Ansible automation demo for Cygate Techdays 2019 by Christofer Tibbelin
The [linux] group point to the other two groups as children
[server_internal]
server1
server2
[ubuntu_dmz]
dmz1
dmz2
[linux:children]
server_internal
ubuntu_dmz
Here is manual for APT module on Ansible
---
- hosts: linux
become: true #run as sudo
gather_facts: true
tasks:
- name: Only run update cache if the last one is more than 3600 seconds ago
apt:
update_cache: yes
cache_valid_time: 3600
- name: Safe upgrade all packages to the latest version if OS is Debian based
apt:
upgrade: yes
when: ansible_facts['os_family'] == "Debian"
- name: Clean system with autoremove
apt:
autoremove: yes
ansible-playbook -i inventory.ini --ask-become-pass playbook.yml
ssh server1.mylocal
sudo apt upgrade
Demo 4 🔒
Secure our sudo password with Ansible Vault