Red Hat Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

  • Comments

    • Creating a central patch management with ansible

    Posted on

    Hello,

    I'm trying to establish a central patch management using ansible. To get an idea of what I am going to do have a look on the following script:

    #!/bin/bash
#
# Datei: install_rhsa.sh
# Autor: Joerg Kastning
#
# Beschreibung:
# Mit diesem Skript wird die Installation von Red Hat Security Advisory auf
# einer Gruppe von Hosts durchgefuehrt.
##############################################################################

# Variablen ##################################################################

# Array der zu installierenden Red Hat Security Advisory
# RHSA="RHSA-2016:1539,RHSA-2016:1539,RHSA-2016:1539"
RHSA="RHSA-2016:1277,RHSA-2016:0301"

INVENTAR="/data/ansible/staging" # ansible inventory file
GRUPPE="e-stage" # Gruppe innerhalb des ansible inventory files

LOG="/var/log/install_rhsa.log"

# Funktionen #################################################################

install_rhsa() {
  echo "# `date +%Y-%m-%dT%H:%M:%S`"
  echo "Running command: yum clean all"
  /usr/bin/ansible -i ${INVENTAR} ${GRUPPE} -m command -a "/usr/bin/yum clean all"
  echo "Running command: yum update-minimal -y --advisory"
  /usr/bin/ansible -i ${INVENTAR} ${GRUPPE} -m command -a "/usr/bin/yum update-minimal -y --advisory ${RHSA[@]}"
  echo "# `date +%Y-%m-%dT%H:%M:%S`"
}

usage() {
  cat  EOF
  usage: $0 OPTIONS

  Mit diesem Skript wird die Installation von Red Hat Security Advisory auf einer Gruppe von Hosts durchgefuehrt.

  OPTIONS:
  -h Zeigt diesen Hilfetext an
  -i Spezifiziert die zu verwendende Inventar-Datei
  -g Gibt die Hostgruppe (Stage) an, auf der das Skript areiten soll
EOF
}

# Hauptprogramm ##############################################################
while getopts .hi:g:. OPTION
do
  case $OPTION in
    h)
      usage
      exit;;
    i)
      INVENTAR="${OPTARG}"
      ;;
    g)
      GRUPPE="${OPTARG}"
      ;;
    ?)
      usage
      exit;;
  esac
done

install_rhsa > $LOG

    In the script I specify the ansible inventory file to use, the group to run the tasks on and the RHSA numbers which should be used. The scripts works as expected but there is an important thing missing. I like to reboot the remote hosts if packages were updated but not in case no packages were marked for update. But for now I have no idea how to implement this.

    The 

    yum
    output which is written to my log is different for any remote host. So it is very hard to parse to figure out where packages where updated and where not.

    Maybe someone from the community here has an idea how to accomplish that. I look forward reading your replies.

    Kind regards,
    Joerg

    by

    points

    Responses

    Red Hat LinkedIn YouTube Facebook X, formerly Twitter

    Quick Links

    Help

    Site Info

    Related Sites

    © 2026 Red Hat