Ansible role - EL Patching

Apply OS patches on Enterprise Linux (RHEL) and other Red Hat derivatives (e.g. CentOS, Rocky, Alma, Fedora). You can decide which patching method you want to use. There are 3 methods:

all - Apply all patches on target a host
security - Apply only security patches on target a host
bugfix - Apply only bugfix patches on target a host

I recommend visiting the blog post for detailed information, usage example, and my recommendation.

Requirements

Only dnf must be available on the target machine.

Role Variables

Default Variables. Usually, there is no need to change this but rather overwrite the value in host_vars or group_vars if required.

Variable Name	Default Value	Description
`el_patching_required_packages`	`"yum-utils"`	It is required to install yum-utils as this role verifies reboot with `needs-restarting`.
`el_patching_auto_reboot`	`false`	By default do not reboot the target host. Only verify if a reboot is required.
`el_patching_reboot_timeout`	`600`	By default auto reboot is disabled but the default timeout value is set to 5 minutes. Value is in `seconds`.
`el_patching_method`	`"security"`	By default apply only `security` patches on the target host. Possible values `"security"/"bugfix"/"all"`

group_vars or host_vars variables.

Variable Name	Example Usage	Required	Description
`el_patching_exclude_packages`	el_patching_exclude_packages: - tar - zip	No	Exclude packages during patching.
`el_patching_update_cache`	`true`	No	Force dnf to check if cache is out of date and re-download if needed.

Dependencies

No Dependencies

Example Playbook

Create the following playbook.

- name: Apply OS Patches
  hosts: your_patching_inventory_group_or_host
  become: true
  roles:
    - voidquark.el_patching

Example execution

Normal Execution

ansible-playbook -i inventory/hosts playbook.yml

If you want to run playbook in check mode

ansible-playbook -i inventory/hosts playbook.yml --check

License

MIT

Author Information

Created by VoidQuark

Badges

Extracted from project README

Related Projects

ansible-collection-jm1-cloudy

Ansible Collection for building cloud infrastructures https://galaxy.ansible.com/jm1/cloudy

17 Sep 2021 9

ansible-role-onepassword

Ansible role for 1password. Available on Ansible Galaxy.

25 Jul 2021 2

ansible-role-gcloudsdk

Ansible role for Google Cloud SDK (cli). Available on Ansible Galaxy.

03 Feb 2020 2

linux_bootstrap

Ansible Role to provision basic Linux settings

14 Feb 2021 4

ansible-role-hcloud

Ansible Role for Hetzner Cloud hcloud

27 Apr 2022 10

ansible-role-speedtest

Ansible role for Ookla's Speedtest CLI. Available on Ansible Galaxy.

09 Nov 2020 4

ansible-errata

Ansible role which helps to patch RedHat-based systems.

01 Feb 2017 7

ansible-role-azurecli

Ansible role for Azure CLI. Available on Ansible Galaxy.

22 Jan 2020 3

ansible-role-security

Ansible Role - Security

14 Jun 2014 805

ansible-playbook-fuse

Ansible Playbook to operate a Red Hat Fuse 7 Standalone platform (install, upgrade, uninstall, pa...

21 Apr 2017 10

ansible-role-python3

Ansible role for Python3. Available on Ansible Galaxy.

14 Aug 2019 3

Ubuntu1604-CIS

Ubuntu CIS Hardening Ansible Role

30 Dec 2017 89

ansible-role-jq

Ansible role for Hugo. Available on Ansible Galaxy.

01 Jun 2020 2

ansible-role-harden-linux

Ansible role for hardening Linux

07 Dec 2016 129

vagrant-box-templates

18 Sep 2015 139