Yum and Dnf update and reboot with Ansible

https://thenathan.net/2020/07/16/yum-and-dnf-update-and-reboot-with-ansible/

In this video I cover some play books I have written to patch my RedHat based CentOS VM’s. The playbooks will enable EPEL, verify some packages/applications I use are installed, run a Yum or DNF update and reboot if a reboot is required.

The playbooks can be downloaded from below

enable_epel.yml_Download std_packages.yml_Download yum_update_reboot.yml_Download nathan@thenathan:~/ansible$ cat enable_epel.yml —

hosts: all gather_facts: True become: true strategy: free tasks:
- name: Enable EPEL Repository on CentOS 8 dnf: name: epel-release state: latest when: ansible_facts[‘os_family’] == ‘RedHat’ and ansible_facts [‘distribution_major_version’] >= ‘8’
- name: Enable EPEL Repository on CentOS 7 yum: name: epel-release state: latest when: ansible_facts[‘os_family’] == ‘RedHat’ and ansible_facts [‘distribution_major_version’] == ‘7’ nathan@thenathan:~/ansible$ cat std_packages.yml —
import_playbook: enable_epel.yml
hosts: all gather_facts: false become: true strategy: free tasks:

#RHEL based OS version 7 stuff
- name: Packages major_version 7 when: ansible_facts[‘distribution_major_version’] == “7” package: name: [‘nmap-ncat’, ‘curl’, ‘rsync’, ‘sysstat’, ‘bind-utils’, ‘wget’, ‘bash-completion’, ‘mlocate’, ‘lsof’, ‘htop’, ‘sharutils’, ‘python2-psutil’, ‘yum-utils’, ‘ps_mem’ ] state: present
#RHEL based OS version 6 stuff
- name: Packages major_version 6 when: ansible_facts[‘distribution_major_version’] == “6” package: name: [‘nc’, ‘curl’, ‘rsync’, ‘sysstat’, ‘bind-utils’, ‘wget’, ‘bash-completion’, ‘libselinux-python’, ‘lsof’ ] state: present nathan@thenathan:~/ansible$ cat yum_update_reboot.yml —
import_playbook: std_packages.yml
hosts: all gather_facts: false become: true serial: 1 any_errors_fatal: yes vars_prompt: name: “confirmation” prompt: “Are you sure you want to Update with reboots? Answer with ‘YES’” default: “NO” private: no tasks:
- name: Check Confirmation fail: msg=”Playbook run confirmation failed” when: confirmation != “YES”
- name: DNF update the system dnf: name: “*” state: latest when: ansible_facts[‘os_family’] == ‘RedHat’ and ansible_facts [‘distribution_major_version’] >= ‘8’
- name: Yum update the system yum: name: “*” state: latest when: ansible_facts[‘os_family’] == ‘RedHat’ and ansible_facts [‘distribution_major_version’] <= ‘7’
- name: Reboot required command: “/usr/bin/needs-restarting -r” register: reboot_required ignore_errors: True changed_when: False failed_when: reboot_required.rc == 2 when: ansible_facts[‘distribution_major_version’] == “7”
- name: Rebooting reboot: post_reboot_delay: 60 throttle: 1 when: reboot_required.rc == 1 and ansible_facts [‘virtualization_role’] != ‘host’
- debug: var: reboot_required.rc verbosity: 2
- name: Check the uptime post reboot shell: uptime register: UPTIME_POST_REBOOT when: reboot_required.rc == 1
- debug: msg={{UPTIME_POST_REBOOT.stdout}} when: reboot_required.rc == 1
- name: Wait for port 443 to become open on the host, don’t start checking for 60 seconds wait_for: port: 443 host: 0.0.0.0 delay: 60 when: “‘web’ in inventory_hostname”