Friday, July 10, 2020

Ansible playbook list security patch

$ cat /opt/ansible/rpm_list.yml
---
  - name: rpm_list_prep
    hosts: all
    become: yes
    become_user: root
    tasks:
      - name: create a local dir
        local_action:
          module: file
          path: /var/tmp/rpm_list_all/{{ansible_date_time.date}}
          state: directory
      - name: yum clean all
        shell: yum clean all
        register: yumclean
      - name: yum Update info
        shell: yum updateinfo list sec | grep '^RHSA'
        register: yumupdateinfo
      - local_action: copy content={{ yumupdateinfo.stdout_lines | to_nice_yaml }} dest=/var/tmp/rpm_list_all/{{ansible_date_time.date}}/{{ inventory_hostname }}
      - local_action: shell cd /var/tmp/rpm_list_all/{{ansible_date_time.date}}/;for i in `ls|grep -v all`;do sed -e "s/$/ $i/g" "$i"|sed -e 's/-//g'|sed 's/^ //g';done>all_server_rpm.csv
$

Posted by at No comments:

ansible playbook os update security

$ cat /opt/ansible/osupdate.yml
---
  - name: Osupdate
    hosts: all
    become: yes
    become_user: root
    tasks:
      - name: taking backup of important files.
        shell: mkdir /var/tmp/security_patching_bkp;cd /var/tmp/security_patching_bkp;df -h>df.txt;ifconfig -a>ifconfig.txt;uname -a>uname.txt;ps -eaf>ps.txt
        register: result
      - name: Clean yum
        shell: yum clean all
        register: yumclean
      - debug:
          var: yumclean
      - name: yum list security
        shell: yum list-security > /var/tmp/security_patching_bkp/yum_list-security.txt
        register: yumlist_security
      - name: Yum security update
        shell: yum update --security -y
        register: yumsecurityupdate
      - debug:
          var: yumsecurityupdate
      - name: Yum security update skip-broken
        shell: yum update --security -y --skip-broken
        register: yumsecurityupdateskipb
      - debug:
          var: yumsecurityupdateskipb
      - name: Checking reboot required or not
        shell: LAST_KERNEL=$(rpm -q --last kernel | awk 'NR==1{sub(/kernel-/,""); print $1}'); CURRENT_KERNEL=$(uname -r); if [ $LAST_KERNEL != $CURRENT_KERNEL ]; then echo 'reboot'; else echo 'no'; fi
        ignore_errors: true
        register: reboot_hint
      - name: Rebooting if required...
        shell: shutdown -r now "Reboot required for updated kernel"
        async: 0
        poll: 0
        when: reboot_hint.stdout.find("reboot") != -1
        register: rebooting
      - name: Waiting for thing to reboot
        pause: seconds=45
        when: rebooting|changed
]$
Posted by at No comments:

Monday, July 6, 2020

extend root filesystem size on VM

1. Increase the space as required in vcenter.
2. fdisk -l /dev/sda (Check the new space reflected)
3. create new partition with fdisk /dev/sda
4. Need a restart to reflect the new partition (if required)
5. add new partition -
a) pvcreate /dev/sda4
b) vgextend vg_system /dev/sda4
c) lvextended -L +50G /dev/mapper/vg_system
d) resize2fs /dev/mapper/vg_system

df -h
Posted by at No comments:
Subscribe to: Posts (Atom)