Linux-Patch-Management/linux_patch_install.yml at master · DevopsVlogger/Linux-Patch-Management · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
---
#### Ansible Playbook to perform Kernel upgradation on RHEL/CentOS Server ####

- hosts: linux-dev-servers
  become_user: root
  serial: 2


  tasks:

    - name:  verify application/database processes are not running
      shell: if ps -eaf | egrep 'apache|http'|grep -v grep > /dev/null ;then echo 'process_running';else echo 'process_not_running';fi
      ignore_errors: true
      register: app_process_check

    # the play will fail/quit,if application is running on the server
    - name:  decision point to start patching
      fail: msg="{{ inventory_hostname }} have running Application.Please stop the application first, then attempt patching."
      when: app_process_check.stdout == "process_running"

    # this task will upgrade/install the kernel package if application is stopped on the server
    - name:  upgrade kernel package on the server
      yum:
       name="kernel"
       state=latest
      when: app_process_check.stdout == "process_not_running" and ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
      register: yum_update

    # this task is to check if kernel update happend and server needs reboot or not
    - name: check if reboot required after kernel update.
      shell: KERNEL_NEW=$(rpm -q --last kernel |head -1 | awk '{print $1}' | sed 's/kernel-//'); KERNEL_NOW=$(uname -r); if [[ $KERNEL_NEW != $KERNEL_NOW ]]; then echo "reboot_needed"; else echo "reboot_not_needed"; fi
      ignore_errors: true
      register: reboot_required

    # this task is to restart the server
    - name: restart system
      command: shutdown -r +1  "Rebooting Server After Patching"
      async: 0
      poll: 0
      when: reboot_required.stdout == "reboot_needed"
      register: reboot_started
      ignore_errors: true

    # this task is to wait for 3 minutues for server to come up after the reboot
    - name: pause for 180 secs
      pause:
        minutes: 3

    # this task is to confirm,system is up and responding to ssh
    - name: check if system responding to ssh
      local_action:
        module: wait_for
          host={{ inventory_hostname }}
          port=22
          delay=15
          timeout=300
          state=started
      when: reboot_started|changed