Ansible - Update Debian Based Systems
One of the main reasons to deploy an Ansible server is to update all of your servers whenever there is a critical security update such as the heartbleed bug. Today we will show you how to do precisely that for servers that use apt, such as debian and ubuntu.
The first thing we need to do is define a grouping of all the servers we wish to update through ansible, by updating our ansible hosts file. For this tutorial, I am going to refer to them simply as
apt-servers because all these servers use the apt system to perform updates.
[apt-servers] svn.programster.org 192.168.1.1 [yum-servers] 192.168.1.5 yum.programster.org
Create the Playbook
Next we need to create a playbook to tell Ansible what we want to do. Playbooks are in the YAML format so we suffix them with .yml but you dont have to. For this tutorial, I am going to call it
update-apt-servers.yml. Fill it with the following contents if you just want to perform updates.
- hosts: apt-servers sudo: true tasks: - name: updates a server apt: update_cache=yes - name: upgrade a server apt: upgrade=dist
upgrade=full, please refer here if you want to know the difference.
If you wish to take this a step further and perform a reboot if required for the updates to be applied, then you can use this script:
- hosts: apt-servers sudo: true tasks: - name: updates a server apt: update_cache=yes - name: upgrade a server apt: upgrade=dist - name: Check if a reboot is required register: file stat: path=/var/run/reboot-required get_md5=no - name: Reboot the server command: /sbin/reboot when: file.stat.exists == true
Now we have the hosts and playbook defined, we can execute the update.
export ANSIBLE_HOSTS="$HOME/ansible/ansible_hosts" ansible-playbook update-servers.yml --ask-sudo-pass
- This will try to log in as the same user you are currently logged in as on the ansible host. If you want to log in as a different user, append:
- Executing playbooks requires the Ansible server to have SSH key access to the other hosts.
--ask-sudo-passif you have configured your slaves to not require sudo password.