Got Badlock? Ansible Can Help

Badlock might not be bad for all. If you are using Ansible you can patch your systems with a single playbook (or ad hoc command).

DevOps'ish is on hiatus and is not taking new subscribers at this time. Stay tuned to Chris Short's web site for details on future projects and when DevOps'ish will relaunch.

Thank you to all subscribers for your years of support.

For RPM based OS users Badlock (samba) patching is as easy as: ansible -m shell -a "yum update *samba*" all

Or you can be very granular and use an Ansible Playbook to audit and patch samba packages:

---
- hosts: all
  tasks:
    - name: Check if samba packages are installed
      shell: "yum list installed *samba* | awk '!/^Loaded|^Installed/' | cut -d ' ' -f 1"
      register: yum_samba
    - name: Update samba if installed
      yum: name={{ item }} state=latest
      when: yum_samba.stdout != ""
      with_items: '{{yum_samba.stdout_lines}}'

A similar Ansible Playbook for a Debian based system would look something like this:

---
- hosts: all
  tasks:
    - name: Check if samba packages are installed
      shell: "dpkg --get-selections | grep samba | cut -f 1"
      register: dpkg_samba
    - name: Update samba if installed
      apt: name={{ item }} state=latest
      when: dpkg_samba.stdout != ""
      with_items: '{{dpkg_samba.stdout_lines}}'

Your bad nightmares about Badlock will be a not so bad memory in no time.


See also