Ansible zypper update all packages on OpenSUSE/SUSE

ADVERTISEMENTS



Ansible zypper update all packages

I got a cluster of servers powered by OpenSUSE / SUSE Enterprise Linux. How can I update all of them using the zypper module of Ansible? How can I use Ansible for system updates and reboot the server when kernel upgrades took place on SUSE/OpenSUSE?Keeping our OpenSUSE/SUSE Linux based system up to date and applying all security patches is an essential task for sysadmins and developers. One can use the zypper module of Ansible to manages rpm packages for OpenSUSE Linux. This module can either use zypper command or rpm command on the remote server for package management. Likewise, it would be best if you used the reboot module of Ansible to reboot a server, wait for it to go down, come back up, and respond to commands. This page explains how to run zypper update/upgrade all packages via Ansible and reboot the machine if the kernel updated.

Zypper is a command line package manager for SUSE and OpenSUSE Linux. Usually, sysadmins and developers run the following to refresh package cache using the zypper command:

sudo zypper refresh



sudo zypper update

Upgrading all zypper/rpm packages using Ansible on OpenSUSE/SUSE

Upgrade all package, type:See “ SUSE 15 update installed packages for security ” for more information.

The following works with openSUSE version 11.1+ SUSE Linux Enterprise Server/Desktop 11.0+ only.

- name : Update all packages on OpenSUSE/SUSE Linux zypper : name : '*' state : latest - name: Update all packages on OpenSUSE/SUSE Linux zypper: name: '*' state: latest

Where,

name: '*' : State package name name or package specifier or a list of either. ‘*’ means all packages. state: latest : When state is set to ‘latest’, Ansible will make sure the latest version of the package is installed. In other words, update all packages

Apply all available patches on OpenSUSE/SUSE Linux only

Update Ansible playbook as follows:

- name : Update all packages on OpenSUSE/SUSE Linux zypper : name : '*' state : latest type : patch - name: Update all packages on OpenSUSE/SUSE Linux zypper: name: '*' state: latest type: patch

.

The type is set to ‘patch’. In other words, zypper would work on patches only.

Find out if we need to reboot the servers

If the file /boot/do_purge_kernels exists, you need to reboot your SUSE or OpenSUSE Linux system. We need to register a new variable if file /boot/do_purge_kernelsexists on the system as follows:

- name : Check if a reboot is needed on all SUSE/OpenSUSE based servers register : linux_reboot_required_file stat : path=/boot/do_purge_kernels get_md5= no - name: Check if a reboot is needed on all SUSE/OpenSUSE based servers register: linux_reboot_required_file stat: path=/boot/do_purge_kernels get_md5=no

Where,

register: linux_reboot_required_file : The ‘register’ keyword decides what variable to save a result in and we are going to use it as follows to reboot the box. stat: path=/boot/do_purge_kernels : Find if a path (/boot/do_purge_kernels) exists get_md5=no : Algorithm to determine checksum of file. In this example, we are using md5, but one can use sha1, sha224, sha256, sha384, and sha512.

Please note that the file /boot/do_purge_kernels is equivalent to Debian/Ubuntu Linux’s /var/run/reboot-required file.

Rebooting the SUSE/OpenSUSE server when a new kernel installed

We are going to use the reboot module to reboot the Linux server when kernel updated as follows:

- name : Reboot the SUSE/OpenSUSE box if kernel updated reboot : msg : "Reboot initiated by Ansible for kernel updates" connect_timeout : 5 reboot_timeout : 300 pre_reboot_delay : 0 post_reboot_delay : 30 test_command : uptime when : linux_reboot_required_file.stat.exists - name: Reboot the SUSE/OpenSUSE box if kernel updated reboot: msg: "Reboot initiated by Ansible for kernel updates" connect_timeout: 5 reboot_timeout: 300 pre_reboot_delay: 0 post_reboot_delay: 30 test_command: uptime when: linux_reboot_required_file.stat.exists

Where,

test_command: uptime : Execute the uptime command on the rebooted SUSE/OpenSUSE cloud server and expect success from to determine the machine is ready for further tasks and running daemons. when: linux_reboot_required_file.stat.exists : First, check that the file named /boot/do_purge_kernels exists using a variable named linux_reboot_required_file. The reboot module will only work if that file exists and it is enforced using ‘when: linux_reboot_required_file.stat.exists� Ansible condition.

Using Ansible for SUSE/OpenSUSE updates and reboot servers if necessary

Now you know basic logic let us create a new host file on Linux:

vi hosts

Append the following:

## set up ssh user name and path to python3 ## [ all:vars ] ansible_user = 'vivek' ansible_become = yes ansible_become_method = sudo ansible_python_interpreter = '/usr/bin/env python3' ########################## ## our server name ## www- 1 may be mapped using /etc/hosts or ~/.ssh/config ## you can use ip address here too ########################### [ opensuseservers ] www- 1 www- 2 www- 3 ## set up ssh user name and path to python3 ## [all:vars] ansible_user='vivek' ansible_become=yes ansible_become_method=sudo ansible_python_interpreter='/usr/bin/env python3' ########################## ## our server name ## www-1 may be mapped using /etc/hosts or ~/.ssh/config ## you can use ip address here too ########################### [opensuseservers] www-1 www-2 www-3

Sample playbook

Create a new file named opensuse.yml as follows:

vi opensuse.yml

Append the following Ansbile code:

--- - hosts : opensuseservers become : true become_user : root tasks : - name : Update all packages on OpenSUSE/SUSE Linux zypper : name : '*' state : latest - name : Check if a reboot is needed on all SUSE/OpenSUSE based servers register : linux_reboot_required_file stat : path=/boot/do_purge_kernels get_md5= no - name : Reboot the SUSE/OpenSUSE box if kernel updated reboot : msg : "Reboot initiated by Ansible for kernel updates" connect_timeout : 5 reboot_timeout : 300 pre_reboot_delay : 0 post_reboot_delay : 30 test_command : uptime when : linux_reboot_required_file.stat.exists --- - hosts: opensuseservers become: true become_user: root tasks: - name: Update all packages on OpenSUSE/SUSE Linux zypper: name: '*' state: latest - name: Check if a reboot is needed on all SUSE/OpenSUSE based servers register: linux_reboot_required_file stat: path=/boot/do_purge_kernels get_md5=no - name: Reboot the SUSE/OpenSUSE box if kernel updated reboot: msg: "Reboot initiated by Ansible for kernel updates" connect_timeout: 5 reboot_timeout: 300 pre_reboot_delay: 0 post_reboot_delay: 30 test_command: uptime when: linux_reboot_required_file.stat.exists

Make sure you set up ssh keys and run it as follows:

ansible-playbook -i hosts opensuse.yml



Conclusion

We learned how to update all packages on OpenSUSE or SUSE Enterprise Linux servers and reboot the servers when kerne updated using Ansible playbooks. See zypper docs here for further information.



2 of 2 in the Tutorial series. Keep reading the rest of the series: Ubuntu / Debian Linux update and reboot server OpenSUSE/SUSE Linux update packages and reboot box This entry isofin theseries. Keep reading the rest of the series: