On the web you can find many tips about how to update CentOS/RHEL linux systems. Some of them are quite old and do not leverage new features available in recent Ansible versions, other has some issues or do not provide a nice way to display what’s going on.
Recently I’ve spent some time tuning ansible playbook to develop a nice way to update my RedHat family systems.
The playbook does the following:
- First, it checks if there are any packages to be updated and displays them.
- Next, it starts the update.
- After that it installs (if necessary) yum-utils package that provides needs-restarting command which tells us if the system reboot is required after the update.
- Then it reboots host if necessary and wait for it to come back online.
- At the end it displays a message with number of seconds that it took to reboot.
Below you will find tasks from the playbook (I do not post whole playbook as you can have your own requirements e.g. for serialization or host group):
- name: check packages for updates
shell: yum list updates | awk 'f;/Updated Packages/{f=1;}' | awk '{ print $1 }'
changed_when: updates.stdout_lines | length > 0
args:
warn: false
register: updates
- name: display count
debug:
msg: "Found {{ updates.stdout_lines | length }} packages to be updated:\n\n{{ updates.stdout }}"
- when: updates.stdout_lines | length > 0
block:
- name: install updates using yum
yum:
name: "*"
state: latest
- name: install yum-utils
package:
name: yum-utils
- name: check if reboot is required
shell: needs-restarting -r
failed_when: false
register: reboot_required
changed_when: false
- when: updates.stdout_lines | length > 0 and reboot_required.rc != 0
block:
- name: reboot the server if required
shell: sleep 3; reboot
ignore_errors: true
changed_when: false
async: 1
poll: 0
- name: wait for server to come back after reboot
wait_for_connection:
timeout: 600
delay: 20
register: reboot_result
- name: reboot time
debug:
msg: "The system rebooted in {{ reboot_result.elapsed }} seconds."
I hope you find it useful :)
MarcV Jun 11 , 2018 at 11:16 /
Very useful! Thanks a lot!
I have been searching for an elegant and simple solution for this as Red Hat is failing to solve this properly.
On Debian systems it is quit easy to establish if a server needs a reboot but on Red Hat servers it is very difficult to determine if they need a reboot.
Grant Nov 05 , 2018 at 16:57 /
When I try running this I get: ERROR! ‘shell’ is not a valid attribute for a Play
luktom Nov 05 , 2018 at 18:16 /
As I mentioned in the post, these are only tasks for a playbook, so you have to add them under “tasks:” section in your playbook or in a role.
david Ge Feb 01 , 2019 at 20:55 /
there is a reboot module you should look into – it can reboot a machine more nicely than the last stanza on this page.
https://docs.ansible.com/ansible/latest/modules/reboot_module.html
luktom Feb 01 , 2019 at 21:11 /
You’re right :) The thing is that it was introduced in Ansible 2.7 which was GA in October 2018 and my post is from April 2018 :)
Anand R Mar 19 , 2019 at 05:08 /
Got it what I searched for. Thanks !
Michael Mar 27 , 2019 at 03:51 /
luktom,
Do you have a playbook that would upgrade rhel 6 to rhel 7?
luktom Apr 01 , 2019 at 13:34 /
Hi, I don’t have ready-to-go playbook, however it looks pretty easy to automate if you follow the docs here: https://access.redhat.com/documentation/en-us/red_hat_gluster_storage/3.4/html/installation_guide/rhel6_to_rhel7
Michael Walter Kuhlman Apr 02 , 2019 at 06:05 /
luktom,
Would you be able to automate this for me? I can pay you.
: https://access.redhat.com/documentation/en-us/red_hat_gluster_storage/3.4/html/installation_guide/rhel6_to_rhel7
Regards
Mike
Abiding Dude Jul 09 , 2019 at 19:26 /
a thousand thankyous!
Poil Oct 30 , 2019 at 08:51 /
Hi,
Thanks,
On the shell task I always add this to be sure my locale system is always in english to parse the command output.
environment:
LC_ALL: C
Nico Feb 05 , 2021 at 11:53 /
Thanks for this. It works perfectly
Gurudatta Jun 01 , 2021 at 09:15 /
How can we use –broken with the
– name: install updates using yum
yum:
name: “*”
Aske Feb 15 , 2023 at 14:07 /
Can see the
“args
warn: false”
for “changed_when” has been deprecated now when i use it in a playbook.
what was it set false to warn for in the first place?
never experienced this to warn about anything when i tried to remove it, and now it only works without this arg.