Tuesday, September 8, 2020

OS update ansible playbook

 [cinil@patchmanager ansible_playbooks]$ cat osupdate-preparation.yml

---

  - name: Osupdate

    hosts: all

    become: yes

    become_user: root

    tasks:

      - name: taking backup of important files.

        shell: mkdir /var/tmp/security_patching_bkp;cd /var/tmp/security_patching_bkp;df -h>df.txt;ifconfig -a>ifconfig.txt;uname -a>uname.txt;ps -eaf>ps.txt

        register: result

      - name: Clean yum

        shell: yum clean all

        register: yumclean

      - name: yum list security

        shell: yum list-security > /var/tmp/security_patching_bkp/yum_list-security.txt

        register: yumlist_security

      - name: Yum security update

        shell: yum update --security -y

        register: yumsecurityupdate

      - name: Yum security update skip-broken

        shell: yum update --security -y --skip-broken

        register: yumsecurityupdateskipb

      - name: Count the boot files before reboot

        shell: cd /boot/;ls |grep `rpm -q --last kernel | awk 'NR==1{sub(/kernel-/,"");print $1}'`|wc -l

        register: countbootfiles

      - fail:

          msg: "Kernel update failed"

        when: countbootfiles.stdout != "5"

[cinil@patchmanager ansible_playbooks]$

[cinil@patchmanager ansible_playbooks]$ cat Osupdate-Reboot.yml
---
  - name: Os-Security update Server reboot
    hosts: all
    become: yes
    become_user: root
    tasks:
      - name: Count the boot files before reboot
        shell: cd /boot/;ls |grep `rpm -q --last kernel | awk 'NR==1{sub(/kernel-/,"");print $1}'`|wc -l
        register: countbootfiles
      - name: Checking reboot required or not
        shell: LAST_KERNEL=$(rpm -q --last kernel | awk 'NR==1{sub(/kernel-/,""); print $1}'); CURRENT_KERNEL=$(uname -r); if [ $LAST_KERNEL != $CURRENT_KERNEL ]; then echo 'reboot'; else echo 'no'; fi
        ignore_errors: true
        register: reboot_hint
      - name: Rebooting if required...
        shell: ahutdown -r now "Reboot required for updated kernel"
        async: 0
        poll: 0
        when: reboot_hint.stdout.find("reboot") != -1 and countbootfiles.stdout.find("5") != -1
        register: rebooting
      - name: Waiting for thing to reboot
        pause: seconds=180
        when: rebooting|changed
      - fail:
         msg: "Server not rebooted due to Kernel update fail or wrong reboot"
        when: reboot_hint.stdout.find("reboot") == -1 or countbootfiles.stdout.find("5") == -1
[cinil@patchmanager ansible_playbooks]$

Posted by at No comments:
Subscribe to: Posts (Atom)