This is a minimal role to automate security updates to linux servers (OS Patching).
The default varibales are defined in defaults/main.yml
.
- Support for all or selective upgrades.
- Prompt for confirmation.
- Produce log trail for the update operation result.
- Rollback history (based on
yum/dnf history
).
RHEL/Oracle Linux.
Install the role:
- name: abarrak.patchi
Apply patching to all only-security available updates:
- hosts: dev,prod
become: true
roles:
- { role: abarrak.patchi, update_security: true }
Apply patching to specific set of packages (with versions optionally, defaults to latest):
- hosts: all
roles:
- role: abarrak.patchi
vars:
package_list:
- { name: httpd, version: 1.22.2 }
- { name: expat }
Apply patching to all available updates (everything):
- hosts: dev
roles:
- { role: abarrak.patchi, update_all: true }
Note: In case any upgrade fails, import the rollback tasks and run it. It will revert the last yum transaction from the history log.
- hosts: prod
import_role:
name: abarrak.patchi
tasks_from: rollback
The name comes from a nice chocolate shop in KSA. ๐
The idea is to make patching sweet and less tedious!
- Rollback support.
- Add (pre, post) hooks to handle custom shutdown/startup for critical services.
- Categorization (support tags).
MIT.