robertdebock / ansible-role-update Goto Github PK
View Code? Open in Web Editor NEWInstall updates on your system.
Home Page: https://robertdebock.nl/
License: Apache License 2.0
Install updates on your system.
Home Page: https://robertdebock.nl/
License: Apache License 2.0
Currently if ran against an Amazon Linux (AL2 in my case) the host is skipped without actually upgrading or rebooting.
This appears to be because in AL2 ansible_pkg_mgr
does in fact equal yum
but ansible_distribution_major_version
equals 2
which is neither 6
or 7
that are within the block.
---
roles:
- name: robertdebock.update
version: 3.1.4
---
- name: Perform OS update patching
hosts: all
become: true
roles:
- role: robertdebock.update
Show at least the error, possible related output, maybe just all the output.
PLAY [Perform OS update patching] **********************************************
TASK [Gathering Facts] *********************************************************
ok: [jbouse-dev-util-poc]
TASK [robertdebock.update : test if update_autoremove is set correctly] ********
ok: [jbouse-dev-util-poc -> localhost]
TASK [robertdebock.update : test if update_upgrade_command is set correctly] ***
ok: [jbouse-dev-util-poc -> localhost]
TASK [robertdebock.update : test if update_cache_valid_time is set correctly] ***
ok: [jbouse-dev-util-poc -> localhost]
TASK [robertdebock.update : test if update_reboot is set correctly] ************
ok: [jbouse-dev-util-poc -> localhost]
TASK [robertdebock.update : update cache (apk)] ********************************
skipping: [jbouse-dev-util-poc]
TASK [robertdebock.update : update all software (apk)] *************************
skipping: [jbouse-dev-util-poc]
TASK [robertdebock.update : update all software (apt)] *************************
skipping: [jbouse-dev-util-poc]
TASK [robertdebock.update : apt autoremove (apt)] ******************************
skipping: [jbouse-dev-util-poc]
TASK [robertdebock.update : update all software (dnf)] *************************
skipping: [jbouse-dev-util-poc]
TASK [robertdebock.update : update all software (pacman)] **********************
skipping: [jbouse-dev-util-poc]
TASK [robertdebock.update : update all software (yum/6)] ***********************
skipping: [jbouse-dev-util-poc]
TASK [robertdebock.update : update all software (yum/7)] ***********************
skipping: [jbouse-dev-util-poc]
TASK [robertdebock.update : install yum-utils] *********************************
skipping: [jbouse-dev-util-poc]
TASK [robertdebock.update : update all software (zypper)] **********************
skipping: [jbouse-dev-util-poc]
PLAY RECAP *********************************************************************
jbouse-dev-util-poc : ok=5 changed=0 unreachable=0 failed=0 skipped=10 rescued=0 ignored=0
Relevant snippets from the Gathering Facts
task
{
"ansible_facts": {
"ansible_distribution": "Amazon",
"ansible_distribution_release": "NA",
"ansible_distribution_version": "2",
"ansible_distribution_major_version": "2",
"ansible_distribution_file_path": "/etc/os-release",
"ansible_distribution_file_variety": "Amazon",
"ansible_distribution_file_parsed": true,
"ansible_distribution_minor_version": "NA",
"ansible_os_family": "RedHat",
"ansible_pkg_mgr": "yum"
}
On Fedora 26 in Vagrant (virtualbox) this role issues a reboot command:
RUNNING HANDLER [robertdebock.update : reboot] *********************************
changed: [default]
But the machine does not reboot, so it's stuck in:
RUNNING HANDLER [robertdebock.update : wait for the machine to be down] ********
FAILED - RETRYING: wait for the machine to be down (180 retries left).
FAILED - RETRYING: wait for the machine to be down (179 retries left).
FAILED - RETRYING: wait for the machine to be down (178 retries left).
...
Is your feature request related to a problem? Please describe.
We have every end of a month a bigger system upgrade on round about ~120 hosts. In most cases, we do update_reboot = yes
and let the hosts reboot.
But we have also auto updates, via Rundeck every day, which executes the same playbook, with your great modules :-) But ... also with update_reboot = yes
, which reboots the hosts also, if only PHP package or something like that was upgraded :-).
Describe the solution you'd like
It would be very cool, if a new global variable exists, like update_kernel_reboot_only = yes
, that do not reboot while a normal package update, but if the kernel has changed. For that, we can ask robertdebock.reboot, if we have a kernel change pending.
Describe alternatives you've considered
I would starting with having two kind of playbooks, one with reboot, one with not. Also possible: adding the variable while calling the playbook (wia Rundeck or shell) , but than you have instruct all people who are involved.
Additional context
Add any other context or screenshots about the feature request here.
Our playbooks for upgrades looks like this one:
---
# Generic update System playbook
- name: Update system
hosts: "{{inventory}}"
serial: 1
gather_facts: yes
vars_files:
- "{{inventory_dir}}/group_vars/update_package.yaml"
tasks:
- name: Update packages
include_role:
name: robertdebock.update
- name: Execute puppet if installed
include_role:
name: puppet
- name: Check for needrestart services
include_role:
name: systemli.needrestart
- name: Execute puppet if installed
include_role:
name: puppet
- name: Run Rkhunter if installed
include_role:
name: rkhunter
The (inventories/dev/)group_vars/update_package.yaml:
---
## robertdebock
update_autoremove: yes
update_upgrade_command: safe
reboot_always: no
update_reboot: yes
## systemli
needrestart_disable_email: 1
needrestart_action: a
needrestart_blacklist_rc:
- mongodb-.*\.service
- mariadb\.service
- mysql\.service
The command:
ansible-playbook update_system_test.yaml -i inventories/dev/hosts --extra-vars "inventory=devpc21" --limit devpc21n-05.example.local
What do you think about adding an option to control the reboot behavior? I can think of 3 options I would use:
Option 3 might be a little tricky...
For Debian/Ubuntu /var/run/reboot-required is created whenever a reboot is needed: (could be implemented adding the "removes" option, something like the example below)
- name: reboot when required
shell: (sleep "{{ update_reboot_delay }}" && shutdown -r now "ansible-role-update" &)
async: 1
poll: 0
ignore_errors: yes
changed_when: no
removes=/var/run/reboot-required
when:
- ansible_virtualization_type != "docker"
- update_unattended_reboot = "when_required"
For Fedora/RedHat/CentOS I believe there's a needs-restarting command that can be installed.
It might be nice to set the autoremove parameter for apt. http://docs.ansible.com/ansible/latest/apt_module.html
On Ubuntu unless you run apt autoremove periodically the kernel updates will eventually fill up the /boot partition and you'll run out of space. I'm not sure if it's an issue with other distributions.
Describe the bug
While executing the playbook, a reboot is always initiated even there is no reason.
To Reproduce
Steps to reproduce the behavior:
---
- name: Update system
hosts: "{{inventory}}"
gather_facts: yes
vars_files:
- "{{ inventory_dir }}/group_vars/update_package.yaml"
roles:
- robertdebock.update
- systemli.needrestart
# Update system related
---
## robertdebock
update_reboot: false
reboot_always: no
update_autoremove: yes
update_upgrade_command: safe
## systemli
needrestart_disable_email: 1
needrestart_action: a
needrestart_blacklist_rc:
- mongodb-.*\.service
- mariadb\.service
- mysql\.service
$ ansible-playbook update_system.yaml -i inventories/dev/hosts --extra-vars "inventory=devpc21" --limit "devpc21n-06"
PLAY [Update system] ***********************************************************************************************************************
TASK [Gathering Facts] *********************************************************************************************************************
ok: [devpc21n-06]
TASK [robertdebock.reboot : see if a reboot is required] ***********************************************************************************
skipping: [devpc21n-06]
TASK [robertdebock.reboot : reboot the machine] ********************************************************************************************
changed: [devpc21n-06]
RUNNING HANDLER [robertdebock.reboot : 1 wait for the start of reboot] *********************************************************************
Pausing for 4 seconds
(ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
ok: [devpc21n-06]
RUNNING HANDLER [robertdebock.reboot : 2 wait for the machine to be up] ********************************************************************
ok: [devpc21n-06]
RUNNING HANDLER [robertdebock.reboot : 3 gather facts after reboot] ************************************************************************
ok: [devpc21n-06]
The host reboots and then update task is running. In case of a new kernel, libc etc. a 2nd reboot is required.
Expected behavior
Error
META: ran handlers
Read vars_file '{{ inventory_dir }}/group_vars/update_package.yaml'
TASK [robertdebock.reboot : see if a reboot is required] *************************************************************************************************************************************************************************************
task path: /home/dfuchs/git/ansible-new/roles/robertdebock.reboot/tasks/main.yml:3
skipping: [devpc21n-06] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
META: ran handlers
Read vars_file '{{ inventory_dir }}/group_vars/update_package.yaml'
TASK [robertdebock.reboot : reboot the machine] **********************************************************************************************************************************************************************************************
task path: /home/dfuchs/git/ansible-new/roles/robertdebock.reboot/tasks/main.yml:22
fatal: [devpc21n-06]: FAILED! => {
"changed": false,
"msg": "check mode and async cannot be used on same task."
}
...ignoring
META: ran handlers
Read vars_file '{{ inventory_dir }}/group_vars/update_package.yaml'
Environment
Additional context
I want to let needrestart to restart services and maybe the system.
CentOS 7 on DigitalOcean
TASK [robertdebock.update : update all software (yum)] ***********************************************************************************************
changed: [machine3.meinit.nl]
changed: [machine1.meinit.nl]
changed: [machine4.meinit.nl]
changed: [machine2.meinit.nl]
TASK [robertdebock.update : update all software (zypper)] ********************************************************************************************
skipping: [machine1.meinit.nl]
skipping: [machine3.meinit.nl]
skipping: [machine2.meinit.nl]
skipping: [machine4.meinit.nl]
RUNNING HANDLER [robertdebock.update : reboot] *******************************************************************************************************
changed: [machine3.meinit.nl]
changed: [machine1.meinit.nl]
changed: [machine2.meinit.nl]
changed: [machine4.meinit.nl]
RUNNING HANDLER [robertdebock.update : wait for the machine to be down] ******************************************************************************
fatal: [machine3.meinit.nl]: FAILED! => {"attempts": 1, "changed": false, "elapsed": 1, "failed_when_result": true}
fatal: [machine2.meinit.nl]: FAILED! => {"attempts": 1, "changed": false, "elapsed": 1, "failed_when_result": true}
fatal: [machine1.meinit.nl]: FAILED! => {"attempts": 1, "changed": false, "elapsed": 1, "failed_when_result": true}
fatal: [machine4.meinit.nl]: FAILED! => {"attempts": 1, "changed": false, "elapsed": 2, "failed_when_result": true}
Upgrading packages with answer question, because of DEBIAN_FRONTEND=dialog
fails.
....
attempts: 3
msg: |-
'/usr/bin/apt-get upgrade --with-new-pkgs ' failed: E: Sub-process /usr/bin/dpkg returned an error code (1)
rc: 100
stdout: |-
Reading package lists...
Building dependency tree...
Reading state information...
Calculating upgrade...
The following package was automatically installed and is no longer required:
linux-image-4.19.0-20-amd64
Use 'apt autoremove' to remove it.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up grub-pc (2.06-3~deb10u2) ...
You must correct your GRUB install devices before proceeding:
DEBIAN_FRONTEND=dialog dpkg --configure grub-pc
dpkg --configure -a
dpkg: error processing package grub-pc (--configure):
installed grub-pc package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
grub-pc
needrestart is being skipped since dpkg has failed
stdout_lines: <omitted>
....
We need to tell Debian to avoid questions with DEBIAN_FRONTEND=nointeractive
as ENV.
Is that possible ?
cu denny
I've updated the role version to 2.3.6 and the task fail when executing the task "test if update_autoremove is set correctly" in assert.yml
I've downgraded to 2.3.5 and is working again. Looking at the code it seems this change causing the issue:
ansible-role-update/tasks/assert.yml
Line 7 in 28ffccf
Please paste the playbook you are using. (Consider requirements.yml
and
optionally the command you've invoked.)
---
---
- name: Install updates
hosts: localhost #all
become: yes
gather_facts: yes
roles:
- robertdebock.update
Show at least the error, possible related output, maybe just all the output.
daniele@wls2:/home/wls2/ansible-updates # ansible-playbook playbook.yml -i localhost
PLAY [Install updates] ******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.update : include assert.yml] **********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
included: /root/.ansible/roles/robertdebock.update/tasks/assert.yml for localhost
TASK [robertdebock.update : test if update_autoremove is set correctly] **********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"msg": "The conditional check 'update_autoremove is boolean' failed. The error was: template error while templating string: no test named 'boolean'. String: {% if update_autoremove is boolean %} True {% else %} False {% endif %}"}
PLAY RECAP ***********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
localhost : ok=2 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
ansible --version
)ansible 2.9.16
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.16 (default, Oct 10 2019, 22:02:15) [GCC 8.3.0]
cat /etc/os-release
)cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.