Apply OS patches on Enterprise Linux (RHEL) and other Red Hat derivatives (e.g. CentOS, Rocky, Alma, Fedora). You can decide which patching method you want to use. There are 3 methods:
all- Apply all patches on target a hostsecurity- Apply only security patches on target a hostbugfix- Apply only bugfix patches on target a host
I recommend visiting the blog post for detailed information, usage example, and my recommendation.
Only dnf must be available on the target machine.
- Default Variables. Usually, there is no need to change this but rather overwrite the value in
host_varsorgroup_varsif required.
| Variable Name | Default Value | Description |
|---|---|---|
el_patching_required_packages |
"yum-utils" |
It is required to install yum-utils as this role verifies reboot with needs-restarting. |
el_patching_auto_reboot |
false |
By default do not reboot the target host. Only verify if a reboot is required. |
el_patching_reboot_timeout |
600 |
By default auto reboot is disabled but the default timeout value is set to 5 minutes. Value is in seconds. |
el_patching_method |
"security" |
By default apply only security patches on the target host. Possible values "security"/"bugfix"/"all" |
- group_vars or host_vars variables.
| Variable Name | Example Usage | Required | Description |
|---|---|---|---|
el_patching_exclude_packages |
el_patching_exclude_packages: |
No | Exclude packages during patching. |
el_patching_update_cache |
true |
No | Force dnf to check if cache is out of date and re-download if needed. |
No Dependencies
Create the following playbook.
- name: Apply OS Patches
hosts: your_patching_inventory_group_or_host
become: true
roles:
- voidquark.el_patching- Normal Execution
ansible-playbook -i inventory/hosts playbook.yml- If you want to run playbook in check mode
ansible-playbook -i inventory/hosts playbook.yml --checkMIT
Created by VoidQuark