knowledge base


Ansible & Aptly

Linux Update Rollout

1. ll /data/.aptly/public/dists/trusty/main/ total 55156 drwxr-xr-x 4 root root 4096 Nov 15 10:49 ./ drwxr-xr-x 3 root root 4096 Nov 15 10:49 ../ drwxr-xr-x 2 root root 4096 Nov 15 10:49 binary-amd64/ drwxr-xr-x 2 root root 4096 Nov 15 10:49 binary-i386/ -rw-r--r-- 1 root root 28199767 Nov 15 10:33 Contents-amd64.gz -rw-r--r-- 1 root root 28258646 Nov 15 10:33 Contents-i386.gz 2. aptly mirror list List of mirrors: * [trusty-main]: http://archive.ubuntu.com/ubuntu/ trusty * [trusty-security]: http://security.ubuntu.com/ubuntu/ trusty-security * [trusty-updates]: http://archive.ubuntu.com/ubuntu/ trusty-updates * [ubuntu-16.04-main]: http://archive.ubuntu.com/ubuntu/ xenial * [ubuntu-16.04-security]: http://security.ubuntu.com/ubuntu/ xenial-security * [ubuntu-16.04-updates]: http://archive.ubuntu.com/ubuntu/ xenial-updates 3. aptly snapshot list List of snapshots: * [trusty-main-20171115]: Snapshot from mirror [trusty-main]: http://archive.ubuntu.com/ubuntu/ trusty * [trusty-security-20171115]: Snapshot from mirror [trusty-security]: http://security.ubuntu.com/ubuntu/ trusty-security * [ubuntu-16.04-main-20171115]: Snapshot from mirror [ubuntu-16.04-main]: http://archive.ubuntu.com/ubuntu/ xenial * [ubuntu-16.04-security-20171115]: Snapshot from mirror [ubuntu-16.04-security]: http://security.ubuntu.com/ubuntu/ xenial-security 4. aptly snapshot create trusty-main-20180120 from mirror trusty-main Snapshot trusty-main-20180120 successfully created. 5. aptly snapshot create trusty-security-20180120 from mirror trusty-security Snapshot trusty-security-20180120 successfully created. 6. aptly snapshot create ubuntu-16.04-main-20180120 from mirror ubuntu-16.04-main Snapshot ubuntu-16.04-main-20180120 successfully created. 7. aptly snapshot create ubuntu-16.04-security-20180120 from mirror ubuntu-16.04-security Snapshot ubuntu-16.04-security-20180120 successfully created. 8. aptly snapshot list List of snapshots: * [trusty-main-20171115]: Snapshot from mirror [trusty-main]: http://archive.ubuntu.com/ubuntu/ trusty * [trusty-main-20180120]: Snapshot from mirror [trusty-main]: http://archive.ubuntu.com/ubuntu/ trusty * [trusty-security-20171115]: Snapshot from mirror [trusty-security]: http://security.ubuntu.com/ubuntu/ trusty-security * [trusty-security-20180120]: Snapshot from mirror [trusty-security]: http://security.ubuntu.com/ubuntu/ trusty-security * [ubuntu-16.04-main-20171115]: Snapshot from mirror [ubuntu-16.04-main]: http://archive.ubuntu.com/ubuntu/ xenial * [ubuntu-16.04-main-20180120]: Snapshot from mirror [ubuntu-16.04-main]: http://archive.ubuntu.com/ubuntu/ xenial * [ubuntu-16.04-security-20171115]: Snapshot from mirror [ubuntu-16.04-security]: http://security.ubuntu.com/ubuntu/ xenial-security * [ubuntu-16.04-security-20180120]: Snapshot from mirror [ubuntu-16.04-security]: http://security.ubuntu.com/ubuntu/ xenial-security 6. aptly snapshot verify trusty-security-20180120 Loading packages... Verifying... Missing dependencies (3404): accountsservice (>= 0.6.34) [amd64] . zlib1g-dev [i386] 7. Austauschen der published Snapshots Ersetzt den unter [Distribution] gepublishten Snapshot durch [Neuer Snapshot]. Wenn der Unterschied zwischen altem und neuem Snapshot nicht zu gross ist, lauft dieser Befehl wesentlich schneller ab als das Veroeffentlichen eines neuen Snapshots. Syntax: aptly publish switch [Distribution] [Neuer Snapshot] aptly publish switch trusty trusty-main-20180120 aptly publish switch trusty-security trusty-security-20180120 aptly publish switch xenial ubuntu-16.04-main-20180120 aptly publish switch xenial-security ubuntu-16.04-security-20180120 Ein gepublishter Snapshot wird unter /data/.aptly/public/ angelegt. aptly publish switch xenial-security ubuntu-16.04-security-20180120 Loading packages... Generating metadata files and linking package files... 4395 / 7023 [=======================================>-----------------------] 62.58% 9m39s Finalizing metadata files... Signing file 'Release' with gpg, please enter your passphrase when prompted: You need a passphrase to unlock the secret key for user: "sshmgmt (Repo) " 4096-bit RSA key, ID 01234ABCD, created 2018-01-20 gpg: gpg-agent is not available in this session Clearsigning file 'Release' with gpg, please enter your passphrase when prompted: Cleaning up prefix "." components main... Publish for snapshot ./xenial-security [amd64, i386] publishes {main: [ubuntu-16.04-security-20180120]: Snapshot from mirror [ubuntu-16.04-security]: http://security.ubuntu.com/ubuntu/ xenial-security} has been successfully switched to new snapshot. aptly publish snapshot trusty-main-20180120 aptly publish snapshot trusty-security-20180120 aptly publish snapshot ubuntu-16.04-main-20180120 aptly publish snapshot ubuntu-16.04-security-20180120 8. cat /etc/hosts 10.10.10.1 server01.domain.de server01 10.10.10.2 server02.domain.de server02 10.10.10.3 server03.domain.de server03 9. List Hosts su sshmgmt - sshmgmt@linuxserver:~$ ansible --list-hosts PRE-Ubuntu hosts (3): server01 server02 server03 cat /etc/ansible/hosts [PRE-Ubuntu :children] PRE-Ubuntu-14.04 PRE-Ubuntu-16.04 [PRE-Ubuntu-14.04] server01 [PRE-Ubuntu-16.04] server02 server03 10. Pruefung der Softwareverteilung: cd /data/ansible ./softwarefinder.sh Nachfolgend wird folgende Anweisung ausgefuehrt: ansible-playbook /data/ansible/softwarefinder.yml --extra-vars "software=$input" ...u.s.w. Mit "aptly graph" kann man sich ein Diagramm aller Mirrors, Snapshots und veroeffentlichter Repositorys erstellen lassen. Diesen kann man dann auf seinen Rechner uebertragen (z.B. mit WinSCP) und anschauen: aptly graph -format="png" -output="/data/ansible/.png" 11. Verwerfen von verwaisten Snapshots aptly snapshot drop trusty-main-20171115 aptly snapshot drop trusty-security-20171115 aptly snapshot drop ubuntu-16.04-main-20171115 aptly snapshot drop ubuntu-16.04-security-20171115 12. Playbooks sind Scripte, die aus ansible-Befehlen bestehen und von ansible ausgefuehrt werden koennen. Mit ihnen lassen sich ganze Prozesse automatisieren. Playbooks sind normalerweise Textdokumente mit der Endung .yml. Ein Playbook enthaelt mehrere Bloecke, sogenannte Plays, und in jedem Play werden ein oder mehrere ansible-Befehle, auch tasks genannt, ausgefuehrt. Das Script cleanboot.sh wird ausgefuehrt: sudo su - su - sshmgmt ssh-agent /bin/bash ssh-add cd /ansible ./cleanboot.sh PRE-Ubuntu Linux Serversysteme patchen: cd /ansible ./startupgrade_seconly.sh PRE-Ubuntu 13. Errorlog tail /var/log/ansible.log 14. dediziert Systempatchlevel pruefen: uname -a Linux linuxserver 4.4.0-81-generic #104-Ubuntu SMP Wed Jun 20 16:08:00 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 16.04.2 LTS Release: 16.04 Codename: xenial alternativ: cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=16.04 DISTRIB_CODENAME=xenial DISTRIB_DESCRIPTION="Ubuntu 16.04.2 LTS"
Sonstiges zum Thema ssh, ansible und aptly. Liste der gpg-Keys: gpg --list-keys gpg --list-sigs ssh-keygen -f "/home/sshmgmt/.ssh/known_hosts" -R server03
ansible --list-hosts all hosts (3): server01 server02 server03
ansible server03 -m shell -a "df -h | grep boot" Enter passphrase for key '/home/sshmgmt/.ssh/id_rsa': server03 | SUCCESS | rc=0 >> /dev/sda1 180M 114M 58M 67% /boot
ansible PRE-Ubuntu -m shell -a "df -h | grep boot"
cat /var/log/aptly.log 20-01-2018 00:09:20: Update trusty-main successful. 20-01-2018 00:11:07: Update trusty-security successful. 20-01-2018 00:11:40: Update trusty-updates successful. 20-01-2018 00:14:07: Update ubuntu-16.04-main successful. 20-01-2018 00:15:47: Update ubuntu-16.04-security successful. 20-01-2018 00:16:36: Update ubuntu-16.04-updates successful.
apt-key list /etc/apt/trusted.gpg