Created
February 20, 2021 09:09
-
-
Save DevopsVlogger/b2c0816de7dbda236e4fd5dc9769096d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
#### Ansible Playbook to perform Kernel Patching on RHEL/CentOS and Ubuntu/Debian Servers #### | |
- hosts: workers | |
become: yes | |
become_user: root | |
serial: 3 | |
tasks: | |
- name: verify web/database processes are not running | |
shell: if ps -eaf | egrep 'apache|http|mysql|postgresql|mariadb'|grep -v grep > /dev/null ;then echo 'process_running';else echo 'process_not_running';fi | |
ignore_errors: true | |
register: app_process_check | |
# the play will fail/quit, if web/database processes is running on the server | |
- name: decision point to start patching | |
fail: msg="{{ inventory_hostname }} have running Application. Please stop the application processes first, then attempt patching." | |
when: app_process_check.stdout == "process_running" | |
# this task will upgrade/install the kernel package if application is stopped on the server | |
- name: upgrade kernel package on RHEL/CentOS server | |
yum: | |
name="kernel" | |
state=latest | |
when: app_process_check.stdout == "process_not_running" and ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' | |
register: yum_update | |
# this task will upgrade/install the kernel package if application is stopped on the Ubuntu server | |
- name: upgrade kernel package on Ubuntu server | |
apt: | |
update_cache: yes | |
force_apt_get: yes | |
cache_valid_time: 3600 | |
name: linux-image-generic | |
state: latest | |
when: app_process_check.stdout == "process_not_running" and ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' | |
register: apt_update | |
# this task is to check if kernel update happend and CentOS/RedHat server needs to be rebooted or not | |
- name: check if reboot required after kernel update on CentOS/RedHat servers | |
shell: KERNEL_NEW=$(rpm -q --last kernel |head -1 | awk '{print $1}' | sed 's/kernel-//'); KERNEL_NOW=$(uname -r); if [[ $KERNEL_NEW != $KERNEL_NOW ]]; then echo "reboot_needed"; else echo "reboot_not_needed"; fi | |
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' | |
ignore_errors: true | |
register: reboot_required | |
# this task is to check if kernel update happend and Ubuntu/Debian server needs to be rebooted or not | |
- name: Check if a reboot is required after kernel update on Ubuntu/Debian servers | |
register: reboot_required_file | |
stat: path=/var/run/reboot-required get_md5=no | |
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' | |
- name: Reboot CentOS/RedHat systems if kernel updated | |
command: shutdown -r +1 "Rebooting CentOS/RedHat Servers After Kernel Patching" | |
async: 0 | |
poll: 0 | |
when: reboot_required.stdout == "reboot_needed" and (ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux') | |
register: reboot_started | |
ignore_errors: true | |
- name: Reboot Ubuntu/Debian Servers if kernel updated | |
reboot: | |
msg: "Rebooting Ubuntu/Debian Servers After Kernel Patching" | |
connect_timeout: 5 | |
reboot_timeout: 300 | |
pre_reboot_delay: 0 | |
post_reboot_delay: 30 | |
test_command: uptime | |
when: reboot_required_file.stat.exists and (ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian') | |
register: reboot_started_ubuntu | |
ignore_errors: true | |
# this task is to wait for 3 minutues for server to come up after the reboot | |
- name: pause for 180 secs | |
pause: | |
minutes: 3 | |
- name: check if all the systems responding to ssh | |
local_action: | |
module: wait_for | |
host={{ (ansible_ssh_host|default(ansible_host))|default(inventory_hostname) }} | |
port=22 | |
search_regex=OpenSSH | |
delay=15 | |
timeout=300 | |
state=started |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment