Automate Linux Patching using Ansible
Ansible comes with a module named YUM with the help of which the activities of package installation, upgrade, and removal can be automated.
Below are few practical examples of YUM module:
- Install latest version of particular package e.g httpd:
– name: install the latest version of Apache yum: name: httpd state: latest
- Remove a package with all its dependencies:
– name: remove the Apache package yum: name: httpd state: absent
- Install package using .rpm file present locally:
– name: install nginx rpm from a local file yum: name: /usr/local/src/nginx-release-centos-6-0.el6.ngx.noarch.rpm state: present
- Update all installed packages
– name: upgrade all packages: yum: name: ‘*’ state: latest
- Update all packages excluding java and httpd related packages:
– name: upgrade all packages yum: name: ‘*’ exclude: java*,httpd* state: latest
Below is complete playbook which can be used to apply patches on all your servers. We assume that you can put all your server IPs/hostnames in inventory file.
--- - name:Playbook to Patch Linux Server hosts: all gather_facts: no tasks: - name: Upgrade all packages exluding JAVA & HTTPD yum: name: '*' exclude: java*,httpd* state: latest