From 12f8e86c8e40bb1b9b3a6aa9b25aee9ac16930bc Mon Sep 17 00:00:00 2001
From: Ian Tangney <ian.tangney@kasmweb.com>
Date: Tue, 21 Sep 2021 18:19:15 +0000
Subject: [PATCH] KASM-1922 Create playbook for patching the OS on kasm
 systems.

---
 README.md                        | 20 ++++++++++++++++++++
 patch_os.yml                     | 12 ++++++++++++
 restart_kasm.yml                 | 19 +++----------------
 roles/patch_os/handlers/main.yml |  5 +++++
 roles/patch_os/tasks/main.yml    | 17 +++++++++++++++++
 roles/patch_os/vars/main.yml     |  3 +++
 start_kasm.yml                   |  2 ++
 stop_kasm.yml                    |  6 ++++--
 8 files changed, 66 insertions(+), 18 deletions(-)
 create mode 100644 patch_os.yml
 create mode 100644 roles/patch_os/handlers/main.yml
 create mode 100644 roles/patch_os/tasks/main.yml
 create mode 100644 roles/patch_os/vars/main.yml

diff --git a/README.md b/README.md
index 6ad37d3..4743f34 100644
--- a/README.md
+++ b/README.md
@@ -126,3 +126,23 @@ This playbook can be used to backup the Kasm Workspaces database to a location o
     Or, if you have ssh keys copied over to your servers and have NOPASSWD in sudoers you can just run.
 
     `ansible-playbook -u [username] -i inventory backup_db.yml`
+
+## OS Patching Playbook
+
+This playbook is used for patching the underlying OSes on the Kasm Workspace servers. It will patch and reboot the servers if needed.
+
+### Ansible Configuration
+
+1. Open `roles/patch_os/vars/main.yml` and update variables if desired.
+
+2. Open `inventory` file and fill in the hostnames / ips for the servers that will be fulfilling the agent, webapp and db roles. 
+
+3. Run the playbook.
+
+    `ansible-playbook -Kk -u [username] -i inventory patch_os.yml`
+
+    Ansible will prompt you for the ssh password and sudo password (will almost always be the same password).
+
+    Or, if you have ssh keys copied over to your servers and have NOPASSWD in sudoers you can just run.
+
+    `ansible-playbook -u [username] -i inventory patch_os.yml`
diff --git a/patch_os.yml b/patch_os.yml
new file mode 100644
index 0000000..78a52af
--- /dev/null
+++ b/patch_os.yml
@@ -0,0 +1,12 @@
+- import_playbook: stop_kasm.yml
+
+- hosts:
+    - db
+    - web
+    - agent
+  roles:
+    - patch_os
+
+- import_playbook: stop_kasm.yml
+
+- import_playbook: start_kasm.yml
diff --git a/restart_kasm.yml b/restart_kasm.yml
index 390951c..a850c9e 100644
--- a/restart_kasm.yml
+++ b/restart_kasm.yml
@@ -1,16 +1,3 @@
-- hosts:
-    - db
-    - web
-    - agent
-  tasks:
-    - name: Stop Kasm Services
-      shell: /opt/kasm/bin/stop
-      register: stop_output
-      changed_when: '"done" in stop_output.stderr'
-      become: true
-    
-    - name: Start Kasm Services 
-      shell: /opt/kasm/bin/start
-      register: start_output
-      changed_when: '"done" in start_output.stderr'
-      become: true
+- import_playbook: stop_kasm.yml
+
+- import_playbook: start_kasm.yml
diff --git a/roles/patch_os/handlers/main.yml b/roles/patch_os/handlers/main.yml
new file mode 100644
index 0000000..e0fdffa
--- /dev/null
+++ b/roles/patch_os/handlers/main.yml
@@ -0,0 +1,5 @@
+
+- name: Reboot server
+  reboot:
+    reboot_timeout: "{{ reboot_timeout_seconds }}"
+  become: true
diff --git a/roles/patch_os/tasks/main.yml b/roles/patch_os/tasks/main.yml
new file mode 100644
index 0000000..8a66d6b
--- /dev/null
+++ b/roles/patch_os/tasks/main.yml
@@ -0,0 +1,17 @@
+
+- name: Update systems with yum package manager
+  yum:
+    name: "*"
+    state: latest
+  notify: Reboot server
+  when:  ansible_pkg_mgr in ("yum", "dnf")
+  become: true
+
+- name: Update system with apt package manager
+  apt:
+    update_cache: yes
+    upgrade: dist
+    autoremove: yes
+  notify: Reboot server
+  when: ansible_pkg_mgr == "apt"
+  become: true
diff --git a/roles/patch_os/vars/main.yml b/roles/patch_os/vars/main.yml
new file mode 100644
index 0000000..30a1061
--- /dev/null
+++ b/roles/patch_os/vars/main.yml
@@ -0,0 +1,3 @@
+# Number of seconds to wait for system to come up after reboot
+# Change this if you have a system that normally takes a long time to boot
+reboot_timeout_seconds: 600
diff --git a/start_kasm.yml b/start_kasm.yml
index 04f6884..95f1da3 100644
--- a/start_kasm.yml
+++ b/start_kasm.yml
@@ -2,6 +2,8 @@
     - db
     - web
     - agent
+  serial: 1
+  gather_facts: no
   tasks:
     - name: Start Kasm Services
       shell: /opt/kasm/bin/start
diff --git a/stop_kasm.yml b/stop_kasm.yml
index a687e52..b66bde3 100644
--- a/stop_kasm.yml
+++ b/stop_kasm.yml
@@ -1,7 +1,9 @@
 - hosts:
-    - db
-    - web
     - agent
+    - web
+    - db
+  serial: 1
+  gather_facts: no
   tasks:
     - name: Stop Kasm Services
       shell: /opt/kasm/bin/stop