/
main.yml
83 lines (73 loc) · 2.69 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
---
- name: Install required packages
apt:
name: '{{ ( unattended_upgrades__base_packages + unattended_upgrades__packages ) | flatten }}'
state: 'present'
install_recommends: False
when: unattended_upgrades__enabled | bool
- name: Configure debconf answer
debconf:
name: 'unattended-upgrades'
question: 'unattended-upgrades/enable_auto_updates'
vtype: 'boolean'
value: '{{ "true" if unattended_upgrades__enabled|bool else "false" }}'
- name: Configure periodic APT updates
template:
src: 'etc/apt/apt.conf.d/20periodic.j2'
dest: '/etc/apt/apt.conf.d/20periodic'
owner: 'root'
group: 'root'
mode: '0644'
when: ((unattended_upgrades__periodic|bool) or
(ansible_local|d() and ansible_local.unattended_upgrades|d() and
ansible_local.unattended_upgrades.periodic|bool))
- name: Configure periodic APT upgrades
template:
src: 'etc/apt/apt.conf.d/20auto-upgrades.j2'
dest: '/etc/apt/apt.conf.d/20auto-upgrades'
owner: 'root'
group: 'root'
mode: '0644'
when: ((unattended_upgrades__enabled|bool) or
(ansible_local|d() and ansible_local.unattended_upgrades|d() and
ansible_local.unattended_upgrades.enabled|bool))
- name: Divert unattended-upgrades configuration
command: dpkg-divert --quiet --local --divert /etc/apt/apt.conf.d/50unattended-upgrades.dpkg-divert
--rename /etc/apt/apt.conf.d/50unattended-upgrades
args:
creates: '/etc/apt/apt.conf.d/50unattended-upgrades.dpkg-divert'
when: unattended_upgrades__enabled | bool
- name: Configure unattended-upgrades
template:
src: 'etc/apt/apt.conf.d/50unattended-upgrades.j2'
dest: '/etc/apt/apt.conf.d/50unattended-upgrades'
owner: 'root'
group: 'root'
mode: '0644'
when: unattended_upgrades__enabled | bool
- name: Remove configs out of the way before reversion
command: rm -f /etc/apt/apt.conf.d/50unattended-upgrades
args:
removes: '/etc/apt/apt.conf.d/50unattended-upgrades.dpkg-divert'
warn: False
when: not unattended_upgrades__enabled | bool
- name: Revert unattended-upgrades configuration
command: dpkg-divert --quiet --local --rename
--remove /etc/apt/apt.conf.d/50unattended-upgrades
args:
removes: '/etc/apt/apt.conf.d/50unattended-upgrades.dpkg-divert'
when: not unattended_upgrades__enabled | bool
- name: Make sure that Ansible local fact directory exists
file:
path: '/etc/ansible/facts.d'
state: 'directory'
owner: 'root'
group: 'root'
mode: '0755'
- name: Save Ansible local facts
template:
src: 'etc/ansible/facts.d/unattended_upgrades.fact.j2'
dest: '/etc/ansible/facts.d/unattended_upgrades.fact'
owner: 'root'
group: 'root'
mode: '0644'