A note on ansible. Server reboot

Faced with the task: a completely empty server, set up completely via ansible, “so that even a monkey would“ manage ”, - a literal quote from a client.
Initial data: there is a server, with OS SentOS 7, external IP and password root.
Task: install all updates on it, software on the list and never connect to it with the console. It makes no sense to describe the whole process, but there are two interesting points about which I will tell. Namely, how to use ansible to configure ansible and how to restart the server, and then continue to run the palybook.


')
From the source data it is clear that the server has only root. Most of the notes on the ansible start with the fact that you need to generate a key, then add it to the trusted on the slave machines, set permissions in sudoers, and so on. And if we do not want to do it every time? You can make a template where it’s already done. And if this is a physical server and the OS puts a hoster on it? And here we come to the aid of the magic key: --ask-pass. This key allows using authorization not by key, but by password. Well, then the matter of technology - we prescribe through the task all that we need.

So, the server is prepared to work with ansible, now we need to put updates on it, and there may be a kernel among them. And then we need a reboot. If you just restart it, then ansible, will give an error. 5 minutes of communication gave me a working version. I was delighted, I brewed myself a cup of aromatic coffee and got ready to enjoy the way everything is set up. Not here it was! It turned out that in CentOS 7 reboot is performed using the as soon as posible technology and, as a result, the ansible does not have time to process the result and crashes with an error. Quickly enough, an obvious solution was found to do shutdown -r 1, which makes a one-minute delay. Yes, it works and is fine if you need to deploy 1-2 hosts, but if there are 100, then the delay will be 100 minutes + reboot time. And this ... a lot of time.

By trial and error, the following option was found:

name: Reboot
shell: nohup bash -c "sleep 2s && reboot" &
when: kernel_update.changed
async: 0
poll: 0
ignore_errors: true
register: reboot



- name: wait for the server to restart
local_action: wait_for host = {{inventory_hostname}}
port = 22
delay = 10
timeout = 300
state = started
sudo: false
when: reboot.changed

The result of the execution is to restart the server and wait until it becomes available after it.
Thanks for attention!

Author: Magvai69 System Administrator