Hello All,

How can I automate the security patching process routine for 100+ machine's 
using ansible whats the best the way to do it, I am not completely new to 
ansible but could not find a good solution on my research for how to patch 
machines
I wanted to test security patches in lower environments first and later in 
production environments, consider it like the patching routine is not a one 
day job I am looking for.
we will have Qualys report to say which host need patch update.

any help with the below process

   1. I will parse the Qualys report pdf and fetch the list of host 
   ip's (this includes integration staging and production env)
   2. Based on the patch report I would like to patch first in lower 
   environments (want to know which patches need's restart at first later this 
   will be helpful for production)
   for rolling upgrade, I am planning to use 
   this 
http://docs.ansible.com/ansible/devel/user_guide/playbooks_delegation.html
   3. If anyone knows about this step will be helpful (please skip if not 
   relevant to this group)
   want to bake AMI with the patch and do a rolling upgrade using the 
   packer https://www.packer.io/  (is it the best way )
   4. How can I segregate the patching routine to lower and upper 
   environments
   5. before applying any patch, check if the patch already exits or not 
   and then proceed with the patch.

what is the best way of doing the patch management routine using ansible, 
please point me to any documentation or any suggestions.
please feel free to correct my above steps if anything requires more 
knowledge for me.

regards,
sreenivas. 



-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-devel+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to