diff --git a/.ansible-lint b/.ansible-lint
index 69829ce..76828b2 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -63,6 +63,7 @@ warn_list:
   - experimental # experimental is included in the implicit list
   - no-changed-when
   - latest[git]
+  - package-latest
   - var-naming[no-role-prefix]
   # - role-name
   # - yaml[document-start]  # you can also use sub-rule matches
diff --git a/inventory.ini b/inventory.ini
index 4d51db2..cf8a143 100644
--- a/inventory.ini
+++ b/inventory.ini
@@ -46,9 +46,9 @@ monitor_shrd
 app_prod
 app_stage
 
-#[mediaservers:children]
-#mda_prod
-#mda_stage
+# [mediaservers:children]
+# mda_prod
+# mda_stage
 
 [dbservers:children]
 db_prod
diff --git a/play.sh b/play.sh
index 091a60b..1b96e89 100755
--- a/play.sh
+++ b/play.sh
@@ -3,6 +3,8 @@
 HOSTS="$1"
 
 case $HOSTS in
+*:*)
+    ROLES="['virt-common']" ;;
 *app*)
     ROLES="['virt-common', 'docker', 'apps']" ;;
 *db*)
diff --git a/roles/virt-common/handlers/main.yml b/roles/virt-common/handlers/main.yml
index dfc81df..7bc4e83 100644
--- a/roles/virt-common/handlers/main.yml
+++ b/roles/virt-common/handlers/main.yml
@@ -15,3 +15,8 @@
   ansible.builtin.service:
     name: systemd-resolved
     state: restarted
+
+- name: Upgrade system packages
+  ansible.builtin.dnf:
+    name: '*'
+    state: latest
diff --git a/roles/virt-common/tasks/main.yml b/roles/virt-common/tasks/main.yml
index 94a773d..780b722 100644
--- a/roles/virt-common/tasks/main.yml
+++ b/roles/virt-common/tasks/main.yml
@@ -48,6 +48,7 @@
       - epel-release
       - rocky-release-security
     state: present
+  notify: Upgrade system packages
 
 - name: Install system packages
   ansible.builtin.dnf:
@@ -58,6 +59,8 @@
       - htop
       - jq
       - logrotate
+      - lsof
+      - microcode_ctl
       - mtr
       - rsyslog
       - telnet