Server Patching sample playbook
mkdir patching
vi kernel.repo #copy required patch repo to it
ansible --list-hosts patching
ansible-playbook mypatching.yml -K --step #this is to run the playbook step by step
----
- hosts: patching
become: true
become_user: root
tasks:
- name: check services are running
shell: if ps -eaf | egrep httpd | grep -v grep > /dev/null; then echo "process_running"; else echo "process not running"; fi
ignore_errors: true
register: app_proc_check
- debug: msg="{{ app_proc_check.stdout }}"
- name: Decision to startr patching
fail:
msg="{{ inventory_hostname }} having running applications, please stop first and then attempt patching"
when: app_proc_check.stdout == "process_running"
- name: copy the kernel patch repo
copy:
src: /patching/kernel.repo
dest: /etc/yum.repos.d/
- name: current kernel version
shell: uname -r
register: curr_ker
- name: initiating patching
yum:
name=kernel
state=latest
resister: yum_update
- debug: msg="kernel has been updated"
when: yum_update.rc == 0
- name: Check whether a reboot is required
shell: curr_kernel=$(uname -r); new_kernel=$(rpm -qa --last kernel| head -1 | awk '{print $1}); if [[ $new_kernel != $curr_kernel ]]; then echo "Reboot is required"; else echo "Reboot is not required"; fi
ignore_errors: true
register: reboot_check
- debug: msg="{{ reboot_check.stdout }}"
- name: Rebooting after patching
shell: "shutdown -r now"
when: reboot_check.stdout == "Reboot is required"
async: 1
poll: 0
- name: wait the syatem to come up
pause:
minutes: 1
- name: new kernel version
shell: uname -r
register: new_ker
- debug: msg="New Kernel Version is {{ new_ker.stdout }} and the old kernel version was {{ curr_ker.stdout }}"
- name: wait for few mins after reboot
shell: