brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-08 21:34:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: extend automatic updates' resources

Browse Source
This commit is contained in:
Michele Cereda
2025-06-18 19:37:27 +02:00
parent 8a5a138120
commit 102d0c7c51
3 changed files with 68 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
ansible/playbooks/os.automatic-upgrades.setup.yml Normal file
View File

@@ -0,0 +1,49 @@
---
- name: Configure automatic updates
tags: configure_automatic_updates
hosts: all
tasks:
- name: Configure 'unattended-upgrades' on APT-based systems
when: ansible_pkg_mgr | lower == 'apt'
block:
- name: Install 'unattended-upgrades'
become: true
ansible.builtin.apt:
name: unattended-upgrades
install_recommends: false
update_cache: true
- name: Configure 'unattended-upgrades'
become: true
ansible.builtin.copy:
dest: /etc/apt/apt.conf.d/20auto-upgrades
content: |-
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
owner: root
group: root
mode: u=rw,g=r,o=r
backup: true
- name: Test configuration with a dry run
tags:
- never
- test_unattended_upgrades
become: true
ansible.builtin.command: unattended-upgrade --dry-run
- name: Configure 'unattended-upgrades' on DNF and YUM-based systems
when: ansible_pkg_mgr | lower in ['dnf', 'yum']
block:
- name: Install a cron daemon
become: true
ansible.builtin.package:
name: chrony
- name: Create the cron job
ansible.builtin.copy:
dest: /etc/cron.daily/security-updates
content: |-
#!/bin/bash
{{ ansible_pkg_mgr }} -y upgrade --bugfix --security
owner: root
group: root
mode: u=rwx,g=rx,o=rx
backup: true

27
knowledge base/apt.md
View File

@@ -90,11 +90,14 @@ EOF
Leverage `unattended-upgrades` for this. Leverage `unattended-upgrades` for this.
```sh ```sh
# Configure the packages to keep up to date. # Install the tool.
sudo apt install 'unattended-upgrades'
# Configure self updating.
sudo dpkg-reconfigure -p 'low' 'unattended-upgrades' sudo dpkg-reconfigure -p 'low' 'unattended-upgrades'
# Check what packages would be installed. # Check what packages would be installed or upgraded.
sudo unattended-upgrade -d --dry-run sudo unattended-upgrade --debug --dry-run
# Run manually. # Run manually.
sudo unattended-upgrade sudo unattended-upgrade
@@ -184,7 +187,8 @@ sudo apt update
100 /var/lib/dpkg/status 100 /var/lib/dpkg/status
``` ```
1. The package might depend on other packages which are not upgradable at the moment, i.e. their current version might be required by other packages.<br/> 1. The package might depend on other packages which are not upgradable at the moment, i.e. their current version might
be required by other packages.<br/>
Try installing/upgrading it specifying the desired release and version of the package: Try installing/upgrading it specifying the desired release and version of the package:
```sh ```sh
@@ -230,15 +234,10 @@ All the references in the [further readings] section, plus the following:
- [Fix a "Problem with MergeList" or "status file could not be parsed" error] - [Fix a "Problem with MergeList" or "status file could not be parsed" error]
<!-- <!--
References Reference
═╬═Time══
--> -->
<!-- Upstream -->
[apt configuration]: https://wiki.debian.org/AptConfiguration
[apt_preferences man page]: https://manpages.debian.org/testing/apt/apt_preferences.5.en.html
[configuring apt sources]: https://wiki.debian.org/SourcesList
[unattended upgrades]: https://wiki.debian.org/UnattendedUpgrades
<!-- In-article sections --> <!-- In-article sections -->
[further readings]: #further-readings [further readings]: #further-readings
@@ -247,6 +246,12 @@ All the references in the [further readings] section, plus the following:
[dpkg]: dpkg.md [dpkg]: dpkg.md
[netselect-apt]: netselect-apt.md [netselect-apt]: netselect-apt.md
<!-- Upstream -->
[apt configuration]: https://wiki.debian.org/AptConfiguration
[apt_preferences man page]: https://manpages.debian.org/testing/apt/apt_preferences.5.en.html
[configuring apt sources]: https://wiki.debian.org/SourcesList
[unattended upgrades]: https://wiki.debian.org/UnattendedUpgrades
<!-- Others --> <!-- Others -->
[cheat.sh]: https://cheat.sh/apt [cheat.sh]: https://cheat.sh/apt
[fix a "problem with mergelist" or "status file could not be parsed" error]: https://askubuntu.com/questions/30072/how-do-i-fix-a-problem-with-mergelist-or-status-file-could-not-be-parsed-err#30199 [fix a "problem with mergelist" or "status file could not be parsed" error]: https://askubuntu.com/questions/30072/how-do-i-fix-a-problem-with-mergelist-or-status-file-could-not-be-parsed-err#30199

5
snippets/dnf.sh
View File

@@ -4,14 +4,15 @@ sudo dnf makecache
sudo dnf list --available --showduplicates 'gitlab-runner' sudo dnf list --available --showduplicates 'gitlab-runner'
sudo dnf check-update --bugfix --security
sudo dnf install 'https://prerelease.keybase.io/keybase_amd64.rpm' sudo dnf install 'https://prerelease.keybase.io/keybase_amd64.rpm'
sudo dnf --assumeyes install 'git-lfs' sudo dnf --assumeyes install 'git-lfs'
sudo dnf --assumeyes install \ sudo dnf --assumeyes install \
"https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm" \ "https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm" \
"https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm" "https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm"
sudo dnf check-update --bugfix --security
sudo dnf check-update --releasever='2023.7.20250609' --allowerasing --changelogs
sudo dnf upgrade --security --sec-severity 'Critical' --downloadonly sudo dnf upgrade --security --sec-severity 'Critical' --downloadonly
sudo dnf -y upgrade --security --nobest --sec-severity 'Important' sudo dnf -y upgrade --security --nobest --sec-severity 'Important'