refactor automatic_updates #709
Conversation
Signed-off-by: Thomas Sjögren <[email protected]>
| @@ -77,3 +88,11 @@ | |||
| group: root | |||
| mode: "0644" | |||
| create: true | |||
|
|
|||
| - name: Configure unattended-upgrades | |||
| ansible.builtin.template: | |||
There was a problem hiding this comment.
ansible.builtin.template is destructive. Should there be a backup: yes for this?
There was a problem hiding this comment.
there was something with that ... iirc it was how handled the configuration if multiple files existed.
let me check.
There was a problem hiding this comment.
One thing to note with this is that any file in /etc/apt/apt.conf.d will be read as config... just using backup: yes is a bad idea actually
There was a problem hiding this comment.
yeah, that's the reason backup isn't used when it comes to apt configuration (and others) in the role
| reboot: false | ||
| ``` | ||
|
|
||
| `automatic_updates.enabled: true` will install and configure |
There was a problem hiding this comment.
One interesting thing to note (that I did not remember)
- name: Ensure role directory for konstruktoid.hardening does not exist
ansible.builtin.file:
path: "{{ lookup('env', 'HOME') }}/.ansible/roles/konstruktoid.hardening"
state: absent
delegate_to: localhost
run_once: true
- name: Create the empty directory
ansible.builtin.file:
path: "{{ lookup('env', 'HOME') }}/.ansible/roles/konstruktoid.hardening"
state: directory
mode: '0755'
delegate_to: localhost
run_once: true
- name: Clone hardening repository
ansible.builtin.git:
repo: https://github.com/konstruktoid/ansible-role-hardening.git
dest: "{{ lookup('env', 'HOME') }}/.ansible/roles/konstruktoid.hardening"
version: 'master'
delegate_to: localhost
run_once: true
- name: Include the hardening role
ansible.builtin.include_role:
name: konstruktoid.hardening
vars:
# noqa: var-naming[no-role-prefix]
automatic_updates.enabled: true #---> invalid variable name
automatic_updates.reboot: true
....
^^^ this var notation will not work ^^^
only this will in my setup:
automatic_updates:
enabled: true
reboot: true
There was a problem hiding this comment.
Ah, yes. That should probably be rewritten. I meant to write the var as simple as possible, but I see now how it could be confusing.
---
- name: Various Ansible tests
hosts: localhost
any_errors_fatal: true
gather_facts: false
vars:
automatic_updates:
enabled: true
reboot: true
tasks:
- name: Print automatic updates
ansible.builtin.debug:
var: automatic_updates
- name: Get automatic updates status
ansible.builtin.debug:
msg: "enabled: {{ automatic_updates.enabled }}, reboot: {{ automatic_updates.reboot }}"
No description provided.