glibc version check with ansible

Considering the recent glibc vulnerability, getting details regarding glibc versions can be a bit difficult when you are managing large server clusters with multiple OS versions. Configuration management tools like ansible becomes a real boon in here.

For anyone who is not familiar with ansible, take a looks at the ansible intro page for details regarding ansible installation.

An ansible playbook file to get the required information into a csv file is as follows. It is in no way perfect and is a bit longer with repetitions, but it does get the job done. We can easily extend it to include a comparison of existing glibc version and the available update to print the status(i.e. whether the installed glibc version is vulnerable or not). I will update the blog post and the playbook file if I get more time to update the playbook file.

---
- hosts: all
  remote_user: '{{ user_name }}'
  become: yes
  environment:
    PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
  vars_prompt:
  - name: user_name
    prompt: "Enter ssh username"
    private: no
  tasks:
  - name: Get hostname
    shell: hostname
    register: host_name
  - name: Check glibc version for Debian based servers
    shell: dpkg -s libc-bin | awk '/Version/ {print $2}'
    register: version_deb    
    when: ansible_os_family == "Debian"
  - name: Check glibc version for RedHat based servers
    shell: rpm -qa glibc
    register: version_rpm
    when: ansible_os_family == "RedHat"
  - name: Create base file
    local_action: shell echo 'hostname;server_ip;glibc version' | tee glibc_version.csv
    become: no
  - name: Write output to file
    local_action: shell echo '{{ host_name.stdout }};{{ inventory_hostname }};{{ version_deb.stdout }}' | tee -a glibc_version.csv
    become: no
    when: ansible_os_family == "Debian"
  - name: Write output to file
    local_action: shell echo '{{ host_name.stdout }};{{ inventory_hostname }};{{ version_rpm.stdout }}' | tee -a glibc_version.csv
    become: no
    when: ansible_os_family == "RedHat"

Pr-requisites for playbook execution:
Save the above code as check-glibc.yml, also get a list of IP addresses of all servers you wish to check into a file(we’ll name it hosts) in the below format(replace IP1, IP2 etc.. with IP addresses)

[servers]
IP1
IP2

Playbook execution:
ansible-playbook check-glibc.yml -i hosts

Execution of the playbook will prompt for ssh username and will write the glibc version details along with the hostname and IP address of the server to a csv file(glibc_version.csv)

Please follow and like us:
Urolime Technologies has made groundbreaking accomplishments in the field of Google Cloud & Kubernetes Consulting, DevOps Services, 24/7 Managed Services & Support, Dedicated IT Team, Managed AWS Consulting and Azure Cloud Consulting. We believe our customers are Smart to choose their IT Partner, and we “Do IT Smart”.
Posts created 164

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Begin typing your search term above and press enter to search. Press ESC to cancel.

Enjoy this blog? Please spread the word :)