BreakingExpress

Use Ansible to patch your system and set up functions

Have you ever questioned the right way to patch your programs, reboot, and proceed working?

If so, you may be eager about Ansible, a easy configuration administration software that may make a number of the hardest work simple. For instance, system administration duties that may be sophisticated, take hours to finish, or have complicated necessities for safety.

In my expertise, one of many hardest components of being a sysadmin is patching programs. Every time you get a Common Vulnerabilities and Exposure (CVE) notification or Information Assurance Vulnerability Alert (IAVA) mandated by safety, you must kick into excessive gear to shut the safety gaps. (And, imagine me, your safety officer will hunt you down except the vulnerabilities are patched.)

Ansible can cut back the time it takes to patch programs by working packaging modules. To display, let’s use the yum module to replace the system. Ansible can set up, replace, take away, or set up from one other location (e.g., rpmbuild from steady integration/steady improvement). Here is the duty for updating the system:

  - identify: replace the system
    yum:
      identify: "*"
      state: newest

In the primary line, we give the duty a significant identify so we all know what Ansible is doing. In the following line, the yum module updates the CentOS digital machine (VM), then identify: "*" tells yum to replace every little thing, and, lastly, state: newest updates to the most recent RPM.

After updating the system, we have to restart and reconnect:

  - identify: restart system to reboot to latest kernel
    shell: "sleep 5 && reboot"
    async: 1
    ballot: zero

  - identify: look ahead to 10 seconds
    pause:
      seconds: 10

  - identify: look ahead to the system to reboot
    wait_for_connection:
      connect_timeout: 20
      sleep: 5
      delay: 5
      timeout: 60

  - identify: set up epel-release
    yum:
      identify: epel-release
      state: newest

The shell module places the system to sleep for five seconds then reboots. We use sleep to forestall the connection from breaking, async to keep away from timeout, and ballot to fireplace & overlook. We pause for 10 seconds to attend for the VM to return again and use wait_for_connection to attach again to the VM as quickly as it will possibly make a connection. Then we set up epel-release to check the RPM set up. You can run this playbook a number of occasions to point out the idempotent, and the one activity that may present as modified is the reboot since we’re utilizing the shell module. You can use changed_when: False to disregard the change when utilizing the shell module in case you anticipate no precise modifications.

So far we have realized the right way to replace a system, restart the VM, reconnect, and set up a RPM. Next we’ll set up NGINX utilizing the function in Ansible Lightbulb.

  - identify: Ensure nginx packages are current
    yum:
      identify: nginx, python-pip, python-devel, devel
      state: current
    notify: restart-nginx-service

  - identify: Ensure uwsgi package deal is current
    pip:
      identify: uwsgi
      state: current
    notify: restart-nginx-service

  - identify: Ensure newest default.conf is current
    template:
      src: templates/nginx.conf.j2
      dest: /and so forth/nginx/nginx.conf
      backup: sure
    notify: restart-nginx-service

  - identify: Ensure newest index.html is current
    template:
      src: templates/index.html.j2
      dest: /usr/share/nginx/html/index.html

  - identify: Ensure nginx service is began and enabled
    service:
      identify: nginx
      state: began
      enabled: sure

  - identify: Ensure correct response from localhost could be acquired
    uri:
      url: "http://localhost:80/"
      return_content: sure
    register: response
    till: 'nginx_test_message in response.content material'
    retries: 10
    delay: 1

And the handler that restarts the nginx service:

# handlers file for nginx-example
  - identify: restart-nginx-service
    service:
      identify: nginx
      state: restarted

In this function, we set up the RPMs nginx, python-pip, python-devel, and devel and set up uwsgi with PIP. Next, we use the template module to repeat over the nginx.conf and index.html for the web page to show. After that, we be certain that the service is enabled on boot and began. Then we use the uri module to test the connection to the web page.

Here is a playbook exhibiting an instance of updating, restarting, and putting in an RPM. Then proceed putting in nginx. This could be achieved with every other roles/functions you need.

  - hosts: all
    roles:
      - centos-update
      - nginx-simple

Watch this demo video for extra perception on the method.

This was only a easy instance of the right way to replace, reboot, and proceed. For simplicity, I added the packages with out variables. Once you begin working with a lot of hosts, you’ll need to vary a couple of settings:

This is as a result of in your manufacturing setting you may wish to replace one system at a time (not fireplace & overlook) and truly wait an extended time in your system to reboot and proceed.

For extra methods to automate your work with this software, check out the opposite Ansible articles on Opensource.com.

Exit mobile version