ansible

glibc version check with ansible

Considering the recent glibc vulnerability, getting details regarding glibc versions can be a bit difficult when you are managing large server clusters with multiple OS versions. Configuration management tools like ansible becomes a real boon in here.

For anyone who is not familiar with ansible, take a looks at the ansible intro page for details regarding ansible installation.

An ansible playbook file to get the required information into a csv file is as follows. It is in no way perfect and is a bit longer with repetitions, but it does get the job done. We can easily extend it to include a comparison of existing glibc version and the available update to print the status(i.e. whether the installed glibc version is vulnerable or not). I will update the blog post and the playbook file if I get more time to update the playbook file.

---
- hosts: all
remote_user: '{{ user_name }}'
become: yes
environment:
PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
vars_prompt:
- name: user_name
prompt: "Enter ssh username"
private: no
tasks:
- name: Get hostname
shell: hostname
register: host_name
- name: Check glibc version for Debian based servers
shell: dpkg -s libc-bin | awk '/Version/ {print $2}'
register: version_deb
when: ansible_os_family == "Debian"
- name: Check glibc version for RedHat based servers
shell: rpm -qa glibc
register: version_rpm
when: ansible_os_family == "RedHat"
- name: Create base file
local_action: shell echo 'hostname;server_ip;glibc version' | tee glibc_version.csv
become: no
- name: Write output to file
local_action: shell echo '{{ host_name.stdout }};{{ inventory_hostname }};{{ version_deb.stdout }}' | tee -a glibc_version.csv
become: no
when: ansible_os_family == "Debian"
- name: Write output to file
local_action: shell echo '{{ host_name.stdout }};{{ inventory_hostname }};{{ version_rpm.stdout }}' | tee -a glibc_version.csv
become: no
when: ansible_os_family == "RedHat"

Pr-requisites for playbook execution:
Save the above code as check-glibc.yml, also get a list of IP addresses of all servers you wish to check into a file(we’ll name it hosts) in the below format(replace IP1, IP2 etc.. with IP addresses)

[servers]
IP1
IP2

Playbook execution:
ansible-playbook check-glibc.yml -i hosts

Execution of the playbook will prompt for ssh username and will write the glibc version details along with the hostname and IP address of the server to a csv file(glibc_version.csv)

Urolime Technologies has made groundbreaking accomplishments in the field of Google Cloud & Kubernetes Consulting, DevOps Services, 24/7 Managed Services & Support, Dedicated IT Team, Managed AWS Consulting and Azure Cloud Consulting. We believe our customers are Smart to choose their IT Partner, and we “Do IT Smart”.
Posts created 468

Related Posts

Begin typing your search term above and press enter to search. Press ESC to cancel.

Enjoy this blog? Please spread the word :)

Follow by Email
Twitter
Visit Us
Follow Me
LinkedIn
Share
Instagram