Update all your linux servers as fast as possible

Update all your linux servers as fast as possible

Do you ever just update everything?

There’s a few times you might need to do this. For example, some nasty vulnerability comes along and ruins your week.

Or maybe you just want to be super up to date because you have a strange compulsion to have the latest and greatest of everything. Ether way, here’s my solution:

Use Ansible inventories to update all your servers

I wrote this playbook as a simple way to ‘freshen up’ my homelab after months of neglect. In essence, it will apply all available updates for all the hosts in the defined inventory.

After updating each box, it logs all the package updates to a file in the update_logs subdirectory with the date and hostname.

Finally, it will check the if a reboot-required file exists and, as long as the server is a VM, restart it.

Running the script is simple:

ansible-playbook -i inventories/my-environment update.yml

Try it out:

- name: System Update
  hosts: all
  serial: 10
  tasks: 

  - name: Update packages
    apt: 
      update_cache: yes 
      upgrade: yes
      autoremove: yes 
    register: updates
    become: true 

  - name: Log updated packages 
    copy: 
      content: |
                "{{ updates.stdout }}"
      dest: "update_logs/{{ ansible_date_time.date }}-{{ inventory_hostname }}.log"
    delegate_to: localhost

  - name: Check pending reboot
    stat: 
      path: /var/run/reboot-required
    register: reboot_required

  - name: Restart server
    reboot: 
      msg: Reload for updates 
      reboot_timeout: 900
    when: reboot_required.stat.exists|bool and (ansible_virtualization_role == 'guest')
    become: true