Update Patch Using Ansible on GCP


This is a small article to briefly introduce a configuration management tool called Ansible. According to the ansible official web site, “Ansible is the simplest way to automate apps and IT infrastructure. Application Deployment + Configuration Management + Continuous Delivery”. If someone sees my previous articles, you may know Terraform can automate the infrastructure as well. The difference between them is that Terraform is for infrastructure deployment while Ansible is for configuration management. In other words, Ansible can help us do small adjustments after we deploy the infrastructure. As captioned, patch management is one of the use case in Ansible.

Why use Ansible?

There are few reasons we use Ansible:

  1. Ansible does not require any agent, we just need to install ansible in our master node.
  2. We can use Ansible on Cloud or non-Cloud.
  3. Ansible is not only for host, but also for network equipment. In this link, we can see it supports Cisco IOS as well.
  4. Ansible supports Windows as well.


This image has an empty alt attribute; its file name is image-17.png


Image for post
Image for post

In console, we choose Cloud Shell and then click the editor mode such that we could easily review our code.

Image for post

The we have to setup our environment e.g. define project, zone and region:

gcloud config set project <you-project-id>
gcloud config set compute/zone us-west1-a
gcloud config set compute/region us-west1

Please download my prepared file from github or

git clone https://github.com/manbobo2002/ansible-system-update.git
cd ~/ansible-system-update

Also, we need to install Ansible:

sudo apt-get install ansible

Be friendly reminded that we can do this demonstration apart from CloudShell. That means we can do this locally, use our local machine to control GCP instances.

Folder Structure

There are 3 main files in this demonstration: ansible.cfg, hosts, main.yml.

As we can see, ansible.cfg is a configuration file which describes the basic setting of ansible.

Also, hosts store all the host ip or host name you want to manage. We can classify the hosts with different group.

Finally, we have a playbook called main.yml which describes the task details. For this demonstration, we create some patch update tasks.

Create SSH Access

If you have your own public key, feel free to use it. Otherwise, please follow me.

We generate our public/private key pair by typing:


By default, the public key will be stored on /home/[username]/.ssh/id_rsa.pub

We can see the public key by typing:

cat /home/[username]/.ssh/id_rsa.pub

In Compute Engine, we go to Metadata=>SSK Keys and paste the public key in it. In this way, we are now able to access our instances using SSH.

Update Patch to Instance Using Ansible

First of all, please make sure you have at least one instance, otherwise please create an instance. Copy the External IP.

This image has an empty alt attribute; its file name is image-7.png

Back to CloudShell, add this ip to the group you like.

In main.yml, edit the hosts to fit your group. If you want to apply to all, please use “all” instead of the group name.

To test the SSH key works, we can simply “ssh [username]@[hostip]” to our host. Press “exit” if we connect successfully.

Finally, we are able to run the play book by typing:

ansible-playbook main.yml

Leave a Reply