Hello All,
How can I automate the security patching process routine for 100+ machine’s using ansible whats the best the way to do it, I am not completely new to ansible but could not find a good solution on my research for how to patch machines
I wanted to test security patches in lower environments first and later in production environments, consider it like the patching routine is not a one day job I am looking for.
we will have Qualys report to say which host need patch update.
any help with the below process
- I will parse the Qualys report pdf and fetch the list of host ip’s (this includes integration staging and production env)
- Based on the patch report I would like to patch first in lower environments (want to know which patches need’s restart at first later this will be helpful for production)
for rolling upgrade, I am planning to use this http://docs.ansible.com/ansible/devel/user_guide/playbooks_delegation.html - If anyone knows about this step will be helpful (please skip if not relevant to this group)
want to bake AMI with the patch and do a rolling upgrade using the packer https://www.packer.io/ (is it the best way ) - How can I segregate the patching routine to lower and upper environments
- before applying any patch, check if the patch already exits or not and then proceed with the patch.
what is the best way of doing the patch management routine using ansible, please point me to any documentation or any suggestions.
please feel free to correct my above steps if anything requires more knowledge for me.
regards,
sreenivas.