With much help from others on the Internet, I’ve set up a script to automate the updating of my important Linux hosts.
This is run from my Windows 10 WSL 2 instance using Kali-Linux.
The first step is to make sure that you can talk to your target host via SSH without the need of a password. See this post for more on that.
Once that is done, you have to install Ansible on your hosts (there are numerous guides on doing that) and configure Ansible on the host you are going to work from.
As an example, here is an outtake from my /etc/ansible/hosts file. Note that these are only my change in groups:
[servers] endor dantooine kessel hoth [iot] clockpi yavin [wsl] corellia:2222
…note the entry under “wsl“; this is a way to use an alternate port for Ansible to use (in my case, an alternate port for SSH on that target host). Note that you must be able to reference these hosts by their host names (although, you could use the host IPs instead). I do that by modifying my hosts file under Windows 10 (which then gets updated on WSL at boot).
I don’t need to modify the /etc/ansible/ansible.cfg file, as I’ve been able to keep any changes I need in my playbook file.
A playbook file for Ansible is essentially a recipe for Ansible to follow written in Yet Another Markup Language (YAML). Here is my playbook file for updating all Linux hosts I care about. Included in this is WSL itself, as well as one KVM Virtual Machine (VM):
- hosts: all
user: root
gather_facts: True
vars:
ansible_python_interpreter: /usr/bin/python3
tasks:
- name: Update and upgrade CentOS and Red Hat machines...
# ...this is a 'brute force' way to do it...dnf module is preffered (but offers no '--nobest')
#warn: false
#shell: 'dnf upgrade --nobest -y'
dnf:
state: latest
skip_broken: True
update_cache: True
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
- name: Update and upgrade Debian and Ubuntu machines...
apt:
upgrade: yes
update_cache: yes
cache_valid_time: 86400
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- name: Update and upgrade Windows WSL Kali distro...
apt:
upgrade: yes
update_cache: yes
cache_valid_time: 86400
when: ansible_distribution == 'Kali GNU/Linux'
- name: Clean up leftover packages on CentOS and Red Hat machines...
dnf:
autoremove: True
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
- name: Clean up leftover packages on Debian and Ubuntu machines...
apt:
autoremove: True
purge: True
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- name: Clean up leftover packages on WSL Kali distro...
apt:
autoremove: True
purge: True
when: ansible_distribution == 'Kali GNU/Linux'
Some notes on this file and its structure:
- Using the “when:” statements, I am able to apply actions to hosts based on their Linux distribution
- There are two steps to my update process; update to the latest and greatest, and then later, auto remove unused packages
- I am explicitly telling Ansible to “gather_facts:“, although it should do that be default. This is important to determine the distribution (distro) I am targeting.
- I am still deciding if I need to shell dnf explicitly with a “–nobest” call. Thanks, Docker.
Ansible can be used for a dizzying array of things. Once it is set up and you understand it (including the power involved, especially the old UNIX no-no running as root), Ansible is a great way to deploy packages, check system information and do just about anything you can think of using SSH and some others.
I have this script in my crontab. We will see how that works out.