Главная

Sunday, 20 December 2020

How is doing patches and installation by Ansible.

Hi all.

How is doing patches and installation by Ansible? Next story by Janathan Lozada De La Matta.

So we’ve learned how to update a system, restart the VM, reconnect, and install a RPM. 

  - name: update the system

    yum:

      name: "*"

      state: latest

In the first line, we give the task a meaningful name so we know what Ansible is doing. In the next line, the yum module updates the CentOS virtual machine (VM), then name: "*" tells yum to update everything, and, finally, state: latest updates to the latest RPM. After updating the system, we need to restart and reconnect:

  - name: restart system to reboot to newest kernel

    shell: "sleep 5 && reboot"

    async: 1

    poll: 0

  - name: wait for 10 seconds

    pause:

      seconds: 10

  - name: wait for the system to reboot

    wait_for_connection:

      connect_timeout: 20

      sleep: 5

      delay: 5

      timeout: 60

  - name: install epel-release

    yum:

      name: epel-release

      state: latest

The shell module puts the system to sleep for 5 seconds then reboots. We use sleep to prevent the connection from breaking, async to avoid timeout, and poll to fire & forget. We pause for 10 seconds to wait for the Vm to come back and use wait_for_connection to connect back to the VM as soon as it can make a connection. 

Then we install epel-release to test the RPM installation. You can run this playbook  multiple  times  to  show  the  idempotent, and the only task that will show as changed is the reboot since we are using the shell  module.  You  can  use  changed_when: False to ignore the change when using the shell module if you expect no actual changes.

Next we will install NGINX using the role in Ansible Lightbulb.

  - name: Ensure nginx packages are present
    yum:
      name: nginx, python-pip, python-devel, devel
      state: present
    notify: restart-nginx-service

  - name: Ensure uwsgi package is present
    pip:
      name: uwsgi
      state: present
    notify: restart-nginx-service

  - name: Ensure latest default.conf is present
    template:
      src: templates/nginx.conf.j2
      dest: /etc/nginx/nginx.conf
      backup: yes
    notify: restart-nginx-service

  - name: Ensure latest index.html is present
    template:
      src: templates/index.html.j2
      dest: /usr/share/nginx/html/index.html

  - name: Ensure nginx service is started and enabled
    service:
      name: nginx
      state: started
      enabled: yes

  - name: Ensure proper response from localhost can be received
    uri:
      url: "http://localhost:80/"
      return_content: yes
    register: response
    until: 'nginx_test_message in response.content'
    retries: 10
    delay: 1

And the handler that restarts the nginx service:

# handlers file for nginx-example
  - name: restart-nginx-service
    service:
      name: nginx
      state: restarted

In  this  role,  we  install  the  RPMs  nginx,  python-pip,  python-devel, and devel and install uwsgi with pip. next, we use the template module to copy over the nginx.conf and index.html for the page to display. After that, we make sure the service is enabled on boot and started. Then we use the URI module to check the connection to the page.

Here  is  a  playbook  showing  an  example  of  updating,  restarting, and installing an RPM. Then continue installing nginx. This can be done with any other roles/applications you want.

  - hosts: all
    roles:
      - centos-update
      - nginx-simple

This was just a simple example of how to update, reboot, and continue. For simplicity, I added the packages without variables. 

Once you start working with a large number of hosts, you will need to change a few settings:
•  async & poll 
•  serial
•  forks

Be success!

No comments:

Post a Comment

А что вы думаете по этому поводу?