How do you manage package updates with Ansible?

agregoire asked:

I’d like to use Ansible to roll out package updates to my machines. But I’d like to test those updates on a local vm first. How is this usually achieved in the real world ?

  • Do I “lock” every important package in my Ansible configuration to a specific version and then test every update ?
  • Do I periodically get a list of upgradable packages and update them all at the same time on my vms, then on my servers ? I’d probably have some trouble keeping my servers and vms synchronized.

Is there a best practice for managing updates ?

My answer:


Ansible wasn’t really meant to solve this sort of problem. It can do so, but it would be cumbersome at best.

Something like Katello (the open source on which Red Hat Satellite 6 is based) can handle this sort of thing well. It maintains packages at the exact versions you’ve tested and allows you to promote them from development to staging to production, or define whatever workflow makes sense for you. Not to mention handles bare metal provisioning and many other things. Its only drawback in this scenario is it’s well integrated with Puppet, so using it with Ansible may be a bit less automated in places than it otherwise could be.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.