Automating Linux VM Patching with a Bash Script

Keeping your Linux virtual machines (VMs) up-to-date with the latest patches is an important task to maintain their security and stability. In this post, we'll walk through a simple bash script that automates this process for a list of VMs.

The Script

The script reads a list of VMs from a text file and patches only the security packages on each VM using the yum update --security command. If the patching fails on a VM, the script moves on to the next VM in the list. Once patching is completed on all VMs, the script gets the kernel version of each VM using the uname -r command and stores the results in an array. The patching results are then written to a text file called "patch_results.txt" in the format "VM Name : Kernel Version".

#!/bin/bash

# Read the list of VMs from a text file
vmlist=$(cat vm_list.txt)

# Create an empty array to store the patching results
results=()

# Iterate through the list of VMs and patch only the security packages
for vm in $vmlist; do
    # Patch only the security packages
    ssh $vm "sudo yum update --security -y"
    if [ $? -ne 0 ]; then
        # If the patching fails, move on to the next VM
        continue
    fi
    # Get the kernel version of the VM
    kernel_version=$(ssh $vm "uname -r")
    # Store the result in the array
    results+=("$vm:$kernel_version")
done

# Write the patching results to a text file
echo "VM Name : Kernel Version" > patch_results.txt
for result in "${results[@]}"; do
    echo $result >> patch_results.txt
done

This script assumes that you have passwordless ssh setup between your machine and the remote machines.

Conclusion

By automating the patching process with a simple bash script, you can save time and ensure that your Linux VMs are always up-to-date with the latest security patches. This script can be easily customized to suit your needs and can be used as a starting point for more advanced automation tasks.