Got Badlock? Ansible Can Help

Badlock might not be bad for all. If you are using Ansible you can patch your systems with a single playbook (or ad hoc command).

Subscribe to DevOps'ish!

DevOps, Cloud Native, Open Source, industry news, and the ‘ish between assembled by open source professional, DevOps leader, and Cloud Native Computing Foundation (CNCF) Ambassador Chris Short.

For RPM based OS users Badlock (samba) patching is as easy as: ansible -m shell -a "yum update *samba*" all

Or you can be very granular and use an Ansible Playbook to audit and patch samba packages:

---
- hosts: all
  tasks:
    - name: Check if samba packages are installed
      shell: "yum list installed *samba* | awk '!/^Loaded|^Installed/' | cut -d ' ' -f 1"
      register: yum_samba
    - name: Update samba if installed
      yum: name={{ item }} state=latest
      when: yum_samba.stdout != ""
      with_items: '{{yum_samba.stdout_lines}}'

A similar Ansible Playbook for a Debian based system would look something like this:

---
- hosts: all
  tasks:
    - name: Check if samba packages are installed
      shell: "dpkg --get-selections | grep samba | cut -f 1"
      register: dpkg_samba
    - name: Update samba if installed
      apt: name={{ item }} state=latest
      when: dpkg_samba.stdout != ""
      with_items: '{{dpkg_samba.stdout_lines}}'

Your bad nightmares about Badlock will be a not so bad memory in no time.


See also