我编写了在 Linux 服务器上应用安全补丁的剧本,剩下的唯一部分是编写重新启动已打补丁的服务器的任务。
以下是应用补丁的任务内容
- name: Deploying Security Packages
shell: "yum update --security -y"
register: progress
when: deploypackages == "y"
- name: Installed Packages
debug:
msg: "{{ progress.stdout_lines | regex_search('complete') }}"
#when: progress.changed | regex_search('complete')
我正在寻找一个过滤器来在输出中查找注册变量中的单词(如果是),completed然后kernel重新启动服务器。
谢谢
尝试 1 - 失败
出于测试目的,我已更改kernel为xz-libs,但达到条件时失败when。
---
- name: Deploying Security Packages
#shell: "yum update --security -y"
yum:
name: '*'
state: latest
security: yes
register: yum_update
when: deploypackages == "y"
- name: Installed Packages
debug:
msg: " Packages installed Successfully "
when:
- yum_update.changed
- yum_update.stdout | regex_search('xz-libs', ignorecase=True ) is not none
它给出了这个错误
TASK [deploying_security_updates : Deploying Security Packages] **********************
changed: [192.168.8.26]
TASK [deploying_security_updates : Installed Packages] *******************************
fatal: [192.168.8.26]: FAILED! => {"msg": "The conditional check 'yum_update.stdout | regex_search('*xz-libs*', ignorecase=True ) is not none' failed. The error was: nothing to repeat\n\nThe error appears to be in '/home/sysadmin/ansible_files/play-security-update/roles/deploying_security_updates/tasks/main.yaml': line 11, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Installed Packages\n ^ here\n"}
调试
- name: Deploying Security Packages
yum:
name: '*'
state: latest
security: yes
register: yum_update
when: deploypackages == "y"
- name: Installed Packages
debug:
#msg: " Packages installed Successfully "
msg: " {{ yum_update.stdout | regex_search('xz-libs', ignorecase=True ) }}"
#when:
# - yum_update.changed
# - yum_update.stdout | regex_search('*xz-libs*', ignorecase=True ) is not none
Do you want to deploy Packages: y
PLAY [To Apply Security Patches on Linux Servers] *******************************************************************************************************************************************************************************************
TASK [Gathering Facts] **********************************************************************************************************************************************************************************************************************
ok: [192.168.8.26]
TASK [Condition Failed! Wrong User Input] ***************************************************************************************************************************************************************************************************
skipping: [192.168.8.26]
TASK [check_for_updates : Looking for Package Updates] **************************************************************************************************************************************************************************************
skipping: [192.168.8.26]
TASK [check_for_updates : Printing Available Updates] ***************************************************************************************************************************************************************************************
skipping: [192.168.8.26]
TASK [deploying_security_updates : Deploying Security Packages] *****************************************************************************************************************************************************************************
changed: [192.168.8.26]
TASK [deploying_security_updates : Installed Packages] **************************************************************************************************************************************************************************************
fatal: [192.168.8.26]: FAILED! => {"msg": "Unexpected templating type error occurred on ( {{ yum_update.stdout | regex_search('xz-libs', ignorecase=True ) }}): expected string or buffer"}
PLAY RECAP **********************************************************************************************************************************************************************************************************************************
192.168.8.26 : ok=2 changed=1 unreachable=0 failed=1 skipped=3 rescued=0 ignored=0
调试输出
ok: [192.168.8.26] => {
"msg": {
"changed": true,
"changes": {
"installed": [],
"updated": [
[
"xz",
"5.2.2-2.el7_9.x86_64 from rhel-remote"
],
[
"xz-libs",
"5.2.2-2.el7_9.x86_64 from rhel-remote"
]
]
},
"failed": false,
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-\n : manager\nThis system is not registered with an entitlement server. You can use subscription-manager to register.\n --> device-mapper-persistent-data-0.7.3-3.el7.x86_64 from @anaconda/7.6 removed (updateinfo)\n --> 7:device-mapper-event-1.02.170-6.el7_9.5.x86_64 from rhel-remote removed (updateinfo)\n --> libgnomekbd-3.26.0-3.el7.x86_64 from rhel-remote removed (updateinfo)\n --> cryptsetup-python-2.0.3-3.el7.x86_64 from @anaconda/7.6 removed (updateinfo)\n --> PackageKit-gstreamer-plugin-1.1.10-2.el7.x86_64 from rhel-remote removed (updateinfo)\n --> libstoragemgmt-1.6.2-4.el7.x86_64 from @anaconda/7.6 removed (updateinfo)\n --> PackageKit-gtk3-module-1.1.10-2.el7.x86_64 from rhel-remote removed (updateinfo)\n --> 7:device-mapper-event-1.02.149-8.el7.x86_64 from @anaconda/7.6 removed (updateinfo)\n --> setroubleshoot-plugins-3.0.67-3.el7.noarch from @anaconda/7.6 removed (updateinfo)\n --> libdrm-2.4.91-3.el7.x86_64 from @anaconda/7.6 removed (updateinfo)\n --> mesa-dri-drivers-18.3.4-12.el7_9.x86_64 from rhel-remote removed (updateinfo)\n --> subscription-manager-plugin-container-1.24.51-1.el7_9.x86_64 from rhel-remote removed (updateinfo)\n --> firewalld-0.6.3-13.el7_9.noarch from rhel-remote removed (updateinfo)\n --> gdb-7.6.1-114.el7.x86_64 from @anaconda/7.6 removed (updateinfo)\n --> grubby-8.28-26.el7.x86_64 from rhel-remote removed (updateinfo)\n --> hostname-3.13-3.el7.x86_64 from @anaconda/7.6 removed (updateinfo)\n --> 32:bind-libs-lite-9.11.4-26.P2.el7_9.9.x86_64 from rhel-remote removed (updateinfo)\n --> abrt-dbus-2.1.11-52.el7.x86_64 from @anaconda/7.6 removed (updateinfo)\n --> unzip-6.0-21.el7.x86_64 from @rhel-remote removed (updateinfo)\n
Package xz-libs.x86_64 0:5.2.2-2.el7_9 will be an update\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nUpdating:\n xz x86_64 5.2.2-2.el7_9 rhel-remote 229 k\n xz-libs x86_64 5.2.2-2.el7_9 rhel-remote 103 k\n\nTransaction Summary\n================================================================================\nUpgrade 2 Packages\n\nTotal download size: 332 k\nDownloading packages:\nNo Presto metadata available for rhel-remote\n--------------------------------------------------------------------------------\nTotal 1.3 MB/s | 332 kB 00:00 \nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Updating : xz-libs-5.2.2-2.el7_9.x86_64 1/4 \n Updating : xz-5.2.2-2.el7_9.x86_64 2/4 \n Cleanup : xz-5.2.2-1.el7.x86_64 3/4 \n Cleanup : xz-libs-5.2.2-1.el7.x86_64 4/4 \n Verifying : xz-libs-5.2.2-2.el7_9.x86_64 1/4 \n Verifying : xz-5.2.2-2.el7_9.x86_64 2/4 \n Verifying : xz-libs-5.2.2-1.el7.x86_64 3/4 \n Verifying : xz-5.2.2-1.el7.x86_64 4/4 \n\nUpdated:\n xz.x86_64 0:5.2.2-2.el7_9 xz-libs.x86_64 0:5.2.2-2.el7_9 \n\nComplete!\n"
]
}
}
PLAY RECAP **********************************************************************************************************************************************************************************************************************************
192.168.8.26 : ok=3 changed=1 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0
答案1
请注意,不仅在安装新内核后可能需要重新启动,而且在更新微码、glibc、SSL 库等后也可能需要重新启动。因此,还有一些事件需要重新启动,也需要进行检查。
在 RHEL 中,有一些基于可用的本机操作系统包管理器的实用程序,例如yum-utils,其中包含一个needs-restarting脚本来查询在应用更新后是否有必要这样做。
例子(基于RHEL 7)
解决依赖关系后
- name: Install basic admin tools
yum:
name: yum-utils
state: latest
检查很简单
- name: Check if reboot_required
shell:
cmd: "needs-restarting -r"
changed_when: false
failed_when: reboot_required.rc != 0 and reboot_required.rc != 1
check_mode: false
register: reboot_required
- name: Report reboot_required
debug:
msg: "{{ reboot_required.rc | bool }} "
changed_when: reboot_required.rc == 1
check_mode: false
并产生输出
TASK [Report reboot_required] **************************************************
ok: [test1.example.com] => {
"msg": "True "
}
ok: [test2.example.com] => {
"msg": "False "
}
用于检查是否需要重新启动的软件包也可用于其他发行版。
类似问答
此外,根据基础设施和环境,可以通过 cronjobs 让系统完全自动重启,例如
# Reboot cron job
# /etc/cron.d/
# mm hh dom mon dow user command
59 0 * * * root needs-restarting -r || /usr/sbin/shutdown --no-wall -r +1
答案2
检查任务是否完成以及单词核心在输出中已经提到您将得到以下任务:
- name: "Deploying Security Packages"
ansible.builtin.yum:
name: '*'
security: yes
state: latest
register: yum_update
- name: "Just debug for now"
ansible.builtin.debug:
msg: "This should be a reboot"
when:
- yum_update.changed
- (yum_update.results[0] | regex_search('kernel')) is not none
两个-带有“when”的意思是一个逻辑,AND所以更新应该被更改并因此完成,否则会失败,并且在stdout的输出中应该有单词匹配kernel。如果该词不存在,检查将none根据以下内容输出文档。