Playbook for Patching & Upgrading Linux APP Servers
reating an Ansible playbook for patching and upgrading Linux application servers involves several steps. Below is a detailed playbook, along with an explanation of each step.
Pre-requisites
- Ansible Installed: Ensure Ansible is installed on the control node.
- SSH Access: Ensure passwordless SSH access to all target servers.
- Inventory File: Create an inventory file listing all target servers.
Inventory File (hosts
)
[app_servers]
server1.example.com
server2.example.com
Ansible Playbook (patch_upgrade.yml
)
---
- name: Patching and Upgrading Linux Application Servers
hosts: app_servers
become: yes
tasks:
- name: Ensure all packages are up-to-date
apt:
update_cache: yes
upgrade: dist
when: ansible_os_family == "Debian"
- name: Ensure all packages are up-to-date
yum:
name: "*"
state: latest
when: ansible_os_family == "RedHat"
- name: Reboot the server if a reboot is needed
reboot:
reboot_timeout: 600
when: ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == "Debian"
- name: Wait for the server to come back online
wait_for_connection:
timeout: 300
Explanation
- Playbook Metadata:
- name: Patching and Upgrading Linux Application Servers
: Defines the playbook’s name.hosts: app_servers
: Specifies the target group of servers from the inventory file.become: yes
: Ensures tasks are run with elevated privileges.
- Tasks:
- Update Package Cache and Upgrade Packages (Debian-based):
- name: Ensure all packages are up-to-date
apt:
update_cache: yes
upgrade: dist
when: ansible_os_family == "Debian"
This task updates the package cache and upgrades all packages to the latest version on Debian-based systems.
Update and Upgrade Packages (RedHat-based):
- name: Ensure all packages are up-to-date
yum:
name: "*"
state: latest
when: ansible_os_family == "RedHat"
This task ensures all packages are upgraded to the latest version on RedHat-based systems.
Reboot the Server if Needed:
- name: Reboot the server if a reboot is needed
reboot:
reboot_timeout: 600
when: ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == "Debian"
This task reboots the server if necessary. The reboot_timeout
parameter specifies the time to wait for the reboot to complete.
Wait for Server to Come Back Online:
- name: Wait for the server to come back online
wait_for_connection:
timeout: 300
Running the Playbook
To run the playbook, use the following command:
ansible-playbook -i hosts patch_upgrade.yml
Additional Considerations
- Backups: Ensure that backups are taken before running the playbook.
- Notifications: Notify relevant stakeholders before and after the patching process.
- Monitoring: Monitor the servers during and after the patching process to ensure they are functioning correctly.
- Testing: Test the playbook on a staging environment before applying it to production servers.
Ansible Playbook for Patching & Upgrading Linux DB Servers
Inventory File (db_hosts
)
[db_servers]
dbserver1.example.com
dbserver2.example.com
Playbook (patch_upgrade_db.yml
)
---
- name: Patching and Upgrading Linux DB Servers
hosts: db_servers
become: yes
tasks:
- name: Update the package index
apt:
update_cache: yes
when: ansible_os_family == "Debian"
- name: Upgrade all installed packages
apt:
upgrade: dist
when: ansible_os_family == "Debian"
- name: Update the package index
yum:
update_cache: yes
when: ansible_os_family == "RedHat"
- name: Upgrade all installed packages
yum:
name: "*"
state: latest
when: ansible_os_family == "RedHat"
- name: Reboot the server if a reboot is needed
reboot:
reboot_timeout: 600
when: ansible_facts['reboot_required']
- name: Wait for the server to come back online
wait_for_connection:
timeout: 300
Ansible Playbook for Installing Applications in Linux VMs
Inventory File (app_hosts
)
[app_servers]
appserver1.example.com
appserver2.example.com
Playbook (install_apps.yml
)
---
- name: Installing Applications on Linux VMs
hosts: app_servers
become: yes
vars:
packages:
- vim
- git
- curl
tasks:
- name: Install applications on Debian-based systems
apt:
name: "{{ packages }}"
state: present
when: ansible_os_family == "Debian"
- name: Install applications on RedHat-based systems
yum:
name: "{{ packages }}"
state: present
when: ansible_os_family == "RedHat"
Ansible Playbook for Installing Database in Linux VMs
Inventory File (db_hosts
)
[db_servers]
dbserver1.example.com
dbserver2.example.com
Playbook (install_database.yml
)
---
- name: Installing Databases on Linux VMs
hosts: db_servers
become: yes
tasks:
- name: Install MySQL on Debian-based systems
apt:
name: mysql-server
state: present
when: ansible_os_family == "Debian"
- name: Install MySQL on RedHat-based systems
yum:
name: mariadb-server
state: present
when: ansible_os_family == "RedHat"
- name: Start and enable MySQL service on Debian-based systems
service:
name: mysql
state: started
enabled: yes
when: ansible_os_family == "Debian"
- name: Start and enable MariaDB service on RedHat-based systems
service:
name: mariadb
state: started
enabled: yes
when: ansible_os_family == "RedHat"
Ansible Playbook for Installing Web Servers in Linux VMs
Inventory File (web_hosts
)
[web_servers]
webserver1.example.com
webserver2.example.com
Playbook (install_web_server.yml
)
---
- name: Installing Web Servers on Linux VMs
hosts: web_servers
become: yes
tasks:
- name: Install Apache on Debian-based systems
apt:
name: apache2
state: present
when: ansible_os_family == "Debian"
- name: Install Apache on RedHat-based systems
yum:
name: httpd
state: present
when: ansible_os_family == "RedHat"
- name: Start and enable Apache service on Debian-based systems
service:
name: apache2
state: started
enabled: yes
when: ansible_os_family == "Debian"
- name: Start and enable Apache service on RedHat-based systems
service:
name: httpd
state: started
enabled: yes
when: ansible_os_family == "RedHat"
Running the Playbooks
To run any of the playbooks, use the following command:
ansible-playbook -i <inventory_file> <playbook_file>
Replace <inventory_file>
with the corresponding inventory file (e.g., hosts
, db_hosts
, app_hosts
, web_hosts
) and <playbook_file>
with the appropriate playbook file (e.g., patch_upgrade_db.yml
, install_apps.yml
, install_database.yml
, install_web_server.yml
).