Use Ansible AWX to Automate Linux Updates and Patches

Let’s face it, keeping your VMs and environments updated is a necessary evil that we all realize we need to do for security, stability, and enhancements. Especially from a security perspective, updates are essential. We often hear focus on Windows systems and keeping them updated. However, this is equally important for Linux-based systems also. Automation is key when it comes to keeping systems updated. In this post, let’s take a look at how to use Ansible AWX to automate Linux Updates and patches and see how this can be easily accomplished.

Background to Using Ansible AWX

I am a big fan of Ansible and using it in the home lab quite often to keep configuring drift in check as well as provisioning and performing other mundane tasks that are labor intensive to accomplish manually. After having played around with Ansible Tower in the lab some time ago in the “10 node trim”, I decided to get Ansible AWX up and running to have a totally free version of the Ansible Tower commercial variant to play around with and not be bound by the 10 node limit for free.

In case you are not aware, Ansible AWX is the open source project that Ansible Tower was born from. They look basically identical when comparing the interfaces. After spinning up Ansible AWX, I had a task in mind that I wanted to knock out quickly. After having amassed a large quantity of Ubuntu Linux servers in the home lab, I was in need of getting those updated and keeping them updated on a schedule. This is a perfect first task to get scheduled in the Ansible AWX install.

This is not a “how to install Ansible AWX” post as there are plenty of those already on the net. However, I found a really good post here describing how to get Ansible AWX up and running with NGINX acting as a reverse proxy.

In this post, we will pick up after the point of getting Ansible AWX and see how we can create a simple Inventory, group, and task to automate updating a group of Linux servers.

Use Ansible AWX to Automate Linux Updates and Patches

Ok, so let’s get down to the few simple configuration pieces in Ansible AWX to Automate Linux updates and patches. First, below is a capture of the Ansible AWX interface dashboard. As you can see it is much more pleasing to look at than the Ansible command line. It looks basically just like Ansible Tower, which isn’t surprising.

Ansible AWX automation dashboard

The first few steps is simply getting the “pieces” in place that will be required when creating a new Job template in Ansible AWX. First things first, let’s create a new organization. What is an organization in Ansible Tower/AWX?

It is a logical collection of UsersTeamsProjects, and Inventories, and is the highest level in the Tower object hierarchy as shown in the diagram.

Ansible Tower and AWX Organization (Image courtesy of Red Hat Ansible)

Navigate to the Organizations node under Access and click the green plus sign to create a new organization.

Setting up a new Ansible AWX organization

To connect to our Linux servers and run our job template, you will need to have credentials for doing so. Credentials are also utilized by Tower/AWX for authentication when launching jobs against machines, synchronizing with inventory sources, and importing project content from a version control system. Click the Credentials node underneath the Resources node and then click the green plus sign to add a new credential to Ansible AWX. As you can see, I have added a new machine credential for root.

Adding credentials to Ansible AWX for running job templates

Next, we create a Project. What is a project in Tower/AWX? A Project is a logical collection of Ansible playbooks, represented in Tower. Click the Project node underneath Resources. Also, note how AWX gives you the Project Base Path. You need to make sure you have a folder underneath the base path to match your project name as this doesn’t get created automatically.

Creating a new Ansible AWX project

I navigated to this folder on my Ansible AWX server and created the folder for the project.

Creating a new named projects folder in Ansible AWX for YAML files

Underneath the CloudUpdates folder, I created a new YAML file called CloudUpdates.yml that contained the following:

- name: Upgrade all packages to the latest version
  hosts: all
  - name: Upgrade all packages to the latest version
      update_cache: yes
      upgrade: yes

Now, moving on to the Inventories. An inventory is a collection of hosts against which jobs may be launched. Inventories are divided into groups and these groups contain the actual hosts. Groups may be sourced manually, by entering host names into Tower/AWX, or from one of Ansible Tower’s supported cloud providers. Note in the YAML field, I have provided the connection information for how Ansible will connect to the hosts.

Creating inventories in Ansible AWX for server connections and hosts

As mentioned, we need to create groups as part of the inventory configuration. These are what actually contain the hosts we want to interact with. Click the Groups button and the green plus sign to add a new group.

Creating a new inventory group in Ansible AWX

Adding the new group in the Ansible AWX inventory.

Naming the new Ansible AWX inventory group

Now, underneath the group, click the Hosts button and using the green plus sign, add the hosts you want to connect to. In my case, since I want to Use Ansible AWX to Automate Linux Updates and Patches, I am adding the Linux hosts here.

Adding hosts to the new Ansible AWX inventory group

Creating the Ansible AWX Job Template to Update and Patch Linux Servers

Once all of the above is completed, we have the minimum in place to actually create a new job template and begin interacting with our servers.

A job template is a definition and set of parameters for running an Ansible job. Job templates are useful to execute the same job many times. While the REST API allows executing jobs directly, Tower requires first creating a job template.

I have highlighted the required fields on the job template screen. After you choose the Project, you should have the Playbook available which is the YAML file underneath your project folder you created.

Creating a new job run with Ansible AWX

After saving out the new job to update and patch Linux servers with Ansible, we are ready to run the job. For the purposes of this post, we are simply running the job ad-hoc, manually. However, you can also schedule them as you would most likely want to do.

Running the newly created Ansible AWX job template to Update Linux servers

Below, you see the output of running the job along with the status bar above the output screen. The output is normal Ansible output as you would see if running this from the command line.

The Ansible AWX job monitor window displays the normal Ansible output for running the playbook

Wrapping Up

The ability to Use Ansible AWX to Automate Linux Updates and Patches is an easy demonstration of the power of automation. By creating a simple script and using Ansible, you can keep your Linux servers patched on a schedule without the administrative burden of doing this manually. More Ansible AWX topics to come.

Download Ansible AWX:

Subscribe to VirtualizationHowto via Email 🔔

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at and has over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, Brandon has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family.

Related Articles

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.