-
Notifications
You must be signed in to change notification settings - Fork 0
/
playbook_patch_RHEL.yml
53 lines (47 loc) · 1.85 KB
/
playbook_patch_RHEL.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
### Update systems 'CentOS' or 'Red Hat Enterprise Linux'
### by Mark Nguyen
### Reference: Yogesh Mehta(youtube)
### 10/2018
---
- hosts: linux1rhel
become_user: root
serial: 2
tasks:
# check if apache is running
- name: verify application/database processes
shell: if ps -elf | grep 'apache|http' | grep =v grep > /dev/null; then echo 'process for webserver is running'; else echo 'Webserver process is not running'; fi
ignore_errors: true
register: app_process_check
# decision point: fil==quit
- name: upgrade all packages on rhel servers
yum: name="kernel" state=latest
retries: 3
when: app_process_check.stdout == "Webserver process is not running" and ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
register: yum_update
# check if update happened and reboot occured
- name: check if reboot required after update
shell: KERNEL_NEW=$(rpm -q --last kernel | head -1 | awk '{print $1}' | sed 's/kernel.//'); KERNEL_NOW=$(uname -r); if test $KERNEL_NEW != $KERNEL_NOW; then echo "reboot_needed"; else echo "reboot_not_needed"; fi
ignore_errors: true
register: reboot_required
# restart the system
- name: restart_system
command: shutdown -r +1 "System is about to reboot after patching..."
async: 0
poll: 0
when: reboot_required.stdout = "reboot_needed"
register: reboot_started
ignore_errors: true
# Wait for 3 minutes for system to come up
- name: pause for 180 secs
pause:
minutes: 3
# Verify that system came up and responded to ssh command
- name: checki if ssh is responding
local_action:
module: wait_for
host={{ inventory_hostname }}
port=22
delay=15
timeout=300
state=started
when: reboot_started|changed