Update Debian Centos and Archlinux With Ansible
This is a playbook to update Debian, CentOS and Archlinux with Ansible without entering ssh or sudo password on the command line.
Let’s start by creating a directory from which we’ll be working. Make sure all the files are created in there and commands are executed from there as well. E.g.
mkdir ~/ansible
1. SSH Keys
If you haven’t done already, set up ssh keys for all the hosts involved
ssh-keygen -t rsa
Copy the keys to the hosts
ssh-copy-id user@hosts
2. Inventory
Create an inventory file called hosts where we specify the ssh user for each host and add a reference for the sudo password. Put each host in the right section for the right distribution.
[Archlinux]
192.168.0.1:222 ansible_ssh_user=user ansible_become_pass='{{archlinux_box_sudo_pass}}'
[Debian]
192.168.0.3:222 ansible_ssh_user=user ansible_become_pass='{{debian_box_sudo_pass}}'
[CentOs]
192.168.0.4:222 ansible_ssh_user=user ansible_become_pass='{{centos_box_sudo_pass}}'
The non standard ssh ports are added after the semicolon, 222 in this example.
3. Passwords
Next we create an encrypted file with ansible-vault to store the sudo passwords.
ansible-vault create passwd.yml
Enter a password for the vault file and add the sudo passwords and their references used in the hosts file
archlinux_box_sudo_pass: YOUR_PASSWORD
debian_box_sudo_pass: YOUR_PASSWORD
centos_box_sudo_pass: YOUR_PASSWORD
To edit the vault file:
ansible-vault edit passwd.yml
4. The update playbook
Create a playbook.yml file. Add a section for each distribution and reference their specific hosts as defined in the hosts file. Notice the different modules used to call the package managers in Tasks.
---
- name: Update Archlinux boxes
hosts: Archlinux
become: yes
vars_files:
- ~/ansible/passwd.yml
tasks:
- name: full system upgrade
pacman:
update_cache: yes
upgrade: yes
- name: Update Debian boxes
hosts: Debian
become: yes
vars_files:
- ~/ansible/passwd.yml
tasks:
- name: full system upgrade
apt:
update_cache: yes
upgrade: yes
- name: Update CentOS boxes
hosts: CentOs
become: yes
vars_files:
- ~/ansible/passwd.yml
tasks:
- name: full system upgrade
yum: name=* state=latest
Execute the playbook
ansible-playbook playbook.yml --ask-vault-pass
Enter the vault password.
If all went well, the result should look like this:
Vault password:
PLAY [Update Archlinux boxes] ****************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************
ok: [192.168.0.1]
TASK [full system upgrade] *******************************************************************************************
ok: [192.168.0.1]
PLAY [Update Debian boxes] *******************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************
ok: [192.168.0.2]
TASK [full system upgrade] *******************************************************************************************
ok: [192.168.0.2]
PLAY [Update CentOS boxes] *******************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************
ok: [192.168.0.3]
TASK [full system upgrade] *******************************************************************************************
changed: [192.168.0.3]
PLAY RECAP ***********************************************************************************************************
192.168.0.1 : ok=2 changed=0 unreachable=0 failed=0
192.168.0.2 : ok=2 changed=1 unreachable=0 failed=0
192.168.0.3 : ok=2 changed=0 unreachable=0 failed=0