: all
        validate_certs: "{{ proxmox_api_validate_certs }}"
      become: true
      register: proxmox_node_instances

    - name: Enable maintenance node
      ansible.builtin.command:
        argv:
          - ha-manager
          - crm-command
          - node-maintenance
          - enable
          - "{{ inventory_hostname_short }}"
      become: true
      register: proxmox_maintenance_enabled
      changed_when: proxmox_maintenance_enabled.rc == 0
      notify: Disable maintenance mode

    - name: Wait for the instances to be migrated
      community.proxmox.proxmox_vm_info:
        api_host: "{{ proxmox_api_host }}"
        api_token_id: "{{ proxmox_api_token_id }}"
        api_token_secret: "{{ proxmox_api_token_secret }}"
        api_user: "{{ proxmox_api_user }}"
        node: "{{ inventory_hostname_short }}"
        type: all
        validate_certs: "{{ proxmox_api_validate_certs }}"
      become: true
      register: proxmox_current_instances
      retries: 20
      delay: 30
      until: proxmox_current_instances.proxmox_vms | selectattr('hastate', 'defined') | selectattr('hastate', 'equalto', 'started') | list | length == 0

    - name: Run the full-upgrade
      ansible.builtin.apt:
        upgrade: dist
      become: true

    - name: Reboot
      ansible.builtin.reboot:
      become: true

    - name: Clean apt things
      ansible.builtin.apt:
        clean: true
      become: true

    - name: List installed packages
      ansible.builtin.command: # noqa: no-changed-when
        argv:
          - apt
          - list
          - --installed
      register: apt_list
      check_mode: false

    - name: Remove old kernels
      ansible.builtin.apt:
        name: "{{ installed_kernels[:-2] }}"
        state: absent
      when: installed_kernels | length > 2
      become: true
      vars:
        installed_kernels:
          apt_list.stdout_lines |
          select('search', '^proxmox-kernel') |
          select('search', 'automatic') |
          split('/') | first | list
      check_mode: true

    - name: Autoremove apt packages
      ansible.builtin.apt:
        autoremove: true
        purge: true
      become: true

- name: Flush handlers
  ansible.builtin.meta: flush_handlers