el_patching's Introduction

Ansible role - EL Patching

Apply OS patches on Enterprise Linux (RHEL) and other Red Hat derivatives (e.g. CentOS, Rocky, Alma, Fedora). You can decide which patching method you want to use. There are 3 methods:

all - Apply all patches on target a host
security - Apply only security patches on target a host
bugfix - Apply only bugfix patches on target a host

I recommend visiting the blog post for detailed information, usage example, and my recommendation.

Requirements

Only dnf must be available on the target machine.

Role Variables

Default Variables. Usually, there is no need to change this but rather overwrite the value in host_vars or group_vars if required.

Variable Name	Default Value	Description
`el_patching_required_packages`	`"yum-utils"`	It is required to install yum-utils as this role verifies reboot with `needs-restarting`.
`el_patching_auto_reboot`	`false`	By default do not reboot the target host. Only verify if a reboot is required.
`el_patching_reboot_timeout`	`600`	By default auto reboot is disabled but the default timeout value is set to 5 minutes. Value is in `seconds`.
`el_patching_method`	`"security"`	By default apply only `security` patches on the target host. Possible values `"security"/"bugfix"/"all"`

group_vars or host_vars variables.

Variable Name	Example Usage	Required	Description
`el_patching_exclude_packages`	el_patching_exclude_packages: - tar - zip	No	Exclude packages during patching.
`el_patching_update_cache`	`true`	No	Force dnf to check if cache is out of date and re-download if needed.

Dependencies

No Dependencies

Example Playbook

Create the following playbook.

- name: Apply OS Patches
  hosts: your_patching_inventory_group_or_host
  become: true
  roles:
    - voidquark.el_patching

Example execution

Normal Execution

ansible-playbook -i inventory/hosts playbook.yml

If you want to run playbook in check mode

ansible-playbook -i inventory/hosts playbook.yml --check

License

MIT

Author Information

Created by VoidQuark

el_patching's People

Contributors

Stargazers

Watchers

el_patching's Issues

Check use of Check mode.

The default value of el_patching_check_mode is false.

This is used in your task here for example

- name: Update all packages
  ansible.builtin.dnf:
    name: "*"
    state: latest
    exclude: "{{ el_patching_exclude_packages | default(omit) }}"
  check_mode: "{{ el_patching_check_mode }}"
  when: el_patching_method == "all"

I don't believe this has the result that you intended.

By setting check_mode to false, you cause the task to execute irrespective of whether --check is specified on the play - it does not mean that the task will not execute in check mode.

https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_checkmode.html#enforcing-or-preventing-check-mode-on-tasks

What this will do is ensure that you will update your servers when --check is specified - and I don't think this is what you wanted.

Recommend Projects

voidquark / el_patching Goto Github PK

el_patching's Introduction

Ansible role - EL Patching

Requirements

Role Variables

Dependencies

Example Playbook

Example execution

License

Author Information

el_patching's People

Contributors

Stargazers

Watchers

Forkers

el_patching's Issues

Check use of Check mode.

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent