Yum and Dnf update and reboot with Ansible

In this video I cover some play books I have written to patch my RedHat based CentOS VM’s. The playbooks will enable EPEL, verify some packages/applications I use are installed, run a Yum or DNF update and reboot if a reboot is required.

The playbooks can be downloaded from below

nathan@thenathan:~/ansible$ cat enable_epel.yml
---
- hosts: all
  gather_facts: True
  become: true
  strategy: free
  tasks:
  - name: Enable EPEL Repository on CentOS 8
    dnf:
      name: epel-release
      state: latest
    when: ansible_facts['os_family'] == 'RedHat' and ansible_facts ['distribution_major_version'] >= '8'

  - name: Enable EPEL Repository on CentOS 7
    yum:
      name: epel-release
      state: latest
    when: ansible_facts['os_family'] == 'RedHat' and ansible_facts ['distribution_major_version'] == '7'
nathan@thenathan:~/ansible$ cat std_packages.yml
---
- import_playbook: enable_epel.yml
- hosts: all
  gather_facts: false
  become: true
  strategy: free
  tasks:

  #RHEL based OS version 7 stuff
  - name: Packages major_version 7
    when: ansible_facts['distribution_major_version'] == "7"
    package:
      name: ['nmap-ncat', 'curl', 'rsync', 'sysstat', 'bind-utils', 'wget', 'bash-completion', 'mlocate', 'lsof', 'htop', 'sharutils', 'python2-psutil', 'yum-utils', 'ps_mem' ]
      state: present

  #RHEL based OS version 6 stuff
  - name: Packages major_version 6
    when: ansible_facts['distribution_major_version'] == "6"
    package:
      name: ['nc', 'curl', 'rsync', 'sysstat', 'bind-utils', 'wget', 'bash-completion', 'libselinux-python', 'lsof' ]
      state: present
nathan@thenathan:~/ansible$ cat yum_update_reboot.yml
---
- import_playbook: std_packages.yml
- hosts: all
  gather_facts: false
  become: true
  serial: 1
  any_errors_fatal: yes
  vars_prompt:
    name: "confirmation"
    prompt: "Are you sure you want to Update with reboots? Answer with 'YES'"
    default: "NO"
    private: no
  tasks:

  - name: Check Confirmation
    fail: msg="Playbook run confirmation failed"
    when: confirmation != "YES"

  - name: DNF update the system
    dnf:
      name:  "*"
      state: latest
    when: ansible_facts['os_family'] == 'RedHat' and ansible_facts  ['distribution_major_version'] >= '8'

  - name: Yum update the system
    yum:
      name: "*"
      state: latest
    when: ansible_facts['os_family'] == 'RedHat' and ansible_facts ['distribution_major_version'] <= '7'

  - name: Reboot required
    command: "/usr/bin/needs-restarting -r"
    register: reboot_required
    ignore_errors: True
    changed_when: False
    failed_when: reboot_required.rc == 2
    when: ansible_facts['distribution_major_version'] == "7"

  - name: Rebooting
    reboot:
      post_reboot_delay: 60
    throttle: 1
    when: reboot_required.rc == 1 and ansible_facts ['virtualization_role'] != 'host'

  - debug:
      var: reboot_required.rc
      verbosity: 2

  - name: Check the uptime post reboot
    shell: uptime
    register: UPTIME_POST_REBOOT
    when: reboot_required.rc == 1

  - debug: msg={{UPTIME_POST_REBOOT.stdout}}
    when: reboot_required.rc == 1

  - name: Wait for port  443 to become open on the host, don't start checking for 60 seconds
    wait_for:
      port: 443
      host: 0.0.0.0
      delay: 60
    when: "'web' in inventory_hostname"