srgvg
commented
6 years ago I'm not eager to start looking at resources like debops, which is quite an extensive project, and can get quite far and complicated. Especially for this case, where what you need is quite simple, and short to be written.
This should be quite straightforward. A quick example of the logic (needs some tweaking of course, but taken from an existing example):
---
- hosts:
- all
become: true
tasks:
- name: Update apt cache
apt: update_cache=yes
- name: Upgrade packages
apt: upgrade=dist
- name: Check if a reboot is required
register: reboot_required_file
stat: path=/var/run/reboot-required get_md5=no
- name: restart machine
become: yes
shell: sleep 2 && shutdown -r now "Ansible updates triggered"
async: 1
poll: 0
ignore_errors: true
when: reboot_required_file.stat.exists == true
- name: Waiting for server to come back
become: no
local_action: wait_for
port=22
host={{ inventory_hostname }}
search_regex=OpenSSH
delay=10
- hosts: all
become: yes
tasks:
- name: Fetch any new FreeBSD updates
shell: freebsd-update fetch
when: ansible_distribution == 'FreeBSD'
register: result_update
changed_when: "'No updates needed' not in result_update.stdout"
- debug: var=result_update
when: result_update.changed
- name: Install FreeBSD updates
shell: freebsd-update install
when: ansible_distribution == 'FreeBSD' and result_update.changed
register: result_update_install
- debug: var=result_update_install
when: result_update_install.changed
- name: Upgrade FreeBSD packages
shell: pkg upgrade
when: ansible_distribution == 'FreeBSD'
register: result_pkg
changed_when: "'Your packages are up to date' not in result_pkg.stdout"
- debug: var=result_pkg
when: result_pkg.changedOf course, the target of those playbooks would match a group containing the machines with the right OS.
As for Windows updates, there are modules for that too: http://docs.ansible.com/ansible/latest/modules/win_updates_module.html If no Windows machines are live, the playbook would be skipped, as no machines are targeted
As per your question aboutif one can can or how wise it is to update the OS non-interactively with FreeBSD's freebsd-update fetch && freebsd-update install, I can't really comment on that, my experience with FreeBSD is too limited for that. The same could apply to Ubuntu, but perhaps to a lesser extent. Reviewing the list of updates, and checking if there are major updates to e.g. server processes that explifcitly run on it, is always a good idea. Running in test mode first can help here.
Let me know if this approach suits you, and I'll refine this into a couple of roles. (Expect +/- 2 hours of work.)
Small question: do you retrieve the server list with the aws/ec2 inventory script? Does this get you the right groups for Ubuntu and FreeBSD, or should those groups still be created based on a tag (supplied as parameter to the host?) Can you confirm me the right name of this group or tag?
reelsense
I need an Ansible Playbook/workflow that is a very simple and easy one-liner for updating all my Ubuntu and FreeBSD servers.
I'm busy keeping up with a new job and I'm too mentally exhausted to figure out where to start with making some of these Ansible playbooks. I know there are a bunch of open-source resources like DebOps. I've made and modified some Ansible Roles and Playbooks before but I need help.
If you think I'm better off using some Workflow that combines DebOps and a FreeBSD Playbook, versus you re-inventing the wheel then I'll pay you for your time. I'll just need some idiot proof instructions.
Update packages on Ubuntu and FreeBSD.
freebsdorubuntu(ec2 tags)This Vagrantfile will make setting up the virtual environment easier. Upgraded to Ubuntu 18.04 on 2018-04-19
vagrant ssh ubuntu1.Bonus (unnecessary): Is it possible to have the Ansible Playbook/Workflow update Windows servers based on a
windowstag in EC2? Sometimes there is no Windows server online.Misc:
Fork and submit a pull request when done.
x-post: https://github.com/stationgroup/ansible-experiments/pull/3 https://github.com/stationgroup/ansible-experiments/issues/4 https://github.com/stationgroup/ansible-experiments/issues/1