Ansible-Tower-Transform Production Patching

There are two common approaches to handling system and application patch management. The first is the traditional patching process by removing a server from service one-by-one, applying patches and then returning them into service. The second is the modern approach of deploying a whole new system from your continuous integration and provisioning tools with the patch applied and a subsequent redeploy of your application. All of this is transparent to users when done behind load balancers for example.

Immutable Server Architecture

Having an immutable server architecture means that we have the ability to create, destroy, and replace servers at any time as the build and deployment process is completely automated. By doing so, we can remove user access to our systems and have it unaltered by anyone who might otherwise make undocumented modifications. As an example, let’s say that part of your server maintenance window includes updating and patching servers. Instead of updating a running server, we should be able to spin up an exact server replica that contains the upgrades and security patches we want to apply. These patches are tested through test automation and we can then replace and destroy the current running server.

There are environments however that aren’t yet running immutable infrastructure for reasons which are beyond the scope of this post. Patching of these environments has traditionally been a complex, time-consuming and costly process.


Ansible Tower can be used to initiate this traditional system patching. This provides many benefits including having a common, centralised control platform, centralised history, an audit trail of activities completed and the outcome/results. Doing this by leveraging Ansible Tower provides control and governance over the end-to-end process.

Our Experience

Avocado has delivered a proof-of-concept for one of Australia’s financial services organisations. The company’s main problem was the time consuming, manual and multi-step patching process for the systems.

Our specialists advised removing application servers from production by stopping the application and withdrawing them from the load balancers, carrying out automated patching,  testing and then adding them back into services. The solution significantly reduced time and ultimately cost of the overall process.

Discover how you can accelerate your current usage of Ansible. Contact Avocado on and book a 1 FREE consultation.