Skip to content
Snippets Groups Projects
Commit 793f6e21 authored by Jörg Sachse's avatar Jörg Sachse
Browse files

feat: use unattended-upgrades instead of cron-apt

parent fed41c0b
No related branches found
No related tags found
No related merge requests found
autoclean -y
dist-upgrade -y -o APT::Get::Show-Upgraded=true
autoremove -y
--- ---
- name: Install & configure autoupdate (Debian) - name: remove apt-cron autoupdate (Debian)
block: block:
- name: Install autoupdate packages (Debian) - name: Uninstall autoupdate packages (Debian)
apt: apt:
name: [ name: 'cron-apt'
'cron-apt' state: absent
] - name: cron-apt Konfigurationsdateien entfernen
state: present file:
- name: Konfigurationsdateien einspielen - cron-apt actions path: "{{ item }}"
copy: state: absent
src: "etc/cron-apt/action.d/3-download" loop:
dest: "/etc/cron-apt/action.d/3-download" - "/etc/cron-apt/action.d/3-download"
- name: Konfigurationsdateien einspielen - cron-apt config - "/etc/cron-apt/config"
template: when: ansible_os_family == "Debian"
src: "etc/cron-apt/config"
dest: "/etc/cron-apt/config" # unattended-upgrades is the default in Debian 11 and new UDA installations
when: ansible_distribution == "Debian" # anyway, so we use it instead of cron-apt.
- name: Install & configure unattended-upgrades (Debian/Ubuntu)
block:
- name: install unattended-upgrades
apt:
name: "unattended-upgrades"
state: latest
- name:
lineinfile:
path: "/etc/apt/apt.conf.d/10periodic"
create: true
line: "{{ item }}"
loop:
- 'APT::Periodic::Update-Package-Lists "1";'
- 'APT::Periodic::Unattended-Upgrade "1";'
- name:
lineinfile:
path: "/etc/apt/apt.conf.d/90unattended-upgrades-mail"
create: true
line: "{{ item }}"
loop:
- 'Unattended-Upgrade::Mail "root";'
- 'Unattended-Upgrade::MailOnlyOnError "true";'
# This file is present in UDA default installations. It sets unattended-
# upgrades to install security upgrades only. We want all updates, so we
# delete it.
# (refers to https://git.slub-dresden.de/slub-referat-2-4/sdvuda10/-/commit/4c265c91ffef7775cad8abbe69da35bc398622e9)
- name: install all upgrades, not only security patches
file:
path: "/etc/apt/apt.conf.d/51only-security-upgrades"
state: absent
when: ansible_os_family == "Debian"
# based on: https://access.redhat.com/solutions/2823901 # based on: https://access.redhat.com/solutions/2823901
- name: Install & configurate autoupdate (RedHat) - name: Install & configurate autoupdate (RedHat)
......
# Configuration for cron-apt. For further information about the possible
# configuration settings see /usr/share/doc/cron-apt/README.gz.
# Mailempfaenger
# MAILTO="Deine@Emailadresse.de; Weitere@Emailadresse"
MAILTO="{{ vault_cronapt_mailto }}"
# Benachrichtigung bei Fehlern (MAILON=error), Paketaktualisierungen (MAILON=upgrade) oder immer (MAILON=always)
MAILON="error"
HOSTNAME=$HOSTNAME
SYSLOGON="changes"
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment