https://github.com/voidquark/el_patching

Ansible Role - Enterprise Linux OS patching
https://github.com/voidquark/el_patching

almalinux ansible ansible-role linux patching redhat rockylinux server

Last synced: 4 days ago
JSON representation

Ansible Role - Enterprise Linux OS patching

• Host: GitHub
• URL: https://github.com/voidquark/el_patching
• Owner: voidquark
• License: mit
• Created: 2022-10-31T20:52:28.000Z (almost 2 years ago)
• Default Branch: main
• Last Pushed: 2024-08-14T12:18:46.000Z (about 1 month ago)
• Last Synced: 2024-09-20T10:35:05.885Z (8 days ago)
• Topics: almalinux, ansible, ansible-role, linux, patching, redhat, rockylinux, server
• Homepage: https://galaxy.ansible.com/ui/standalone/roles/voidquark/el_patching/
• Size: 24.4 KB
• Stars: 47
• Watchers: 3
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# Ansible role - EL Patching

[![License](https://img.shields.io/github/license/voidquark/el_patching)](LICENSE)

Apply OS patches on Enterprise Linux (RHEL) and other Red Hat derivatives (e.g. CentOS, Rocky, Alma, Fedora). You can decide which patching method you want to use. There are 3 methods:

- `all` - Apply all patches on target a host

- `security` - Apply only security patches on target a host

- `bugfix` - Apply only bugfix patches on target a host

**I recommend visiting the [blog post](https://voidquark.com/blog/ansible-linux-os-patching/) for detailed information, usage example, and my recommendation.**

## Requirements

Only dnf must be available on the target machine.

## Role Variables

- **Default Variables**. Usually, there is no need to change this but rather overwrite the value in `host_vars` or `group_vars` if required.

| Variable Name  | Default Value | Description

| ----------- | ----------- | ----------- |

| `el_patching_required_packages` | `"yum-utils"` | It is required to install yum-utils as this role verifies reboot with `needs-restarting`.

| `el_patching_auto_reboot` | `false` | By default do not reboot the target host. Only verify if a reboot is required.

| `el_patching_reboot_timeout` | `600` | By default auto reboot is disabled but the default timeout value is set to 5 minutes. Value is in `seconds`.

| `el_patching_method` | `"security"` | By default apply only `security` patches on the target host. Possible values `"security"/"bugfix"/"all"`

- **group_vars** or **host_vars** variables.

| Variable Name | Example Usage | Required | Description

| ----------- | ----------- | ----------- | ----------- |

| `el_patching_exclude_packages` | 
el_patching_exclude_packages:
 - tar
 - zip
 | No | Exclude packages during patching.

| `el_patching_update_cache` | `true` | No | Force dnf to check if cache is out of date and re-download if needed.


## Dependencies

No Dependencies

## Example Playbook

Create the following playbook.

```yaml

- name: Apply OS Patches

  hosts: your_patching_inventory_group_or_host

  become: true

  roles:

    - voidquark.el_patching

```

## Example execution

- Normal Execution 

```shell

ansible-playbook -i inventory/hosts playbook.yml

```

- If you want to run playbook in check mode

```shell

ansible-playbook -i inventory/hosts playbook.yml --check

```

## License

MIT

## Author Information

Created by [VoidQuark](https://voidquark.com)