os-upgrade-automation/playbook/roles/post_upgrade/tasks/main.yml

---
- name: Reboot nach Upgrade (optional)
  reboot:
    msg: "Reboot nach Auto-Upgrade"
    pre_reboot_delay: 60
  when: reboot_after_upgrade
  tags: reboot

- name: Health-Check: Prüfe, ob kritische Dienste laufen
  service_facts:
  tags: health

- name: Prüfe Status der kritischen Dienste
  assert:
    that:
      - "(services[item].state == 'running') or (services[item].state == 'started')"
    fail_msg: "Kritischer Dienst {{ item }} läuft nicht!"
    success_msg: "Dienst {{ item }} läuft."
  loop: "{{ critical_services | default(['sshd','cron']) }}"
  when: item in services
  tags: health

- name: Führe automatisierte Smoke-Tests durch (optional)
  import_role:
    name: smoke_tests
  when: not skip_smoke_tests
  tags: smoke

- name: Führe Self-Healing/Remediation durch (optional)
  import_role:
    name: self_healing
  when: not skip_self_healing
  tags: selfheal

- name: Führe Compliance-Checks durch (optional)
  import_role:
    name: compliance_check
  when: not skip_compliance
  tags: compliance