0

I'm trying to automate our patching and stumbled upon Ansible.

I have ran the win_update module and this could be used for 80% of our servers, but others have a reboot procedure.

Some groups of our servers need to be updated/rebooted in order, including some services. Is this possible with Ansible?

Scenario could be:

  • Server A - B - C need to be down
  • Server D update, reboot, start manual service A - B - C
  • Server C update, reboot, start manual service A - B
  • ...
MeMario
  • 65
  • 1
  • 7

1 Answers1

1

Yes, you can write rolling updates with additional tasks into Ansible plays.

Group specific behavior can come from group_vars, or additional plays run only on certain groups.


---
# playbook
- name: Pre OS update
  hosts: A,B,C
  
  roles:
  # bring services down or other prep steps
  - update_pre
    
- name: Update and reboot
  hosts: A,B,C,D 
  order: inventory
  # Rolling updates: do play to completion one host at a time
  serial: 1 

  roles:
  - update_servers

# Roles enable reuse: different hosts but same tasks
# Move groups to their own play for a desired order
# or for a different sequence of tasks
- name: Update and reboot special group E
  hosts: E
  
  roles:
  - update_pre
  - update_servers
  - update_post
...


---
# roles/update_servers/tasks/main.yml

- win_updates:
    category_names: '*' 
    # win_reboot task probably not required
    reboot: yes
    
# If not a Windows service, add other tasks here
# or in follow-up roles 
- name: Post update service bounce
  win_service:
    name: "{{ item }}"
    state: restarted
  loop: "{{ update_restart_services | default([]) }}"
...
 
---
 # group_vars/C.yml
 update_restart_services:
 - alpha
 - beta
...
---
 # group_vars/D.yml
 update_restart_services:
 - alpha
 - beta
 - gamma
...
John Mahowald
  • 32,050
  • 2
  • 19
  • 34