Skip to content
Extraits de code Groupes Projets
Valider 0c2151fa rédigé par Rémi - Le Filament's avatar Rémi - Le Filament
Parcourir les fichiers

[FIX] unattended upgrade only if in full_maintenance

parent c870aa69
Aucune branche associée trouvée
Aucune étiquette associée trouvée
Aucune requête de fusion associée trouvée
Afficher les modifications d'espaces
En ligne Côte à côte
Affichage de
avec 11 ajouts et 8 suppressions
tasks/main.yml
+ 11
8
Voir le fichier @ 0c2151fa
...@@ -94,14 +94,14 @@ ...@@ -94,14 +94,14 @@
autoremove: true autoremove: true
purge: true purge: true
state: absent state: absent
when: ansible_os_family == "Debian" and inventory_hostname not in groups.maintenance_contract when: ansible_os_family == "Debian" and inventory_hostname not in groups.full_maintenance
tags: unattended-upgrade tags: unattended-upgrade
- name: Install Unattended Upgrades - name: Install Unattended Upgrades
ansible.builtin.apt: ansible.builtin.apt:
name: "unattended-upgrades" name: "unattended-upgrades"
state: present state: present
when: ansible_os_family == "Debian" and inventory_hostname in groups.maintenance_contract when: ansible_os_family == "Debian" and inventory_hostname in groups.full_maintenance
tags: unattended-upgrade tags: unattended-upgrade
- name: Enable apt auto upgrades - name: Enable apt auto upgrades
...@@ -120,7 +120,7 @@ ...@@ -120,7 +120,7 @@
owner: root owner: root
group: root group: root
mode: '0644' mode: '0644'
when: inventory_hostname in groups.maintenance_contract when: inventory_hostname in groups.full_maintenance
tags: unattended-upgrade tags: unattended-upgrade
- name: Create apt-daily timer directory if it does not exist - name: Create apt-daily timer directory if it does not exist
...@@ -130,7 +130,7 @@ ...@@ -130,7 +130,7 @@
owner: root owner: root
group: root group: root
mode: '0755' mode: '0755'
when: inventory_hostname in groups.maintenance_contract when: inventory_hostname in groups.full_maintenance
tags: unattended-upgrade tags: unattended-upgrade
- name: Override apt-daily timer - name: Override apt-daily timer
...@@ -140,7 +140,7 @@ ...@@ -140,7 +140,7 @@
owner: root owner: root
group: root group: root
mode: '0644' mode: '0644'
when: inventory_hostname in groups.maintenance_contract when: inventory_hostname in groups.full_maintenance
tags: unattended-upgrade tags: unattended-upgrade
notify: notify:
- Restart apt-update-timer - Restart apt-update-timer
...@@ -152,7 +152,7 @@ ...@@ -152,7 +152,7 @@
owner: root owner: root
group: root group: root
mode: '0755' mode: '0755'
when: inventory_hostname in groups.maintenance_contract when: inventory_hostname in groups.full_maintenance
tags: unattended-upgrade tags: unattended-upgrade
- name: Override apt-daily-upgrade timer - name: Override apt-daily-upgrade timer
...@@ -162,7 +162,7 @@ ...@@ -162,7 +162,7 @@
owner: root owner: root
group: root group: root
mode: '0644' mode: '0644'
when: inventory_hostname in groups.maintenance_contract when: inventory_hostname in groups.full_maintenance
tags: unattended-upgrade tags: unattended-upgrade
notify: notify:
- Restart apt-upgrade-timer - Restart apt-upgrade-timer
...@@ -319,13 +319,14 @@ ...@@ -319,13 +319,14 @@
changed_when: false changed_when: false
register: known_hosts_line register: known_hosts_line
with_items: "{{ groups.backup_server }}" with_items: "{{ groups.backup_server }}"
when: inventory_hostname in groups.maintenance_contract
- name: Add backup servers in root known host - name: Add backup servers in root known host
ansible.builtin.known_hosts: ansible.builtin.known_hosts:
hash_host: true hash_host: true
key: "{{ hostvars[item['item']].host_server_known_entry }}" key: "{{ hostvars[item['item']].host_server_known_entry }}"
name: "[{{ hostvars[item['item']].ansible_host }}]:{{ default_sshd_port }}" name: "[{{ hostvars[item['item']].ansible_host }}]:{{ default_sshd_port }}"
when: item.found is not defined when: inventory_hostname in groups.maintenance_contract and item.found is not defined
with_items: "{{ known_hosts_line.results }}" with_items: "{{ known_hosts_line.results }}"
- name: Copy Installed Package Listing script on server - name: Copy Installed Package Listing script on server
...@@ -335,6 +336,7 @@ ...@@ -335,6 +336,7 @@
owner: root owner: root
group: root group: root
mode: '0700' mode: '0700'
when: inventory_hostname in groups.maintenance_contract
- name: Disable e-mailing of crontab - name: Disable e-mailing of crontab
ansible.builtin.cron: ansible.builtin.cron:
...@@ -348,3 +350,4 @@ ...@@ -348,3 +350,4 @@
minute: "43" minute: "43"
hour: "0" hour: "0"
job: /root/collect_installed_packages_facts.sh job: /root/collect_installed_packages_facts.sh
when: inventory_hostname in groups.maintenance_contract
0% ou .
You are about to add 0 people to the discussion. Proceed with caution.
Veuillez vous inscrire ou vous pour commenter