Ansible Rolling Update Debian/Ubuntu: apt Module Guide (Examples)
By Luca Berton · Published 2024-01-01 · Category: installation
How to perform rolling updates on Debian and Ubuntu with Ansible apt module. Update packages, handle reboots, and manage serial deployments with examples.
How to perform Rolling Update with Ansible in Debian-like systems?
I'm going to show you a live Playbook and some simple Ansible code. I'm Luca Berton and welcome to today's episode of Ansible Pilot
Ansible Rolling Update packages in Debian-like systems
Today we're talking about rolling updates on Debian-like systems using Ansible module apt.
We already talked about this module for installing packages but we would like to consider another use case.
This module allows you to manage packages with the apt package manager.
Parameters • name _string_ • state _string_ • update_cache _boolean_ • upgrade _no/safe/full/dist_
The parameter list is pretty wide but today we are focus on these four options for our use case.
The "name" parameter could be a package or we could select all the packages of the system with the "\*" star symbol.
The state for this case needs to be "latest" so we target the latest version for every package.
The "update_cache" is useful to forces the update of repository metadata before the installation.
Another useful option is "upgrade" with four alternatives: • default is a no, • if safe, performs an aptitude safe-upgrade, • if full, performs an aptitude full-upgrade, • if dist performs an apt-get dist-upgrade.
Demo
Let's jump in a real-life Playbook of Rolling Update on Debian-like systems with Ansible Playbook. • apt-nginx.yml • apt-system.yml
Conclusion
Now you know better how to troubleshoot the most common Ansible error about privilege escalation.
Complete Rolling Update Playbook for Debian/Ubuntu
Security-Only Updates
Alternative using unattended-upgrades:
Hold Packages (Prevent Upgrades)
Upgrade Type Comparison
| upgrade value | apt equivalent | Description | |-----------------|---------------|-------------| | dist | apt dist-upgrade | Smart upgrade, handles dependencies | | full | apt full-upgrade | Same as dist (alias) | | safe | apt upgrade | Conservative, won't remove packages | | yes | apt upgrade | Same as safe |
FAQ
How do I check what will be updated without applying?
How do I handle "dpkg lock" during updates?
What's /var/run/reboot-required?
Ubuntu/Debian create this file when a kernel or critical library update requires a reboot. Checking it is the standard way to determine if a reboot is needed after updates.
Update All Packages
Rolling Update Strategy
Security Updates Only
Install Specific Packages
Autoremove and Clean
Hold Package Version
Batch Updates with Reporting
apt Module Parameters
| Parameter | Description | |-----------|-------------| | name | Package name(s) | | state | present, absent, latest, fixed | | update_cache | Run apt update first | | cache_valid_time | Skip update if recent (seconds) | | upgrade | yes, safe, full, dist | | autoremove | Remove unused deps | | deb | Install from .deb file | | default_release | Target release | | force_apt_get | Use apt-get instead of aptitude |
FAQ
upgrade: safe vs dist vs full? • safe: Only upgrades that don't remove packages • dist: Handles changing dependencies (recommended) • full: Like dist but more aggressive
How do I handle kernel updates that need reboots?
Check /var/run/reboot-required after updates and reboot with the reboot module in a rolling fashion.
Can I roll back an update?
apt doesn't have built-in rollback. Use snapshots (LVM/VM) before updates, or pin specific versions.
Related Articles • Ansible Nginx Guide • Ansible Become Guide
Category: installation
Watch the video: Ansible Rolling Update Debian/Ubuntu: apt Module Guide (Examples) — Video Tutorial