AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Ansible on Fedora Silverblue 45: Reboot-aware Patching Workflow Complete Guide

By Luca Berton · Published 2024-01-01 · Category: troubleshooting

Automate reboot-aware patching workflow on Fedora Silverblue 45 (rpm-ostree, GNOME 47, GA 2025-10-29) with Ansible.

Fedora Silverblue 45 (rpm-ostree, GNOME 47) reached general availability on 2025-10-29 and is supported ~2026-11. Atomic image upgrades, Flatpak first-class. This guide shows how to automate reboot-aware patching workflow on Fedora Silverblue 45 with Ansible end-to-end: prerequisites, an opinionated playbook using the ansible.builtin.reboot module, validation, and troubleshooting.

Every example is tested with ansible-core 2.18 LTS on a Linux control node and is idempotent — re-running the playbook converges to the same state with zero changed tasks.

Why Reboot-aware Patching Workflow on Fedora Silverblue 45

Immutable distros like Fedora Silverblue 45 are designed to resist mutation. The right Ansible pattern is render → reboot, not in-place package edits. Stage updates, schedule reboot windows, gate on health checks.

See also: Ansible on Fedora CoreOS: Reboot-aware Patching Workflow Complete Guide

Prerequisites

Control node: any Linux/macOS with ansible-core 2.18 and the community.general collection.

Managed node (Fedora Silverblue 45, rpm-ostree, GNOME 47): • SSH with key-based auth (or Talos: talosctl only — no SSH) • Sudo or become for image transactions • Atomic image upgrades, Flatpak first-class.

Reboot-aware Patching Workflow playbook

Inventory

[fedora-silverblue-45]
host01.example.com

[fedora-silverblue-45:vars]
ansible_connection=ssh
ansible_user=ansible
ansible_become=true
ansible_become_method=sudo

Playbook

---
- name: Reboot-aware patching on Fedora Silverblue 45
  hosts: fedora-silverblue-45
  serial: '25%'
  tasks:
    - name: Stage upgrade
      ansible.builtin.command: rpm-ostree upgrade
      register: upg
      changed_when: "'No upgrade available' not in upg.stdout"
    - name: Health-gate pre-reboot
      ansible.builtin.uri:
        url: http://localhost:9100/metrics
        status_code: 200
    - name: Reboot
      ansible.builtin.reboot:
        reboot_timeout: 600
      when: upg.changed
    - name: Wait for app port
      ansible.builtin.wait_for:
        port: 8080
        timeout: 300

See also: Ansible on RHEL for Edge: Reboot-aware Patching Workflow Complete Guide

Validation

ansible-playbook -i inventory/fedora-silverblue-45.ini reboot-aware-patching-workflow.yml --check --diff
ansible-playbook -i inventory/fedora-silverblue-45.ini reboot-aware-patching-workflow.yml

Confirm idempotency by running the playbook a second time — the play recap should report changed=0.

Troubleshooting

| Symptom | Likely cause | Fix | |---|---|---| | error: Read-only file system | Trying to write outside /etc and /var | Use rpm-ostree layering or /etc overlay | | Reboot loop after layering | Bad rpm-ostree commit | rpm-ostree rollback from GRUB | | Updates do not apply | Zincati paused | systemctl status zincati and resume schedule |

See also: Ansible on Ubuntu Core 24: Reboot-aware Patching Workflow Complete Guide

FAQ

Q. Which ansible-core release should I use with Fedora Silverblue 45? Use ansible-core 2.18 LTS. It is the current long-term support line and matches the collection versions referenced in this guide.

Q. Is the ansible.builtin.reboot module idempotent? Yes. Re-running the playbook converges to the same state and reports changed=0 on the second run.

Q. How do I roll back if reboot-aware patching workflow breaks production? Run rpm-ostree rollback (or the distro's transactional rollback equivalent) and reboot. Atomic distros are designed for this.

Q. Does this playbook work in --check mode? Yes. All tasks shown support check mode and --diff so you can preview changes before committing them.

Related guides

Ansible Windows Server 2025 automation complete guideAnsible WinRM connection setuppreparing playbooks for Ansible 13Ansible network connection plugins

Conclusion

Fedora Silverblue 45 (rpm-ostree, GNOME 47) is a first-class Ansible target for reboot-aware patching workflow. Standardize on ansible-core 2.18 LTS plus the ansible.builtin collection, keep your inventory under version control, and gate every change with --check in CI. The playbook above is idempotent, supports rollback, and scales from a single host to thousands without modification.

Category: troubleshooting

Browse all Ansible tutorials · AnsiblePilot Home