Post

Automated Updates Management on Proxmox with Ansible

Posted Updated
By zp-4 3 min read

Automated Updates Management on Proxmox with Ansible

In this comprehensive guide, we’ll explore an efficient approach to automate updates for your virtual machines (VMs) and containers (CTs) on a Proxmox infrastructure using Ansible. This method will help you centralize and simplify update management while enhancing the security and stability of your environment.

Introduction

Keeping your VMs and CTs up-to-date is crucial for maintaining a secure and efficient infrastructure. By leveraging Ansible on Proxmox, you can automate this process, ensuring consistent and timely updates across your entire environment.

Prerequisites

  • Proxmox VE 7.0 or later
  • Basic knowledge of Linux command line and SSH
  • Familiarity with Proxmox administration
  • Understanding of Ansible concepts

Creating and Configuring an Ansible Container on Proxmox

  1. Create an LXC Container:
    • Log into the Proxmox web interface
    • Click on “Create CT”
    • Set the following parameters:
      • Hostname: ansible-controller (or your preferred name)
      • Template: Choose a Debian-based template (e.g., Debian 11)
      • Disk: Allocate at least 10 GB
      • CPU: 1-2 cores
      • RAM: 512 MB to 1 GB
    • Configure networking (static IP or DHCP)
    • Start the container
  2. Access the Container:
    • Use SSH or the Proxmox console to access the container
  3. Update the Container:
    1

    sudo apt update && sudo apt upgrade -y

Installing and Configuring Ansible

  1. Install Ansible:
    1

    sudo apt install ansible -y
  2. Configure SSH for Ansible:
    1

    ssh-keygen -t ed25519 -C "ansible@controller"

    Accept default paths and optionally set a passphrase.

  3. Install additional required packages:
    1
2

    sudo apt install python3-pip -y
pip3 install proxmoxer

Preparing VMs and CTs for Ansible

  1. Copy SSH Key to Managed Nodes: For each VM/CT you want to manage:
    1

    ssh-copy-id your_username@vm-ip-address

    Replace your_username and vm-ip-address with appropriate values.

  2. Configure Sudo Access (if needed): On each managed node, ensure the user has sudo privileges without a password prompt:
    1

    echo "your_username ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/your_username

Configuring Ansible for Updates

  1. Create Ansible Inventory:
    1

    sudo nano /etc/ansible/hosts

    Add your VMs/CTs:

    1
2
3
4

    [proxmox_nodes]
192.168.1.101 ansible_user=your_username
192.168.1.102 ansible_user=your_username
192.168.1.103 ansible_user=your_username
  2. Create Update Playbook:
    1

    nano ~/update_nodes.yml

    Add the following content for upgrading debian-based systems for example:

    1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

    ---
- hosts: proxmox_nodes
  become: yes
  tasks:
    - name: Update apt cache
      apt:
        update_cache: yes
       
    - name: Upgrade all packages
      apt:
        upgrade: dist
       
    - name: Check if reboot is required
      register: reboot_required_file
      stat: path=/var/run/reboot-required get_md5=no
       
    - name: Reboot the server if required
      reboot:
        msg: "Reboot initiated by Ansible due to kernel updates"
        connect_timeout: 5
        reboot_timeout: 300
        pre_reboot_delay: 0
        post_reboot_delay: 30
        test_command: uptime
      when: reboot_required_file.stat.exists
  3. Test the Playbook:
    1

    ansible-playbook ~/update_nodes.yml

Automation with Cron

  1. Open Crontab:
    1

    sudo crontab -e
  2. Add Cron Job: Add this line to run the playbook daily at 3 AM:
    1

    0 3 * * * /usr/bin/ansible-playbook /root/update_nodes.yml >> /var/log/ansible-updates.log 2>&1

Best Practices and Security Considerations

  • Use Ansible Vault for sensitive information
  • Implement Role-Based Access Control in Ansible
  • Regularly update the Ansible controller itself
  • Use version control (e.g., Git) for your Ansible playbooks
  • Test updates on non-production environments first
  • Create snapshots of VMs before applying updates

Monitoring and Maintenance

  • Log Rotation: Set up log rotation for Ansible logs
  • Alerting: Configure alerts for failed playbook executions
  • Regular Audits: Periodically review and update your playbooks and inventory

Troubleshooting

  • Check Connectivity: Ensure SSH access to all nodes
  • Verify Sudo Privileges: Confirm correct sudo configuration on managed nodes
  • Examine Logs: Review Ansible logs for detailed error messages
  • Use Ansible’s Verbose Mode: Run playbooks with -v for more information

Conclusion

By implementing this automated update system using Ansible on Proxmox, you can significantly reduce the time and effort required for system maintenance while improving the overall security and stability of your infrastructure. Remember to regularly review and adapt your playbooks to meet the changing needs of your environment.

Proxmox, Virtualization, Automation
Proxmox Virtual Machines Update Upgrade Automation Ansible Playbook
This post is licensed under CC BY 4.0 by the author.

Comments powered by Disqus.