Sample OS Patching Ansible Yaml Code:
=======================================
---
- name: OS patching of Webservers
hosts: webservers
serial: 2
become: true
tasks:
- name : Stop Httpd Service
service:
name: httpd
state: stopped
when: ansible_distribution == 'CentOS'
- name : Stop Apache2 Service
service:
name: apache2
state: stopped
when: ansible_distribution == 'Ubuntu'
- name : Stop Tomcat Service
service:
name: tomcat
state: stopped
- name : Stop Keycloak Service
service:
name: keycloak
state: stopped
- name: Verify processes are not running
shell: if ps -eaf | egrep 'apache|http|tomcat|keycloak'|grep -v grep > /dev/null ;then echo 'process_running';else echo 'process_not_running';fi
ignore_errors: true
register: result_process_check
- name: Run Backup Script prior OS patch
shell: sh /opt/scripts/backup_prior_os_patch.sh
- name: Centos OS paching
yum:
name: '*'
state: latest
when: result_process_check.stdout == "process_not_running" and ansible_os_family == "RedHat"
- name: Update Ubuntu repositories cache
apt:
update_cache: yes
when: result_process_check.stdout == "process_not_running" and ansible_os_family == "Debian"
- name: Update all packages to their latest version
apt:
name: "*"
state: latest
when: ansible_os_family == "Debian"
- name: Upgrade the OS (apt-get dist-upgrade)
apt:
upgrade: dist
when: ansible_os_family == "Debian"
- name: Rebooting the servers
reboot:
msg: "Rebooting Servers After Kernel Patching"
connect_timeout: 5
reboot_timeout: 300
pre_reboot_delay: 0
post_reboot_delay: 30
test_command: uptime
ignore_errors: true
- name: pause for 180 secs
pause:
minutes: 3