Ansible Role - Enterprise Linux OS patching
Apply OS patches on Enterprise Linux (RHEL) and other Red Hat derivatives (e.g. CentOS, Rocky, Alma, Fedora). You can decide which patching method you want to use. There are 3 methods:
all
- Apply all patches on target a hostsecurity
- Apply only security patches on target a hostbugfix
- Apply only bugfix patches on target a hostI recommend visiting the blog post for detailed information, usage example, and my recommendation.
Only dnf must be available on the target machine.
host_vars
or group_vars
if required.Variable Name | Default Value | Description |
---|---|---|
el_patching_required_packages |
"yum-utils" |
It is required to install yum-utils as this role verifies reboot with needs-restarting . |
el_patching_auto_reboot |
false |
By default do not reboot the target host. Only verify if a reboot is required. |
el_patching_reboot_timeout |
600 |
By default auto reboot is disabled but the default timeout value is set to 5 minutes. Value is in seconds . |
el_patching_method |
"security" |
By default apply only security patches on the target host. Possible values "security"/"bugfix"/"all" |
Variable Name | Example Usage | Required | Description |
---|---|---|---|
el_patching_exclude_packages |
el_patching_exclude_packages: |
No | Exclude packages during patching. |
el_patching_update_cache |
true |
No | Force dnf to check if cache is out of date and re-download if needed. |
No Dependencies
Create the following playbook.
- name: Apply OS Patches
hosts: your_patching_inventory_group_or_host
become: true
roles:
- voidquark.el_patching
ansible-playbook -i inventory/hosts playbook.yml
ansible-playbook -i inventory/hosts playbook.yml --check
MIT
Created by VoidQuark