Ansible Playbook for Patching & Upgrading Different Services

Posted by

Playbook for Patching & Upgrading Linux APP Servers

reating an Ansible playbook for patching and upgrading Linux application servers involves several steps. Below is a detailed playbook, along with an explanation of each step.

Pre-requisites

  1. Ansible Installed: Ensure Ansible is installed on the control node.
  2. SSH Access: Ensure passwordless SSH access to all target servers.
  3. Inventory File: Create an inventory file listing all target servers.

Inventory File (hosts)

[app_servers]
server1.example.com
server2.example.com

Ansible Playbook (patch_upgrade.yml)

---
- name: Patching and Upgrading Linux Application Servers
  hosts: app_servers
  become: yes
  tasks:
    - name: Ensure all packages are up-to-date
      apt:
        update_cache: yes
        upgrade: dist
      when: ansible_os_family == "Debian"

    - name: Ensure all packages are up-to-date
      yum:
        name: "*"
        state: latest
      when: ansible_os_family == "RedHat"

    - name: Reboot the server if a reboot is needed
      reboot:
        reboot_timeout: 600
      when: ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == "Debian"

    - name: Wait for the server to come back online
      wait_for_connection:
        timeout: 300

Explanation

  1. Playbook Metadata:
    • - name: Patching and Upgrading Linux Application Servers: Defines the playbook’s name.
    • hosts: app_servers: Specifies the target group of servers from the inventory file.
    • become: yes: Ensures tasks are run with elevated privileges.
  2. Tasks:
    • Update Package Cache and Upgrade Packages (Debian-based):
- name: Ensure all packages are up-to-date
  apt:
    update_cache: yes
    upgrade: dist
  when: ansible_os_family == "Debian"

This task updates the package cache and upgrades all packages to the latest version on Debian-based systems.

Update and Upgrade Packages (RedHat-based):

- name: Ensure all packages are up-to-date
  yum:
    name: "*"
    state: latest
  when: ansible_os_family == "RedHat"

This task ensures all packages are upgraded to the latest version on RedHat-based systems.

Reboot the Server if Needed:

- name: Reboot the server if a reboot is needed
  reboot:
    reboot_timeout: 600
  when: ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == "Debian"

This task reboots the server if necessary. The reboot_timeout parameter specifies the time to wait for the reboot to complete.

Wait for Server to Come Back Online:

- name: Wait for the server to come back online
  wait_for_connection:
    timeout: 300

Running the Playbook

To run the playbook, use the following command:

ansible-playbook -i hosts patch_upgrade.yml

Additional Considerations

  1. Backups: Ensure that backups are taken before running the playbook.
  2. Notifications: Notify relevant stakeholders before and after the patching process.
  3. Monitoring: Monitor the servers during and after the patching process to ensure they are functioning correctly.
  4. Testing: Test the playbook on a staging environment before applying it to production servers.

Ansible Playbook for Patching & Upgrading Linux DB Servers

Inventory File (db_hosts)

[db_servers]
dbserver1.example.com
dbserver2.example.com

Playbook (patch_upgrade_db.yml)

---
- name: Patching and Upgrading Linux DB Servers
  hosts: db_servers
  become: yes
  tasks:
    - name: Update the package index
      apt:
        update_cache: yes
      when: ansible_os_family == "Debian"
      
    - name: Upgrade all installed packages
      apt:
        upgrade: dist
      when: ansible_os_family == "Debian"

    - name: Update the package index
      yum:
        update_cache: yes
      when: ansible_os_family == "RedHat"
      
    - name: Upgrade all installed packages
      yum:
        name: "*"
        state: latest
      when: ansible_os_family == "RedHat"

    - name: Reboot the server if a reboot is needed
      reboot:
        reboot_timeout: 600
      when: ansible_facts['reboot_required']

    - name: Wait for the server to come back online
      wait_for_connection:
        timeout: 300

Ansible Playbook for Installing Applications in Linux VMs

Inventory File (app_hosts)

[app_servers]
appserver1.example.com
appserver2.example.com

Playbook (install_apps.yml)

---
- name: Installing Applications on Linux VMs
  hosts: app_servers
  become: yes
  vars:
    packages:
      - vim
      - git
      - curl
  tasks:
    - name: Install applications on Debian-based systems
      apt:
        name: "{{ packages }}"
        state: present
      when: ansible_os_family == "Debian"

    - name: Install applications on RedHat-based systems
      yum:
        name: "{{ packages }}"
        state: present
      when: ansible_os_family == "RedHat"

Ansible Playbook for Installing Database in Linux VMs

Inventory File (db_hosts)

[db_servers]
dbserver1.example.com
dbserver2.example.com

Playbook (install_database.yml)

---
- name: Installing Databases on Linux VMs
  hosts: db_servers
  become: yes
  tasks:
    - name: Install MySQL on Debian-based systems
      apt:
        name: mysql-server
        state: present
      when: ansible_os_family == "Debian"

    - name: Install MySQL on RedHat-based systems
      yum:
        name: mariadb-server
        state: present
      when: ansible_os_family == "RedHat"

    - name: Start and enable MySQL service on Debian-based systems
      service:
        name: mysql
        state: started
        enabled: yes
      when: ansible_os_family == "Debian"

    - name: Start and enable MariaDB service on RedHat-based systems
      service:
        name: mariadb
        state: started
        enabled: yes
      when: ansible_os_family == "RedHat"

Ansible Playbook for Installing Web Servers in Linux VMs

Inventory File (web_hosts)

[web_servers]
webserver1.example.com
webserver2.example.com

Playbook (install_web_server.yml)

---
- name: Installing Web Servers on Linux VMs
  hosts: web_servers
  become: yes
  tasks:
    - name: Install Apache on Debian-based systems
      apt:
        name: apache2
        state: present
      when: ansible_os_family == "Debian"

    - name: Install Apache on RedHat-based systems
      yum:
        name: httpd
        state: present
      when: ansible_os_family == "RedHat"

    - name: Start and enable Apache service on Debian-based systems
      service:
        name: apache2
        state: started
        enabled: yes
      when: ansible_os_family == "Debian"

    - name: Start and enable Apache service on RedHat-based systems
      service:
        name: httpd
        state: started
        enabled: yes
      when: ansible_os_family == "RedHat"

Running the Playbooks

To run any of the playbooks, use the following command:

ansible-playbook -i <inventory_file> <playbook_file>

Replace <inventory_file> with the corresponding inventory file (e.g., hosts, db_hosts, app_hosts, web_hosts) and <playbook_file> with the appropriate playbook file (e.g., patch_upgrade_db.yml, install_apps.yml, install_database.yml, install_web_server.yml).

guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x