Ansible is opensource automation tool and will see how to patch linux servers using ansible in this post.
We are going to use RedHat Linux 7.3 Operating System in this practical.
Requirements:
1. Linux Host Installed with Ansible and Yum repository configured with httpd.
2. Linux Host Installed with RHEL 7.4 -> Node machine
3. Since Ansible requires SSH enabled between ansible master and node and don’t have node package, Make sure SSH connection established between Master and node.
Configuring yum repository for patching:
- browse https://access.redhat.com/ and login with valid credentials.
- Click on Security -> Security Advisories and downlod the necessary packages.
- Copy those packages to yum repository where all existing packages are available in Linux host. I downloaded and copied kernel update in my repository.
# yum list all | grep 3.10.0-1062.el7
kernel.x86_64 3.10.0-1062.el7 @yum_repo
kernel-headers.x86_64 3.10.0-1062.el7 yum_repo
kernel-devel.x86_64 3.10.0-1062.el7 yum_repo
kernel-tools.x86_64 3.10.0-1062.el7 yum_repo
kernel-tools-libs.x86_64 3.10.0-1062.el7 yum_repo
4. Run createrepo, “yum clean all” & “yum makecache” commands to update the repository along with new RPM’s.
Now the repository is ready for patching.
Ansible playbook for Linux patching:
- Login to Ansible Host and change directory to /etc/ansible
#cd /etc/ansible
2. create playbook called “patching.yml” with below content
# vi patching.yml
---
- name: Patch Linux system
hosts: Linux_Servers
become: true
ignore_errors: yes
tasks:
- name: Copy the Kernel Patch Repo File
copy:
src: /etc/yum.repos.d/yum.repo
dest: /etc/yum.repos.d/
- name: Apply patches
yum:
name: kernel
state: latest
3. Edit /etc/ansible/hosts file and provide Linux hosts which needs to be patched and mention group as “Linux_Servers” for those hosts. Host group name has been mentioned in playbook in “hosts: Linux_Servers” portion.
# cat /etc/ansible/hosts
[Linux_Servers]
client.lbc.com
4. Now run the playbook from Ansible host and make SSH connection established between master and client.
# ansible-playbook patching.yml
Before kernel patching:
# uname -a
Linux client.lbc.com 3.10.0-862.el7.x86_64 #1 SMP Wed Mar 21 18:14:51 EDT 2018 x86_64 x86_64 x86_64 GNU/Linux
After kernel Patching:
# uname -a
Linux client.lbc.com 3.10.0-1062.el7.x86_64 #1 SMP Thu Jul 18 20:25:13 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
We successfuly completed kernel patching. Reference: