Este manual pode ser usado para atualizar o Debian Wheezy para a versão mais recente do openssl que corrigiu a vulnerabilidade heartbleed.
Como está, isso deve funcionar com ansible 1.5.x. As tarefas comentadas assumem a ansible 1.6 para o uso do módulo debconf.
ansible-playbook -i inventário openssl.yml -k -K
openssl.yml:
---
- hosts: all
user: ansible_user
sudo: yes
sudo_user: root
tasks:
- name: OpenSSL | Get current version
shell: 'dpkg-query -W openssl'
register: openssl_version
- name: OpenSSL | Get current version
shell: 'dpkg-query -W libssl1.0.0'
register: libssl_version
- name: OpenSSL | Confirm new version
debug: msg="OpenSSL version installed is {{openssl_version.stdout}}, libssl version installed is {{libssl_version.stdout}}"
- name: OpenSSL | Apt | Install debconf-utils
apt: pkg='debconf-utils' state='latest'
- name: OpenSSL | Apt | Prevent restart services dialog
# debconf: name='libssl1.0.0' question='libssl1.0.0/restart-services' vtype='string' value='ntp'
shell: 'debconf-set-selections <<< "libssl1.0.0 libssl1.0.0/restart-services string ntp"'
- name: OpenSSL | Apt | Prevent restart services dialog
# debconf: name='libssl1.0.0:amd64' question='libssl1.0.0/restart-services' vtype='string' value='ntp'
shell: 'debconf-set-selections <<< "libssl1.0.0:amd64 libssl1.0.0/restart-services string ntp"'
- name: OpenSSL | Apt | Upgrade Openssl
apt: pkg='{{item}}' state='latest' update_cache='yes' install_recommends='yes' force='yes'
with_items:
- 'openssl'
- 'libssl1.0.0'
- name: OpenSSL | Get new version
shell: 'dpkg-query -W openssl'
register: openssl_version
- name: OpenSSL | Get new version
shell: 'dpkg-query -W libssl1.0.0'
register: libssl_version
- name: OpenSSL | Confirm new version
debug: msg="OpenSSL version installed is {{openssl_version.stdout}}, libssl version installed is {{libssl_version.stdout}}"