Update packages on ubuntu and freebsd

reelsense commented

2018-03-29 05:36:00 +00:00

(Migrated from github.com)

I need an Ansible Playbook/workflow that is a very simple and easy one-liner for updating all my Ubuntu and FreeBSD servers.

I'm busy keeping up with a new job and I'm too mentally exhausted to figure out where to start with making some of these Ansible playbooks. I know there are a bunch of open-source resources like DebOps. I've made and modified some Ansible Roles and Playbooks before but I need help.

If you think I'm better off using some Workflow that combines DebOps and a FreeBSD Playbook, versus you re-inventing the wheel then I'll pay you for your time. I'll just need some idiot proof instructions.

Update packages on Ubuntu and FreeBSD.

simple unattended updating
ability to update all systems with the tag freebsd or ubuntu (ec2 tags)

This Vagrantfile will make setting up the virtual environment easier. _{Upgraded to Ubuntu 18.04 on 2018-04-19}

I want to run Ansible commands from VM ubuntu1: vagrant ssh ubuntu1.

Bonus (unnecessary):
Is it possible to have the Ansible Playbook/Workflow update Windows servers based on a windows tag in EC2? Sometimes there is no Windows server online.

Misc:

Fork and submit a pull request when done.

x-post: https://github.com/stationgroup/ansible-experiments/pull/3
https://github.com/stationgroup/ansible-experiments/issues/4
https://github.com/stationgroup/ansible-experiments/issues/1

I need an Ansible Playbook/workflow that is a very simple and easy one-liner for updating all my Ubuntu and FreeBSD servers. I'm busy keeping up with a new job and I'm too mentally exhausted to figure out where to start with making some of these Ansible playbooks. I know there are a bunch of open-source resources like DebOps. I've made and modified some Ansible Roles and Playbooks before but I need help. If you think I'm better off using some Workflow that combines DebOps and a FreeBSD Playbook, versus you re-inventing the wheel then I'll pay you for your time. I'll just need some idiot proof instructions. ### Update packages on Ubuntu and FreeBSD. - [x] simple unattended updating - [x] ability to update all systems with the tag `freebsd` or `ubuntu` (ec2 tags) This [Vagrantfile will make setting up the virtual environment easier](/stationgroup/vagrant-labs/tree/master/imperialspeculate). **<sub/>Upgraded to Ubuntu 18.04 on 2018-04-19</sub>** * I want to run Ansible commands from VM _ubuntu1_: `vagrant ssh ubuntu1`. --- **Bonus (unnecessary):** Is it possible to have the Ansible Playbook/Workflow update Windows servers based on a `windows` tag in _EC2_? Sometimes there is no Windows server online. --- Misc: Fork and submit a pull request when done. --- x-post: https://github.com/stationgroup/ansible-experiments/pull/3 https://github.com/stationgroup/ansible-experiments/issues/4 https://github.com/stationgroup/ansible-experiments/issues/1

srgvg commented

2018-04-19 12:53:15 +00:00

(Migrated from github.com)

I'm not eager to start looking at resources like debops, which is quite an extensive project, and can get quite far and complicated. Especially for this case, where what you need is quite simple, and short to be written.

This should be quite straightforward. A quick example of the logic (needs some tweaking of course, but taken from an existing example):

---
- hosts:
    - all
  become: true
  tasks:
    - name: Update apt cache
      apt: update_cache=yes

    - name: Upgrade packages
      apt: upgrade=dist

    - name: Check if a reboot is required
      register: reboot_required_file
      stat: path=/var/run/reboot-required get_md5=no

    - name: restart machine
      become: yes
      shell: sleep 2 && shutdown -r now "Ansible updates triggered"
      async: 1
      poll: 0
      ignore_errors: true
      when: reboot_required_file.stat.exists == true

    - name: Waiting for server to come back
      become: no
      local_action: wait_for
        port=22
        host={{ inventory_hostname }}
        search_regex=OpenSSH
        delay=10



- hosts: all
  become: yes

  tasks:
    - name: Fetch any new FreeBSD updates
      shell: freebsd-update fetch
      when: ansible_distribution == 'FreeBSD'
      register: result_update
      changed_when: "'No updates needed' not in result_update.stdout"

    - debug: var=result_update
      when: result_update.changed

    - name: Install FreeBSD updates
      shell: freebsd-update install
      when: ansible_distribution == 'FreeBSD' and result_update.changed
      register: result_update_install

    - debug: var=result_update_install
      when: result_update_install.changed

    - name: Upgrade FreeBSD packages
      shell: pkg upgrade
      when: ansible_distribution == 'FreeBSD'
      register: result_pkg
      changed_when: "'Your packages are up to date' not in result_pkg.stdout"

    - debug: var=result_pkg
      when: result_pkg.changed

Of course, the target of those playbooks would match a group containing the machines with the right OS.

As for Windows updates, there are modules for that too: http://docs.ansible.com/ansible/latest/modules/win_updates_module.html
If no Windows machines are live, the playbook would be skipped, as no machines are targeted

As per your question aboutif one can can or how wise it is to update the OS non-interactively with FreeBSD's freebsd-update fetch && freebsd-update install, I can't really comment on that, my experience with FreeBSD is too limited for that. The same could apply to Ubuntu, but perhaps to a lesser extent.
Reviewing the list of updates, and checking if there are major updates to e.g. server processes that explifcitly run on it, is always a good idea. Running in test mode first can help here.

Let me know if this approach suits you, and I'll refine this into a couple of roles. (Expect +/- 2 hours of work.)

Small question: do you retrieve the server list with the aws/ec2 inventory script? Does this get you the right groups for Ubuntu and FreeBSD, or should those groups still be created based on a tag (supplied as parameter to the host?) Can you confirm me the right name of this group or tag?

I'm not eager to start looking at resources like debops, which is quite an extensive project, and can get quite far and complicated. Especially for this case, where what you need is quite simple, and short to be written. This should be quite straightforward. A quick example of the logic (needs some tweaking of course, but taken from an existing example): ```yaml --- - hosts: - all become: true tasks: - name: Update apt cache apt: update_cache=yes - name: Upgrade packages apt: upgrade=dist - name: Check if a reboot is required register: reboot_required_file stat: path=/var/run/reboot-required get_md5=no - name: restart machine become: yes shell: sleep 2 && shutdown -r now "Ansible updates triggered" async: 1 poll: 0 ignore_errors: true when: reboot_required_file.stat.exists == true - name: Waiting for server to come back become: no local_action: wait_for port=22 host={{ inventory_hostname }} search_regex=OpenSSH delay=10 - hosts: all become: yes tasks: - name: Fetch any new FreeBSD updates shell: freebsd-update fetch when: ansible_distribution == 'FreeBSD' register: result_update changed_when: "'No updates needed' not in result_update.stdout" - debug: var=result_update when: result_update.changed - name: Install FreeBSD updates shell: freebsd-update install when: ansible_distribution == 'FreeBSD' and result_update.changed register: result_update_install - debug: var=result_update_install when: result_update_install.changed - name: Upgrade FreeBSD packages shell: pkg upgrade when: ansible_distribution == 'FreeBSD' register: result_pkg changed_when: "'Your packages are up to date' not in result_pkg.stdout" - debug: var=result_pkg when: result_pkg.changed ``` Of course, the target of those playbooks would match a group containing the machines with the right OS. As for Windows updates, there are modules for that too: http://docs.ansible.com/ansible/latest/modules/win_updates_module.html If no Windows machines are live, the playbook would be skipped, as no machines are targeted As per your question aboutif one can can or how wise it is to update the OS non-interactively with FreeBSD's freebsd-update fetch && freebsd-update install, I can't really comment on that, my experience with FreeBSD is too limited for that. The same could apply to Ubuntu, but perhaps to a lesser extent. Reviewing the list of updates, and checking if there are major updates to e.g. server processes that explifcitly run on it, is always a good idea. Running in test mode first can help here. Let me know if this approach suits you, and I'll refine this into a couple of roles. (Expect +/- 2 hours of work.) Small question: do you retrieve the server list with the aws/ec2 inventory script? Does this get you the right groups for Ubuntu and FreeBSD, or should those groups still be created based on a tag (supplied as parameter to the host?) Can you confirm me the right name of this group or tag?

reelsense commented

2018-04-19 18:27:22 +00:00

(Migrated from github.com)

Small question: do you retrieve the server list with the aws/ec2 inventory script? Does this get you the right groups for Ubuntu and FreeBSD, or should those groups still be created based on a tag (supplied as parameter to the host?) Can you confirm me the right name of this group or tag?

For really small personal projects I would probably use a basic hosts file. But for any of my actual work I use a ec2.py dynamic inventory script. The playbook will look for tags like;

tag_ServerType_production:tag_ServerType_development:tag_ServerType_staging:&tag_OSType_ubuntu

Which in EC2 obviously look like; Eg.

Key	Value
`OSType`	`ubuntu`

Everything you said sounds good. I can't wait to build and learn with you.

Update 2018-04-19 15:01:38(PDT)

Regarding the FreeBSD pkg part. The command pkg upgrade technically runs update automatically before upgrading. pkg upgrade may need some form of yes flag.

>Small question: do you retrieve the server list with the aws/ec2 inventory script? Does this get you the right groups for Ubuntu and FreeBSD, or should those groups still be created based on a tag (supplied as parameter to the host?) Can you confirm me the right name of this group or tag? For _really small_ personal projects I would probably use a basic `hosts` file. But for any of my _actual work_ I use a [`ec2.py`](https://raw.githubusercontent.com/ansible/ansible/devel/contrib/inventory/ec2.py) dynamic [inventory script](http://docs.ansible.com/ansible/latest/user_guide/intro_dynamic_inventory.html#example-aws-ec2-external-inventory-script). The playbook will look for tags like; ``` tag_ServerType_production:tag_ServerType_development:tag_ServerType_staging:&tag_OSType_ubuntu ``` Which in EC2 obviously look like; Eg. Key | Value -----------|------- `OSType` | `ubuntu` --- Everything you said sounds good. I can't wait to build and learn with you. --- ### Update 2018-04-19 15:01:38(PDT) Regarding the FreeBSD `pkg` part. The command `pkg upgrade` technically runs _update_ automatically before upgrading. `pkg upgrade` may need some form of yes flag.

reelsense commented

2018-04-19 19:12:58 +00:00

(Migrated from github.com)

It should be noted that Ubuntu 18.04 will be released on the 26th and removes python2 from the base OS.

Python 2 is no longer installed (Python 3 support in Ansible 2.2+ is a _"tech preview"_...)

So I updated this Vagrantfile. _{Upgraded to Ubuntu 18.04 on 2018-04-19}

I want to run Ansible commands from VM ubuntu1: vagrant ssh ubuntu1.

If there are additional steps or methods needed for 18.04 please note that.

4PH41465DH4233330

It should be noted that Ubuntu 18.04 will be released on the 26th and removes `python2` from the base OS. * [Python 2 is no longer installed](https://wiki.ubuntu.com/BionicBeaver/ReleaseNotes#Other_base_system_changes_since_16.04_LTS) (Python 3 support in [Ansible 2.2+ is a _"tech preview"](http://docs.ansible.com/ansible/latest/reference_appendices/python_3_support.html)_...) So I updated this [Vagrantfile](/stationgroup/vagrant-labs/tree/master/imperialspeculate). **<sub/>Upgraded to Ubuntu 18.04 on 2018-04-19</sub>** * I want to run Ansible commands from VM _ubuntu1_: `vagrant ssh ubuntu1`. If there are additional steps or methods needed for 18.04 please note that. --- `4PH41465DH4233330`

srgvg commented

2018-04-29 11:12:58 +00:00

(Migrated from github.com)

About Python3 support, whilst docs don't mention it officially, I know Python3 is mostly supported, for the core application. On remote hosts, full support on modules might still be an issue, which could mean Python2 must be installed. Tests will show what is needed.

fyi https://twitter.com/svg/status/978648763488227328

About Python3 support, whilst docs don't mention it officially, I know Python3 is mostly supported, for the core application. On remote hosts, full support on modules might still be an issue, which could mean Python2 must be installed. Tests will show what is needed. fyi https://twitter.com/svg/status/978648763488227328

Update packages on ubuntu and freebsd #1

Update packages on Ubuntu and FreeBSD.

Update 2018-04-19 15:01:38(PDT)