- name: Check packages for updates
  ansible.builtin.shell: set -o pipefail && yum list updates | awk 'f;/Updated Packages/{f=1;}' | awk '{ print $1 }'
  changed_when: updates.stdout_lines | length > 0
  args:
    warn: false
  register: updates

- name: Display count
  ansible.builtin.debug:
    msg: "Found {{ updates.stdout_lines | length }} packages to be updated:\n\n{{ updates.stdout }}"
- name: Update if needed
  when: updates.stdout_lines | length > 0
  block:

    - name: Install updates using yum
      ansible.builtin.yum:
        name: "*"
        state: present
        update_only: true

    - name: Install yum-utils
      ansible.builtin.package:
        name: yum-utils

    - name: Check if reboot is required
      ansible.builtin.command: needs-restarting -r
      failed_when: false
      register: reboot_required
      changed_when: false

- name: Reboot if required
  when: updates.stdout_lines | length > 0 and reboot_required.rc != 0
  block:

    - name: Reboot the server if required
      ansible.builtin.shell: sleep 3; reboot
      ignore_errors: "{{ ansible_check_mode }}"
      changed_when: false
      async: 1
      poll: 0

    - name: Wait for server to come back after reboot
      ansible.builtin.wait_for_connection:
        timeout: 600
        delay: 20
      register: reboot_result
    - name: Reboot time
      ansible.builtin.debug:
        msg: "The system rebooted in {{ reboot_result.elapsed }} seconds."