Use unattended-upgrades for Debian-Security
This commit is contained in:
parent
57d997536a
commit
d59cb41d5e
4 changed files with 50 additions and 0 deletions
21
roles/baseconfig/tasks/apt-unattended.yml
Normal file
21
roles/baseconfig/tasks/apt-unattended.yml
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
---
|
||||||
|
- name: Install unattended-upgrades
|
||||||
|
when: ansible_os_family == "Debian"
|
||||||
|
apt:
|
||||||
|
name: unattended-upgrades
|
||||||
|
state: present
|
||||||
|
update_cache: true
|
||||||
|
register: apt_result
|
||||||
|
retries: 3
|
||||||
|
until: apt_result is succeeded
|
||||||
|
|
||||||
|
- name: Configure unattended-upgrades
|
||||||
|
template:
|
||||||
|
src: "apt/{{ item }}.j2"
|
||||||
|
dest: "/etc/apt/apt.conf.d/{{ item }}"
|
||||||
|
owner: root
|
||||||
|
mode: u=rw,g=r,o=r
|
||||||
|
loop:
|
||||||
|
- 50unattended-upgrades
|
||||||
|
- 20auto-upgrades
|
||||||
|
...
|
|
@ -74,6 +74,9 @@
|
||||||
# APT-List Changes : send email with changelog
|
# APT-List Changes : send email with changelog
|
||||||
- include_tasks: apt-listchanges.yml
|
- include_tasks: apt-listchanges.yml
|
||||||
|
|
||||||
|
# APT Unattended upgrades
|
||||||
|
- include_tasks: apt-unattended.yml
|
||||||
|
|
||||||
# User skeleton
|
# User skeleton
|
||||||
- name: Configure user skeleton
|
- name: Configure user skeleton
|
||||||
copy:
|
copy:
|
||||||
|
|
4
roles/baseconfig/templates/apt/20auto-upgrades.j2
Normal file
4
roles/baseconfig/templates/apt/20auto-upgrades.j2
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
// {{ ansible_managed }}
|
||||||
|
|
||||||
|
APT::Periodic::Update-Package-Lists "1";
|
||||||
|
APT::Periodic::Unattended-Upgrade "1";
|
22
roles/baseconfig/templates/apt/50unattended-upgrades.j2
Normal file
22
roles/baseconfig/templates/apt/50unattended-upgrades.j2
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
// {{ ansible_managed }}
|
||||||
|
|
||||||
|
Unattended-Upgrade::Origins-Pattern {
|
||||||
|
"origin=Debian,codename=${distro_codename},label=Debian-Security";
|
||||||
|
};
|
||||||
|
|
||||||
|
Unattended-Upgrade::Package-Blacklist {};
|
||||||
|
|
||||||
|
Unattended-Upgrade::MinimalSteps "true";
|
||||||
|
Unattended-Upgrade::InstallOnShutdown "false";
|
||||||
|
|
||||||
|
Unattended-Upgrade::Mail "{{ monitoring_mail }}";
|
||||||
|
// Unattended-Upgrade::MailOnlyOnError "false";
|
||||||
|
|
||||||
|
Unattended-Upgrade::Remove-Unused-Kernel-Packages "false";
|
||||||
|
Unattended-Upgrade::Remove-New-Unused-Dependencies "false";
|
||||||
|
Unattended-Upgrade::Remove-Unused-Dependencies "false";
|
||||||
|
|
||||||
|
Unattended-Upgrade::Automatic-Reboot "false";
|
||||||
|
|
||||||
|
Unattended-Upgrade::SyslogEnable "true";
|
||||||
|
Unattended-Upgrade::SyslogFacility "daemon";
|
Loading…
Reference in a new issue