Mateusz Suski
35e6b139fc
ci / validate (push) Failing after 1m8s
Rework portfolio around Linux operations, Zabbix monitoring, migration validation, and ELK/Grafana log observability. Add AAP-style LVM resize workflow, Zabbix server/proxy/agent automation assets, Linux/AIX monitoring templates, and updated validation CI.
46 lines
1.4 KiB
Markdown
46 lines
1.4 KiB
Markdown
# Patching Role
|
|
|
|
Apply security patches and OS updates to enterprise infrastructure nodes.
|
|
|
|
## Features
|
|
|
|
- **Idempotent**: Properly checks for changes with `changed_when`
|
|
- **Patch Window**: Optional enforcement of patch time windows
|
|
- **Pre-patch Backup**: Backs up package list before patching
|
|
- **Smart Reboot**: Automatically detects if reboot is required
|
|
- **Service Restart**: Restarts only necessary services after patching
|
|
- **Health Checks**: Verifies services and runs health endpoint checks
|
|
|
|
## Role Variables
|
|
|
|
See `defaults/main.yml` for all available variables.
|
|
|
|
### Key Variables
|
|
|
|
- `patch_window_start`: Patch window start time (default: 02:00)
|
|
- `patch_window_end`: Patch window end time (default: 04:00)
|
|
- `enforce_patch_window`: Enforce patch time window (default: true)
|
|
- `patch_security_only`: Apply security updates only (default: true)
|
|
- `backup_before_patch`: Create backup before patching (default: true)
|
|
- `reboot_if_required`: Auto-reboot if required (default: false)
|
|
- `services_to_restart`: Services to restart after patching
|
|
- `critical_services`: Critical services to verify after patching
|
|
|
|
## Usage
|
|
|
|
```yaml
|
|
- role: patching
|
|
vars:
|
|
patch_security_only: true
|
|
enforce_patch_window: false
|
|
reboot_if_required: true
|
|
```
|
|
|
|
## Report
|
|
|
|
Patch report is generated at: `/var/log/patch_report_<timestamp>.log`
|
|
|
|
## Backup Location
|
|
|
|
Pre-patch backups saved to: `/var/backups/pre-patch-<timestamp>/`
|