Security Patching with Ansible

This project successfully transformed a failing patching system into a scalable, secure and efficient automated solution using Oracle Linux Automation Manager. By addressing legacy issues and adopting modern DevOps practices, the team significantly improved patching success, reduced operational risk and laid a solid foundation for ongoing system maintenance and growth.

LedgerIQ

Problem

Statement

The existing patching process, managed through AWX Tower, had become outdated and highly unreliable, with a patching success rate below 30%. Several technical and operational challenges were identified:

  • PlannerSync PDH Use of outdated hostnames and vCenter URLs.
  • PlannerSync PDH Compatibility issues due to the shift from Python 2 to Python 3.
  • PlannerSync PDH Hardcoded credentials and values in Ansible playbooks.
  • PlannerSync PDH No snapshot safeguards for rollback in case of patching failures.
  • PlannerSync PDH Limited support for different operating systems, including Oracle Enterprise Linux (OEL) and SUSE Linux.

These issues made it difficult to maintain consistency, ensure security and support patching at scale.

LedgerIQ

Solution

Proposed

To address these challenges, a complete migration and modernization effort was undertaken:

  • Java Revamp Migrated from AWX Tower to Oracle Linux Automation Manager (OLAM), aligning with updated data centers and vCenter endpoints.
  • Java Revamp Refactored Ansible playbooks to be modular, secure and future-proof.
  • Java Revamp Enabled dynamic inventory sourcing by fixing Python scripts and replacing hardcoded values.
  • Java Revamp Resolved Python versioning issues using Execution Environments.
LedgerIQ
  • Java Revamp Implemented vSphere snapshot creation before patching, enabling rollback if needed.
  • Java Revamp Extended compatibility to support both OEL and SUSE Linux systems.
  • Java Revamp Improved security by removing secrets from Git commit history using git-repo-filter.
  • Java Revamp Developed supporting Python scripts to parse job logs and monitor weekly patching activity.
  • Java Revamp Created scheduled jobs and pre-check scripts, including Wednesday health checks that assess space issues, repository subscriptions and vSphere hostname availability.
  • Java Revamp Documented the entire solution to support handover and future maintenance.

Business

Values

01

Automated patching across 700+ machines, ensuring reliability and consistency.

02

Achieved a 90% success rate in the first month, far exceeding the initial 6-month improvement target.

03

Built a robust and maintainable patching system using modern automation best practices.

04

Improved operational efficiency, audit readiness and team handover with proper documentation.