From 0c2151faa464006e3c63ba80f9b92c5b9861530d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20-=20Le=20Filament?= <remi@le-filament.com>
Date: Mon, 6 Jan 2025 13:27:37 +0100
Subject: [PATCH] [FIX] unattended upgrade only if in full_maintenance
---
tasks/main.yml | 19 +++++++++++--------
1 file changed, 11 insertions(+), 8 deletions(-)
diff --git a/tasks/main.yml b/tasks/main.yml
index d5bec29..dee0638 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -94,14 +94,14 @@
autoremove: true
purge: true
state: absent
- when: ansible_os_family == "Debian" and inventory_hostname not in groups.maintenance_contract
+ when: ansible_os_family == "Debian" and inventory_hostname not in groups.full_maintenance
tags: unattended-upgrade
- name: Install Unattended Upgrades
ansible.builtin.apt:
name: "unattended-upgrades"
state: present
- when: ansible_os_family == "Debian" and inventory_hostname in groups.maintenance_contract
+ when: ansible_os_family == "Debian" and inventory_hostname in groups.full_maintenance
tags: unattended-upgrade
- name: Enable apt auto upgrades
@@ -120,7 +120,7 @@
owner: root
group: root
mode: '0644'
- when: inventory_hostname in groups.maintenance_contract
+ when: inventory_hostname in groups.full_maintenance
tags: unattended-upgrade
- name: Create apt-daily timer directory if it does not exist
@@ -130,7 +130,7 @@
owner: root
group: root
mode: '0755'
- when: inventory_hostname in groups.maintenance_contract
+ when: inventory_hostname in groups.full_maintenance
tags: unattended-upgrade
- name: Override apt-daily timer
@@ -140,7 +140,7 @@
owner: root
group: root
mode: '0644'
- when: inventory_hostname in groups.maintenance_contract
+ when: inventory_hostname in groups.full_maintenance
tags: unattended-upgrade
notify:
- Restart apt-update-timer
@@ -152,7 +152,7 @@
owner: root
group: root
mode: '0755'
- when: inventory_hostname in groups.maintenance_contract
+ when: inventory_hostname in groups.full_maintenance
tags: unattended-upgrade
- name: Override apt-daily-upgrade timer
@@ -162,7 +162,7 @@
owner: root
group: root
mode: '0644'
- when: inventory_hostname in groups.maintenance_contract
+ when: inventory_hostname in groups.full_maintenance
tags: unattended-upgrade
notify:
- Restart apt-upgrade-timer
@@ -319,13 +319,14 @@
changed_when: false
register: known_hosts_line
with_items: "{{ groups.backup_server }}"
+ when: inventory_hostname in groups.maintenance_contract
- name: Add backup servers in root known host
ansible.builtin.known_hosts:
hash_host: true
key: "{{ hostvars[item['item']].host_server_known_entry }}"
name: "[{{ hostvars[item['item']].ansible_host }}]:{{ default_sshd_port }}"
- when: item.found is not defined
+ when: inventory_hostname in groups.maintenance_contract and item.found is not defined
with_items: "{{ known_hosts_line.results }}"
- name: Copy Installed Package Listing script on server
@@ -335,6 +336,7 @@
owner: root
group: root
mode: '0700'
+ when: inventory_hostname in groups.maintenance_contract
- name: Disable e-mailing of crontab
ansible.builtin.cron:
@@ -348,3 +350,4 @@
minute: "43"
hour: "0"
job: /root/collect_installed_packages_facts.sh
+ when: inventory_hostname in groups.maintenance_contract
--
GitLab