---
- name: Prüfe, ob dnf verfügbar ist (RHEL 8+)
  stat:
    path: /usr/bin/dnf
  register: dnf_exists

- name: Pre-Upgrade-Check (yum/dnf)
  shell: |
    if [ -x /usr/bin/dnf ]; then
      dnf check-update || true
    else
      yum check-update || true
    fi
  register: rhel_check
  changed_when: false

- name: Kernel-Version vor Upgrade sichern
  shell: uname -r
  register: kernel_before
  changed_when: false

- name: Upgrade durchführen (dnf/yum, security-only optional)
  package:
    name: "*"
    state: latest
  register: upgrade_result
  when: not upgrade_dry_run and not upgrade_security_only
  ignore_errors: true

- name: Upgrade durchführen (dnf/yum, nur Security-Updates)
  dnf:
    name: "*"
    state: latest
    security: yes
  register: upgrade_result
  when: not upgrade_dry_run and upgrade_security_only and dnf_exists.stat.exists
  ignore_errors: true

- name: Upgrade durchführen (yum-plugin-security Fallback)
  command: yum -y --security update
  register: upgrade_result
  when: not upgrade_dry_run and upgrade_security_only and not dnf_exists.stat.exists
  ignore_errors: true

- name: Logge Fehler beim Upgrade (RHEL)
  copy:
    content: "Upgrade-Fehler: {{ upgrade_result.stderr | default(upgrade_result.msg | default('Unbekannter Fehler')) }}"
    dest: "{{ log_dir }}/rhel_upgrade_error_{{ inventory_hostname }}.log"
  when: upgrade_result is failed

- name: Setze Rollback-Flag, falls Upgrade fehlschlägt
  set_fact:
    rollback: true
  when: upgrade_result is failed

- name: Breche Playbook ab, wenn Upgrade fehlschlägt
  fail:
    msg: "Upgrade fehlgeschlagen, Rollback wird empfohlen! Siehe Log: {{ log_dir }}/rhel_upgrade_error_{{ inventory_hostname }}.log"
  when: upgrade_result is failed

- name: Logge Upgrade-Output (RHEL)
  copy:
    content: "{{ rhel_check.stdout }}"
    dest: "{{ log_dir }}/rhel_upgrade_check.log"
  when: upgrade_result is not failed

- name: Kernel-Version nach Upgrade sichern
  shell: uname -r
  register: kernel_after
  changed_when: false
  when: upgrade_result is not failed

- name: Prüfe, ob Kernel-Upgrade erfolgt ist und setze Reboot nötig
  set_fact:
    reboot_after_upgrade: true
  when: upgrade_result is not failed and (kernel_before.stdout != kernel_after.stdout)

- name: Hinweis auf EUS/Leapp (nur RHEL 7/8)
  debug:
    msg: "Für Major Upgrades (z.B. 7->8) empfiehlt Red Hat das Tool 'leapp' oder EUS-Strategien. Siehe https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/upgrading_from_rhel_7_to_rhel_8/index.html"
  when: ansible_facts['distribution_major_version']|int >= 7