Show updated packages with Ansible package management

Question

I have a simple Ansible playbook that I use to run updates on all the servers I manage:

- hosts: ubuntu
  tasks:
  - name: install all updates
    apt:
      upgrade: dist
      update_cache: yes
      autoremove: yes
      autoclean: yes
- hosts: centos
  tasks:
  - name: install all updates
    yum:
      name: '*'
      update_cache: yes
      state: latest
# use debug to show the output
    register: result
  - name: Show Output
    debug: msg="{{ result.stdout_lines }}"

Is there any way I can make Ansible to show me which packages get updated in the process? Neither the apt nor the yum module provide a an option for this.

Ansible version currently used is 2.4.

Answer 1

Starting with the comment by HBruijn I extended my playbook to show the result of the package management logs afterwards:

---

- hosts: ubuntu
  tasks:
  - name: install all updates
    apt:
      upgrade: dist
      update_cache: yes
      autoremove: yes
      autoclean: yes
    register: result
  - name: List installed and updated packages
    shell: grep -E "^$(date +%Y-%m-%d).+ (install|upgrade) " /var/log/dpkg.log |cut -d " " -f 3-5
    register: result
  - name: Show Output
    debug: msg="{{ result.stdout_lines }}"
- hosts: centos
  tasks:
  - name: install all updates
    yum:
      name: '*'
      update_cache: yes
      state: latest
  - name: List updated packages
    shell: rpm -qa --last | grep "$(date +%a\ %d\ %b\ %Y)" |cut -f 1 -d " "
    register: result
    args:
      warn: no
  - name: Updates packages
    debug: msg="{{ result.stdout_lines }}"

The resulting output:

ok: [ubuntu-host] => {
    "msg": [
        "upgrade python3-problem-report:all 2.14.1-0ubuntu3.25",
        "upgrade python3-apport:all 2.14.1-0ubuntu3.25",
        "upgrade apport:all 2.14.1-0ubuntu3.25",
        "upgrade firefox:i386 56.0+build6-0ubuntu0.14.04.2",
        "upgrade python-problem-report:all 2.14.1-0ubuntu3.25",
        "upgrade python-apport:all 2.14.1-0ubuntu3.25",
        "upgrade xul-ext-ubufox:all 3.4-0ubuntu0.14.04.1"
    ]
}

ok: [centos-host] => {
    "msg": [
        "kernel-headers-2.6.32-696.16.1.el6.x86_64",
        "lvm2-2.02.143-12.el6_9.1.x86_64",
        "device-mapper-multipath-0.4.9-100.el6_9.1.x86_64",
        "kernel-2.6.32-696.16.1.el6.x86_64",
        "kernel-firmware-2.6.32-696.16.1.el6.noarch",
        "lvm2-libs-2.02.143-12.el6_9.1.x86_64",
        "kpartx-0.4.9-100.el6_9.1.x86_64",
        "device-mapper-multipath-libs-0.4.9-100.el6_9.1.x86_64",
        "device-mapper-event-libs-1.02.117-12.el6_9.1.x86_64",
        "device-mapper-event-1.02.117-12.el6_9.1.x86_64",
        "device-mapper-1.02.117-12.el6_9.1.x86_64",
        "util-linux-ng-2.17.2-12.28.el6_9.1.x86_64",
        "device-mapper-libs-1.02.117-12.el6_9.1.x86_64",
        "libblkid-2.17.2-12.28.el6_9.1.x86_64",
        "libuuid-2.17.2-12.28.el6_9.1.x86_64"
    ]
}

This is a vast improvement, but I'm still hoping someone has a better solution.

Answer 2

I took the basic approach of Gerald Schneider, and added some conditionals to only check for updates if something has changed. This fixes things in the common case, although it can still generate a bit of extraneous output if more than one update happens per day.

- hosts: debian
  become: yes
  tasks:
    - name: Debian/Raspbian Update
      apt:
        update_cache: true
        upgrade: yes
      register: debian
    #- debug:
    #    msg: " {{ debian.stdout_lines }} "
    - name: List installed and updated packages
      shell: grep -E "^$(date +%Y-%m-%d).+ (install|upgrade) " /var/log/dpkg.log |cut -d " " -f 3-5
      register: result
      when: debian.changed
    - name: Show Output
      debug: msg="{{ result.stdout_lines }}"
      when: debian.changed

Generates output much like:

TASK [Debian/Raspbian Update] ***************************************************************************************************************************************************************************************************************************************
ok: [clusterpi-01.local]
ok: [clusterpi-00.local]
ok: [clusterpi-03.local]
ok: [clusterpi-02.local]
ok: [radpi.local]
ok: [firefly]
ok: [blueberrypi.local]
changed: [blackberrypi.local]
changed: [snozzberrypi.local]
ok: [pizero]

TASK [List installed and updated packages] **************************************************************************************************************************************************************************************************************************
skipping: [radpi.local]
skipping: [pizero]
skipping: [blueberrypi.local]
skipping: [clusterpi-00.local]
skipping: [clusterpi-01.local]
skipping: [clusterpi-02.local]
skipping: [clusterpi-03.local]
skipping: [firefly]
changed: [blackberrypi.local]
changed: [snozzberrypi.local]

TASK [Show Output] **************************************************************************************************************************************************************************************************************************************************
skipping: [radpi.local]
ok: [snozzberrypi.local] => {
    "msg": [
        "upgrade rpi-chromium-mods:armhf 20190218",
        "upgrade wiringpi:armhf 2.46"
    ]
}
skipping: [pizero]
ok: [blackberrypi.local] => {
    "msg": [
        "upgrade rpi-chromium-mods:armhf 20190218",
        "upgrade wiringpi:armhf 2.46"
    ]
}
skipping: [blueberrypi.local]
skipping: [clusterpi-00.local]
skipping: [clusterpi-01.local]
skipping: [clusterpi-02.local]
skipping: [clusterpi-03.local]
skipping: [firefly]

Similar tests can easily be added for dnf/yum based distros as well.