Ansible play to manage patching Linux servers (and eventually windows too)
From the command line you need to specify the value of hosts as an extra_vars entry:
ansible-playbook PatchSystems.yaml -e "hosts=<valid hosts input>"
The playbook defaults to rebooting servers after patching. Override the reboot var to change this.
ansible-playbook PatchSystems.yaml -e "hosts=<valid hosts input> reboot=false"
You may opt to specify what tags to act on. The two tags allow you to only run parts of the plays.
- Options:
- pin - Performs only the package pinning or versionlock part of the role
- patch - Performs patching only i.e. skips pinning
This example would perform package pinning:
ansible-playbook PatchSystems.yaml -e "hosts=tag_site_example_com" --tags "pin"
We currently pin Kernel packages so that we don't break support for a host agent that loads a kernel module:
- Update the appropriate vars file with the new most current kernel version for the distribution
i.e vars/ubuntu_12.yaml
---
supported_kernel_version: "3.2.0.70*"
- Every YAML file must follow this format:
---
# Location <PATH TO FILE>
# <PURPOSE/DESCRIPTIVE STATEMENT>
<content>
Additionally, all contributions must adhere to the same standards found here