diff options
author | Luca Di Stefano <luca.distefano@linaro.org> | 2017-12-04 11:47:30 +0000 |
---|---|---|
committer | Luca Di Stefano <luca.distefano@linaro.org> | 2017-12-04 11:47:30 +0000 |
commit | 89e1069baab3eed4ec58105dd37564af86cf7c9a (patch) | |
tree | 05f9235d41bad60af8e2e02cac8c7163c722b7dd | |
parent | 0b9325e6d252a89a111e72bb56d4cbce1a0a8dcb (diff) |
role to disable ubuntu autoupdates
Change-Id: If40b7b49aa126df8f13e8b9030cc40917600af61
9 files changed, 94 insertions, 0 deletions
diff --git a/playbooks/roles/tcwg-noautoupdate/defaults/git.hold b/playbooks/roles/tcwg-noautoupdate/defaults/git.hold new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/playbooks/roles/tcwg-noautoupdate/defaults/git.hold diff --git a/playbooks/roles/tcwg-noautoupdate/files/git.hold b/playbooks/roles/tcwg-noautoupdate/files/git.hold new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/playbooks/roles/tcwg-noautoupdate/files/git.hold diff --git a/playbooks/roles/tcwg-noautoupdate/handlers/main.yml b/playbooks/roles/tcwg-noautoupdate/handlers/main.yml new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/playbooks/roles/tcwg-noautoupdate/handlers/main.yml diff --git a/playbooks/roles/tcwg-noautoupdate/meta/git.hold b/playbooks/roles/tcwg-noautoupdate/meta/git.hold new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/playbooks/roles/tcwg-noautoupdate/meta/git.hold diff --git a/playbooks/roles/tcwg-noautoupdate/tasks/main.yml b/playbooks/roles/tcwg-noautoupdate/tasks/main.yml new file mode 100644 index 0000000..83a2489 --- /dev/null +++ b/playbooks/roles/tcwg-noautoupdate/tasks/main.yml @@ -0,0 +1,31 @@ +--- + - name: Check if autoupdate file is present + command: "/bin/ls /etc/apt/apt.conf.d/20auto-upgrades" + register: checkfile + ignore_errors: True + tags: check + + - name: Disable system wide autoupdates + template: + src: 20auto-upgrades.j2 + dest: "/etc/apt/apt.conf.d/20auto-upgrades" + owner: root + group: root + mode: '0644' + when: checkfile|succeeded + + - name: Check if autoupdate file is present + command: "/bin/ls /etc/apt/apt.conf.d/50unattended-upgrades" + register: checkfile2 + ignore_errors: True + tags: check + + - name: Disable unattended updates + template: + src: 50unattended-upgrades.j2 + dest: "/etc/apt/apt.conf.d/50unattended-upgrades" + owner: root + group: root + mode: '0644' + when: checkfile2|succeeded + diff --git a/playbooks/roles/tcwg-noautoupdate/templates/20auto-upgrades.j2 b/playbooks/roles/tcwg-noautoupdate/templates/20auto-upgrades.j2 new file mode 100644 index 0000000..773354b --- /dev/null +++ b/playbooks/roles/tcwg-noautoupdate/templates/20auto-upgrades.j2 @@ -0,0 +1,2 @@ +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Unattended-Upgrade "0"; diff --git a/playbooks/roles/tcwg-noautoupdate/templates/50unattended-upgrades.j2 b/playbooks/roles/tcwg-noautoupdate/templates/50unattended-upgrades.j2 new file mode 100644 index 0000000..c132409 --- /dev/null +++ b/playbooks/roles/tcwg-noautoupdate/templates/50unattended-upgrades.j2 @@ -0,0 +1,61 @@ +// Automatically upgrade packages from these (origin:archive) pairs +Unattended-Upgrade::Allowed-Origins { +// "${distro_id}:${distro_codename}"; +// "${distro_id}:${distro_codename}-security"; +// "${distro_id}:${distro_codename}-updates"; +// "${distro_id}:${distro_codename}-proposed"; +// "${distro_id}:${distro_codename}-backports"; +}; + +// List of packages to not update (regexp are supported) +Unattended-Upgrade::Package-Blacklist { +// "vim"; +// "libc6"; +// "libc6-dev"; +// "libc6-i686"; +}; + +// This option allows you to control if on a unclean dpkg exit +// unattended-upgrades will automatically run +// dpkg --force-confold --configure -a +// The default is true, to ensure updates keep getting installed +//Unattended-Upgrade::AutoFixInterruptedDpkg "false"; + +// Split the upgrade into the smallest possible chunks so that +// they can be interrupted with SIGUSR1. This makes the upgrade +// a bit slower but it has the benefit that shutdown while a upgrade +// is running is possible (with a small delay) +//Unattended-Upgrade::MinimalSteps "true"; + +// Install all unattended-upgrades when the machine is shuting down +// instead of doing it in the background while the machine is running +// This will (obviously) make shutdown slower +//Unattended-Upgrade::InstallOnShutdown "true"; + +// Send email to this address for problems or packages upgrades +// If empty or unset then no email is sent, make sure that you +// have a working mail setup on your system. A package that provides +// 'mailx' must be installed. E.g. "user@example.com" +//Unattended-Upgrade::Mail "root"; + +// Set this value to "true" to get emails only on errors. Default +// is to always send a mail if Unattended-Upgrade::Mail is set +//Unattended-Upgrade::MailOnlyOnError "true"; + +// Do automatic removal of new unused dependencies after the upgrade +// (equivalent to apt-get autoremove) +//Unattended-Upgrade::Remove-Unused-Dependencies "false"; + +// Automatically reboot *WITHOUT CONFIRMATION* +// if the file /var/run/reboot-required is found after the upgrade +//Unattended-Upgrade::Automatic-Reboot "false"; + +// If automatic reboot is enabled and needed, reboot at the specific +// time instead of immediately +// Default: "now" +//Unattended-Upgrade::Automatic-Reboot-Time "02:00"; + +// Use apt bandwidth limit feature, this example limits the download +// speed to 70kb/sec +//Acquire::http::Dl-Limit "70"; + diff --git a/playbooks/roles/tcwg-noautoupdate/templates/git.hold b/playbooks/roles/tcwg-noautoupdate/templates/git.hold new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/playbooks/roles/tcwg-noautoupdate/templates/git.hold diff --git a/playbooks/roles/tcwg-noautoupdate/vars/main.yml b/playbooks/roles/tcwg-noautoupdate/vars/main.yml new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/playbooks/roles/tcwg-noautoupdate/vars/main.yml |