From time to time, there's a security patch or other update that's critical to apply ASAP to all your servers. If you use Ansible to automate infrastructure work, then updates are painless—even across dozens, hundreds, or thousands of instances! I've written about this a little bit in the past, in relation to protecting against the shellshock vulnerability, but that was specific to one package.

I have an inventory script that pulls together all the servers I manage for personal projects (including the server running this website), and organizes them by OS, so I can run commands like ansible [os] command . Then that enables me to run commands like:

# Upgrade all the Ubuntu servers.

ansible ubuntu -m apt -a "upgrade=yes update_cache=yes" -b



# Upgrade all the Debian servers.

ansible debian -m apt -a "upgrade=yes update_cache=yes" -b



# Upgrade all the CentOS servers.

ansible centos -m yum -a "name=* state=latest" -b



# Upgrade all the Fedora servers.

ansible fedora -m dnf -a "name=* state=latest" -b

Then I can reboot all servers with ansible all -a "reboot" -s .