How to perform Fleet pacthing on Cloud using Ansible?

-

 


Ansible is a popular automation tool that can be used for fleet patching in a cloud environment. 


With Ansible, you can create playbooks that specify which instances to patch, which patches to apply, and how to handle errors or rollbacks. Ansible can also be used in combination with other automation tools such as AWS Systems Manager, Azure Update Management, OCI System management Service, Google Cloud Operations 


Here are the high level steps to use Ansible for patching instances:


Install Ansible 

Configure Cloud Authentication

Install Ansible Collection 

Create Inventory File --> you can use pythin to automate the file 

Create a Playbook using Yaml code 

run the Playbook 

Verify the patching 


eg: patching for AWS


Install Ansible 

Configure Cloud Authentication

Install Ansible Collection 


[ec2_instances]

10.0.0.1

10.0.0.2

10.0.0.3

...



python script  to automate inventory file 


import boto3


# Create an EC2 client

ec2 = boto3.client('ec2')


# Get a list of all running instances

instances = ec2.describe_instances(

    Filters=[{'Name': 'instance-state-name', 'Values': ['running']}]

)['Reservations']


# Write the inventory file

with open('inventory.ini', 'w') as f:

    f.write('[ec2_instances]\n')

    for reservation in instances:

        for instance in reservation['Instances']:

            f.write('{} ansible_host={} ansible_user=ec2-user\n'.format(

                instance['InstanceId'], instance['PublicIpAddress']))



===> create a playbook


- name: Apply security patches to EC2 instances

  hosts: ec2_instances

  become: yes

  gather_facts: yes


  tasks:

    - name: Update package cache

      yum:

        update_cache: yes


    - name: Upgrade all packages

      yum:

        name: '*'

        state: latest


@@@@@@@@@Playbook for RDS instances 


- name: Patch RDS instance

  hosts: localhost

  gather_facts: false


  tasks:

    - name: Get RDS instance details

      rds_instance_info:

        db_instance_identifier: my-rds-instance

        region: us-east-1

      register: rds_instance


    - name: Apply patch to RDS instance

      rds_instance:

        db_instance_identifier: "{{ rds_instance.instance.db_instance_identifier }}"

        region: us-east-1

        apply_immediately: true

      when: rds_instance.instance.db_instance_status == "available" and rds_instance.instance.pending_modified_values is not defined



@@@@@@@@@@@@@@ Playbook for AWS system manager 

- name: Patch EC2 instances using AWS Systems Manager

  hosts: tag_Name_my_instance_group

  gather_facts: yes

  become: yes

  tasks:

    - name: Run AWS Systems Manager document

      aws_ssm:

        name: AWS-RunPatchBaseline

        parameters:

          'Operation': 'Scan'

          'PatchGroups': 'my_patch_group'

        document_version: '$LATEST'

        wait: yes

      register: patch_scan


    - name: Get list of missing patches

      set_fact:

        missing_patches: "{{ patch_scan | json_query('patch_baseline_report.' + inventory_hostname + '.MissingPatches') }}"


    - name: Install missing patches

      yum:

        name: "{{ item }}"

        state: latest

      loop: "{{ missing_patches }}"



@@@@@@@@@@@@@Playbook for Postgre DB patching 


- name: Patch PostgreSQL database

  hosts: dbserver

  become: yes


  vars:

    db_name: mydb

    db_user: myuser

    db_password: mypassword

    patch_sql: "ALTER TABLE mytable ADD COLUMN mycolumn TEXT;"


  tasks:

    - name: Install PostgreSQL client package

      package:

        name: postgresql-client


    - name: Apply patch to database

      postgresql_db:

        name: "{{ db_name }}"

        user: "{{ db_user }}"

        password: "{{ db_password }}"

        login_host: "{{ inventory_hostname }}"

        login_user: "{{ db_user }}"

        login_password: "{{ db_password }}"

        sql: "{{ patch_sql }}"



==> run the playbook 

ansible-playbook -i inventory.ini patch_ec2_instances.yml


ansible-playbook patch_database.yml -i inventory.ini --limit dbserver


ansible-playbook patch_ec2_instances.yml


ansible-playbook patch_oci_instances.yml


Comments

Post a Comment

Popular posts from this blog

Understanding Terraform

-
 Terraform is a tool used  for building, changing, and versioning infrastructure safely and efficiently. A Terraform can manage multiple cloud services using a provider plugin  Terraform work flow? Terraform work flow will be comprised of validate -> plan -> apply and finally destroy. what is the important file of terraform which records the actions of Terraform apply? For every Terraform execution the action will be recorded in a file called Terraform state file .  The terraform init command is used to initialise a working directory containing Terraform configuration files. During init, the configuration is searched for module blocks, and the source code for referenced modules is retrieved from the locations given in  their source arguments. The terraform plan command is used to create an execution plan. It will not modify things in infrastructure. The terraform apply command is used to apply the changes required to reach the desired state of the configur...
Read more

How to make CRS and ASM not to restart after server reboot

-
I have noticed that server rebooting is taking lot of time on a VM machine for every reboot, so I have decided to auto start of the crs and ASM service During this phase I have noticed an attribute called auto_start when I try to execute the below command crsctl stat res -p This AUTO_START attribute is there for several resources like ora.ASM ,ora.crs,ora.DATA_DG it has got 2 options restore(0) , never(2) and always (1) always (1)  Causes the resource to restart when the node restarts regardless of the resource’s state when the node stopped -restore (0)  Does not start the resource at restart time if it was in an offline state, such as STATE=OFFLINE, TARGET=OFFLINE, when the node stopped. The resource is restored to its state when the node went down. The resource is started only if it was online before and not otherwise. -never (2)  Oracle Clusterware never restarts the resource regardless of the resource’s state when the node is stopped. So I have dec...
Read more

How to repair ASM disk header

-
Image
What is ASM disk header corruption? ASM disk header corruption is a loss or damage to the disk header which contains the metadata essential for the operation and availability of an ASM disk group in Oracle. Imagine that you have an ASM disk corruption in any of the ASM diskgroups that have critical business data and the diskgroup has been configured as "EXTERNAL" redundancy, meaning that if one disk is inaccessible the whole diskgroup will be unavailable. Now what? Is your only option to restore it from backup by recreating the diskgroup or are there any other faster ways to recover the data? Here you need to find out whether it’s a complete loss of data in the ASM disk or is it just a header corruption. Hopefully for you, this is just a header corruption. Because, yes, there is a way out!  Below find the steps to restore from the ASM header corruption. Most of the data in the ASM disk header is of interest to that disk only. However, some information in the ASM disk header ...
Read more