Having been a sysadmin professionally for 20+ years, and realising recently that my HomeLab has reached about 60 devices that needed their updates managing, I decided to do something about it.
So I've automated that process using Zabbix for the alerting, and Ansible for the heavy lifting. Strapped together with a few bash scripts.
The instructions for this can be found here:
https://gadg3ts.com/automatically-up...le-and-zabbix/
There's an accompanying github repo that has all the scripts and Zabbix template.
I've not reproduced the content here because it's quite long and has a number of pictures.
Plus, then there's only one place I need to update content for.
It's not a completely "from scratch" tutorial, as it does assume you've already set up Zabbix and Ansible.
Basically, it uses the apt-check Ubuntu package to determine whether a machine has standard or security updates.
If it does, that then uses a Zabbix trigger which adds that hostname into a 'queue' file in /tmp (because then you don't have to compromise your Zabbix system security by changing ownership or permissions of the Zabbix user/process).
At a regular interval (currently determined by a crontab entry), another script reads the top entry from the queue file and (in my case) calls an Ansible script on another machine that goes off and runs a sequence of apt commands.
This will then send you an email notifying you of success or failure.
Finally, removing that entry from the queue file.
The basic principle can also be adapted to do whatever you need - as long as you have something that can generate a trigger, that trigger can go off and do whatever you need it to as Ansible itself is proving itself remarkably useful and extensible.
I hope this helps some of you as much as it is helping me.
After having it running for a couple of months now, it turns out that the main culprits for updates not running smoothly in my environment are those from elasticsearch. So it has also given me better visibility of that sort of thing.
Happy to answer any questions on here or via the blog comments.
Sean
So I've automated that process using Zabbix for the alerting, and Ansible for the heavy lifting. Strapped together with a few bash scripts.
The instructions for this can be found here:
https://gadg3ts.com/automatically-up...le-and-zabbix/
There's an accompanying github repo that has all the scripts and Zabbix template.
I've not reproduced the content here because it's quite long and has a number of pictures.
Plus, then there's only one place I need to update content for.
It's not a completely "from scratch" tutorial, as it does assume you've already set up Zabbix and Ansible.
Basically, it uses the apt-check Ubuntu package to determine whether a machine has standard or security updates.
If it does, that then uses a Zabbix trigger which adds that hostname into a 'queue' file in /tmp (because then you don't have to compromise your Zabbix system security by changing ownership or permissions of the Zabbix user/process).
At a regular interval (currently determined by a crontab entry), another script reads the top entry from the queue file and (in my case) calls an Ansible script on another machine that goes off and runs a sequence of apt commands.
This will then send you an email notifying you of success or failure.
Finally, removing that entry from the queue file.
The basic principle can also be adapted to do whatever you need - as long as you have something that can generate a trigger, that trigger can go off and do whatever you need it to as Ansible itself is proving itself remarkably useful and extensible.
I hope this helps some of you as much as it is helping me.
After having it running for a couple of months now, it turns out that the main culprits for updates not running smoothly in my environment are those from elasticsearch. So it has also given me better visibility of that sort of thing.
Happy to answer any questions on here or via the blog comments.
Sean