From 3fa13d41c237de9285a4ad77e0b12e99259d4c3d Mon Sep 17 00:00:00 2001 From: Markus Hauschild Date: Wed, 20 Nov 2024 18:15:36 +0100 Subject: [PATCH] common: integrate unattended upgrades --- host_vars/aeron.binary.kitchen | 2 +- host_vars/bacon.binary.kitchen | 2 +- host_vars/bowle.binary.kitchen | 2 +- host_vars/lasagne.binary.kitchen | 2 +- host_vars/pizza.binary.kitchen | 2 +- host_vars/ruthenium.binary-kitchen.net | 2 +- host_vars/tschunk.binary.kitchen | 2 +- roles/common/defaults/main.yml | 2 ++ roles/common/tasks/Debian.yml | 8 ++++++++ roles/{uau => common}/templates/02periodic.j2 | 0 .../templates/50unattended-upgrades.j2 | 2 +- roles/uau/defaults/main.yml | 3 --- roles/uau/tasks/main.yml | 13 ------------- site.yml | 5 ----- 14 files changed, 18 insertions(+), 29 deletions(-) rename roles/{uau => common}/templates/02periodic.j2 (100%) rename roles/{uau => common}/templates/50unattended-upgrades.j2 (99%) delete mode 100644 roles/uau/defaults/main.yml delete mode 100644 roles/uau/tasks/main.yml diff --git a/host_vars/aeron.binary.kitchen b/host_vars/aeron.binary.kitchen index bddac63..32ddea9 100644 --- a/host_vars/aeron.binary.kitchen +++ b/host_vars/aeron.binary.kitchen @@ -6,4 +6,4 @@ slapd_hostname: ldap3.binary.kitchen slapd_replica_id: 3 slapd_role: slave -uau_reboot: "false" +unattended_reboot: "false" diff --git a/host_vars/bacon.binary.kitchen b/host_vars/bacon.binary.kitchen index 0c55033..5ac2901 100644 --- a/host_vars/bacon.binary.kitchen +++ b/host_vars/bacon.binary.kitchen @@ -16,4 +16,4 @@ slapd_hostname: ldap1.binary.kitchen slapd_replica_id: 1 slapd_role: slave -uau_reboot: "false" +unattended_reboot: "false" diff --git a/host_vars/bowle.binary.kitchen b/host_vars/bowle.binary.kitchen index 49bcd89..4a4eafb 100644 --- a/host_vars/bowle.binary.kitchen +++ b/host_vars/bowle.binary.kitchen @@ -5,4 +5,4 @@ nfs_exports: - /exports/backup/rz 172.23.9.61(rw,sync,no_subtree_check) - /exports/tank 172.23.0.0/22(rw,sync,no_subtree_check) -uau_reboot: "false" +unattended_reboot: "false" diff --git a/host_vars/lasagne.binary.kitchen b/host_vars/lasagne.binary.kitchen index b480848..8e5c9fe 100644 --- a/host_vars/lasagne.binary.kitchen +++ b/host_vars/lasagne.binary.kitchen @@ -8,4 +8,4 @@ root_keys_host: - "# Thomas Schmid" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0Wq37DP89UO6MiJvvRbsXEcEV9d5/JJb7K2R0WHsHa sct39667@m-mob-062" -uau_reboot: "false" +unattended_reboot: "false" diff --git a/host_vars/pizza.binary.kitchen b/host_vars/pizza.binary.kitchen index b480848..8e5c9fe 100644 --- a/host_vars/pizza.binary.kitchen +++ b/host_vars/pizza.binary.kitchen @@ -8,4 +8,4 @@ root_keys_host: - "# Thomas Schmid" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0Wq37DP89UO6MiJvvRbsXEcEV9d5/JJb7K2R0WHsHa sct39667@m-mob-062" -uau_reboot: "false" +unattended_reboot: "false" diff --git a/host_vars/ruthenium.binary-kitchen.net b/host_vars/ruthenium.binary-kitchen.net index 19f6e3e..317bcfe 100644 --- a/host_vars/ruthenium.binary-kitchen.net +++ b/host_vars/ruthenium.binary-kitchen.net @@ -4,4 +4,4 @@ root_keys_host: - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCtTJqeSsB+aRiQ2WeFLVA5dz5YfCuv2TZmsyFqZ8NefJH/ZP3+gud3DwBq4l9HbDJUbfvApLQ9qbwaX0VhBv67mM6f4sWNG8uUW+9MYd6ZTeP3KUwZIHM52nqMFe5XScADL4s8Jsnb08gVp9xdcdufsbiLNYfuNFk+wcwRYtD5eqXZi3oaqshlq61LfBeC958vzvceDrZ2obfCJJ2pvmhUyORvgb6jXfx3kZku5qgk6m9NfyY95UZvSweDZPiN5YqLYekz+jxrYDyeA0DPgwlTcyGn8JI9/HkAD/odTpTAH+T6sbf0OkUi7ufNElAXvxDOJZN8NhxPFfUAW9naTYwGoPd4OJw0AOVLzKcVIjEXKtrxeQ0NOZVoucLFgnXO4iDZGrVHohPVj1UbrVpF00lokBLz1Xh4egrNw0g2Gt28HmZ9lg5Ymv8jJWAy87r5wV0O6aIuseGkSr/V6+92AGK/Yy1tKhZujtv5+CvVVBrLvoOnJJh8vFoVuRM+ucLBhqpewDY2yHZHzQ3J5SZKJ30mBUSYAKHBqVI4VmC/n235VMumIEsqnZvzk96G5TXWyZb0qzkXcct1H8MyQgG0SR0G4Ylm5skCZppEE7udV/wb8lRZv+2YrqBueKZ+Wu6IT3HJbUkor7CcbORjhwL4ETziPm4g4BrTPGUTjyeZ4nSDPQ== exxess" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG6uNwYKF3rqleM/HP95M+rsm+gwKY8epdtW2OutneY9 ralf@pluto" -uau_reboot: "false" +unattended_reboot: "false" diff --git a/host_vars/tschunk.binary.kitchen b/host_vars/tschunk.binary.kitchen index 296c9ca..0c28b69 100644 --- a/host_vars/tschunk.binary.kitchen +++ b/host_vars/tschunk.binary.kitchen @@ -4,4 +4,4 @@ root_keys_host: - "# Thomas Schmid" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0Wq37DP89UO6MiJvvRbsXEcEV9d5/JJb7K2R0WHsHa sct39667@m-mob-062" -uau_reboot: "true" +unattended_reboot: "true" diff --git a/roles/common/defaults/main.yml b/roles/common/defaults/main.yml index b67fa5d..e6d093f 100644 --- a/roles/common/defaults/main.yml +++ b/roles/common/defaults/main.yml @@ -9,3 +9,5 @@ logrotate_excludes: sshd_password_authentication: "no" sshd_permit_root_login: "prohibit-password" + +unattended_reboot: "true" diff --git a/roles/common/tasks/Debian.yml b/roles/common/tasks/Debian.yml index e45fe15..2ed54ae 100644 --- a/roles/common/tasks/Debian.yml +++ b/roles/common/tasks/Debian.yml @@ -4,6 +4,7 @@ apt: name: - apt-transport-https + - debian-goodies - dnsutils - fdisk - gnupg2 @@ -15,6 +16,7 @@ - pydf - rsync - sudo + - unattended-upgrades - vim-nox - wget - zsh @@ -26,6 +28,12 @@ - qemu-guest-agent when: ansible_virtualization_role == "guest" and ansible_virtualization_type == "kvm" +- name: Configure unattended upgrades + template: src={{ item }}.j2 dest=/etc/apt/apt.conf.d/{{ item }} + with_items: + - 02periodic + - 50unattended-upgrades + - name: Configure misc software copy: src={{ item.src }} dest={{ item.dest }} diff: no diff --git a/roles/uau/templates/02periodic.j2 b/roles/common/templates/02periodic.j2 similarity index 100% rename from roles/uau/templates/02periodic.j2 rename to roles/common/templates/02periodic.j2 diff --git a/roles/uau/templates/50unattended-upgrades.j2 b/roles/common/templates/50unattended-upgrades.j2 similarity index 99% rename from roles/uau/templates/50unattended-upgrades.j2 rename to roles/common/templates/50unattended-upgrades.j2 index 76eadc4..077beaf 100644 --- a/roles/uau/templates/50unattended-upgrades.j2 +++ b/roles/common/templates/50unattended-upgrades.j2 @@ -113,7 +113,7 @@ Unattended-Upgrade::Remove-Unused-Dependencies "true"; // Automatically reboot *WITHOUT CONFIRMATION* if // the file /var/run/reboot-required is found after the upgrade -Unattended-Upgrade::Automatic-Reboot "{{ uau_reboot }}"; +Unattended-Upgrade::Automatic-Reboot "{{ unattended_reboot }}"; // Automatically reboot even if there are users currently logged in // when Unattended-Upgrade::Automatic-Reboot is set to true diff --git a/roles/uau/defaults/main.yml b/roles/uau/defaults/main.yml deleted file mode 100644 index f383cbc..0000000 --- a/roles/uau/defaults/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- - -uau_reboot: "true" diff --git a/roles/uau/tasks/main.yml b/roles/uau/tasks/main.yml deleted file mode 100644 index ecdf66e..0000000 --- a/roles/uau/tasks/main.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- - -- name: Install unattended upgrades - apt: - name: - - unattended-upgrades - - debian-goodies - -- name: Configure unattended upgrades - template: src={{ item }}.j2 dest=/etc/apt/apt.conf.d/{{ item }} - with_items: - - 02periodic - - 50unattended-upgrades diff --git a/site.yml b/site.yml index ee97449..e076111 100644 --- a/site.yml +++ b/site.yml @@ -6,11 +6,6 @@ - common - root_keys -- name: Setup unattended updates - hosts: [sulis.binary.kitchen, nabia.binary.kitchen, epona.binary.kitchen, pizza.binary.kitchen, pancake.binary.kitchen, knoedel.binary.kitchen, bob.binary.kitchen, lasagne.binary.kitchen, tschunk.binary.kitchen, bowle.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, neon.binary-kitchen.net, sodium.binary-kitchen.net, magnesium.binary-kitchen.net, aluminium.binary-kitchen.net, krypton.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net, ruthenium.binary-kitchen.net, rhodium.binary-kitchen.net, argentum.binary-kitchen.net, cadmium.binary-kitchen.net, indium.binary-kitchen.net] - roles: - - uau - - name: Setup Proxmox VE SSL hosts: [salat.binary.kitchen, wurst.binary.kitchen, weizen.binary.kitchen] roles: