infra/ansible-role-update
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixed unattended upgrades and configure time for updates/upgrades

Browse source 
Previously only unattended updates (i.e. apt update) was working. Unattended
upgrades (i.e. apt upgrade) are disabled by default and needed to be enabled
with a config file.
This commit is contained in:
Julian 2022-01-07 17:17:56 +01:00
parent d5a9e6bd05
commit 075823ffb5
No known key found for this signature in database
GPG key ID: 2F811E2338EE029B
5 changed files with 64 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
defaults/main.yml
View file

@ -1,2 +1,4 @@
update: update:
unattended: no unattended: no
apt_daily_time: "*-*-* {{ 24|random(seed=(inventory_hostname + 'apt_daily_h')) }}:{{ 60|random(seed=(inventory_hostname + 'apt_daily_m')) }}"
apt_daily_upgrade_time: "*-*-* 6:{{ 60|random(seed=(inventory_hostname + 'apt_daily_upgrade_time')) }}"

11
handlers/main.yml Normal file
View file

@ -0,0 +1,11 @@
- name: restart apt-daily.timer
ansible.builtin.systemd:
name: apt-daily.timer
daemon_reload: yes
state: restarted
- name: restart apt-daily-upgrade.timer
ansible.builtin.systemd:
name: apt-daily-upgrade.timer
daemon_reload: yes
state: restarted

36
tasks/main.yml
View file

@ -9,20 +9,52 @@
tags: tags:
- update - update
- name: install unattended-upgrades - name: install unattended upgrades
apt: apt:
name: unattended-upgrades name: unattended-upgrades
purge: yes purge: yes
state: "{% if update.unattended %}present{% else %}absent{% endif %}" state: "{% if update.unattended %}present{% else %}absent{% endif %}"
- name: configure unattended-upgrades - name: configure unattended upgrades
when: update.unattended
ansible.builtin.copy: ansible.builtin.copy:
src: "50unattended-upgrades" src: "50unattended-upgrades"
dest: "/etc/apt/apt.conf.d/50unattended-upgrades" dest: "/etc/apt/apt.conf.d/50unattended-upgrades"
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
- name: overwrite apt-daily.timer
when: update.unattended when: update.unattended
ansible.builtin.template:
src: "apt-daily.timer.j2"
dest: "/etc/systemd/system/apt-daily.timer"
owner: root
group: root
mode: 0644
notify:
- restart apt-daily.timer
- name: overwrite apt-daily-upgrade.timer
when: update.unattended
ansible.builtin.template:
src: "apt-daily-upgrade.timer.j2"
dest: "/etc/systemd/system/apt-daily-upgrade.timer"
owner: root
group: root
mode: 0644
notify:
- restart apt-daily-upgrade.timer
- name: enable auto upgrades
when: update.unattended
ansible.builtin.copy:
src: "/usr/share/unattended-upgrades/20auto-upgrades"
dest: "/etc/apt/apt.conf.d/20auto-upgrades"
owner: root
group: root
mode: 0644
remote_src: yes
- name: clean - name: clean
command: apt-get clean command: apt-get clean

9
templates/apt-daily-upgrade.timer.j2 Normal file
View file

@ -0,0 +1,9 @@
[Unit]
Description=Daily apt upgrade and clean activities
After=apt-daily.timer
[Timer]
OnCalendar={{ update.apt_daily_upgrade_time }}
[Install]
WantedBy=timers.target

8
templates/apt-daily.timer.j2 Normal file
View file

@ -0,0 +1,8 @@
[Unit]
Description=Daily apt download activities
[Timer]
OnCalendar={{ update.apt_daily_time }}
[Install]
WantedBy=timers.target