{"id":5632,"date":"2024-02-13T21:12:00","date_gmt":"2024-02-14T03:12:00","guid":{"rendered":"https:\/\/www.incredigeek.com\/home\/?p=5632"},"modified":"2024-02-15T15:15:51","modified_gmt":"2024-02-15T21:15:51","slug":"ansible-playbook-to-upgrade-linux-servers-debian-ubuntu-redhat-fedora-centos","status":"publish","type":"post","link":"https:\/\/www.incredigeek.com\/home\/ansible-playbook-to-upgrade-linux-servers-debian-ubuntu-redhat-fedora-centos\/","title":{"rendered":"Ansible Playbook to upgrade Linux Servers (Debian, Ubuntu, RedHat, Fedora, CentOS)"},"content":{"rendered":"\n

This is an Ansible playbook that can upgrade all your Linux machines! Or at least most of them. No openSUSE support yet.<\/p>\n\n\n\n

Copy the playbook below, and put all your servers into an inventory file and run with<\/p>\n\n\n\n

ansible-playbook -i hosts.ini master_update.yaml --ask-vault-pass<\/pre>\n\n\n\n
Couple of notes.<\/p>\n\n\n\n
    \n
  1. This will do a full update automatically reboot your servers if needed.<\/li>\n\n\n\n
  2. There is a special section for RHEL, CentOS 7 servers.  If a server is running say CentOS 7, it will default to using YUM instead of DNF.<\/li>\n\n\n\n
  3. You need sudo or become: yes to reboot and install upgrades.<\/li>\n<\/ol>\n\n\n\n
    <\/p>\n\n\n\n
    Linux OS Upgrade Playbook<\/p>\n\n\n\n
    ---\n- name: Linux OS Upgrade\n  hosts: all\n  gather_facts: yes\n  become: yes\n\n  tasks:\n    - name: Upgrade Debian and Ubuntu systems with apt\n      block: \n        - name: dist-upgrade\n          ansible.builtin.apt:\n            upgrade: dist\n            update_cache: yes \n          register: upgrade_result\n\n        - name: Debain check if reboot is required\n          shell: \"[ -f \/var\/run\/reboot-required ]\"\n          failed_when: False\n          register: debian_reboot_required\n          changed_when: debian_reboot_required.rc == 0\n          notify:\n            - Reboot server \n\n        - name: Debian remove unneeded dependencies\n          ansible.builtin.apt:\n            autoremove: yes\n          register: autoremove_result \n\n        - name: Debian print errors if upgrade failed\n          ansible.builtin.debug:\n            msg: | \n              Upgrade Result: {{ upgrade_result }}\n              Autoremove Result: {{ autoremove_result }}\n      when: ansible_os_family == \"Debian\"\n    \n    - name: Upgrade RHEL systems with DNF\n      block:\n        - name: Get packages that can be upgraded with DNF\n          ansible.builtin.dnf:\n            list: upgrades\n            state: latest\n            update_cache: yes \n          register: reg_dnf_output_all\n\n        - name: List packages that can be upgraded with DNF\n          ansible.builtin.debug: \n            msg: \"{{ reg_dnf_output_all.results | map(attribute='name') | list }}\"\n\n        - name: Upgrade packages with DNF\n          become: yes\n          ansible.builtin.dnf:\n            name: '*'\n            state: latest\n            update_cache: yes\n            update_only: no\n          register: reg_upgrade_ok\n\n        - name: Print DNF errors if upgrade failed\n          ansible.builtin.debug:\n            msg: \"Packages upgrade failed\"\n          when: reg_upgrade_ok is not defined\n\n        - name: Install dnf-utils\n          become: yes\n          ansible.builtin.dnf:\n            name: 'dnf-utils'\n            state: latest\n            update_cache: yes\n          when: reg_dnf_output_all is defined\n\n      when: ansible_os_family == \"RedHat\" and not (ansible_distribution_major_version == \"7\")\n\n    - name: Upgrade legacy RHEL systems with YUM\n      block:\n        - name: Get packages that can be upgraded with YUM\n          ansible.builtin.yum:\n            list: upgrades\n            state: latest\n            update_cache: yes \n          register: reg_yum_output_all\n            \n\n        - name: List packages that can be upgraded with YUM\n          ansible.builtin.debug: \n            msg: \"{{ reg_yum_output_all.results | map(attribute='name') | list }}\"\n\n        - name: Upgrade packages with YUM\n          become: yes\n          ansible.builtin.yum:\n            name: '*'\n            state: latest\n            update_cache: yes\n            update_only: no\n          register: reg_yum_upgrade_ok\n\n        - name: Print YUM errors if upgrade failed\n          ansible.builtin.debug:\n            msg: \"Packages upgrade failed\"\n          when: reg_yum_upgrade_ok is not defined\n            \n        - name: Check legacy RHEL system if a reboot is required\n          become: yes\n          command: needs-restarting -r\n          register: reg_reboot_required\n          ignore_errors: yes\n          failed_when: false\n          changed_when: reg_reboot_required.rc != 0\n          notify:\n            - Reboot server \n      when: ansible_os_family == \"RedHat\" and ansible_distribution_major_version == \"7\"\n\n\n  handlers:\n    - name : Reboot server\n      ansible.builtin.reboot:\n        msg: \"Reboot initiated by Ansible after OS update\"\n        reboot_timeout: 3600\n        test_command: uptime\n<\/code><\/pre>\n\n\n\n
    Helpful links<\/p>\n\n\n\n
    https:\/\/github.com\/simeononsecurity\/ansible_linux_update\/tree\/main<\/a>
    https:\/\/simeononsecurity.com\/guides\/automate-linux-patching-and-updates-with-ansible\/<\/a>
    https:\/\/thenathan.net\/2020\/07\/16\/yum-and-dnf-update-and-reboot-with-ansible\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
    This is an Ansible playbook that can upgrade all your Linux machines! Or at least most of them. No openSUSE support yet. Copy the playbook below, and put all your servers into an inventory file and run with ansible-playbook -i … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1646,1647,1],"tags":[1649,1193,244,17,51,7,1200,538,1648,49],"class_list":["post-5632","post","type-post","status-publish","format-standard","hentry","category-ansible","category-automation","category-uncategorized","tag-alma","tag-ansible","tag-automation","tag-centos","tag-debian","tag-linux-2","tag-playbook","tag-rhel","tag-rocky","tag-ubuntu-2"],"_links":{"self":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts\/5632","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/comments?post=5632"}],"version-history":[{"count":6,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts\/5632\/revisions"}],"predecessor-version":[{"id":5653,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts\/5632\/revisions\/5653"}],"wp:attachment":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/media?parent=5632"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/categories?post=5632"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/tags?post=5632"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}