ansible playbok to maintain remote servers
Karl Auer
kauer at biplane.com.au
Mon Jan 9 11:47:05 UTC 2023
On Mon, 2023-01-09 at 08:36 +0100, robert rottermann wrote:
> I am maintaining some 20 servers on diverse provider environments
> (hetzner, amazon).
> Now I intend to create an ansible playbook to help me to maintain
> them.
>
> what it should do for most of them:
>
> - apt update
> - apt upgrade
> - apt autoremove
> - reboot if necessary
>
> Now my questions:
>
> - is that a good idea, or a risky one?
Honestly? Don't update or upgrade servers automatically, unless you can
also automate checking that the upgrades worked AND automate rollback
if they did not AND you are OK with an interruption if something fails.
All this is doubly true if there is anything even slightly out of the
ordinary being served by them.
It *is* OK IMHO to automatically apply security upgrades, because the
risk of loss through an unpatched server is unquantifiable and thus
must be ranked higher than than the risk of loss through a temporarily
dead or unavailable server.
A middle ground is to clone, update, upgrade and if all went well,
repeat the update and upgrade on the original.
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
GPG fingerprint: 61A0 99A9 8823 3A75 871E 5D90 BADB B237 260C 9C58
Old fingerprint: 2561 E9EC D868 E73C 8AF1 49CF EE50 4B1D CCA1 5170
More information about the ubuntu-users
mailing list