Ansible - How to patch systems in an order and based on the operating system?

Question

I have dynmaic inventory which has 10 nodes. 8 of them are RedHat and 2 of them are Ubuntu. The hosts are in random order.

I want to write a playbook so that it will patch the Ubuntu node at last after all the RedHat node are patched first. Instead of manipulating the inventory, how can I write a playbook for it?

I have written a playbook but it doesn’t work.

Answer 1

You may have a look into Conditionals based on ansible_facts and the following minimal example playbooks options.

1.)

---
- hosts: all
  become: true
  gather_facts: true

  tasks:

  - name: Upgrade all packages
    ansible.builtin.dnf:
      name: "*"
      state: latest
    when: ansible_facts['os_family'] == "RedHat"

  - name: Update all packages to their latest version
    ansible.builtin.apt:
      name: "*"
      state: latest
    when: ansible_facts['os_family'] == "Debian"

Documentation

• Conditionals based on ansible_facts
• dnf module – Manages packages with the dnf package manager
• apt module – Manages apt-packages

2.)

Depending if groups are used

---
- name: Update RedHat-based systems
  hosts: redhat
  become: true
  gather_facts: false

  tasks:

  - name: Upgrade all packages
    ansible.builtin.dnf:
      name: "*"
      state: latest
  
- name: Update Debian-based systems
  hosts: ubuntu
  become: true
  gather_facts: false

  tasks:

  - name: Upgrade all packages
    ansible.builtin.dnf:
      name: "*"
      state: latest

Documentation

• Inventory basics: formats, hosts, and groups
• Playbook execution

3.)

---
- hosts: all
  become: true
  gather_facts: false

  tasks:

  - name: Include task list in play
    ansible.builtin.import_tasks: redhat_updates.yml

  - name: Include task list in play
    ansible.builtin.import_tasks: ubuntu_updates.yml

---
- hosts: all
  become: true
  gather_facts: true

  tasks:

  - name: Include task list in play
    ansible.builtin.include_tasks: "{{ ansible_facts['os_family'] }}.yaml"

  - name: Include task list in play
    ansible.builtin.include_tasks: "{{ ansible_facts['os_family'] }}.yaml"

Documentation

• import_tasks module – Import a task list
• include_tasks module – Dynamically include a task list
• What's the difference between include_tasks and import_tasks?

---

... and many more options to structure the upgrade process.