Skip to content

Instantly share code, notes, and snippets.

@DevopsVlogger
Created February 20, 2021 09:09
Show Gist options
  • Save DevopsVlogger/b2c0816de7dbda236e4fd5dc9769096d to your computer and use it in GitHub Desktop.
Save DevopsVlogger/b2c0816de7dbda236e4fd5dc9769096d to your computer and use it in GitHub Desktop.
---
#### Ansible Playbook to perform Kernel Patching on RHEL/CentOS and Ubuntu/Debian Servers ####
- hosts: workers
become: yes
become_user: root
serial: 3
tasks:
- name: verify web/database processes are not running
shell: if ps -eaf | egrep 'apache|http|mysql|postgresql|mariadb'|grep -v grep > /dev/null ;then echo 'process_running';else echo 'process_not_running';fi
ignore_errors: true
register: app_process_check
# the play will fail/quit, if web/database processes is running on the server
- name: decision point to start patching
fail: msg="{{ inventory_hostname }} have running Application. Please stop the application processes first, then attempt patching."
when: app_process_check.stdout == "process_running"
# this task will upgrade/install the kernel package if application is stopped on the server
- name: upgrade kernel package on RHEL/CentOS server
yum:
name="kernel"
state=latest
when: app_process_check.stdout == "process_not_running" and ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
register: yum_update
# this task will upgrade/install the kernel package if application is stopped on the Ubuntu server
- name: upgrade kernel package on Ubuntu server
apt:
update_cache: yes
force_apt_get: yes
cache_valid_time: 3600
name: linux-image-generic
state: latest
when: app_process_check.stdout == "process_not_running" and ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
register: apt_update
# this task is to check if kernel update happend and CentOS/RedHat server needs to be rebooted or not
- name: check if reboot required after kernel update on CentOS/RedHat servers
shell: KERNEL_NEW=$(rpm -q --last kernel |head -1 | awk '{print $1}' | sed 's/kernel-//'); KERNEL_NOW=$(uname -r); if [[ $KERNEL_NEW != $KERNEL_NOW ]]; then echo "reboot_needed"; else echo "reboot_not_needed"; fi
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
ignore_errors: true
register: reboot_required
# this task is to check if kernel update happend and Ubuntu/Debian server needs to be rebooted or not
- name: Check if a reboot is required after kernel update on Ubuntu/Debian servers
register: reboot_required_file
stat: path=/var/run/reboot-required get_md5=no
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: Reboot CentOS/RedHat systems if kernel updated
command: shutdown -r +1 "Rebooting CentOS/RedHat Servers After Kernel Patching"
async: 0
poll: 0
when: reboot_required.stdout == "reboot_needed" and (ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux')
register: reboot_started
ignore_errors: true
- name: Reboot Ubuntu/Debian Servers if kernel updated
reboot:
msg: "Rebooting Ubuntu/Debian Servers After Kernel Patching"
connect_timeout: 5
reboot_timeout: 300
pre_reboot_delay: 0
post_reboot_delay: 30
test_command: uptime
when: reboot_required_file.stat.exists and (ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian')
register: reboot_started_ubuntu
ignore_errors: true
# this task is to wait for 3 minutues for server to come up after the reboot
- name: pause for 180 secs
pause:
minutes: 3
- name: check if all the systems responding to ssh
local_action:
module: wait_for
host={{ (ansible_ssh_host|default(ansible_host))|default(inventory_hostname) }}
port=22
search_regex=OpenSSH
delay=15
timeout=300
state=started
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment