RHEL Patching through Ansible

[Sadanand Alegaonkar]

Hello Team,

we are going to introduce patching through Ansible.

Following step manually we perform. 

 1. pre artifacts.

  2. Before patching plain reboot.

  3. Patching excluding kernel and reboot

  4. Kernel patching and reboot.

 

Above steps we tried to do through ansible and we achieve our goal partially.

For one host patching, error mail came successfully, if we tired to patch server  more than one server error mail will came for last server.

we need error mail should came for each hosts while performing patching.

Your help is more appreciable.

Regards,

Sadanand

   

[Mauricio Tavares]

Without more information, I can only make assumptions.
Assuming your email sending code is inside the task that does the update.
Assuming said task is called for each server you are upgrading.
I would expect it to work.


> Regards,
> Sadanand
>
>
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/7eca24ab-f006-4606-9afb-45d303d447f0%40googlegroups.com.

[Sadanand Alegaonkar]

On Tuesday, November 12, 2019 at 4:29:24 PM UTC+5:30, Mauricio Tavares wrote:

On Tue, Nov 12, 2019 at 5:32 AM Sadanand Alegaonkar
<sadananda...@gmail.com> wrote:
>
> Hello Team,
>
> we are going to introduce patching through Ansible.
>
> Following step manually we perform.
>  1. pre artifacts.
>   2. Before patching plain reboot.
>   3. Patching excluding kernel and reboot
>   4. Kernel patching and reboot.
>
> Above steps we tried to do through ansible and we achieve our goal partially.
>
> For one host patching, error mail came successfully, if we tired to patch server  more than one server error mail will came for last server.
>
> we need error mail should came for each hosts while performing patching.
>
> Your help is more appreciable.
>

Without more information, I can only make assumptions.
Assuming your email sending code is inside the task that does the update.
Assuming said task is called for each server you are upgrading.
I would expect it to work.


> Regards,
> Sadanand
>
>
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.

> To unsubscribe from this group and stop receiving emails from it, send an email to ansible...@googlegroups.com.

> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/7eca24ab-f006-4606-9afb-45d303d447f0%40googlegroups.com.

Hello Mauricio,

Thanks for showing interest.

  Here i am posting each yml code.

it is not working for each host and also we observe playbook is stuck  some time after executing some task.

code for patching 

=====Main yml=============

runsetup.yml

---

- name: Performing multiple commands

  hosts: patch

  become: yes

  gather_facts: no

  any_errors_fatal: false

  roles:

        - patch_server2

=========================

#cd patch_server2

#tree

.

|-- defaults

|   `-- main.yml

|-- files

|-- handlers

|   `-- main.yml

|-- meta

|   `-- main.yml

|-- README.md

|-- tasks

|   |-- after_patch_reboot.yml

|   |-- check_uptime.yml

|   |-- display_details.yml

|   |-- fetch_data.yml

|   |-- kernel_com.yml

|   |-- kernel_mail.yml

|   |-- kernel_pat.yml

|   |-- main.yml

|   |-- patching.yml

|   |-- post_mail.yml

|   |-- pre_commands.yml

|   `-- pre_mail.yml

|-- templates

|-- tests

|   |-- inventory

|   `-- test.yml

`-- vars

    `-- main.yml

+++++++++++++++++++++++++++++++++++++

cat tasks/main.yml

- import_tasks: pre_commands.yml

- import_tasks: display_details.yml

- import_tasks: fetch_data.yml

- import_tasks: check_uptime.yml

- import_tasks: pre_mail.yml

- import_tasks: patching.yml

- import_tasks: post_mail.yml

- import_tasks: after_patch_reboot.yml

- import_tasks: kernel_pat.yml

- import_tasks: kernel_com.yml

- import_tasks: after_patch_reboot.yml

- import_tasks: kernel_mail.ymlroot@devops:/home/testuser/iddeletion/patch_server2# cat tasks/after_patch_reboot.yml

---

- name: Check the uptime

  shell: uptime

  register: UPTIME_Post_REBOOT

- name: Reboot server

  shell: 'sleep 1 && shutdown -r now "Reboot triggered by Ansible" && sleep   1'

  async: 1

  poll: 0

  ignore_errors: true

  register: out

- name: Sending Error mail

  mail:

    host: localhost

    port: 25

    to: a@.com

    from: a...@s.com

    cc: s...@s.com

    subject: Error...while Rebooting (Repo 7)  {{ inventory_hostname }} server.

    body: Failed Error - {{ out.results_file }}

  delegate_to: 127.0.0.1

  when: out.finished == 1

- name: Wait for server to restart

  wait_for_connection:

  delay: 1

  timeout: 60

  ignore_errors: true

  register: wait_out

- name: Sending Error mail

  mail:

    host: localhost

    port: 25

    to: a...@s.com

    from: a...@s.com

    cc: s...@s.com

    subject: Error...while server waiting for connection (Repo 7) of {{ inventory_hostname }} server.

    body: Failed Error - {{ wait_out }}

  delegate_to: 127.0.0.1

  when: wait_out.failed == 1

++++++++++++++++++++++++++++++++++++++++++++

#cat tasks/display_details.yml

---

- name: cat command

  command: cat {{ inventory_hostname }}

  register: out

- debug:

    var: out

__________________

---

- name: Fetching from dest to source

  fetch:

     src: /root/{{ inventory_hostname }}

     dest: /home/testuser/iddeletion/patching/

______________________________

#cat tasks/kernel_com.yml

---

- name: check if reboot required after kernel update.

  shell: KERNEL_NEW=$(rpm -a -last kernel |head -1 | awk '{print $1}' | sed 's/kernel-//'); KERNEL_NOW=$(uname -r); if [[ $KERNEL_NEW != $KERNEL_NOW ]]; then echo "reboot_needed" ; else echo "reboot_not_needed"; fi

  ignore_errors: true

  register: reboot_required

-----------------------------------------------------------

#  cat tasks/kernel_mail.yml

---

- name: mail(post) notification

  mail:

    host: localhost

    port: 25

    to: a...@s.com

    from: t...@s.com

    cc: s...@ts.com

    subject: 'final(after kernel patching ) reboot.'

    body: "kernel patching done(Repo 7)..now rebooting server.."

  delegate_to: 127.0.0.1

  tags: mail

__________________________________

# cat tasks/kernel_pat.yml

---

- name: Installing Latest Kernel

  block:

   - name: installing kernel

     yum:

       name: 'kernel*'

       state: latest

     register: kup

     ignore_errors: True

   - name: Sending Error mail

     mail:

       host: localhost

       port: 25

       to: a...@ts.com

       from: t...@ts.com

       cc: s...@t.com

       subject: Error...while doing Kernel patching(Repo6) of {{ inventory_hostname }} server.

       body: Kernel Patching Failed Error - {{ kup.results }}

     delegate_to: 127.0.0.1

     when: kup.rc == 1

  always:

   - debug:

       var: kup

_______________________________________________

cat tasks/patching.yml

---

- name: upgrade all packages, excluding kernel related packages

  yum:

    name: '*'

    state: latest

    exclude: kernel*, java*

  ignore_errors: yes

  register: result_output

- debug:

   var: result_output

- name: Sending Error mail

  mail:

    host: localhost

    port: 25

    to: a...@ts.com

    from: t...@ts.com

    cc: s...@ts.com

    subject: Error...while doing patching(Repo6) of {{ inventory_hostname }} server.

    body: Patching Failed Error - {{ result_output.results }}

  delegate_to: 127.0.0.1

  when: result_output.rc == 1

-__________________________

# cat tasks/post_mail.yml

---

- name: mail(post) notification

  mail:

    host: localhost

    port: 25

    to: a...@ts.com

    from: t...@ts.com

    cc: s...@ts.com

    subject: 'Linux patching has completed and Kernel patching starting.'

    body: "Automated Linux patching has completed and kernael patching starting."

  delegate_to: 127.0.0.1

  tags: mail

___________________________________

[Doug OLeary]

Good lord, I thought our patching process was complicated :)

I don't have a specific answer to solve your issue; but, I do have some suggestions.

It looks like your playbook is designed to run non-interactively - kicked off from something like tower or control-m.  My first suggestion is to start simple, run the plays for a local ansible-playbook command if possible.  That will allow you to troubleshoot issues immediately rather than waiting for emails.

It appears you're separating kernel and non-kernel patching.  FWIW, that's not absolutely necessary.  ``yum -y update`` will update rpms that support it, and install (not update) new kernels.  Our specific patching task looks like:

  - name: Patch All Hosts
    yum:
      name: '*'
      state: latest
      update_cache: yes
    no_log: True

and seems to work fine.

I see you have 'sleep # && reboot' or some such.  Assuming a reasonably recent version of ansible, the reboot module is much more straight forward.

Long story short: When designing new processes, I generally try to keep things as simple as possible and add complexity when needed.  If this is an established process and you inherited it, you may need to redesign in a test environment.

Sorry i couldn't be more help.

Doug O'Leary

[Amit Kulkarni]

Hi Sadnand.

I am looking for similar automation.

Can you please share the playbook if possible.

Regards

Amit

--

You received this message because you are subscribed to the Google Groups "Ansible Project" group.

To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.