Ansible - Update All Nodes

Ansible is an open source automation engine that automates: provisioning, configuration management, application deployment, orchestration, and many other IT processes. It is free to use, and the project benefits from the experience and intelligence of its thousands of contributors.

Prerequisite

We need to install Ansible. For this post, I will use a LXC on one node. You can also set up Ansible on your PC or use a VM on any node.

1. Create a CT, use the defaults. I use a small script or my Open Tofu (Terraform) to set it up using DHCP and make an entry into my DHCP stack, add the password and SSH-key.
2. Update the CT apt update && apt upgrade -y
3. Install Ansible and SSH Pass apt install ansible sshpass -y
4. Create the following files for using passwords only:
   1. Inventory -file, my_stuff.ini (any name, but need to be a .ini -file)
      1. Edit it nano my_stuff.ini all groups are like [proxmox] and
      2. the nodes are their IP or FQDN
   2. Playbook -file, pb-proxmox
      1. Edit pb-proxmox.yml see the example for syntax

Inventory file, my_stuff.ini example

[proxmox]
192.0.2.41
192.0.2.42
192.0.2.43
192.0.2.44
192.0.2.45

[nas]
192.0.2.46
192.0.2.47
192.0.2.48

[servers]
192.0.2.49

[bsd]
192.0.2.50
192.0.2.51

Playbook file, pb-update.yml example

- name: Update and Upgrade selected group(s) of nodes
  hosts: proxmox
  tasks:
    - name Update Pacgake List
      apt:
        update_cache: yes
    - name: Upgrade the packages
      apt:
        upgrade: dist

SSH into your nodes

You need to log in to each node to be able to use Ansible using passwords

Run the Update and Upgrade Playbook

The syntax is ansible-playbook <playbook-file>.yml -i <inventory-file>.ini

In my example, we run it by:

ansible-playbook pb-update.yml -i my_stuff.ini --ask-pass

ERROR!

You get a ERROR -message if the SSH keys aren't initialized, and you use passwords, see below.

Fix the Fingerprints

Log in to each node type yes to store the fingerprint of that node

Check for Success

After running your playbook, you should see something like this.
Green is OK and red is error

Here ok=3 means success, changed=# indicates how many apps were upgraded.

Final thoughts

If you only have 1 or 3 nodes you don't need this, but as I used to have 14 you definitely need it. Also, you might have 40–50 VMs/CTs per node, and then you will appreciate anything like Ansible or any other scripting system.

Automation

You might like to automate the execution of playbooks with crontab.
If you do, you need to create a feedback system to send the logs to an email address used for that purpose or read your logs by some centralized system.

Create a script upgrade.sh

nano upgrade.sh

#!/bin/bash
ansible-playbook pb-update.yml -i my_stuff.ini --ask-pass

chmod 700 upgrade.sh

Each line of a crontab file represents a job, and looks like this:

* * * * * <command to execute>
| | | | |
| | | | day of the week (0–6) 
| | | month (1–12)             
| | day of the month (1–31)
| hour (0–23)
minute (0–59)

References

Ansible ^[1] Cron ^[2]