Patch Management : Linux

 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 ANSIBLE PATCH MANAGEMENT

 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Generally on enterprise setup you have got satellite , - Configuration management tool 

Lets assume you do not have any of these tools and you have a bug for which you need to apply Kernel patch on 1000 servers .

ignore_error : this will ignore error and will not exit out

register : app_process_check (this becomes the various which will register the output of shell module )

Second task

inventory_host name : the host where  the command is getting run


it checks for the condition is the output from the variable app_process_check.stdout == "process_running" the patching will fail if the application is running . it will quite the patching job but will display the message while quitting .

We are using Yum package manager where our clients are on red-hat or CentOS 7 .

If you want to update all package you can replace "kernel" with a "*" this will update all package 

Name = "kernel"  -- all packages of kernel gets updated.

state = latest -- means they will get the latest updates.

when : state when the upgrade or installation must happen places the condition 

some examples of ansible_distribution

tasks:
  - name: "shut down CentOS 6 and Debian 7 systems"
    command: /sbin/shutdown -t now
    when: (ansible_distribution == "CentOS" and ansible_distribution_major_version == "6") or
          (ansible_distribution == "Debian" and ansible_distribution_major_version == "7")

https://docs.ansible.com/ansible/2.6/user_guide/playbooks_conditionals.html

register : yum_update -- we are registering the update of yum_update variable

Next Task

checking if Kernel update has happend or it needs reboot


This will check what is the new kernel that got installed on the system

Installing Kernel Packages - example

yum: name={{ item }} state=present
with_items:
- ncurses-devel
- bc
- openssl-devel
- hmaccalc
- zlib-devel
- binutils-devel
- elfutils-libelf-devel
- name: install kernel dev packages

This task will check if the kernel update has happens , if so it goes for a reboot, else it does not reboot.



Check the ansible_distribution

$ ansible -m setup all | grep ansible_distribution







Comments

Post a Comment

Popular posts from this blog

Ansible : UDMY -- 9. Ansible Modules

Image
 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ In this module we will be talking about ansible module called "setup" which is used to gather information about modules,  The file module for a variety of different file based operations. We will look at the color notation used at the ansible execution . And how it relates to the key feature of Ansible called "Idempotency"  We will be using the  We will be using the copy module and the command module,  Ansible.doc to quickly understand the options available while using ansible modules .  Used for gathering facts about playbooks.  $ ansible centos1 -m setup  $ ansible centos1 -m setup | more  We can see information about devices . loads of information that get gathered here as facts ,  Using the file module using the combination of paths and states , path to the file being managed...
Read more

Ansible : UDMY -- 7. Validating Ansible Installation -- adhoc commands start - for loop to ssh key

Image
 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Here we will validate Ansible to check if it is working as expected . If you are using Ubuntu-c or configured your own Ansible controller machine . You should have an ansible folder, within this you should have a subdirectory venv27. if so activate your virtual environment.  $ source venv27/bin/activate If you decide to go by an alternative approach such as installing ansible using a system package  Please create an ansible directory now , you can continue with out the virtual environment  In the installation video we used the ansible command , check the installation was working as expected.  We are going to use the same ansible command to validate our system But this time we are going to work on a remote system .  We are going to make use of an ansible configuration and an inventory file. Before we d...
Read more

Ansible : UDMY -- 8. Ansible Inventories

Image
 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Ansible Architecture and Design  Ansible Inventory How can we provide connectivity to our Ansible hosts via root  There is a directory for each of these sections  As you can see there is a directory for each of these sections  essentially we can move to each directory and run ansible from each directory . Currently  our setup is quite simple we are connected as pact user connect to controller machine and using ansible as pack user connected to the end points. We are going to configure Ansible so that we can have *root* connectivity for all of our end points.  The centos systems are pretty simpler .  we have "ansible_user" variable set for centos hosts stating the user we will use for connectivity is root.  $ ansible all -m ping  the variable ansible_user hosts fails as we havent s...
Read more