common: integrate unattended upgrades

2024-11-20 18:15:36 +01:00 · 2024-11-20 18:15:36 +01:00 · 3fa13d41c2
commit 3fa13d41c2
parent 583f6d3e82
14 changed files with 18 additions and 29 deletions
--- a/host_vars/aeron.binary.kitchen
+++ b/host_vars/aeron.binary.kitchen
@ -6,4 +6,4 @@ slapd_hostname: ldap3.binary.kitchen
 slapd_replica_id: 3
 slapd_role: slave

-uau_reboot: "false"
+unattended_reboot: "false"
--- a/host_vars/bacon.binary.kitchen
+++ b/host_vars/bacon.binary.kitchen
@ -16,4 +16,4 @@ slapd_hostname: ldap1.binary.kitchen
 slapd_replica_id: 1
 slapd_role: slave

-uau_reboot: "false"
+unattended_reboot: "false"
--- a/host_vars/bowle.binary.kitchen
+++ b/host_vars/bowle.binary.kitchen
@ -5,4 +5,4 @@ nfs_exports:
 - /exports/backup/rz 172.23.9.61(rw,sync,no_subtree_check)
 - /exports/tank 172.23.0.0/22(rw,sync,no_subtree_check)

-uau_reboot: "false"
+unattended_reboot: "false"
--- a/host_vars/lasagne.binary.kitchen
+++ b/host_vars/lasagne.binary.kitchen
@ -8,4 +8,4 @@ root_keys_host:
 - "# Thomas Schmid"
 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0Wq37DP89UO6MiJvvRbsXEcEV9d5/JJb7K2R0WHsHa sct39667@m-mob-062"

-uau_reboot: "false"
+unattended_reboot: "false"
--- a/host_vars/pizza.binary.kitchen
+++ b/host_vars/pizza.binary.kitchen
@ -8,4 +8,4 @@ root_keys_host:
 - "# Thomas Schmid"
 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0Wq37DP89UO6MiJvvRbsXEcEV9d5/JJb7K2R0WHsHa sct39667@m-mob-062"

-uau_reboot: "false"
+unattended_reboot: "false"
--- a/host_vars/ruthenium.binary-kitchen.net
+++ b/host_vars/ruthenium.binary-kitchen.net
@ -4,4 +4,4 @@ root_keys_host:
 - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCtTJqeSsB+aRiQ2WeFLVA5dz5YfCuv2TZmsyFqZ8NefJH/ZP3+gud3DwBq4l9HbDJUbfvApLQ9qbwaX0VhBv67mM6f4sWNG8uUW+9MYd6ZTeP3KUwZIHM52nqMFe5XScADL4s8Jsnb08gVp9xdcdufsbiLNYfuNFk+wcwRYtD5eqXZi3oaqshlq61LfBeC958vzvceDrZ2obfCJJ2pvmhUyORvgb6jXfx3kZku5qgk6m9NfyY95UZvSweDZPiN5YqLYekz+jxrYDyeA0DPgwlTcyGn8JI9/HkAD/odTpTAH+T6sbf0OkUi7ufNElAXvxDOJZN8NhxPFfUAW9naTYwGoPd4OJw0AOVLzKcVIjEXKtrxeQ0NOZVoucLFgnXO4iDZGrVHohPVj1UbrVpF00lokBLz1Xh4egrNw0g2Gt28HmZ9lg5Ymv8jJWAy87r5wV0O6aIuseGkSr/V6+92AGK/Yy1tKhZujtv5+CvVVBrLvoOnJJh8vFoVuRM+ucLBhqpewDY2yHZHzQ3J5SZKJ30mBUSYAKHBqVI4VmC/n235VMumIEsqnZvzk96G5TXWyZb0qzkXcct1H8MyQgG0SR0G4Ylm5skCZppEE7udV/wb8lRZv+2YrqBueKZ+Wu6IT3HJbUkor7CcbORjhwL4ETziPm4g4BrTPGUTjyeZ4nSDPQ== exxess"
 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG6uNwYKF3rqleM/HP95M+rsm+gwKY8epdtW2OutneY9 ralf@pluto"

-uau_reboot: "false"
+unattended_reboot: "false"
--- a/host_vars/tschunk.binary.kitchen
+++ b/host_vars/tschunk.binary.kitchen
@ -4,4 +4,4 @@ root_keys_host:
 - "# Thomas Schmid"
 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0Wq37DP89UO6MiJvvRbsXEcEV9d5/JJb7K2R0WHsHa sct39667@m-mob-062"

-uau_reboot: "true"
+unattended_reboot: "true"
--- a/roles/common/defaults/main.yml
+++ b/roles/common/defaults/main.yml
@ -9,3 +9,5 @@ logrotate_excludes:

 sshd_password_authentication: "no"
 sshd_permit_root_login: "prohibit-password"
+
+unattended_reboot: "true"
--- a/roles/common/tasks/Debian.yml
+++ b/roles/common/tasks/Debian.yml
@ -4,6 +4,7 @@
  apt:
    name:
    - apt-transport-https
+    - debian-goodies
    - dnsutils
    - fdisk
    - gnupg2
@ -15,6 +16,7 @@
    - pydf
    - rsync
    - sudo
+    - unattended-upgrades
    - vim-nox
    - wget
    - zsh
@ -26,6 +28,12 @@
    - qemu-guest-agent
  when: ansible_virtualization_role == "guest" and ansible_virtualization_type == "kvm"

+- name: Configure unattended upgrades
+  template: src={{ item }}.j2 dest=/etc/apt/apt.conf.d/{{ item }}
+  with_items:
+  - 02periodic
+  - 50unattended-upgrades
+
 - name: Configure misc software
  copy: src={{ item.src }} dest={{ item.dest }}
  diff: no
--- a/roles/common/templates/02periodic.j2
+++ b/roles/common/templates/02periodic.j2
--- a/roles/common/templates/50unattended-upgrades.j2
+++ b/roles/common/templates/50unattended-upgrades.j2
@ -113,7 +113,7 @@ Unattended-Upgrade::Remove-Unused-Dependencies "true";

 // Automatically reboot *WITHOUT CONFIRMATION* if
 //  the file /var/run/reboot-required is found after the upgrade
-Unattended-Upgrade::Automatic-Reboot "{{ uau_reboot }}";
+Unattended-Upgrade::Automatic-Reboot "{{ unattended_reboot }}";

 // Automatically reboot even if there are users currently logged in
 // when Unattended-Upgrade::Automatic-Reboot is set to true
--- a/roles/uau/defaults/main.yml
+++ b/roles/uau/defaults/main.yml
@ -1,3 +0,0 @@
---
-
-uau_reboot: "true"
--- a/roles/uau/tasks/main.yml
+++ b/roles/uau/tasks/main.yml
@ -1,13 +0,0 @@
---
-
- name: Install unattended upgrades
-  apt:
-    name:
-    - unattended-upgrades
-    - debian-goodies
-
- name: Configure unattended upgrades
-  template: src={{ item }}.j2 dest=/etc/apt/apt.conf.d/{{ item }}
-  with_items:
-  - 02periodic
-  - 50unattended-upgrades
--- a/site.yml
+++ b/site.yml
@ -6,11 +6,6 @@
  - common
  - root_keys

- name: Setup unattended updates
-  hosts: [sulis.binary.kitchen, nabia.binary.kitchen, epona.binary.kitchen, pizza.binary.kitchen, pancake.binary.kitchen, knoedel.binary.kitchen, bob.binary.kitchen, lasagne.binary.kitchen, tschunk.binary.kitchen, bowle.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, neon.binary-kitchen.net, sodium.binary-kitchen.net, magnesium.binary-kitchen.net, aluminium.binary-kitchen.net, krypton.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net, ruthenium.binary-kitchen.net, rhodium.binary-kitchen.net, argentum.binary-kitchen.net, cadmium.binary-kitchen.net, indium.binary-kitchen.net]
-  roles:
-  - uau
-
 - name: Setup Proxmox VE SSL
  hosts: [salat.binary.kitchen, wurst.binary.kitchen, weizen.binary.kitchen]
  roles: