If you haven’t looked at Ansible yet then I’d suggest either reviewing a book (see bottom of post) or heading over to the website and reading up on it.
Using ansible for mundane tasks makes life as a system administrator/engineer much more livable. Instead of typing the same commands repeatedly let an automation system do that. In this example: ansible is the tool.
First, you need a set of hosts. This is either a file (hosts in my case) or you could get the data from a directory. It is entirely up to you.
Second, you’ll need to write a playbook to work against.
Then you can run up your play to update your servers!
I created multiple groups to show you some of the options available and the example command lines will follow after the hosts file.
# my hosts file # these 2 groups need a username and password, so you'll need # to pass in the -k and -K flags to log in and use sudo [ubuntu1404-password] server3.geekandi.net server4.geekandi.net [ubuntu1204-password] server1.geekandi.net server2.geekandi.net [centos7-password] server21.geekandi.net server22.geekandi.net # create a host group of like systems [linux-password:children] ubuntu1404-password ubuntu1204-password centos7-password # and set some variables for this group [linux-password:vars] ansible_ssh_user=mike # these 2 groups use an ssh key to log into the server and # do not require a password for sudo [ubuntu1404-sshkey] server13.geekandi.net server14.geekandi.net [ubuntu1204-sshkey] server15.geekandi.net server16.geekandi.net [redhat7-sshkey] server31.geekandi.net [linux-sshkey:children] ubuntu1404-sshkey ubuntu1204-sshkey redhat7-sshkey [linux-sshkey:vars] ansible_ssh_user=ansible ansible_ssh_private_key_file=~/.ssh/ansible.pem
# run the play against the host group that requires a password ansible-playbook -l ubuntu-password update-upgrade.yml -k -K
# run the play against the host group that uses ssh keys ansible-playbook -l ubuntu-sshkey update-upgrade.yml
And here is the very simple playbook that does the heavy lifting.
---
- hosts: all
sudo: yes
tasks:
# This task updates servers that use 'yum' and RPM packages
# by looking for CentOS or RedHat as a distribution name. This
# will may also pick up modern OracleLinux but OL has a lot of
# different strings.
- name: .rpm upgrade server
yum: >
update_cache=yes
name=*
state=latest
update_cache=yes
when: >
ansible_distribution == 'CentOS'
or
ansible_distribution == 'RedHat'
# This task updates servers that use 'apt' and DEB packages
# by looking for Debian or Ubuntu as a distribution name.
- name: .deb do dist-upgrade
apt: >
update_cache=yes
cache_valid_time=1200
upgrade=dist
when: >
ansible_distribution == 'Debian'
or
ansible_distribution == 'Ubuntu'
I’ll start adding more Ansible plays in the blog that will add some extra complexity.