{"id":5617,"date":"2024-02-08T20:45:45","date_gmt":"2024-02-09T02:45:45","guid":{"rendered":"https:\/\/www.incredigeek.com\/home\/?p=5617"},"modified":"2024-02-15T15:19:29","modified_gmt":"2024-02-15T21:19:29","slug":"ansible-playbook-for-updating-linux-debian-ubuntu","status":"publish","type":"post","link":"https:\/\/www.incredigeek.com\/home\/ansible-playbook-for-updating-linux-debian-ubuntu\/","title":{"rendered":"Ansible Playbook for Updating Linux (Debian\/Ubuntu)"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.incredigeek.com\/home\/wp-content\/uploads\/2024\/02\/image-1.png\"><img loading=\"lazy\" decoding=\"async\" width=\"717\" height=\"458\" src=\"https:\/\/www.incredigeek.com\/home\/wp-content\/uploads\/2024\/02\/image-1.png\" alt=\"\" class=\"wp-image-5620\" srcset=\"https:\/\/www.incredigeek.com\/home\/wp-content\/uploads\/2024\/02\/image-1.png 717w, https:\/\/www.incredigeek.com\/home\/wp-content\/uploads\/2024\/02\/image-1-300x192.png 300w, https:\/\/www.incredigeek.com\/home\/wp-content\/uploads\/2024\/02\/image-1-470x300.png 470w\" sizes=\"auto, (max-width: 717px) 100vw, 717px\" \/><\/a><\/figure>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Using Ansible to Update Linux (Debian\/Kali)\" width=\"584\" height=\"329\" src=\"https:\/\/www.youtube.com\/embed\/ZfPQza-LVuU?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><figcaption class=\"wp-element-caption\">Video on using Ansible to Update Linux<\/figcaption><\/figure>\n\n\n\n<p>The three steps to update a machine with Ansible<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Create Ansible Inventory\/Hosts file<\/li>\n\n\n\n<li>Create Playbook<\/li>\n\n\n\n<li>Run Playbook<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">Create Inventory<\/h2>\n\n\n\n<p>The first thing we need to do is create an inventory file.  This will contain a list of our servers along with the credentials.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">touch hosts.txt<\/pre>\n\n\n\n<p>Now let&#8217;s encrypt the file with Ansible Vault.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ansible-vault encrypt hosts.txt<\/pre>\n\n\n\n<p><\/p>\n\n\n\n<p>The file is now encrypted.  To edit the file, we need to use `ansible-vault edit`.  <br><em>If you want to, you can configure the hosts.txt file and then encrypt it when you are finished.<\/em><\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ansible-vault edit hosts.txt<\/pre>\n\n\n\n<p>Now add some hosts.  In this example we add the local Kali machine, because why not.  If you have Ubuntu servers, replace debian with ubuntu.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">[debian]\nkali ansible_host=127.0.0.1 ansible_ssh_user=kali ansible_ssh_port=22 ansible_ssh_password='kali pass' ansible_become_pass='kali sudo pass'<\/pre>\n\n\n\n<p> Add as many hosts as you need.  For sake of simplicity, we are only adding one, and it is our localhost.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Create Playbook<\/h2>\n\n\n\n<p>Create a new playbook.  <\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">vi debian_update.yml<\/pre>\n\n\n\n<p>Put the following into the playbook.  Edit as desired.  Change hosts to match the above hosts in the inventory\/hosts file.<\/p>\n\n\n\n<pre class=\"wp-block-code has-dark-gray-background-color has-background\"><code lang=\"yaml\" class=\"language-yaml line-numbers\">---\n- name: OS update\n  hosts: debian\n  gather_facts: yes\n  become: yes\n\n  tasks:\n    - name: dist-upgrade\n      ansible.builtin.apt:\n        upgrade: dist\n        update_cache: yes\n      register: upgrade_result\n\n    - name: Check if a reboot is required\n      ansible.builtin.stat:\n        path: \/var\/run\/reboot-required\n        get_checksum: no\n      register: reboot_required_file\n\n    - name: Reboot the server (if required).\n      ansible.builtin.reboot:\n      when: reboot_required_file.stat.exists\n      register: reboot_result\n\n    - name: Remove unneeded dependencies\n      ansible.builtin.apt:\n        autoremove: yes\n      register: autoremove_result\n\n    - name: Print errors if upgrade failed\n      ansible.builtin.debug:\n        msg: |\n          Upgrade Result: {{ upgrade_result }}\n          Reboot Result: {{ reboot_result }}\n          Autoremove Result: {{ autoremove_result }}<\/code><\/pre>\n\n\n\n<p>A couple of notes<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>On the 3rd line it defines which group to run this playbook against.  In this case debian. <\/li>\n\n\n\n<li>This will check if a reboot is needed and reboot the machine.  Reboots are usually needed when the kernel is updated <\/li>\n\n\n\n<li>The 5th line contains `become: yes` this means that the playbook will use sudo.  You can specify the sudo password in the hosts file `ansible_become_pass=sudopass` or with the -k or &#8211;ask-become options<\/li>\n\n\n\n<li>The update and reboot are natively built into Ansible.  Hence the ansible.builtin.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">Run Playbook<\/h2>\n\n\n\n<p>Now that we have our inventory and playbook, we can upgrade our machines.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ansible-playbook debian_update.yml -i hosts.ini --ask-vault-password<\/pre>\n\n\n\n<p>Tip!  If you have not specified a &#8220;ansible_ask_become&#8221; password (that is the sudo password), you can specify it with the -k or &#8211;ask-become options.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The three steps to update a machine with Ansible Create Inventory The first thing we need to do is create an inventory file. This will contain a list of our servers along with the credentials. touch hosts.txt Now let&#8217;s encrypt &hellip; <a href=\"https:\/\/www.incredigeek.com\/home\/ansible-playbook-for-updating-linux-debian-ubuntu\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1646,1647,3],"tags":[1193,322,244,51,7,248,363],"class_list":["post-5617","post","type-post","status-publish","format-standard","hentry","category-ansible","category-automation","category-linux","tag-ansible","tag-apt","tag-automation","tag-debian","tag-linux-2","tag-update","tag-upgrade"],"_links":{"self":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts\/5617","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/comments?post=5617"}],"version-history":[{"count":8,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts\/5617\/revisions"}],"predecessor-version":[{"id":5658,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts\/5617\/revisions\/5658"}],"wp:attachment":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/media?parent=5617"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/categories?post=5617"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/tags?post=5617"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}