Fixing Heartbleed with Ansible

April 9, 2014 by Michael DeHaan


It's cute when bugs get their own anthropomorphized home pages, though Heartbleed wasn't even close to cute - it was one of the absolutely worst OpenSSL vulnerabilities in a long time.   We won't be clicking it's Facetube 'like' button anytime soon.   If you haven't read about it, read about it now: you most likely have servers to patch.

Now, everything can have security vulnerabilities -- this isn't a blog about about SSH not using the SSL heartbeat and Ansible still being safe here.  This is the story of how useful a one-off playbook can be for patching.

As soon as the bugfixes were available, tons of people all over Twitter were sharing how they fixed things with Ansible - all derived super-independently and in short order. This was very cool to see.


Check out this one-off playbook for Debian and Ubuntu systems or this alternative.    

If you're running another OS, the idea is the same - it's easy to make playbooks to solve specific tasks, really really quickly - and you don't have to install any agents on the systems you are upgrading in order to manage those systems - which means Ansible is a great tool for getting things done ASAP.

Ansible Playbooks aren't just a complete model of your system infrastructure: they can be used for almost any description of an IT process, with checks and conditional logic included.

All of this aside, you need to make sure your OpenSSL systems aren't vulnerable to Heartbleed now. Ansible isn't vulnerable itself, but can be a great tool for rolling out these kinds of security updates, restarting services, and so on.  Even if you aren't using it for end to end provisioning yet, it's something that should be in your arsenal.

Screen_Shot_2014-04-09_at_9.33.50_AM  Screen_Shot_2014-04-09_at_9.34.06_AM


Related News

Deploying Highly Available OpenShift Origin Clusters | Installing and Building Docker With Ansible | Listen To Your Servers Talk | Ansible Me A Sandwich | Orchestration, You Keep Using That Word



IT Automation


Michael DeHaan

Ansible project founder.

rss-icon  RSS Feed

AF 2022 - Blog static promo