thorian93.upgrade

Panoramica Versioni Approfondimenti

Ansible Role: Upgrade

Not Maintained! Moved to Collection!

This role has moved to my main collection.
It is not supported here anymore!
Please visit the collection for the latest updates.

This role helps to upgrade Debian/Ubuntu, RHEL/CentOS, Fedora, and Suse servers.

Ansible Role: Upgrade Ansible Role: Upgrade Ansible Role: Upgrade

Features

  • Detects when to reboot and does it automatically
  • Detects when to restart services and does it automatically
  • Sends upgrade reports
    • via Email
    • via Telegram

Important Note!

Reboot and service restart checks for APT are done using needrestart. For Fedora, it uses the dnf plugin needs-restarting. For RHEL/CentOS, it uses the needs-restarting tool.

The role uses the results to decide what to do. You can change how it works with the variables below.

None of these methods are perfect, but they work pretty well. You might want to review the role before using it.

Known Issues

  • Debian 11: If you don’t set ansible_python_interpreter=/usr/bin/python3 explicitly, the apt module will try to install python-apt, which fails. Check this issue for more info.
  • CentOS 8: Reboot detection doesn’t work due to a missing flag for the dnf needs-restarting plugin. No reboots will occur.
  • Fedora 32 and earlier: Service restart detection doesn’t work due to a missing flag for the dnf needs-restarting plugin. No service restarts will happen.
  • opensuse 15 and 42: A missing dependency prevents the installation of a tool. A workaround is available, but the upgrade process may be unstable. This role seems to work fine without breaking things, but be cautious! Let me know if you have fixes.
  • opensuse 15 and 42: Service restart detection uses a 'brute force' method, as parsing the output of zypper ps -s is complicated. These OS versions will simply reboot if any services need restarting.

Requirements

To use the reporting via Telegram feature: 

collections:
- name: community.general
  version: 3.4.0

This role needs root access, so either run it in a playbook with a global become: yes, or call the role in your playbook like this:

- hosts: foobar
  roles:
    - role: thorian93.upgrade
      become: yes

This role only checks if the system is reachable at port 22 after a reboot. If you need additional checks or verification, you will need to manage that yourself.

Role Variables

Here are the available variables along with their default values (see defaults/main.yml):

Basic Variables

upgrade_packages_on_hold: []

Packages you want to hold back from automatic upgrade.

upgrade_unattended_reboot: true

Enable automatic reboot if needed after updates (default is true, set to false to disable).

upgrade_force_reboot: false

Force a reboot of each server regardless of reboot checks (default is false, set to true to enable).

upgrade_needrestart_disable_interaction: true

Controls user interaction from the needrestart tool. Default is to disable interaction (set to false to enable).

upgrade_restart_services: true

Enable automatic service restarts (default is true, set to false to disable).

upgrade_restart_services_blacklist:
  - auditd.service
  - dbus.service
  - systemd-manager.service

List of services that should not be restarted.

Reporting Variables

upgrade_reporting_enable: false

Enable reporting to output installed updates and optionally save to file.

upgrade_reporting_path: "."

Where to save the reports. Default is your current directory.

upgrade_reporting_cleanup: true

Clean up report files after sending reports.

Telegram Reporting Variables

upgrade_reporting_telegram_enable: false

Enable Telegram reporting. You need to fill in the following two variables with your details to send messages via Telegram!

upgrade_telegram_token: []

Your Telegram Bot Token.

upgrade_telegram_chatid: []

Your Telegram Chat ID.

Mail Reporting Variables

upgrade_reporting_mail_enable: false

Enable email reporting.

upgrade_reporting_mail_subject: "Ansible Update Role Reporting"

Set the email subject.

upgrade_reporting_mail_to: ""

Define the email recipient(s).

upgrade_reporting_mail_from: ""

Define the email sender.

upgrade_reporting_mail_host: ""

Set the mail server or relay.

upgrade_reporting_mail_port: ""

Set the mail server port.

upgrade_reporting_mail_user:
upgrade_reporting_mail_password:

If the mail server needs authentication, set a username and password here. If no authentication is required, leave these variables blank!

upgrade_reporting_mail_run_once: true

Send one email for the entire play if set to true, or one email per host if set to false.

Dependencies

None.

OS Compatibility

This role checks that it is not used on unsupported or untested operating systems by verifying specific distributions and versions are included in a variable called <role-name>_stable_os. You can find it in the role's default variable file at defaults/main.yml:

role_stable_os:
  - Debian 10
  - Ubuntu 18
  - CentOS 7
  - Fedora 30

If the system doesn’t match the list, the role will fail. You can add the distribution and version to the list after testing it.

Thanks to HarryHarcourt for this idea!

Example Playbook

---
- name: "Run role."
  hosts: all
  become: yes
  roles:
    - ansible-role-upgrade

Contributing

Feel free to report any bugs, issues, or suggestions for improvement. You can also reach out anytime to discuss or ask questions.

Disclaimer

This role is provided AS IS with no guarantees that it works properly, nor am I responsible for any issues caused by it. Please review the role thoroughly before use.

License

MIT

Author Information

This role was created in 2019 by Thorian93.

Informazioni sul progetto

Upgrade Management for Linux

role linux maintenance operating server system update upgrade
Installa
ansible-galaxy install thorian93.upgrade
GitHub repository
18 stelle
7 fork
2 problemi aperti
Licenza
mit
Download
2k
Proprietario
Thorian93
Greetings earthlings! I am a young Linux, IT and tech enthusiast and currently I am working as a checkmk consultant for Checkmk.