From 6f5455f6c525d5e5acedc8f5fcace1c2a9279423 Mon Sep 17 00:00:00 2001 From: Daniel Weipert Date: Wed, 28 Apr 2021 16:28:39 +0200 Subject: Adds unattended upgrades as role --- src/unattended-upgrades/auto-upgrades.twig | 25 ---- src/unattended-upgrades/unattended-upgrades.php | 140 ----------------------- src/unattended-upgrades/unattended-upgrades.twig | 117 ------------------- 3 files changed, 282 deletions(-) delete mode 100644 src/unattended-upgrades/auto-upgrades.twig delete mode 100644 src/unattended-upgrades/unattended-upgrades.php delete mode 100644 src/unattended-upgrades/unattended-upgrades.twig (limited to 'src/unattended-upgrades') diff --git a/src/unattended-upgrades/auto-upgrades.twig b/src/unattended-upgrades/auto-upgrades.twig deleted file mode 100644 index 388a028..0000000 --- a/src/unattended-upgrades/auto-upgrades.twig +++ /dev/null @@ -1,25 +0,0 @@ -APT::Periodic::Unattended-Upgrade "1"; - -{% if unattended_update_package_list is defined %} -APT::Periodic::Update-Package-Lists "{{unattended_update_package_list}}"; -{% endif %} - -{% if unattended_download_upgradeable is defined %} -APT::Periodic::Download-Upgradeable-Packages "{{unattended_download_upgradeable}}"; -{% endif %} - -{% if unattended_autoclean_interval is defined %} -APT::Periodic::AutocleanInterval "{{unattended_autoclean_interval}}"; -{% endif %} - -{% if unattended_clean_interval is defined %} -APT::Periodic::CleanInterval "{{unattended_clean_interval}}"; -{% endif %} - -{% if unattended_verbose is defined %} -APT::Periodic::Verbose "{{unattended_verbose}}"; -{% endif %} - -{% if unattended_random_sleep is defined %} -APT::Periodic::RandomSleep "{{unattended_random_sleep}}"; -{% endif %} diff --git a/src/unattended-upgrades/unattended-upgrades.php b/src/unattended-upgrades/unattended-upgrades.php deleted file mode 100644 index 1c3f73c..0000000 --- a/src/unattended-upgrades/unattended-upgrades.php +++ /dev/null @@ -1,140 +0,0 @@ - 3600, - - #Unattended-Upgrade::Origins-Pattern - # Automatically upgrade packages from these origin patterns - # e.g.: 'o=Debian,a=stable', 'o=Debian,a=stable-updates' - # - # Left unset, distribution-specific defaults will be used through - # __unattended_origins_patterns variable only if this variable - # is not provided externally - # REFS https://github.com/ansible/ansible/issues/8121 - #'unattended_origins_patterns' => [], - - #Unattended-Upgrade::Package-Blacklist - # List of packages to not update - 'unattended_package_blacklist' => [], - - #Unattended-Upgrade::AutoFixInterruptedDpkg - # On a unclean dpkg exit unattended-upgrades will run - # dpkg --force-confold --configure -a - # The default is true, to ensure updates keep getting installed - 'unattended_autofix_interrupted_dpkg' => true, - - #Unattended-Upgrade::MinimalSteps - # Split the upgrade into the smallest possible chunks so that - # they can be interrupted with SIGUSR1. This makes the upgrade - # a bit slower but it has the benefit that shutdown while a upgrade - # is running is possible (with a small delay) - 'unattended_minimal_steps' => true, - - #Unattended-Upgrade::InstallOnShutdown - # Install all unattended-upgrades when the machine is shuting down - # instead of doing it in the background while the machine is running - # This will (obviously) make shutdown slower - 'unattended_install_on_shutdown' => false, - - #Unattended-Upgrade::Mail - # Send email to this address for problems or packages upgrades - # If empty or unset then no email is sent, make sure that you - # have a working mail setup on your system. A package that provides - # 'mailx' must be installed. - 'unattended_mail' => false, - - #Unattended-Upgrade::MailOnlyOnError - # Set this value to "true" to get emails only on errors. Default - # is to always send a mail if Unattended-Upgrade::Mail is set - 'unattended_mail_only_on_error' => false, - - #Unattended-Upgrade::Remove-Unused-Dependencies - # Do automatic removal of all unused dependencies after the upgrade - # (equivalent to apt-get autoremove) - 'unattended_remove_unused_dependencies' => false, - - #Unattended-Upgrade::Remove-New-Unused-Dependencies - # Remove any new unused dependencies after the upgrade - 'unattended_remove_new_unused_dependencies' => true, - - #Unattended-Upgrade::Automatic-Reboot - # Automatically reboot *WITHOUT CONFIRMATION* if a - # the file /var/run/reboot-required is found after the upgrade - 'unattended_automatic_reboot' => false, - - #Unattended-Upgrade::Automatic-Reboot-Time - # If automatic reboot is enabled and needed, reboot at the specific - # time instead of immediately - 'unattended_automatic_reboot_time' => false, - - #Unattended-Upgrade::IgnoreAppsRequireRestart - # Do upgrade application even if it requires restart after upgrade - # I.e. "XB-Upgrade-Requires: app-restart" is set in the debian/control file - 'unattended_ignore_apps_require_restart' => false, - - #Unattended-Upgrade::SyslogEnable - # Write events to syslog, which is useful in environments where syslog - # messages are sent to a central store. - 'unattended_syslog_enable' => false, - - #Unattended-Upgrade::SyslogFacility - # Write events to the specified syslog facility, or the daemon facility if - # not specified. Requires the Unattended-Upgrade::SyslogEnable option to be - # set to true. - #'unattended_syslog_facility' => 'daemon', - - ### APT::Periodic configuration - # Snatched from /usr/lib/apt/apt.systemd.daily - - #APT::Periodic::Update-Package-Lists "0"; - # - Do "apt-get update" automatically every n-days (0=disable) - 'unattended_update_package_list' => 1, - - #APT::Periodic::Download-Upgradeable-Packages "0"; - # - Do "apt-get upgrade --download-only" every n-days (0=disable) - #'unattended_download_upgradeable' => 0, - - #APT::Periodic::AutocleanInterval "0"; - # - Do "apt-get autoclean" every n-days (0=disable) - 'unattended_autoclean_interval' => 7, - - #APT::Periodic::CleanInterval "0"; - # - Do "apt-get clean" every n-days (0=disable) - #'unattended_clean_interval' => 0, - - #APT::Periodic::Verbose "0"; - # - Send report mail to root - # 0: no report (or null string) - # 1: progress report (actually any string) - # 2: + command outputs (remove -qq, remove 2>/dev/null, add -d) - # 3: + trace on - #'unattended_verbose' => 0, - - ## Cron systems only - - #APT::Periodic::RandomSleep - # When the apt job starts, it will sleep for a random period between 0 - # and APT::Periodic::RandomSleep seconds - # The default value is "1800" so that the script will stall for up to 30 - # minutes (1800 seconds) so that the mirror servers are not crushed by - # everyone running their updates all at the same time - # Kept undefined to allow default (1800) - #'unattended_random_sleep' => 0, - - #Dpkg::Options - # Provide dpkg options that take effect during unattended upgrades. - # By default no flags are appended. Configuration file changes can - # block installation of certain packages. Passing the flags - # "--force-confdef" and "--force-confold" will ensure updates are applied - # and old configuration files are preserved. - 'unattended_dpkg_options' => [], - - # 'unattended_dpkg_options' => [ - # '--force-confdef', - # '--force-confold', - # ], - - # Use apt bandwidth limit feature, this example limits the download speed to 70kb/sec - #'unattended_dl_limit' => 70, -]; diff --git a/src/unattended-upgrades/unattended-upgrades.twig b/src/unattended-upgrades/unattended-upgrades.twig deleted file mode 100644 index 0796f6b..0000000 --- a/src/unattended-upgrades/unattended-upgrades.twig +++ /dev/null @@ -1,117 +0,0 @@ -// Unattended-Upgrade::Origins-Pattern controls which packages are -// upgraded. -Unattended-Upgrade::Origins-Pattern { -{% if unattended_origins_patterns is defined %} -{% for origin in unattended_origins_patterns %} - "{{ origin }}"; -{% endfor %} -{% endif %} -}; - -// List of packages to not update (regexp are supported) -Unattended-Upgrade::Package-Blacklist { -{% for package in unattended_package_blacklist %} - "{{ package }}"; -{% endfor %} -}; - -{% if not unattended_autofix_interrupted_dpkg %} -// This option allows you to control if on a unclean dpkg exit -// unattended-upgrades will automatically run -// dpkg --force-confold --configure -a -// The default is true, to ensure updates keep getting installed -Unattended-Upgrade::AutoFixInterruptedDpkg "false"; -{% endif %} - -// Split the upgrade into the smallest possible chunks so that -// they can be interrupted with SIGUSR1. This makes the upgrade -// a bit slower but it has the benefit that shutdown while a upgrade -// is running is possible (with a small delay) -Unattended-Upgrade::MinimalSteps "{{ unattended_minimal_steps | lower }}"; - -{% if unattended_install_on_shutdown %} -// Install all unattended-upgrades when the machine is shuting down -// instead of doing it in the background while the machine is running -// This will (obviously) make shutdown slower -Unattended-Upgrade::InstallOnShutdown "true"; -{% endif %} - -{% if unattended_mail %} -// Send email to this address for problems or packages upgrades -// If empty or unset then no email is sent, make sure that you -// have a working mail setup on your system. A package that provides -// 'mailx' must be installed. -Unattended-Upgrade::Mail "{{ unattended_mail }}"; -{% endif %} - -{% if unattended_mail_only_on_error %} -// Set this value to "true" to get emails only on errors. Default -// is to always send a mail if Unattended-Upgrade::Mail is set -Unattended-Upgrade::MailOnlyOnError "true"; -{% endif %} - -{% if unattended_remove_unused_dependencies %} -// Do automatic removal of all unused dependencies after the upgrade -// (equivalent to apt-get autoremove) -Unattended-Upgrade::Remove-Unused-Dependencies "true"; -{% endif %} - -{% if not unattended_remove_new_unused_dependencies %} -// Do automatic removal of new unused dependencies after the upgrade -Unattended-Upgrade::Remove-New-Unused-Dependencies "false"; -{% endif %} - -{% if unattended_automatic_reboot %} -// Automatically reboot *WITHOUT CONFIRMATION* if a -// the file /var/run/reboot-required is found after the upgrade -Unattended-Upgrade::Automatic-Reboot "true"; -{% endif %} - -{% if unattended_automatic_reboot_time %} -// If automatic reboot is enabled and needed, reboot at the specific -// time instead of immediately -// Default: "now" -Unattended-Upgrade::Automatic-Reboot-Time "{{ unattended_automatic_reboot_time }}"; -{% endif %} - -{% if unattended_update_days is defined %} -// Set the days of the week that updates should be applied. The days can be specified -// as localized abbreviated or full names. Or as integers where "0" is Sunday, "1" is -// Monday etc. -// Example - apply updates only on Monday and Friday: -// {"Mon";"Fri"}; -Unattended-Upgrade::Update-Days {{ unattended_update_days }}; -{% endif %} - -{% if unattended_ignore_apps_require_restart %} -// Do upgrade application even if it requires restart after upgrade -// I.e. "XB-Upgrade-Requires: app-restart" is set in the debian/control file -Unattended-Upgrade::IgnoreAppsRequireRestart "true"; -{% endif %} - -{% if unattended_syslog_enable %} -// Write events to syslog, which is useful in environments where syslog -// messages are sent to a central store. -Unattended-Upgrade::SyslogEnable "{{ unattended_syslog_enable }}"; -{% if unattended_syslog_facility is defined %} -// Write events to the specified syslog facility, or the daemon facility -// if not specified. Requires the Unattended-Upgrade::SyslogEnable option -// to be set to true. -Unattended-Upgrade::SyslogFacility "{{ unattended_syslog_facility }}"; -{% endif %} -{% endif %} - -{% if unattended_dpkg_options %} -// Append options for governing dpkg behavior, e.g. --force-confdef. -Dpkg::Options { -{% for dpkg_option in unattended_dpkg_options %} - "{{ dpkg_option }}"; -{% endfor %} -}; -{% endif %} - -{% if unattended_dl_limit is defined %} -// Use apt bandwidth limit feature, this example limits the download -// speed to 70kb/sec -Acquire::http::Dl-Limit "{{ unattended_dl_limit }}"; -{% endif %} -- cgit v1.2.3