Ansible – massively fix bash shellshock


Since the recently discovered bash vulnerabilty is forcing many IT specialist to run massive update to their systems, here you can find a simple ansible script to immediately update all your servers at once, would they be APT or YUM based.

- hosts: "{{deploy_host}}"
  remote_user: ansible_user
  sudo: yes
      - bash
      - bash
  - name : Check Family
    debug: msg="Familiy {{ ansible_os_family }} "

  - name : install packages - Debian way
    apt: pkg={{item}} state=latest install_recommends=no
    with_items: pkg_list_deb
    when: ansible_os_family == "Debian"

  - name : install packages - RedHat way
    yum: name={{item}} state=latest
    with_items: pkg_list_rpm
    when: ansible_os_family == "RedHat"
Just run it against an inventory file with all your server and have a coffee 😉


Inserisci i tuoi dati qui sotto o clicca su un'icona per effettuare l'accesso:

Logo di

Stai commentando usando il tuo account Chiudi sessione /  Modifica )

Foto Twitter

Stai commentando usando il tuo account Twitter. Chiudi sessione /  Modifica )

Foto di Facebook

Stai commentando usando il tuo account Facebook. Chiudi sessione /  Modifica )

Connessione a %s...