made role OS-specific
This commit is contained in:
commit
760b14cc4b
5 changed files with 54 additions and 0 deletions
2
defaults/main.yml
Normal file
2
defaults/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
---
|
||||||
|
unattended_upgrades_os_supported: False
|
1
handlers/main.yml
Normal file
1
handlers/main.yml
Normal file
|
@ -0,0 +1 @@
|
||||||
|
---
|
35
tasks/main.yml
Normal file
35
tasks/main.yml
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
---
|
||||||
|
- name: Set OS dependent variables
|
||||||
|
ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
|
||||||
|
vars:
|
||||||
|
params:
|
||||||
|
files:
|
||||||
|
- "{{ ansible_distribution | lower }}_{{ ansible_distribution_version | lower }}.yml"
|
||||||
|
- "{{ ansible_distribution | lower }}_{{ ansible_distribution_major_version | lower }}.yml"
|
||||||
|
- "{{ ansible_distribution | lower }}.yml"
|
||||||
|
- "{{ ansible_os_family | lower }}.yml"
|
||||||
|
- "{{ ansible_system | lower }}.yml"
|
||||||
|
paths:
|
||||||
|
- '{{ role_path }}/vars'
|
||||||
|
ignore_errors: True
|
||||||
|
|
||||||
|
- name: OS is supported
|
||||||
|
ansible.builtin.assert:
|
||||||
|
that: __os_supported
|
||||||
|
quiet: True
|
||||||
|
vars:
|
||||||
|
__os_supported: "{{ lookup('vars', '{}_os_supported'.format(role_name)) | bool }}"
|
||||||
|
|
||||||
|
|
||||||
|
- name: Install unattended-upgrades
|
||||||
|
apt:
|
||||||
|
name: unattended-upgrades
|
||||||
|
state: present
|
||||||
|
update_cache: yes
|
||||||
|
|
||||||
|
- name: Set configuration
|
||||||
|
become: yes
|
||||||
|
template:
|
||||||
|
src: 90unattended-upgrades.j2
|
||||||
|
dest: /etc/apt/apt.conf.d/90unattended-upgrades
|
||||||
|
mode: 0644
|
14
templates/90unattended-upgrades.j2
Normal file
14
templates/90unattended-upgrades.j2
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
Unattended-Upgrade::Allowed-Origins {
|
||||||
|
"${distro_id}:${distro_codename}";
|
||||||
|
"${distro_id}:${distro_codename}-security";
|
||||||
|
|
||||||
|
// Extended Security Maintenance; doesn't necessarily exist for
|
||||||
|
// every release and this system may not have it installed, but if
|
||||||
|
// available, the policy for updates is such that unattended-upgrades
|
||||||
|
// should also install from here by default.
|
||||||
|
"${distro_id}ESMApps:${distro_codename}-apps-security";
|
||||||
|
"${distro_id}ESM:${distro_codename}-infra-security";
|
||||||
|
// "${distro_id}:${distro_codename}-updates";
|
||||||
|
// "${distro_id}:${distro_codename}-proposed";
|
||||||
|
// "${distro_id}:${distro_codename}-backports";
|
||||||
|
};
|
2
vars/debian.yml
Normal file
2
vars/debian.yml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
---
|
||||||
|
unattended_upgrades_os_supported: True
|
Loading…
Add table
Add a link
Reference in a new issue