In this video I cover some play books I have written to patch my RedHat based CentOS VM’s. The playbooks will enable EPEL, verify some packages/applications I use are installed, run a Yum or DNF update and reboot if a reboot is required.
The playbooks can be downloaded from below
nathan@thenathan:~/ansible$ cat enable_epel.yml
---
- hosts: all
gather_facts: True
become: true
strategy: free
tasks:
- name: Enable EPEL Repository on CentOS 8
dnf:
name: epel-release
state: latest
when: ansible_facts['os_family'] == 'RedHat' and ansible_facts ['distribution_major_version'] >= '8'
- name: Enable EPEL Repository on CentOS 7
yum:
name: epel-release
state: latest
when: ansible_facts['os_family'] == 'RedHat' and ansible_facts ['distribution_major_version'] == '7'
nathan@thenathan:~/ansible$ cat std_packages.yml
---
- import_playbook: enable_epel.yml
- hosts: all
gather_facts: false
become: true
strategy: free
tasks:
#RHEL based OS version 7 stuff
- name: Packages major_version 7
when: ansible_facts['distribution_major_version'] == "7"
package:
name: ['nmap-ncat', 'curl', 'rsync', 'sysstat', 'bind-utils', 'wget', 'bash-completion', 'mlocate', 'lsof', 'htop', 'sharutils', 'python2-psutil', 'yum-utils', 'ps_mem' ]
state: present
#RHEL based OS version 6 stuff
- name: Packages major_version 6
when: ansible_facts['distribution_major_version'] == "6"
package:
name: ['nc', 'curl', 'rsync', 'sysstat', 'bind-utils', 'wget', 'bash-completion', 'libselinux-python', 'lsof' ]
state: present
nathan@thenathan:~/ansible$ cat yum_update_reboot.yml
---
- import_playbook: std_packages.yml
- hosts: all
gather_facts: false
become: true
serial: 1
any_errors_fatal: yes
vars_prompt:
name: "confirmation"
prompt: "Are you sure you want to Update with reboots? Answer with 'YES'"
default: "NO"
private: no
tasks:
- name: Check Confirmation
fail: msg="Playbook run confirmation failed"
when: confirmation != "YES"
- name: DNF update the system
dnf:
name: "*"
state: latest
when: ansible_facts['os_family'] == 'RedHat' and ansible_facts ['distribution_major_version'] >= '8'
- name: Yum update the system
yum:
name: "*"
state: latest
when: ansible_facts['os_family'] == 'RedHat' and ansible_facts ['distribution_major_version'] <= '7'
- name: Reboot required
command: "/usr/bin/needs-restarting -r"
register: reboot_required
ignore_errors: True
changed_when: False
failed_when: reboot_required.rc == 2
when: ansible_facts['distribution_major_version'] == "7"
- name: Rebooting
reboot:
post_reboot_delay: 60
throttle: 1
when: reboot_required.rc == 1 and ansible_facts ['virtualization_role'] != 'host'
- debug:
var: reboot_required.rc
verbosity: 2
- name: Check the uptime post reboot
shell: uptime
register: UPTIME_POST_REBOOT
when: reboot_required.rc == 1
- debug: msg={{UPTIME_POST_REBOOT.stdout}}
when: reboot_required.rc == 1
- name: Wait for port 443 to become open on the host, don't start checking for 60 seconds
wait_for:
port: 443
host: 0.0.0.0
delay: 60
when: "'web' in inventory_hostname"