Ansible apt update all packages on Ubuntu / Debian Linux

ADVERTISEMENTS



Ansible apt update all packages using apt module

I have a bunch of servers powered by Ubuntu and Debian Linux. How do I update all of them using the apt module of Ansible? How can I use Ansible for system updates and reboot the box when kernel upgrades took place?Keeping your system up to date and applying all security patches is an essential task for sysadmins and developers. One can use the apt module of Ansible to manages apt packages for Debian/Ubuntu-based Linux distros. This module can either use aptitude or apt-get command on the remote server for package management. Similarly, it would be best if you used the reboot module of Ansible to reboot a machine, wait for it to go down, come back up, and respond to commands. This page explains how to run apt/apt-get update and upgrade all packages via Ansible and reboot the machine if the need occurs.

Typically you run the following to refresh package cache using the apt-get command or apt command:

sudo apt-get update

To update repositories cache using Ansible:

- name : Update apt-get repo and cache apt : update_cache= yes force_apt_get= yes cache_valid_time=3600 - name: Update apt-get repo and cache apt: update_cache=yes force_apt_get=yes cache_valid_time=3600

Where,

update_cache=yes – Run the equivalent of apt-get update command on all servers force_apt_get=yes – Do not use the aptitude command, instead use the apt-get command on Debian/Ubuntu boxes cache_valid_time=3600 – Update the apt cache if its older than the cache_valid_time. This option is set in seconds. In this examples, it is set to 3600 seconds.

Upgrading all apt packages using Ansible

The syntax is:

- name : Upgrade all apt packages apt : upgrade=dist force_apt_get= yes - name: Upgrade all apt packages apt: upgrade=dist force_apt_get=yes

Where,

upgrade=dist – Run the equivalent of ‘apt-get upgrade’ command on all Ubuntu or Debian Linux servers. In other words, upgrade all packages to latest version. force_apt_get=yes – Use apt-get instead of aptitude.

Find out if we need to reboot the servers

If the file /var/run/reboot-required exists, you need to reboot your Debian or Ubuntu Linux box. We need to register a new variable if file /var/run/reboot-required exists on the system as follows:

- name : Check if a reboot is needed for Debian and Ubuntu boxes register : reboot_required_file stat : path=/var/run/reboot-required get_md5= no - name: Check if a reboot is needed for Debian and Ubuntu boxes register: reboot_required_file stat: path=/var/run/reboot-required get_md5=no

Where,

register: reboot_required_file – The ‘register’ keyword decides what variable to save a result in and we are going to use it as follows to reboot the box. stat: path=/var/run/reboot-required – Determine if a path (/var/run/reboot-required) exists get_md5=no – Algorithm to determine checksum of file. In this example, I am using md5, but you can use sha1, sha224, sha256, sha384, and sha512.

Rebooting server when a new kernel installed

You can use either command or shell module to reboot the Linux server when kernel updated as follows:

- name : Reboot the Debian or Ubuntu server reboot : msg : "Reboot initiated by Ansible due to kernel updates" connect_timeout : 5 reboot_timeout : 300 pre_reboot_delay : 0 post_reboot_delay : 30 test_command : uptime when : reboot_required_file.stat.exists - name: Reboot the Debian or Ubuntu server reboot: msg: "Reboot initiated by Ansible due to kernel updates" connect_timeout: 5 reboot_timeout: 300 pre_reboot_delay: 0 post_reboot_delay: 30 test_command: uptime when: reboot_required_file.stat.exists

Where,

test_command: uptime – Execute uptime command on the rebooted server and expect success from to determine the machine is ready for further tasks. when: reboot_required_file.stat.exists – First, check that the file named /var/run/reboot-required exists using a variable named reboot_required_file. The reboot module will only work if that file exists and it is enforced using ‘when: reboot_required_file.stat.exists’ Ansible condition.

Using Ansible for system updates and reboot Linux servers if necessary

Now that you are aware of basic logic let us create a new host file:

vi hosts

Append the following:

## set up ssh user name and path to python3 ## [ all:vars ] ansible_user = 'ubuntu' ansible_become = yes ansible_become_method = sudo ansible_python_interpreter = '/usr/bin/env python3' ########################## ## our aws server names ## aws-ls-www- 1 may be mapped using /etc/hosts or ~/.ssh/config ## you can use ip address here too ########################### [ servers ] aws-ls-www- 1 aws-ls-www- 2 aws-ls-www- 3 aws-ls-www- 4 ## set up ssh user name and path to python3 ## [all:vars] ansible_user='ubuntu' ansible_become=yes ansible_become_method=sudo ansible_python_interpreter='/usr/bin/env python3' ########################## ## our aws server names ## aws-ls-www-1 may be mapped using /etc/hosts or ~/.ssh/config ## you can use ip address here too ########################### [servers] aws-ls-www-1 aws-ls-www-2 aws-ls-www-3 aws-ls-www-4

Sample playbook

Create a new file named update.yml as follows:

vi update.yml

Append the following Ansbile code:

--- - hosts : servers become : true become_user : root tasks : - name : Update apt repo and cache on all Debian/Ubuntu boxes apt : update_cache= yes force_apt_get= yes cache_valid_time=3600 - name : Upgrade all packages on servers apt : upgrade=dist force_apt_get= yes - name : Check if a reboot is needed on all servers register : reboot_required_file stat : path=/var/run/reboot-required get_md5= no - name : Reboot the box if kernel updated reboot : msg : "Reboot initiated by Ansible for kernel updates" connect_timeout : 5 reboot_timeout : 300 pre_reboot_delay : 0 post_reboot_delay : 30 test_command : uptime when : reboot_required_file.stat.exists --- - hosts: servers become: true become_user: root tasks: - name: Update apt repo and cache on all Debian/Ubuntu boxes apt: update_cache=yes force_apt_get=yes cache_valid_time=3600 - name: Upgrade all packages on servers apt: upgrade=dist force_apt_get=yes - name: Check if a reboot is needed on all servers register: reboot_required_file stat: path=/var/run/reboot-required get_md5=no - name: Reboot the box if kernel updated reboot: msg: "Reboot initiated by Ansible for kernel updates" connect_timeout: 5 reboot_timeout: 300 pre_reboot_delay: 0 post_reboot_delay: 30 test_command: uptime when: reboot_required_file.stat.exists

Make sure you set up ssh keys and run it as follows:

ansible-playbook -i hosts update.yml



Conclusion

You learned how to update all packages on your Debian and Ubuntu Linux boxes and reboot the server if required using Ansible playbooks. See docs here for more info.



1 of 2 in the Tutorial series. Keep reading the rest of the series: Ubuntu / Debian Linux update and reboot server OpenSUSE/SUSE Linux update packages and reboot box This entry isofin theseries. Keep reading the rest of the series:

Category List of Unix and Linux commands File Management cat Network Utilities dig • host • ip • nmap Package Manager apk • apt Processes Management bg • chroot • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time Searching grep • whereis • which User Information groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w