Eu escrevi o playbook para aplicar os patches de segurança em servidores Linux, a única parte restante é escrever a tarefa para reiniciar o servidor corrigido.
Abaixo está o conteúdo da tarefa para aplicar os patches
- name: Deploying Security Packages
shell: "yum update --security -y"
register: progress
when: deploypackages == "y"
- name: Installed Packages
debug:
msg: "{{ progress.stdout_lines | regex_search('complete') }}"
#when: progress.changed | regex_search('complete')
Eu estava procurando um filtro para procurar na saída a palavra na variável registrada, se for completede kerneldepois reiniciar o servidor.
Obrigado
Tentativa 1 - Falha
Para fins de teste, alterei kernelcom xz-libs, mas está falhando quando atinge a whencondição.
---
- name: Deploying Security Packages
#shell: "yum update --security -y"
yum:
name: '*'
state: latest
security: yes
register: yum_update
when: deploypackages == "y"
- name: Installed Packages
debug:
msg: " Packages installed Successfully "
when:
- yum_update.changed
- yum_update.stdout | regex_search('xz-libs', ignorecase=True ) is not none
dá esse erro
TASK [deploying_security_updates : Deploying Security Packages] **********************
changed: [192.168.8.26]
TASK [deploying_security_updates : Installed Packages] *******************************
fatal: [192.168.8.26]: FAILED! => {"msg": "The conditional check 'yum_update.stdout | regex_search('*xz-libs*', ignorecase=True ) is not none' failed. The error was: nothing to repeat\n\nThe error appears to be in '/home/sysadmin/ansible_files/play-security-update/roles/deploying_security_updates/tasks/main.yaml': line 11, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Installed Packages\n ^ here\n"}
Depurar
- name: Deploying Security Packages
yum:
name: '*'
state: latest
security: yes
register: yum_update
when: deploypackages == "y"
- name: Installed Packages
debug:
#msg: " Packages installed Successfully "
msg: " {{ yum_update.stdout | regex_search('xz-libs', ignorecase=True ) }}"
#when:
# - yum_update.changed
# - yum_update.stdout | regex_search('*xz-libs*', ignorecase=True ) is not none
Do you want to deploy Packages: y
PLAY [To Apply Security Patches on Linux Servers] *******************************************************************************************************************************************************************************************
TASK [Gathering Facts] **********************************************************************************************************************************************************************************************************************
ok: [192.168.8.26]
TASK [Condition Failed! Wrong User Input] ***************************************************************************************************************************************************************************************************
skipping: [192.168.8.26]
TASK [check_for_updates : Looking for Package Updates] **************************************************************************************************************************************************************************************
skipping: [192.168.8.26]
TASK [check_for_updates : Printing Available Updates] ***************************************************************************************************************************************************************************************
skipping: [192.168.8.26]
TASK [deploying_security_updates : Deploying Security Packages] *****************************************************************************************************************************************************************************
changed: [192.168.8.26]
TASK [deploying_security_updates : Installed Packages] **************************************************************************************************************************************************************************************
fatal: [192.168.8.26]: FAILED! => {"msg": "Unexpected templating type error occurred on ( {{ yum_update.stdout | regex_search('xz-libs', ignorecase=True ) }}): expected string or buffer"}
PLAY RECAP **********************************************************************************************************************************************************************************************************************************
192.168.8.26 : ok=2 changed=1 unreachable=0 failed=1 skipped=3 rescued=0 ignored=0
Saída de depuração
ok: [192.168.8.26] => {
"msg": {
"changed": true,
"changes": {
"installed": [],
"updated": [
[
"xz",
"5.2.2-2.el7_9.x86_64 from rhel-remote"
],
[
"xz-libs",
"5.2.2-2.el7_9.x86_64 from rhel-remote"
]
]
},
"failed": false,
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-\n : manager\nThis system is not registered with an entitlement server. You can use subscription-manager to register.\n --> device-mapper-persistent-data-0.7.3-3.el7.x86_64 from @anaconda/7.6 removed (updateinfo)\n --> 7:device-mapper-event-1.02.170-6.el7_9.5.x86_64 from rhel-remote removed (updateinfo)\n --> libgnomekbd-3.26.0-3.el7.x86_64 from rhel-remote removed (updateinfo)\n --> cryptsetup-python-2.0.3-3.el7.x86_64 from @anaconda/7.6 removed (updateinfo)\n --> PackageKit-gstreamer-plugin-1.1.10-2.el7.x86_64 from rhel-remote removed (updateinfo)\n --> libstoragemgmt-1.6.2-4.el7.x86_64 from @anaconda/7.6 removed (updateinfo)\n --> PackageKit-gtk3-module-1.1.10-2.el7.x86_64 from rhel-remote removed (updateinfo)\n --> 7:device-mapper-event-1.02.149-8.el7.x86_64 from @anaconda/7.6 removed (updateinfo)\n --> setroubleshoot-plugins-3.0.67-3.el7.noarch from @anaconda/7.6 removed (updateinfo)\n --> libdrm-2.4.91-3.el7.x86_64 from @anaconda/7.6 removed (updateinfo)\n --> mesa-dri-drivers-18.3.4-12.el7_9.x86_64 from rhel-remote removed (updateinfo)\n --> subscription-manager-plugin-container-1.24.51-1.el7_9.x86_64 from rhel-remote removed (updateinfo)\n --> firewalld-0.6.3-13.el7_9.noarch from rhel-remote removed (updateinfo)\n --> gdb-7.6.1-114.el7.x86_64 from @anaconda/7.6 removed (updateinfo)\n --> grubby-8.28-26.el7.x86_64 from rhel-remote removed (updateinfo)\n --> hostname-3.13-3.el7.x86_64 from @anaconda/7.6 removed (updateinfo)\n --> 32:bind-libs-lite-9.11.4-26.P2.el7_9.9.x86_64 from rhel-remote removed (updateinfo)\n --> abrt-dbus-2.1.11-52.el7.x86_64 from @anaconda/7.6 removed (updateinfo)\n --> unzip-6.0-21.el7.x86_64 from @rhel-remote removed (updateinfo)\n
Package xz-libs.x86_64 0:5.2.2-2.el7_9 will be an update\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nUpdating:\n xz x86_64 5.2.2-2.el7_9 rhel-remote 229 k\n xz-libs x86_64 5.2.2-2.el7_9 rhel-remote 103 k\n\nTransaction Summary\n================================================================================\nUpgrade 2 Packages\n\nTotal download size: 332 k\nDownloading packages:\nNo Presto metadata available for rhel-remote\n--------------------------------------------------------------------------------\nTotal 1.3 MB/s | 332 kB 00:00 \nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Updating : xz-libs-5.2.2-2.el7_9.x86_64 1/4 \n Updating : xz-5.2.2-2.el7_9.x86_64 2/4 \n Cleanup : xz-5.2.2-1.el7.x86_64 3/4 \n Cleanup : xz-libs-5.2.2-1.el7.x86_64 4/4 \n Verifying : xz-libs-5.2.2-2.el7_9.x86_64 1/4 \n Verifying : xz-5.2.2-2.el7_9.x86_64 2/4 \n Verifying : xz-libs-5.2.2-1.el7.x86_64 3/4 \n Verifying : xz-5.2.2-1.el7.x86_64 4/4 \n\nUpdated:\n xz.x86_64 0:5.2.2-2.el7_9 xz-libs.x86_64 0:5.2.2-2.el7_9 \n\nComplete!\n"
]
}
}
PLAY RECAP **********************************************************************************************************************************************************************************************************************************
192.168.8.26 : ok=3 changed=1 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0
