Ansible Rolling Update: Upgrade RHEL/CentOS Packages Safely (Playbook) — Video Tutorial

How to perform the rolling updates with Ansible in RedHat-like systems? I'm going to show you a live Playbook with some simple Ansible code. I'm Luca Berton and welcome to today's episode of Ansible Pilot Ansible rolling update packages in RedHat-like systems Today we're talking about rolling updates in RedHat-like systems using Ansible module yum and DNF. We already talked about these modules for installing packages but we would like to consider another use case. Both manage packages with the yum/DNF package manager. Parameters - `name` _string_ - `state` _string_ - `update_cache` _boolean_ - `bugfix` _boolean_ - `security` _boolean_ The parameter list is pretty wide but today we are focus on these four options for our use case. In the name could be a package or we could select all the packages of the system with the "\*" star symbol. The state for this case needs to be "latest" so we target the latest version for every package. The "update_cache" is useful to forces the update of repository metadata before the installation, default no. Other very interesting options are "bugfix" and "security" which allow you to update only packages marked as bugfix or security-related Demo Let's jump in a real-life Playbook to rolling update in RedHat-like systems with Ansible Playbook. * _yum.yml_ ```yaml --- - name: rolling update Playbook hosts: all become: true tasks: - name: ensure pkg updated ansible.builtin.yum: name: nginx state: latest update_cache: true ``` - _yum-system.yml_ ```yaml --- - name: rolling update Playbook hosts: all become: true tasks: - name: ensure system updated ansible.builtin.yum: name: "*" state: latest update_cache: true ``` [code with ❤️ in GitHub](https://github.com/lucab85/ansible-pilot/tree/master/rolling%20update%20RedHat-like%20systems) Conclusion Now you know how to perform Rolling Update in RedHat-like systems. What is a Rolling Update? A rolling update upgrades servers **one at a time** (or in small batches) instead of all at once. This ensures: - **Zero downtime** — some servers are always running - **Quick rollback** — stop the update if problems appear - **Controlled risk** — test changes on a few servers first Complete Rolling Update Playbook ```yaml --- - name: Rolling update for web servers hosts: webservers serial: 1 # Update one server at a time max_fail_percentage: 0 # Stop if ANY server fails become: true pre_tasks: - name: Remove from load balancer ansible.builtin.uri: url: "http://lb.example.com/api/servers/{{ inventory_hostname }}/disable" method: POST delegate_to: localhost - name: Wait for connections to drain ansible.builtin.wait_for: timeout: 30 tasks: - name: Update all packages ansible.builtin.yum: name: '*' state: latest update_cache: true register: update_result - name: Show updated pa