KASM-1922 Create playbook for patching the OS on kasm systems.

README.md

@@ -126,3 +126,23 @@ This playbook can be used to backup the Kasm Workspaces database to a location o
     Or, if you have ssh keys copied over to your servers and have NOPASSWD in sudoers you can just run.
 
     `ansible-playbook -u [username] -i inventory backup_db.yml`
+
+## OS Patching Playbook
+
+This playbook is used for patching the underlying OSes on the Kasm Workspace servers. It will patch and reboot the servers if needed.
+
+### Ansible Configuration
+
+1. Open `roles/patch_os/vars/main.yml` and update variables if desired.
+
+2. Open `inventory` file and fill in the hostnames / ips for the servers that will be fulfilling the agent, webapp and db roles. 
+
+3. Run the playbook.
+
+    `ansible-playbook -Kk -u [username] -i inventory patch_os.yml`
+
+    Ansible will prompt you for the ssh password and sudo password (will almost always be the same password).
+
+    Or, if you have ssh keys copied over to your servers and have NOPASSWD in sudoers you can just run.
+
+    `ansible-playbook -u [username] -i inventory patch_os.yml`

patch_os.yml

@@ -0,0 +1,12 @@
+- import_playbook: stop_kasm.yml
+
+- hosts:
+    - db
+    - web
+    - agent
+  roles:
+    - patch_os
+
+- import_playbook: stop_kasm.yml
+
+- import_playbook: start_kasm.yml

restart_kasm.yml

@@ -1,16 +1,3 @@
-- hosts:
+- import_playbook: stop_kasm.yml
-    - db
+
-    - web
+- import_playbook: start_kasm.yml
-    - agent
-  tasks:
-    - name: Stop Kasm Services
-      shell: /opt/kasm/bin/stop
-      register: stop_output
-      changed_when: '"done" in stop_output.stderr'
-      become: true
-    
-    - name: Start Kasm Services 
-      shell: /opt/kasm/bin/start
-      register: start_output
-      changed_when: '"done" in start_output.stderr'
-      become: true

roles/patch_os/handlers/main.yml

@@ -0,0 +1,5 @@
+
+- name: Reboot server
+  reboot:
+    reboot_timeout: "{{ reboot_timeout_seconds }}"
+  become: true

roles/patch_os/tasks/main.yml

@@ -0,0 +1,17 @@
+
+- name: Update systems with yum package manager
+  yum:
+    name: "*"
+    state: latest
+  notify: Reboot server
+  when:  ansible_pkg_mgr in ("yum", "dnf")
+  become: true
+
+- name: Update system with apt package manager
+  apt:
+    update_cache: yes
+    upgrade: dist
+    autoremove: yes
+  notify: Reboot server
+  when: ansible_pkg_mgr == "apt"
+  become: true

roles/patch_os/vars/main.yml

@@ -0,0 +1,3 @@
+# Number of seconds to wait for system to come up after reboot
+# Change this if you have a system that normally takes a long time to boot
+reboot_timeout_seconds: 600

start_kasm.yml

@@ -2,6 +2,8 @@
     - db
     - web
     - agent
+  serial: 1
+  gather_facts: no
   tasks:
     - name: Start Kasm Services
       shell: /opt/kasm/bin/start

stop_kasm.yml

@@ -1,7 +1,9 @@
 - hosts:
-    - db
-    - web
     - agent
+    - web
+    - db
+  serial: 1
+  gather_facts: no
   tasks:
     - name: Stop Kasm Services
       shell: /opt/kasm/bin/stop