Ansible - Update Debian Based Systems
One of the main reasons to deploy an Ansible server is to update all of your servers whenever there is a critical security update such as the heartbleed bug. Today we will show you how to do precisely that for servers that use apt, such as debian and ubuntu.
Hosts File
The first thing we need to do is define a grouping of all the servers we wish to update through ansible, by updating our ansible hosts file. For this tutorial, I am going to refer to them simply as apt-servers
because all these servers use the apt system to perform updates.
[apt-servers]
svn.programster.org
192.168.1.1
[yum-servers]
192.168.1.5
yum.programster.org
Create the Playbook
Next we need to create a playbook to tell Ansible what we want to do. Playbooks are in the YAML format so we suffix them with .yml but you dont have to. For this tutorial, I am going to call it update-apt-servers.yml
. Fill it with the following contents if you just want to perform updates.
- hosts: apt-servers
sudo: true
tasks:
- name: updates a server
apt: update_cache=yes
- name: upgrade a server
apt: upgrade=dist
upgrade=dist
with upgrade=full
, please refer here if you want to know the difference.
If you wish to take this a step further and perform a reboot if required for the updates to be applied, then you can use this script:
- hosts: apt-servers
sudo: true
tasks:
- name: updates a server
apt: update_cache=yes
- name: upgrade a server
apt: upgrade=dist
- name: Check if a reboot is required
register: file
stat: path=/var/run/reboot-required get_md5=no
- name: Reboot the server
command: /sbin/reboot
when: file.stat.exists == true
Execute!
Now we have the hosts and playbook defined, we can execute the update.
export ANSIBLE_HOSTS="$HOME/ansible/ansible_hosts"
ansible-playbook update-servers.yml --ask-sudo-pass
- This will try to log in as the same user you are currently logged in as on the ansible host. If you want to log in as a different user, append:
--user=[username]
- Executing playbooks requires the Ansible server to have SSH key access to the other hosts.
- Remove
--ask-sudo-pass
if you have configured your slaves to not require sudo password.
References
First published: 16th August 2018