Skip to content

C
configuration
Switch branch/tag
Find file
Normal viewHistoryPermalink
check_package_upgrades.yml 4.04 KB
Newer Older
Add script & playbook for reporting on package upgrades
fb37fa19
 
Max Rothman committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 
# Spawn an instance from an AMI and then report if any packages need to be upgraded
#
# Usage:
#   ansible-playbook check_package_upgrades.yml -i localhost, -e 'packages="PKG1 PKG2 ..."' -e 'ami=ami-xxxxxxxx'
#     -e 'key_name=KEY' -e 'security_group=sg-xxxxxxxx' -e 'subnet_id=subnet-xxxxxxxx'
#
# Required arguments:
#   -e 'packages="PKG1 ...": space-separated list of packages to check
#   -e 'ami=ami-xxxxxxxx': AMI ID to use for the instance
#   -e 'key_name=KEY': private ssh key to use for the instance
#   -e 'security_group=sg-xxxxxxxx': security group to use for the instance
#   -e subnet_id=subnet-xxxxxxxx': subnet to use for the instance
#
# Relevant optional arguments:
#  -e 'script_path=PATH': path to the apt_check_upgrades.py script
#  -e 'report_dest_path=PATH': path to which the resulting report will be written.
#  --private-key=PATH_TO_PRIVATE_KEY_FILE: ssh key to use when connecting to the new host
#  -e 'key_name': AWS key to use for the new instance. This key must be available locally
#                 either as an ssh profile or as specified with the above option.
#  -e 'profile=PROFILE': AWS profile to use for AWS API calls
#  -e 'region=REGION': AWS region to make the instance in
#  -e 'security_group_id=sg-xxxxxxxx': security group to attach to the new instance
#  -e 'subnet_id=subnet-xxxxxxxx': subnet to make the new instance in
#  -e 'instance_type=INSTANCE.TYPE': instance type to use

#Get an AMI ID from an E-D-P:
#edc=CHANGEME
#lconfig=$(aws autoscaling describe-auto-scaling-groups |
#  jq -r ".AutoScalingGroups[] | select(.Tags[] | select(.Key == \"Name\").Value == \"$edc\").LaunchConfigurationName")
#if [ $(echo $lconfig | wc -l) -ne 1 ]; then
#  echo "More than 1 ASG found for E-D-P: $edp"
#  exit 1
#else
#  ami=$(aws autoscaling describe-launch-configurations --launch-configuration-names $lconfig |
#    jq -r '.LaunchConfigurations[].ImageId')
#fi

- name: Launch instance for checking packages
  hosts: localhost
  connection: local
  gather_facts: false
  vars:
    ami: !!null
    profile: !!null
    security_group_id: !!null
    subnet_id: !!null
    key_name: !!null
    region: us-east-1
    instance_type: t2.large

  tasks:
    - name: Launch instance
      ec2:
        image: "{{ ami }}"
        instance_type: "{{ instance_type }}"
        profile: "{{ profile }}"
        region: "{{ region }}"
        group_id: "{{ security_group_id }}"
        vpc_subnet_id: "{{ subnet_id }}"
        key_name: "{{ key_name }}"
        volumes:
          - device_name: /dev/sda1
            delete_on_termination: true
            volume_size: 50
        instance_tags:
          Name: temp-package-checker
        wait: yes
Increase timeout for package checker to avoid intermittent failures
3db57b43
 
Max Rothman committed
68 
        wait_timeout: 600
Add script & playbook for reporting on package upgrades
fb37fa19
 
Max Rothman committed
69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 
      register: instance

    - name: Wait for instance to be ready
      wait_for:
        host: "{{ instance.instances.0.private_ip }}"
        port: 22

    - name: Add new instance to host group
      add_host:
        hostname: "{{ instance.instances.0.private_ip }}"
        id: "{{ instance.instances.0.id }}"
        groups: instance_group
        ansible_ssh_user: ubuntu


- name: Check for package upgrades
  hosts: instance_group
  become: true
  vars:
    packages: !!null
    script_path: ./apt_check_upgrades.py
    report_dest_path: .
  tasks:
    - name: Update apt cache
      apt:
        update_cache: yes

    - name: Install pyyaml to allow for yaml script output
      pip:
        name: pyyaml
        state: present

    - name: Transfer package-checking script
      copy:
        src: "{{ script_path }}"
        dest: /tmp/apt_check_upgrades.py
        mode: 0700

    - name: Run package-checking script
      shell: /tmp/apt_check_upgrades.py -y {{ packages }} > /tmp/upgrade_results.yml

    - name: Retrieve results
      fetch:
        src: /tmp/upgrade_results.yml
        dest: "{{ report_dest_path}}"
        flat: true

- name: Clean up instance
  hosts: localhost
  connection: local
  vars:
    region: us-east-1
  tasks:
    - name: Terminate instance
      ec2:
        state: absent
        instance_ids: "{{ hostvars[groups.instance_group.0].id }}"
        region: "{{ region }}"