diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..43c89e1 --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,2 @@ +skip_list: + - 'var-naming[no-role-prefix]' diff --git a/.github/labeler.yml b/.github/labeler.yml new file mode 100644 index 0000000..14c9dd9 --- /dev/null +++ b/.github/labeler.yml @@ -0,0 +1,7 @@ +--- +unattended_upgrades: + - changed-files: + - any-glob-to-any-file: + - "roles/unattended_upgrades/**" + - "molecule/unattended_upgrades/**" + - ".github/workflows/unattended_upgrades.yml" diff --git a/.github/workflows/import-galaxy-test.yml b/.github/workflows/import-galaxy-test.yml new file mode 100644 index 0000000..7b4d63c --- /dev/null +++ b/.github/workflows/import-galaxy-test.yml @@ -0,0 +1,15 @@ +--- +name: "Test importing collection" + +on: + pull_request: + push: + branches: + - "main" + +jobs: + import-galaxy: + permissions: + contents: "read" + name: "Import collection with Galaxy importer" + uses: "ansible-community/github-action-test-galaxy-import/.github/workflows/test-galaxy-import.yml@main" diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml new file mode 100644 index 0000000..6319c60 --- /dev/null +++ b/.github/workflows/labeler.yml @@ -0,0 +1,19 @@ +--- +name: "Pull Request Labeler" + +on: + pull_request_target: + types: + - "labeled" + - "unlabeled" + - "opened" + - "edited" + - "synchronize" + +jobs: + labeler: + runs-on: "ubuntu-22.04" + steps: + - uses: "actions/labeler@v5" + with: + repo-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..a653aba --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,30 @@ +--- +name: "Ansible Lint" + +on: + pull_request: + paths: + - 'roles/**' + push: + branches: + - "main" + tags: + - "v*.*.*" + paths: + - 'roles/**' + +env: + PY_COLORS: 1 + ANSIBLE_FORCE_COLOR: 1 + +jobs: + + ansible-lint: + name: "Ansible Lint" + runs-on: "ubuntu-22.04" + steps: + - name: "Check out the codebase." + uses: "actions/checkout@v4" + + - name: "Lint code." + uses: "ansible/ansible-lint@v24.2.1" diff --git a/.github/workflows/prepare-action/action.yml b/.github/workflows/prepare-action/action.yml index 8e06663..dda2756 100644 --- a/.github/workflows/prepare-action/action.yml +++ b/.github/workflows/prepare-action/action.yml @@ -9,7 +9,7 @@ runs: shell: "bash" - name: "Set up Python 3." - uses: "actions/setup-python@v4" + uses: "actions/setup-python@v5" id: "setup-python" with: python-version: "3.10" @@ -18,3 +18,4 @@ runs: - name: "Install dependencies via pipenv." run: "pipenv install --dev" shell: "bash" + working-directory: "ansible_collections/hifis/software_services" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..70d8ada --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,21 @@ +--- +name: "Release new version on Ansible Galaxy" + +on: + release: + types: + - "released" + +jobs: + + release: + name: "Release new version on Ansible Galaxy" + runs-on: "ubuntu-22.04" + steps: + - name: "checkout" + uses: "actions/checkout@v4" + + - name: "Deploy the collection" + uses: "artis3n/ansible_galaxy_collection@v2.10.1" + with: + api_key: "${{ secrets.galaxy_api_key }}" diff --git a/.github/workflows/ci.yml b/.github/workflows/unattended_upgrades.yml similarity index 62% rename from .github/workflows/ci.yml rename to .github/workflows/unattended_upgrades.yml index 108efbf..d10ad7a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/unattended_upgrades.yml @@ -1,5 +1,6 @@ --- -name: "CI" +name: "hifis.unattended_upgrades" + on: pull_request: push: @@ -7,33 +8,23 @@ on: - "main" tags: - "v*.*.*" + paths: + - '.github/workflows/unattended_upgrades.yml' + - 'roles/unattended_upgrades/**' + - 'molecule/unattended_upgrades/**' + - 'Pipfile' + - 'Pipfile.lock' schedule: - cron: '0 0 * * *' -env: - PY_COLORS: 1 - ANSIBLE_FORCE_COLOR: 1 - jobs: - lint: - name: "Lint" - runs-on: "ubuntu-22.04" - steps: - - name: "Check out the codebase." - uses: "actions/checkout@v4" - - - name: "Prepare the job environment." - uses: "./.github/workflows/prepare-action" - - - name: "Lint code." - run: | - pipenv run yamllint --strict --format colored . - pipenv run ansible-lint -v --force-color --offline - test: name: "Run Molecule tests." runs-on: "ubuntu-22.04" + env: + PY_COLORS: 1 + ANSIBLE_FORCE_COLOR: 1 strategy: fail-fast: false matrix: @@ -47,9 +38,11 @@ jobs: steps: - name: "Check out the codebase." uses: "actions/checkout@v4" + with: + path: "ansible_collections/hifis/software_services" - name: "Prepare the job environment." - uses: "./.github/workflows/prepare-action" + uses: "./ansible_collections/hifis/software_services/.github/workflows/prepare-action" - name: "Install modern podman" run: | @@ -65,20 +58,7 @@ jobs: sudo apt-get -qq -y install podman - name: "Run Molecule tests." - run: "pipenv run molecule test" + run: "pipenv run molecule test -s unattended_upgrades" env: MOLECULE_IMAGE: "${{ matrix.image }}" - - release: - name: "Release new version on Ansible Galaxy" - runs-on: "ubuntu-22.04" - if: "startsWith(github.ref, 'refs/tags/v')" - needs: ["lint", "test"] - steps: - - name: "checkout" - uses: "actions/checkout@v4" - - name: "galaxy" - uses: "robertdebock/galaxy-action@1.2.1" - with: - galaxy_api_key: "${{ secrets.galaxy_api_key }}" - git_branch: "main" + working-directory: "ansible_collections/hifis/software_services" diff --git a/.github_changelog_generator b/.github_changelog_generator index 5ec5ffc..f03c936 100644 --- a/.github_changelog_generator +++ b/.github_changelog_generator @@ -1,3 +1,3 @@ user=hifis-net project=ansible-role-unattended-upgrades -since-tag=v1.12.2 +since-tag=v3.3.0 diff --git a/.yamllint b/.yamllint.yml similarity index 78% rename from .yamllint rename to .yamllint.yml index 9365134..1e2eb72 100644 --- a/.yamllint +++ b/.yamllint.yml @@ -19,23 +19,23 @@ rules: max-spaces-after: -1 level: "error" comments: "disable" - comments-indentation: "disable" + comments-indentation: "enable" document-start: "disable" empty-lines: max: 3 level: "error" hyphens: level: "error" - indentation: "disable" + indentation: "enable" key-duplicates: "enable" line-length: "disable" - new-line-at-end-of-file: "disable" + new-line-at-end-of-file: "enable" new-lines: type: "unix" quoted-strings: quote-type: "any" - required: True + required: true extra-required: [ ] extra-allowed: [ ] - trailing-spaces: "disable" - truthy: "disable" + trailing-spaces: "enable" + truthy: "enable" diff --git a/CHANGELOG.md b/CHANGELOG.md index b522667..b71c3f5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,238 +1,12 @@ # Changelog -## [v3.3.0](https://github.com/hifis-net/ansible-role-unattended-upgrades/tree/v3.3.0) (2024-03-01) +## [Unreleased](https://github.com/hifis-net/ansible-role-unattended-upgrades/tree/HEAD) -[Full Changelog](https://github.com/hifis-net/ansible-role-unattended-upgrades/compare/v3.2.1...v3.3.0) - -**Closed issues:** - -- Allow roles to run with INJECT\_FACTS\_AS\_VARS set to false [\#185](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/185) -- Fix badges with Ansible Galaxy NG [\#174](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/174) -- Version 3.2.1 doesn't seem to be available on ansible galaxy [\#169](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/169) - -**Merged pull requests:** - -- ci: install a recent podman version [\#190](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/190) ([Normo](https://github.com/Normo)) -- chore\(deps\): bump ansible from 9.2.0 to 9.3.0 [\#189](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/189) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Prepare release v3.3.0 [\#188](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/188) ([Normo](https://github.com/Normo)) -- refactor: refer to ansible facts through ansible\_facts.\* namespace [\#187](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/187) ([Normo](https://github.com/Normo)) -- Allow roles to run with INJECT\_FACTS\_AS\_VARS set to false [\#186](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/186) ([kennethso168](https://github.com/kennethso168)) -- chore\(deps-dev\): bump yamllint from 1.34.0 to 1.35.1 [\#184](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/184) ([dependabot[bot]](https://github.com/apps/dependabot)) -- chore\(deps-dev\): bump molecule from 6.0.3 to 24.2.0 [\#182](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/182) ([dependabot[bot]](https://github.com/apps/dependabot)) -- chore\(deps-dev\): bump molecule-plugins from 23.5.0 to 23.5.3 [\#181](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/181) ([dependabot[bot]](https://github.com/apps/dependabot)) -- chore\(deps-dev\): bump ansible-lint from 6.22.2 to 24.2.0 [\#180](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/180) ([dependabot[bot]](https://github.com/apps/dependabot)) -- chore\(deps-dev\): bump yamllint from 1.33.0 to 1.34.0 [\#179](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/179) ([dependabot[bot]](https://github.com/apps/dependabot)) -- chore\(deps\): bump ansible from 9.1.0 to 9.2.0 [\#178](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/178) ([dependabot[bot]](https://github.com/apps/dependabot)) -- chore\(deps-dev\): bump ansible-lint from 6.22.1 to 6.22.2 [\#177](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/177) ([dependabot[bot]](https://github.com/apps/dependabot)) -- chore\(deps-dev\): bump molecule from 6.0.2 to 6.0.3 [\#176](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/176) ([dependabot[bot]](https://github.com/apps/dependabot)) -- fix: make ansible galaxy badges work again [\#175](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/175) ([tobiashuste](https://github.com/tobiashuste)) -- chore\(deps\): bump ansible from 8.6.0 to 9.1.0 [\#172](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/172) ([dependabot[bot]](https://github.com/apps/dependabot)) -- chore\(deps-dev\): bump ansible-lint from 6.21.1 to 6.22.1 [\#171](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/171) ([dependabot[bot]](https://github.com/apps/dependabot)) -- chore\(deps-dev\): bump yamllint from 1.32.0 to 1.33.0 [\#167](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/167) ([dependabot[bot]](https://github.com/apps/dependabot)) -- chore\(deps\): bump ansible from 8.5.0 to 8.6.0 [\#164](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/164) ([dependabot[bot]](https://github.com/apps/dependabot)) - -## [v3.2.1](https://github.com/hifis-net/ansible-role-unattended-upgrades/tree/v3.2.1) (2023-11-03) - -[Full Changelog](https://github.com/hifis-net/ansible-role-unattended-upgrades/compare/v3.2.0...v3.2.1) - -**Fixed bugs:** - -- "Bullseye-Workaround" needs to be applied to bookworm and later as well [\#146](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/146) - -**Closed issues:** - -- Unattended-Upgrade::Origins-Pattern from 50unattended-upgrades apparently can't be "overruled" [\#145](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/145) - -**Merged pull requests:** - -- chore: prepare changelog for version 3.2.1 [\#161](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/161) ([tobiashuste](https://github.com/tobiashuste)) -- fix: reformat allowed origins pattern [\#160](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/160) ([Normo](https://github.com/Normo)) -- fix: allow ${distro\_codename}-security on Debian bookworm [\#159](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/159) ([Normo](https://github.com/Normo)) -- chore\(deps-dev\): bump ansible-lint from 6.18.0 to 6.21.1 [\#157](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/157) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Bump ansible from 8.3.0 to 8.5.0 [\#155](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/155) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Bump actions/checkout from 3 to 4 [\#147](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/147) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Bump molecule from 6.0.1 to 6.0.2 [\#144](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/144) ([dependabot[bot]](https://github.com/apps/dependabot)) - -## [v3.2.0](https://github.com/hifis-net/ansible-role-unattended-upgrades/tree/v3.2.0) (2023-08-25) - -[Full Changelog](https://github.com/hifis-net/ansible-role-unattended-upgrades/compare/v3.1.0...v3.2.0) - -**Implemented enhancements:** - -- Add support for Debian Bookworm [\#134](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/134) - -**Closed issues:** - -- Remove official support for EOL Ubuntu 18.04 [\#139](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/139) - -**Merged pull requests:** - -- chore: prepare release of version 3.2.0 [\#142](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/142) ([tobiashuste](https://github.com/tobiashuste)) -- fix: remove official support for EOL Ubuntu 18.04 [\#141](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/141) ([tobiashuste](https://github.com/tobiashuste)) -- feat: add support for Debian 12 bookworm [\#140](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/140) ([tobiashuste](https://github.com/tobiashuste)) -- Bump ansible-lint from 6.17.2 to 6.18.0 [\#138](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/138) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Bump molecule from 5.1.0 to 6.0.1 [\#137](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/137) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Bump ansible from 8.1.0 to 8.3.0 [\#136](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/136) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Bump molecule-plugins from 23.4.1 to 23.5.0 [\#133](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/133) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Bump ansible-lint from 6.16.2 to 6.17.2 [\#131](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/131) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Bump molecule from 5.0.1 to 5.1.0 [\#130](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/130) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Bump ansible from 8.0.0 to 8.1.0 [\#129](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/129) ([dependabot[bot]](https://github.com/apps/dependabot)) - -## [v3.1.0](https://github.com/hifis-net/ansible-role-unattended-upgrades/tree/v3.1.0) (2023-06-09) - -[Full Changelog](https://github.com/hifis-net/ansible-role-unattended-upgrades/compare/v3.0.0...v3.1.0) - -**Implemented enhancements:** - -- Added custom of apt-daily timers apt-daily-upgrade [\#85](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/85) -- Test custom apt-daily timers [\#121](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/121) ([Normo](https://github.com/Normo)) - -**Closed issues:** - -- Remove support for ansible-core 2.12 [\#124](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/124) - -**Merged pull requests:** - -- Prepare release version 3.1.0 [\#127](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/127) ([Normo](https://github.com/Normo)) -- Update minimum ansible version to 2.13 [\#125](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/125) ([Normo](https://github.com/Normo)) -- Add support for custom apt-daily and apt-daily-upgrade timers [\#120](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/120) ([pgassmann](https://github.com/pgassmann)) -- Bump ansible from 7.6.0 to 8.0.0 [\#119](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/119) ([dependabot[bot]](https://github.com/apps/dependabot)) - -## [v3.0.0](https://github.com/hifis-net/ansible-role-unattended-upgrades/tree/v3.0.0) (2023-05-26) - -[Full Changelog](https://github.com/hifis-net/ansible-role-unattended-upgrades/compare/v2.0.1...v3.0.0) - -**UPGRADE NOTES AND BREAKING CHANGES:** - -As of this release, all Apt options for `unattended-upgrades` made in the default OS configuration files `/etc/apt/apt.conf.d/20auto-upgrades` and `/etc/apt/apt.conf.d/50unattended-upgrades` are now completely overwritten instead of being merged. This means that from now on only the options set by this role are active. - -**Fixed bugs:** - -- apt options are not overridden but merged [\#94](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/94) - -**Closed issues:** - -- ValueError: not enough values to unpack \(expected 2, got 1\) on Ubuntu Jammy [\#55](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/55) - -**Merged pull requests:** - -- Bump ansible from 7.5.0 to 7.6.0 [\#115](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/115) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Bump yamllint from 1.31.0 to 1.32.0 [\#114](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/114) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Bump ansible-lint from 6.16.1 to 6.16.2 [\#113](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/113) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Bump ansible-lint from 6.16.0 to 6.16.1 [\#112](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/112) ([dependabot[bot]](https://github.com/apps/dependabot)) -- fix: reformat config template [\#111](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/111) ([Normo](https://github.com/Normo)) -- Bump ansible-lint from 6.14.3 to 6.16.0 [\#109](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/109) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Erase all unattended-upgrades options first [\#107](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/107) ([Normo](https://github.com/Normo)) -- Bump yamllint from 1.28.0 to 1.31.0 [\#106](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/106) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Bump ansible from 7.1.0 to 7.5.0 [\#105](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/105) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Bump molecule from 4.0.4 to 5.0.1 [\#104](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/104) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Add test for Unattended-Upgrade::Sender [\#103](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/103) ([Normo](https://github.com/Normo)) -- Unattended-Upgrade::Sender support [\#101](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/101) ([turikhay](https://github.com/turikhay)) -- Bump ansible-lint from 6.10.2 to 6.14.3 [\#99](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/99) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Bump ansible-lint from 6.10.0 to 6.10.2 [\#82](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/82) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Do not cancel ci jobs if one ci job in the matrix fails [\#81](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/81) ([Normo](https://github.com/Normo)) -- Prepare release version 3.0.0 [\#117](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/117) ([Normo](https://github.com/Normo)) - -## [v2.0.1](https://github.com/hifis-net/ansible-role-unattended-upgrades/tree/v2.0.1) (2022-12-15) - -[Full Changelog](https://github.com/hifis-net/ansible-role-unattended-upgrades/compare/v2.0.0...v2.0.1) - -**Fixed bugs:** - -- Fix minimum specification of Ansible version [\#77](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/77) ([tobiashuste](https://github.com/tobiashuste)) - -**Closed issues:** - -- `unattended_dl_limit` doesn't work [\#76](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/76) -- ansible.builtin.import\_tasks problem [\#75](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/75) -- Detach fork [\#66](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/66) - -**Merged pull requests:** - -- Bump ansible-lint from 6.9.1 to 6.10.0 [\#79](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/79) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Bump ansible from 7.0.0 to 7.1.0 [\#74](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/74) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Bump molecule from 4.0.3 to 4.0.4 [\#73](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/73) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Bump ansible-lint from 6.9.0 to 6.9.1 [\#72](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/72) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Make sure GitHub Actions runs on the main branch [\#70](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/70) ([tobiashuste](https://github.com/tobiashuste)) -- Fix deprecation warning in GitHub Actions [\#69](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/69) ([tobiashuste](https://github.com/tobiashuste)) -- Prepare release v2.0.1 [\#78](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/78) ([Normo](https://github.com/Normo)) -- Leave a hint about the original fork [\#71](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/71) ([Normo](https://github.com/Normo)) - -## [v2.0.0](https://github.com/hifis-net/ansible-role-unattended-upgrades/tree/v2.0.0) (2022-12-02) - -[Full Changelog](https://github.com/hifis-net/ansible-role-unattended-upgrades/compare/v1.12.2...v2.0.0) - -**UPGRADE NOTES AND BREAKING CHANGES:** - -If you have used this role before version 2.0.0, the files `20auto-upgrades` and `50unattended-upgrades` will differ from the system defaults (instead of the configuration being placed in a separate file, as we do now). -These can be left as-is as they will be overridden. -During OS upgrades, when asked if these files should be overwritten by the maintainer's package, say yes. -They will then be reset to their default states, and you won't be asked these questions again. - -**Implemented enhancements:** - -- \[Feature Request\] Use force\_apt\_get [\#32](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/32) -- Override configuration in a separate apt.conf.d file [\#10](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/10) -- Test role via Molecule [\#8](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/8) - -**Fixed bugs:** - -- Molecule folder not linted by molecule [\#48](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/48) -- Change caused by indentation [\#53](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/53) -- Fix installation of powermgmt-base package [\#35](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/35) - -**Closed issues:** - -- Documentation role name mismatch [\#41](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/41) -- Some configurations options are missing [\#56](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/56) -- Remove support for OS that reached EOL [\#38](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/38) -- Add changelog [\#33](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/33) -- Add contribution guide [\#16](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/16) -- Rename default branch to `main` [\#13](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/13) +[Full Changelog](https://github.com/hifis-net/ansible-role-unattended-upgrades/compare/v3.3.0...HEAD) **Merged pull requests:** -- Bump ansible-lint from 6.8.6 to 6.9.0 [\#62](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/62) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Bump ansible from 6.5.0 to 7.0.0 [\#60](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/60) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Add missing option Unattended-Upgrade::MailReport [\#57](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/57) ([nono-lqdn](https://github.com/nono-lqdn)) -- Bump ansible-lint from 6.8.2 to 6.8.6 [\#54](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/54) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Bump molecule from 4.0.2 to 4.0.3 [\#49](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/49) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Bump molecule from 4.0.1 to 4.0.2 [\#47](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/47) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Bump ansible-lint from 6.8.1 to 6.8.2 [\#46](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/46) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Bump ansible from 6.4.0 to 6.5.0 [\#45](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/45) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Bump ansible-lint from 6.8.0 to 6.8.1 [\#44](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/44) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Bump ansible-lint from 6.5.0 to 6.8.0 [\#43](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/43) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Fix role name in README [\#42](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/42) ([lukashass](https://github.com/lukashass)) -- Bump molecule-podman from 2.0.2 to 2.0.3 [\#40](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/40) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Bump ansible from 6.2.0 to 6.4.0 [\#25](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/25) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Bump yamllint from 1.27.1 to 1.28.0 [\#24](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/24) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Update README.md [\#19](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/19) ([Normo](https://github.com/Normo)) -- Bump ansible-lint from 6.4.0 to 6.5.0 [\#15](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/15) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Prepare release version 2.0.0 [\#67](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/67) ([Normo](https://github.com/Normo)) -- Add codeowners to autoassign reviewers [\#65](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/65) ([Normo](https://github.com/Normo)) -- Ensure new default branch main is used by Galaxy [\#64](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/64) ([Normo](https://github.com/Normo)) -- Lint molecule folder [\#63](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/63) ([Normo](https://github.com/Normo)) -- Fix indentation for unattended\_origins\_patterns in template file [\#61](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/61) ([Normo](https://github.com/Normo)) -- Remove support for OS that reached EOL [\#39](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/39) ([Normo](https://github.com/Normo)) -- Add changelog [\#37](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/37) ([Normo](https://github.com/Normo)) -- Fix installation of powermgmt-base [\#36](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/36) ([Normo](https://github.com/Normo)) -- Force usage of apt-get instead of aptitude [\#34](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/34) ([Normo](https://github.com/Normo)) -- Test Remove-Unused-Kernel-Packages option [\#31](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/31) ([Normo](https://github.com/Normo)) -- Add options for controlling the removal of unused kernel packages [\#29](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/29) ([gcotelli](https://github.com/gcotelli)) -- Stop overwriting default config [\#28](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/28) ([alpha0010](https://github.com/alpha0010)) -- Add contribution guide [\#22](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/22) ([Normo](https://github.com/Normo)) -- Remove custom ansible-lint config [\#18](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/18) ([Normo](https://github.com/Normo)) -- Fix 'All names should start with an uppercase letter' warnings [\#17](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/17) ([Normo](https://github.com/Normo)) -- Fix CI badge in README [\#14](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/14) ([tobiashuste](https://github.com/tobiashuste)) -- Replace deprecated include with import\_tasks [\#12](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/12) ([Normo](https://github.com/Normo)) -- Update README.md [\#11](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/11) ([Normo](https://github.com/Normo)) -- Test the role via molecule and update supported OS [\#9](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/9) ([tobiashuste](https://github.com/tobiashuste)) -- Bump actions/checkout from 2 to 3 [\#6](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/6) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Bump ansible/ansible-lint-action from 6.0.2 to 6.3.0 [\#5](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/5) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Add dependabot config to daily check for GitHub actions updates [\#4](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/4) ([Normo](https://github.com/Normo)) -- Force quoted strings [\#3](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/3) ([Normo](https://github.com/Normo)) -- Add yamllint configuration [\#2](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/2) ([Normo](https://github.com/Normo)) -- Fork https://github.com/jnv/ansible-role-unattended-upgrades [\#1](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/1) ([Normo](https://github.com/Normo)) +- chore\(deps-dev\): bump ansible-lint from 24.2.0 to 24.2.1 [\#194](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/194) ([dependabot[bot]](https://github.com/apps/dependabot)) diff --git a/README.md b/README.md index 8b21d65..091935e 100644 --- a/README.md +++ b/README.md @@ -1,260 +1,35 @@ -# Unattended-Upgrades Role for Ansible +# Ansible Collection - hifis.software_services -[![CI status](https://github.com/hifis-net/ansible-role-unattended-upgrades/actions/workflows/ci.yml/badge.svg)](https://github.com/hifis-net/ansible-role-unattended-upgrades/actions/workflows/ci.yml) -[![Ansible Role: hifis.unattended_upgrades](https://img.shields.io/badge/role-hifis.unattended__upgrades-blue)](https://galaxy.ansible.com/hifis/unattended_upgrades) -[![Ansible Role Downloads](https://img.shields.io/ansible/role/d/hifis/unattended_upgrades)](https://galaxy.ansible.com/hifis/unattended_upgrades) [![Latest release](https://img.shields.io/github/v/release/hifis-net/ansible-role-unattended-upgrades)](https://github.com/hifis-net/ansible-role-unattended-upgrades/releases) +[![hifis.unattended_upgrades](https://github.com/hifis-net/ansible-role-unattended-upgrades/actions/workflows/unattended_upgrades.yml/badge.svg)](https://github.com/hifis-net/ansible-role-unattended-upgrades/actions/workflows/unattended_upgrades.yml) -Install and setup [unattended-upgrades](https://launchpad.net/unattended-upgrades) for Ubuntu and Debian, to periodically install security upgrades. +## Description -## Requirements +This collection provides production-ready Ansible roles used for providing services used in research and by research +software engineers, but not exclusively. The following use cases are supported: +* DevOps platform + * GitLab (coming soon!) + * GitLab-Runner (coming soon!) + * Redis (coming soon!) +* Help desk: + * Zammad (coming soon!) +* High Availability (HA) / Load Balancing: + * HAProxy (coming soon!) + * Keepalived (coming soon!) +* OS-related: + * [**unattended-upgrades**](roles/unattended_upgrades) + * netplan (coming soon!) + * managing and distributing authorized SSH keys (coming soon!) -The role uses [apt module](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/apt_module.html) which has additional dependencies. +## Minimum required Ansible-version -If you set `unattended_mail` to an e-mail address, make sure `mailx` command is available and your system is able to send e-mails. +* Ansible >= 2.14 -The role requires unattended-upgrades version 0.70 and newer, which is available since Debian Wheezy and Ubuntu 12.04 respectively. This is due to [Origins Patterns](#origins-patterns) usage; if this is not available on your system, you may use [the first version of the role](https://github.com/hifis-net/ansible-role-unattended-upgrades/tree/v0.1). +## Installation +Install the collection via ansible-galaxy: -### Automatic Reboot - -If you enable automatic reboot feature (`unattended_automatic_reboot`), the role will attempt to install `update-notifier-common` package, which is required on some systems for detecting and executing reboot after the upgrade. You may optionally define a specific time for rebooting (`unattended_automatic_reboot_time`). - -## Role Variables - -* `unattended_cache_valid_time`: - * Default: `3600` - * Description: Update the apt cache if it's older than the given time in seconds; passed to the [apt module](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/apt_module.html) during package installation. -* `unattended_origins_patterns`: - * Default: - * Debian: `['origin=Debian,codename=${distro_codename},label=Debian-Security']` - * Ubuntu: `['origin=Ubuntu,archive=${distro_codename}-security,label=Ubuntu']` - * Description: Array of origins patterns to determine whether the package can be automatically installed, for more details see [Origins Patterns](#origins-patterns) below. -* `unattended_package_blacklist`: - * Default: `[]` - * Description: Packages which won't be automatically upgraded. -* `unattended_autofix_interrupted_dpkg`: - * Default: `true` - * Description: Whether on unclean dpkg exit to run `dpkg --force-confold --configure -a`. -* `unattended_minimal_steps`: - * Default: `true` - * Description: Split the upgrade into the smallest possible chunks so that they can be interrupted with SIGUSR1. -* `unattended_install_on_shutdown`: - * Default: `false` - * Description: Install all unattended-upgrades when the machine is shutting down. -* `unattended_mail`: - * Default: `false` (don't send any e-mail) - * Description: E-mail address to send information about upgrades or problems with unattended upgrades. -* `unattended_mail_sender`: - * Default: `false` (same as `root`) - * Description: Use the specified value in the "From" field of outgoing mails -* `unattended_mail_only_on_error`: - * Default: `false` - * Description: Send e-mail only on errors, otherwise e-mail will be sent every time there's a package upgrade. -* `unattended_mail_report`: - * Default: `false` - * Description: Choose on what event to send an email. Possible values are "always", "only-on-error" or "on-change". -* `unattended_remove_unused_dependencies`: - * Default: `false` - * Description: Do automatic removal of all unused dependencies after the upgrade. -* `unattended_remove_new_unused_dependencies`: - * Default: `true` - * Description: Do automatic removal of new unused dependencies after the upgrade. -* `unattended_remove_unused_kernel_packages`: - * Default: `false` - * Description: Remove unused automatically installed kernel-related packages (kernel images, kernel headers and kernel version locked tools) -* `unattended_automatic_reboot`: - * Default: `false` - * Description: Automatically reboot system if any upgraded package requires it, immediately after the upgrade. -* `unattended_automatic_reboot_time`: - * Default: `false` - * Description: Automatically reboot system if any upgraded package requires it, at the specific time (_HH:MM_) instead of immediately after the upgrade. -* `unattended_update_days`: - * Default: `None` - * Description: Set the days of the week that updates should be applied. The days can be specified as localized abbreviated or full names. Or as integers where "0" is Sunday, "1" is Monday etc. Example: `{"Mon";"Fri"};` -* `unattended_ignore_apps_require_restart`: - * Default: `false` - * Description: Unattended-upgrades won't automatically upgrade some critical packages requiring restart after an upgrade (i.e. there is `XB-Upgrade-Requires: app-restart` directive in their debian/control file). With this option set to `true`, unattended-upgrades will upgrade these packages regardless of the directive. -* `unattended_syslog_enable`: - * Default: `false` - * Description: Write events to syslog, which is useful in environments where syslog messages are sent to a central store. -* `unattended_syslog_facility`: - * Default: `None` - * Description: Write events to the specified syslog facility, or the daemon facility if not specified. Will only have affect if `unattended_syslog_enable` is set to `true`. -* `unattended_verbose`: - * Default: `0` (no report) - * Description: Define verbosity level of APT for periodic runs. The output will be sent to root. - * Possible options: - * `0`: no report - * `1`: progress report - * `2`: + command outputs - * `3`: + trace on -* `unattended_update_package_list`: - * Default: `1` - * Description: Do "apt-get update" automatically every n-days (0=disable). -* `unattended_download_upgradeable`: - * Default: `0` - * Description: Do "apt-get upgrade --download-only" every n-days (0=disable). -* `unattended_autoclean_interval`: - * Default: `7` - * Description: Do "apt-get autoclean" every n-days (0=disable). -* `unattended_clean_interval`: - * Default: `0` - * Description: Do "apt-get clean" every n-days (0=disable). -* `unattended_random_sleep`: - * Default: `1800` (30 minutes) - * Description: Define maximum for a random interval in seconds after which the apt job starts (only for systems without systemd). -* `unattended_dpkg_options`: - * Default: `[]` - * Description: Array of dpkg command-line options used during unattended-upgrades runs, e.g. `["--force-confdef"]`, `["--force-confold"]`. -* `unattended_dl_limit`: - * Default: `None` - * Description: Limit the download speed in kb/sec using apt bandwidth limit feature. -* `unattended_only_on_ac_power`: - * Default: `false` - * Description: Download and install upgrades only on AC power. It will also install the debian package `powermgmt-base`. -* `unattended_systemd_timer_override` - * Default: `false` - * Description: Deploy/Remove timer overrides. -* `unattended_apt_daily_oncalendar` - * Default: `"*-*-* 6,18:00"` - * Description: Apt daily schedule (download updates). -* `unattended_apt_daily_randomizeddelaysec` - * Default: `"12h"` - * Description: Apt daily randomized delay. -* `unattended_apt_daily_upgrade_oncalendar` - * Default: `"*-*-* 6:00"` - * Description: Apt daily upgrade schedule (install updates). -* `unattended_apt_daily_upgrade_randomizeddelaysec` - * Default: `"60m"` - * Description: Apt daily upgrade randomized delay. - -## Origins Patterns - -Origins Pattern is a more powerful alternative to the Allowed Origins option used in previous versions of unattended-upgrade. - -Pattern is composed of specific keywords: - -* `a`,`archive`,`suite` – e.g. `stable`, `trusty-security` (`archive=stable`) -* `c`,`component` – e.g. `main`, `crontrib`, `non-free` (`component=main`) -* `l`,`label` – e.g. `Debian`, `Debian-Security`, `Ubuntu` -* `o`,`origin` – e.g. `Debian`, `Unofficial Multimedia Packages`, `Ubuntu` -* `n`,`codename` – e.g. `jessie`, `jessie-updates`, `trusty` (this is only supported with `unattended-upgrades` >= 0.80) -* `site` – e.g. `http.debian.net` - -You can review the available repositories using `apt-cache policy` and debug your choice using `unattended-upgrades -d` command on a target system. - -Additionally, unattended-upgrades support two macros (variables), derived from `/etc/debian_version`: - -* `${distro_id}` – Installed distribution name, e.g. `Debian` or `Ubuntu`. -* `${distro_codename}` – Installed codename, e.g. `bullseye` or `jammy`. - -Using `${distro_codename}` should be preferred over using `stable` or `oldstable` as a selected, as once `stable` moves to `oldstable`, no security updates will be installed at all, or worse, package from a newer distro release will be installed by accident. The same goes for upgrading your installation from `oldstable` to `stable`, if you forget to change this in your origin patterns, you may not receive the security updates for your newer distro release. With `${distro_codename}`, both cases can never happen. - -## Systemd timers - -Documentation for systemd/Timers: - -### Debian Default Configuration - -* Download daily at random times during the entire day. -* Install daily between 6am - 7am - -```yaml -unattended_systemd_timer_override: false # (default) -# apt-daily timer -unattended_apt_daily_oncalendar: "*-*-* 6,18:00" # (default) -unattended_apt_daily_randomizeddelaysec: "12h" # (default) -# apt-daily-upgrade timer -unattended_apt_daily_upgrade_oncalendar: "*-*-* 6:00" # (default) -unattended_apt_daily_upgrade_randomizeddelaysec: "60m" # (default) -``` - -### Customized download and update timers - -* Download starts between 00:30am - 01:30am -* Installation starts between 04:00am - 05:30am - -```yaml -unattended_systemd_timer_override: true -# apt-daily timer -unattended_apt_daily_oncalendar: "*-*-* 00:30" -unattended_apt_daily_randomizeddelaysec: "60m" - -# apt-daily-upgrade timer -unattended_apt_daily_upgrade_oncalendar: "*-*-* 4:00" -unattended_apt_daily_upgrade_randomizeddelaysec: "90m" -``` - -## Role Usage Examples - -Example for Ubuntu, with custom [origins patterns](#patterns-examples), blacklisted packages and e-mail notification: - -```yaml -- hosts: all - roles: - - role: hifis.unattended_upgrades - unattended_origins_patterns: - - 'origin=Ubuntu,archive=${distro_codename}-security' - - 'o=Ubuntu,a=${distro_codename}-updates' - unattended_package_blacklist: [cowsay, vim] - unattended_mail: 'root@example.com' -``` - -_Note:_ You don't need to specify `unattended_origins_patterns`, the role will use distribution's default if the variable is not set. - -### Running Only on Debian-based Systems - -If you manage multiple distribution with the same playbook, you may want to skip running this role on non-Debian systems. You can [use `when` conditional with role](https://docs.ansible.com/ansible/latest/user_guide/playbooks_conditionals.html#conditionals-with-roles) to limit the role to particular systems: - -```yaml -- hosts: all - roles: - - role: hifis.unattended_upgrades - when: ansible_facts['os_family'] == 'Debian' -``` - -See [#38](https://github.com/jnv/ansible-role-unattended-upgrades/pull/38) for discussion. - -### Patterns Examples - -By default, only security updates are allowed for both Ubuntu and Debian. You can add more patterns to allow unattended-updates install more packages automatically, however be aware that automated major updates may potentially break your system. - -#### For Debian - -```yaml -unattended_origins_patterns: - - 'origin=Debian,codename=${distro_codename},label=Debian-Security' # security updates - - 'o=Debian,codename=${distro_codename},label=Debian' # updates including non-security updates - - 'o=Debian,codename=${distro_codename},a=proposed-updates' -``` - -#### For Ubuntu - -In Ubuntu, archive always contains the distribution codename - -```yaml -unattended_origins_patterns: - - 'origin=Ubuntu,archive=${distro_codename}-security' - - 'o=Ubuntu,a=${distro_codename}' - - 'o=Ubuntu,a=${distro_codename}-updates' - - 'o=Ubuntu,a=${distro_codename}-proposed-updates' -``` - -#### For Raspbian - -In Raspbian, it is only possible to update all packages from the default repository, including non-security updates, or updating none. - -Updating all, including non-security: - -```yaml -unattended_origins_patterns: - - 'origin=Raspbian,codename=${distro_codename},label=Raspbian' -``` - -To not install any updates on a raspbian host, just set `unattended_origins_patterns` to an empty list: - -```yaml -unattended_origins_patterns: [] +```shell +ansible-galaxy collection install hifis.software_services ``` ## License @@ -263,20 +38,4 @@ GPL-2.0-or-later ## Author -This role is maintained by [HIFIS Software Services](https://www.hifis.net/) -and was originally forked from [jnv/ansible-role-unattended-upgrades](https://github.com/jnv/ansible-role-unattended-upgrades), -created by [Jan Vlnas](https://github.com/jnv). - -## Contributors - -We would like to thank and give credits to the following contributors of this -project: - -* [alpha0010](https://github.com/alpha0010) -* [gcotelli](https://github.com/gcotelli) -* [lukashass](https://github.com/lukashass) -* [nono-lqdn](https://github.com/nono-lqdn) -* [turikhay](https://github.com/turikhay) -* [mabed](https://github.com/mabed-fr) -* [pgassmann](https://github.com/pgassmann) -* [kennethso168](https://github.com/kennethso168) +This role is maintained by [HIFIS Software Services](https://www.hifis.net/). diff --git a/UNATTENDED_UPGRADES_CHANGELOG.md b/UNATTENDED_UPGRADES_CHANGELOG.md new file mode 100644 index 0000000..5cd20cf --- /dev/null +++ b/UNATTENDED_UPGRADES_CHANGELOG.md @@ -0,0 +1,239 @@ +# Changelog + +## [v3.3.0](https://github.com/hifis-net/ansible-role-unattended-upgrades/tree/v3.3.0) (2024-03-01) + +[Full Changelog](https://github.com/hifis-net/ansible-role-unattended-upgrades/compare/v3.2.1...v3.3.0) + +**Closed issues:** + +- Allow roles to run with INJECT\_FACTS\_AS\_VARS set to false [\#185](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/185) +- Fix badges with Ansible Galaxy NG [\#174](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/174) +- Version 3.2.1 doesn't seem to be available on ansible galaxy [\#169](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/169) + +**Merged pull requests:** + +- ci: install a recent podman version [\#190](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/190) ([Normo](https://github.com/Normo)) +- chore\(deps\): bump ansible from 9.2.0 to 9.3.0 [\#189](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/189) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Prepare release v3.3.0 [\#188](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/188) ([Normo](https://github.com/Normo)) +- refactor: refer to ansible facts through ansible\_facts.\* namespace [\#187](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/187) ([Normo](https://github.com/Normo)) +- Allow roles to run with INJECT\_FACTS\_AS\_VARS set to false [\#186](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/186) ([kennethso168](https://github.com/kennethso168)) +- chore\(deps-dev\): bump yamllint from 1.34.0 to 1.35.1 [\#184](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/184) ([dependabot[bot]](https://github.com/apps/dependabot)) +- chore\(deps-dev\): bump molecule from 6.0.3 to 24.2.0 [\#182](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/182) ([dependabot[bot]](https://github.com/apps/dependabot)) +- chore\(deps-dev\): bump molecule-plugins from 23.5.0 to 23.5.3 [\#181](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/181) ([dependabot[bot]](https://github.com/apps/dependabot)) +- chore\(deps-dev\): bump ansible-lint from 6.22.2 to 24.2.0 [\#180](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/180) ([dependabot[bot]](https://github.com/apps/dependabot)) +- chore\(deps-dev\): bump yamllint from 1.33.0 to 1.34.0 [\#179](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/179) ([dependabot[bot]](https://github.com/apps/dependabot)) +- chore\(deps\): bump ansible from 9.1.0 to 9.2.0 [\#178](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/178) ([dependabot[bot]](https://github.com/apps/dependabot)) +- chore\(deps-dev\): bump ansible-lint from 6.22.1 to 6.22.2 [\#177](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/177) ([dependabot[bot]](https://github.com/apps/dependabot)) +- chore\(deps-dev\): bump molecule from 6.0.2 to 6.0.3 [\#176](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/176) ([dependabot[bot]](https://github.com/apps/dependabot)) +- fix: make ansible galaxy badges work again [\#175](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/175) ([tobiashuste](https://github.com/tobiashuste)) +- chore\(deps\): bump ansible from 8.6.0 to 9.1.0 [\#172](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/172) ([dependabot[bot]](https://github.com/apps/dependabot)) +- chore\(deps-dev\): bump ansible-lint from 6.21.1 to 6.22.1 [\#171](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/171) ([dependabot[bot]](https://github.com/apps/dependabot)) +- chore\(deps-dev\): bump yamllint from 1.32.0 to 1.33.0 [\#167](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/167) ([dependabot[bot]](https://github.com/apps/dependabot)) +- chore\(deps\): bump ansible from 8.5.0 to 8.6.0 [\#164](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/164) ([dependabot[bot]](https://github.com/apps/dependabot)) + +## [v3.2.1](https://github.com/hifis-net/ansible-role-unattended-upgrades/tree/v3.2.1) (2023-11-03) + +[Full Changelog](https://github.com/hifis-net/ansible-role-unattended-upgrades/compare/v3.2.0...v3.2.1) + +**Fixed bugs:** + +- "Bullseye-Workaround" needs to be applied to bookworm and later as well [\#146](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/146) + +**Closed issues:** + +- Unattended-Upgrade::Origins-Pattern from 50unattended-upgrades apparently can't be "overruled" [\#145](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/145) + +**Merged pull requests:** + +- chore: prepare changelog for version 3.2.1 [\#161](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/161) ([tobiashuste](https://github.com/tobiashuste)) +- fix: reformat allowed origins pattern [\#160](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/160) ([Normo](https://github.com/Normo)) +- fix: allow ${distro\_codename}-security on Debian bookworm [\#159](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/159) ([Normo](https://github.com/Normo)) +- chore\(deps-dev\): bump ansible-lint from 6.18.0 to 6.21.1 [\#157](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/157) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible from 8.3.0 to 8.5.0 [\#155](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/155) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump actions/checkout from 3 to 4 [\#147](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/147) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump molecule from 6.0.1 to 6.0.2 [\#144](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/144) ([dependabot[bot]](https://github.com/apps/dependabot)) + +## [v3.2.0](https://github.com/hifis-net/ansible-role-unattended-upgrades/tree/v3.2.0) (2023-08-25) + +[Full Changelog](https://github.com/hifis-net/ansible-role-unattended-upgrades/compare/v3.1.0...v3.2.0) + +**Implemented enhancements:** + +- Add support for Debian Bookworm [\#134](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/134) + +**Closed issues:** + +- Remove official support for EOL Ubuntu 18.04 [\#139](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/139) + +**Merged pull requests:** + +- chore: prepare release of version 3.2.0 [\#142](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/142) ([tobiashuste](https://github.com/tobiashuste)) +- fix: remove official support for EOL Ubuntu 18.04 [\#141](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/141) ([tobiashuste](https://github.com/tobiashuste)) +- feat: add support for Debian 12 bookworm [\#140](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/140) ([tobiashuste](https://github.com/tobiashuste)) +- Bump ansible-lint from 6.17.2 to 6.18.0 [\#138](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/138) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump molecule from 5.1.0 to 6.0.1 [\#137](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/137) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible from 8.1.0 to 8.3.0 [\#136](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/136) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump molecule-plugins from 23.4.1 to 23.5.0 [\#133](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/133) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible-lint from 6.16.2 to 6.17.2 [\#131](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/131) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump molecule from 5.0.1 to 5.1.0 [\#130](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/130) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible from 8.0.0 to 8.1.0 [\#129](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/129) ([dependabot[bot]](https://github.com/apps/dependabot)) + +## [v3.1.0](https://github.com/hifis-net/ansible-role-unattended-upgrades/tree/v3.1.0) (2023-06-09) + +[Full Changelog](https://github.com/hifis-net/ansible-role-unattended-upgrades/compare/v3.0.0...v3.1.0) + +**Implemented enhancements:** + +- Added custom of apt-daily timers apt-daily-upgrade [\#85](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/85) +- Test custom apt-daily timers [\#121](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/121) ([Normo](https://github.com/Normo)) + +**Closed issues:** + +- Remove support for ansible-core 2.12 [\#124](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/124) + +**Merged pull requests:** + +- Prepare release version 3.1.0 [\#127](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/127) ([Normo](https://github.com/Normo)) +- Update minimum ansible version to 2.13 [\#125](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/125) ([Normo](https://github.com/Normo)) +- Add support for custom apt-daily and apt-daily-upgrade timers [\#120](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/120) ([pgassmann](https://github.com/pgassmann)) +- Bump ansible from 7.6.0 to 8.0.0 [\#119](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/119) ([dependabot[bot]](https://github.com/apps/dependabot)) + +## [v3.0.0](https://github.com/hifis-net/ansible-role-unattended-upgrades/tree/v3.0.0) (2023-05-26) + +[Full Changelog](https://github.com/hifis-net/ansible-role-unattended-upgrades/compare/v2.0.1...v3.0.0) + +**UPGRADE NOTES AND BREAKING CHANGES:** + +As of this release, all Apt options for `unattended-upgrades` made in the default OS configuration files `/etc/apt/apt.conf.d/20auto-upgrades` and `/etc/apt/apt.conf.d/50unattended-upgrades` are now completely overwritten instead of being merged. This means that from now on only the options set by this role are active. + +**Fixed bugs:** + +- apt options are not overridden but merged [\#94](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/94) + +**Closed issues:** + +- ValueError: not enough values to unpack \(expected 2, got 1\) on Ubuntu Jammy [\#55](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/55) + +**Merged pull requests:** + +- Bump ansible from 7.5.0 to 7.6.0 [\#115](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/115) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump yamllint from 1.31.0 to 1.32.0 [\#114](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/114) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible-lint from 6.16.1 to 6.16.2 [\#113](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/113) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible-lint from 6.16.0 to 6.16.1 [\#112](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/112) ([dependabot[bot]](https://github.com/apps/dependabot)) +- fix: reformat config template [\#111](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/111) ([Normo](https://github.com/Normo)) +- Bump ansible-lint from 6.14.3 to 6.16.0 [\#109](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/109) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Erase all unattended-upgrades options first [\#107](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/107) ([Normo](https://github.com/Normo)) +- Bump yamllint from 1.28.0 to 1.31.0 [\#106](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/106) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible from 7.1.0 to 7.5.0 [\#105](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/105) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump molecule from 4.0.4 to 5.0.1 [\#104](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/104) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Add test for Unattended-Upgrade::Sender [\#103](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/103) ([Normo](https://github.com/Normo)) +- Unattended-Upgrade::Sender support [\#101](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/101) ([turikhay](https://github.com/turikhay)) +- Bump ansible-lint from 6.10.2 to 6.14.3 [\#99](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/99) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible-lint from 6.10.0 to 6.10.2 [\#82](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/82) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Do not cancel ci jobs if one ci job in the matrix fails [\#81](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/81) ([Normo](https://github.com/Normo)) +- Prepare release version 3.0.0 [\#117](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/117) ([Normo](https://github.com/Normo)) + +## [v2.0.1](https://github.com/hifis-net/ansible-role-unattended-upgrades/tree/v2.0.1) (2022-12-15) + +[Full Changelog](https://github.com/hifis-net/ansible-role-unattended-upgrades/compare/v2.0.0...v2.0.1) + +**Fixed bugs:** + +- Fix minimum specification of Ansible version [\#77](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/77) ([tobiashuste](https://github.com/tobiashuste)) + +**Closed issues:** + +- `unattended_dl_limit` doesn't work [\#76](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/76) +- ansible.builtin.import\_tasks problem [\#75](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/75) +- Detach fork [\#66](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/66) + +**Merged pull requests:** + +- Bump ansible-lint from 6.9.1 to 6.10.0 [\#79](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/79) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible from 7.0.0 to 7.1.0 [\#74](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/74) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump molecule from 4.0.3 to 4.0.4 [\#73](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/73) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible-lint from 6.9.0 to 6.9.1 [\#72](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/72) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Make sure GitHub Actions runs on the main branch [\#70](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/70) ([tobiashuste](https://github.com/tobiashuste)) +- Fix deprecation warning in GitHub Actions [\#69](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/69) ([tobiashuste](https://github.com/tobiashuste)) +- Prepare release v2.0.1 [\#78](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/78) ([Normo](https://github.com/Normo)) +- Leave a hint about the original fork [\#71](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/71) ([Normo](https://github.com/Normo)) + +## [v2.0.0](https://github.com/hifis-net/ansible-role-unattended-upgrades/tree/v2.0.0) (2022-12-02) + +[Full Changelog](https://github.com/hifis-net/ansible-role-unattended-upgrades/compare/v1.12.2...v2.0.0) + +**UPGRADE NOTES AND BREAKING CHANGES:** + +If you have used this role before version 2.0.0, the files `20auto-upgrades` and `50unattended-upgrades` will differ from the system defaults (instead of the configuration being placed in a separate file, as we do now). +These can be left as-is as they will be overridden. +During OS upgrades, when asked if these files should be overwritten by the maintainer's package, say yes. +They will then be reset to their default states, and you won't be asked these questions again. + +**Implemented enhancements:** + +- \[Feature Request\] Use force\_apt\_get [\#32](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/32) +- Override configuration in a separate apt.conf.d file [\#10](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/10) +- Test role via Molecule [\#8](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/8) + +**Fixed bugs:** + +- Molecule folder not linted by molecule [\#48](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/48) +- Change caused by indentation [\#53](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/53) +- Fix installation of powermgmt-base package [\#35](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/35) + +**Closed issues:** + +- Documentation role name mismatch [\#41](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/41) +- Some configurations options are missing [\#56](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/56) +- Remove support for OS that reached EOL [\#38](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/38) +- Add changelog [\#33](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/33) +- Add contribution guide [\#16](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/16) +- Rename default branch to `main` [\#13](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/13) + +**Merged pull requests:** + +- Bump ansible-lint from 6.8.6 to 6.9.0 [\#62](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/62) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible from 6.5.0 to 7.0.0 [\#60](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/60) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Add missing option Unattended-Upgrade::MailReport [\#57](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/57) ([nono-lqdn](https://github.com/nono-lqdn)) +- Bump ansible-lint from 6.8.2 to 6.8.6 [\#54](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/54) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump molecule from 4.0.2 to 4.0.3 [\#49](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/49) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump molecule from 4.0.1 to 4.0.2 [\#47](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/47) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible-lint from 6.8.1 to 6.8.2 [\#46](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/46) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible from 6.4.0 to 6.5.0 [\#45](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/45) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible-lint from 6.8.0 to 6.8.1 [\#44](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/44) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible-lint from 6.5.0 to 6.8.0 [\#43](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/43) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Fix role name in README [\#42](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/42) ([lukashass](https://github.com/lukashass)) +- Bump molecule-podman from 2.0.2 to 2.0.3 [\#40](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/40) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible from 6.2.0 to 6.4.0 [\#25](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/25) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump yamllint from 1.27.1 to 1.28.0 [\#24](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/24) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Update README.md [\#19](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/19) ([Normo](https://github.com/Normo)) +- Bump ansible-lint from 6.4.0 to 6.5.0 [\#15](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/15) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Prepare release version 2.0.0 [\#67](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/67) ([Normo](https://github.com/Normo)) +- Add codeowners to autoassign reviewers [\#65](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/65) ([Normo](https://github.com/Normo)) +- Ensure new default branch main is used by Galaxy [\#64](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/64) ([Normo](https://github.com/Normo)) +- Lint molecule folder [\#63](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/63) ([Normo](https://github.com/Normo)) +- Fix indentation for unattended\_origins\_patterns in template file [\#61](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/61) ([Normo](https://github.com/Normo)) +- Remove support for OS that reached EOL [\#39](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/39) ([Normo](https://github.com/Normo)) +- Add changelog [\#37](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/37) ([Normo](https://github.com/Normo)) +- Fix installation of powermgmt-base [\#36](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/36) ([Normo](https://github.com/Normo)) +- Force usage of apt-get instead of aptitude [\#34](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/34) ([Normo](https://github.com/Normo)) +- Test Remove-Unused-Kernel-Packages option [\#31](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/31) ([Normo](https://github.com/Normo)) +- Add options for controlling the removal of unused kernel packages [\#29](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/29) ([gcotelli](https://github.com/gcotelli)) +- Stop overwriting default config [\#28](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/28) ([alpha0010](https://github.com/alpha0010)) +- Add contribution guide [\#22](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/22) ([Normo](https://github.com/Normo)) +- Remove custom ansible-lint config [\#18](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/18) ([Normo](https://github.com/Normo)) +- Fix 'All names should start with an uppercase letter' warnings [\#17](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/17) ([Normo](https://github.com/Normo)) +- Fix CI badge in README [\#14](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/14) ([tobiashuste](https://github.com/tobiashuste)) +- Replace deprecated include with import\_tasks [\#12](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/12) ([Normo](https://github.com/Normo)) +- Update README.md [\#11](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/11) ([Normo](https://github.com/Normo)) +- Test the role via molecule and update supported OS [\#9](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/9) ([tobiashuste](https://github.com/tobiashuste)) +- Bump actions/checkout from 2 to 3 [\#6](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/6) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible/ansible-lint-action from 6.0.2 to 6.3.0 [\#5](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/5) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Add dependabot config to daily check for GitHub actions updates [\#4](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/4) ([Normo](https://github.com/Normo)) +- Force quoted strings [\#3](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/3) ([Normo](https://github.com/Normo)) +- Add yamllint configuration [\#2](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/2) ([Normo](https://github.com/Normo)) +- Fork https://github.com/jnv/ansible-role-unattended-upgrades [\#1](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/1) ([Normo](https://github.com/Normo)) + + + +\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* diff --git a/galaxy.yml b/galaxy.yml new file mode 100644 index 0000000..b825fb4 --- /dev/null +++ b/galaxy.yml @@ -0,0 +1,28 @@ +namespace: 'hifis' +name: 'software_services' +version: '4.0.0' +readme: 'README.md' +authors: + - 'HIFIS Software Services ' +description: 'This collection provides production-ready Ansible roles used for providing services used in research and by research software engineers, but not exclusively.' +license: + - 'GPL-2.0-or-later' +tags: + - 'hifis' + - 'ubuntu' + - 'debian' + - 'linux' + - 'system' +dependencies: {} +repository: 'https://github.com/hifis-net/ansible-role-unattended-upgrades' +homepage: 'https://hifis.net/services/software-overview.html' +issues: 'https://github.com/hifis-net/ansible-role-unattended-upgrades/issues' +build_ignore: + - '.editorconfig' + - '.github' + - '.github_changelog_generator' + - '.gitattributes' + - '.gitignore' + - '.yamllint' + - 'Pipfile' + - 'Pipfile.lock' diff --git a/meta/runtime.yml b/meta/runtime.yml new file mode 100644 index 0000000..be99ccf --- /dev/null +++ b/meta/runtime.yml @@ -0,0 +1,2 @@ +--- +requires_ansible: '>=2.14.0' diff --git a/molecule/default/converge.yml b/molecule/unattended_upgrades/converge.yml similarity index 69% rename from molecule/default/converge.yml rename to molecule/unattended_upgrades/converge.yml index 0d2db5b..5fe82f0 100644 --- a/molecule/default/converge.yml +++ b/molecule/unattended_upgrades/converge.yml @@ -5,6 +5,6 @@ tasks: - name: "Include unattended_upgrades role" ansible.builtin.include_role: - name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" + name: "hifis.software_services.unattended_upgrades" ... diff --git a/molecule/default/molecule.yml b/molecule/unattended_upgrades/molecule.yml similarity index 97% rename from molecule/default/molecule.yml rename to molecule/unattended_upgrades/molecule.yml index 99e0c22..daac872 100644 --- a/molecule/default/molecule.yml +++ b/molecule/unattended_upgrades/molecule.yml @@ -14,7 +14,7 @@ platforms: provisioner: name: "ansible" options: - diff: True + diff: true inventory: hosts: all: @@ -40,7 +40,6 @@ provisioner: verifier: name: "ansible" scenario: - name: "default" test_sequence: - "destroy" - "dependency" diff --git a/molecule/default/prepare.yml b/molecule/unattended_upgrades/prepare.yml similarity index 100% rename from molecule/default/prepare.yml rename to molecule/unattended_upgrades/prepare.yml diff --git a/molecule/default/verify.yml b/molecule/unattended_upgrades/verify.yml similarity index 86% rename from molecule/default/verify.yml rename to molecule/unattended_upgrades/verify.yml index 0df2b9c..e824ae3 100644 --- a/molecule/default/verify.yml +++ b/molecule/unattended_upgrades/verify.yml @@ -37,16 +37,16 @@ - name: "Ubuntu specific verification" when: "ansible_facts.distribution == 'Ubuntu'" block: - - name: "Check for registered variables on Ubuntu" - ansible.builtin.assert: - that: "item in aptconfig.stdout" - with_items: - - 'Unattended-Upgrade::Origins-Pattern:: "origin=Ubuntu,archive=${distro_codename}-security,label=Ubuntu";' + - name: "Check for registered variables on Ubuntu" + ansible.builtin.assert: + that: "item in aptconfig.stdout" + with_items: + - 'Unattended-Upgrade::Origins-Pattern:: "origin=Ubuntu,archive=${distro_codename}-security,label=Ubuntu";' - - name: "Check absence of Ubuntu defaults" - ansible.builtin.assert: - that: "item not in aptconfig.stdout" - with_items: "{{ ubuntu_defaults }}" + - name: "Check absence of Ubuntu defaults" + ansible.builtin.assert: + that: "item not in aptconfig.stdout" + with_items: "{{ ubuntu_defaults }}" - name: "Debian specific verification" when: "ansible_facts.distribution == 'Debian'" diff --git a/roles/unattended_upgrades/README.md b/roles/unattended_upgrades/README.md new file mode 100644 index 0000000..cf65676 --- /dev/null +++ b/roles/unattended_upgrades/README.md @@ -0,0 +1,293 @@ +# hifis.unattended_upgrades Ansible Role + +[![CI status](https://github.com/hifis-net/ansible-role-unattended-upgrades/actions/workflows/unattended_upgrades.yml/badge.svg)](https://github.com/hifis-net/ansible-role-unattended-upgrades/actions/workflows/unattended_upgrades.yml) + +Install and setup [unattended-upgrades](https://launchpad.net/unattended-upgrades) for Ubuntu and Debian, to +periodically install security upgrades. + +## Requirements + +The role uses [apt module](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/apt_module.html) which +has additional dependencies. + +If you set `unattended_mail` to an e-mail address, make sure `mailx` command is available and your system is able to +send e-mails. + +The role requires unattended-upgrades version 0.70 and newer, which is available since Debian Wheezy and Ubuntu 12.04 +respectively. This is due to [Origins Patterns](#origins-patterns) usage; if this is not available on your system, you +may use [the first version of the role](https://github.com/hifis-net/ansible-role-unattended-upgrades/tree/v0.1). + +### Automatic Reboot + +If you enable automatic reboot feature (`unattended_automatic_reboot`), the role will attempt to install +`update-notifier-common` package, which is required on some systems for detecting and executing reboot after the +upgrade. You may optionally define a specific time for rebooting (`unattended_automatic_reboot_time`). + +## Role Variables + +* `unattended_cache_valid_time`: + * Default: `3600` + * Description: Update the apt cache if it's older than the given time in seconds; passed to the [apt module](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/apt_module.html) during package installation. +* `unattended_origins_patterns`: + * Default: + * Debian: `['origin=Debian,codename=${distro_codename},label=Debian-Security']` + * Ubuntu: `['origin=Ubuntu,archive=${distro_codename}-security,label=Ubuntu']` + * Description: Array of origins patterns to determine whether the package can be automatically installed, for more details see [Origins Patterns](#origins-patterns) below. +* `unattended_package_blacklist`: + * Default: `[]` + * Description: Packages which won't be automatically upgraded. +* `unattended_autofix_interrupted_dpkg`: + * Default: `true` + * Description: Whether on unclean dpkg exit to run `dpkg --force-confold --configure -a`. +* `unattended_minimal_steps`: + * Default: `true` + * Description: Split the upgrade into the smallest possible chunks so that they can be interrupted with SIGUSR1. +* `unattended_install_on_shutdown`: + * Default: `false` + * Description: Install all unattended-upgrades when the machine is shutting down. +* `unattended_mail`: + * Default: `false` (don't send any e-mail) + * Description: E-mail address to send information about upgrades or problems with unattended upgrades. +* `unattended_mail_sender`: + * Default: `false` (same as `root`) + * Description: Use the specified value in the "From" field of outgoing mails +* `unattended_mail_only_on_error`: + * Default: `false` + * Description: Send e-mail only on errors, otherwise e-mail will be sent every time there's a package upgrade. +* `unattended_mail_report`: + * Default: `false` + * Description: Choose on what event to send an email. Possible values are "always", "only-on-error" or "on-change". +* `unattended_remove_unused_dependencies`: + * Default: `false` + * Description: Do automatic removal of all unused dependencies after the upgrade. +* `unattended_remove_new_unused_dependencies`: + * Default: `true` + * Description: Do automatic removal of new unused dependencies after the upgrade. +* `unattended_remove_unused_kernel_packages`: + * Default: `false` + * Description: Remove unused automatically installed kernel-related packages (kernel images, kernel headers and kernel version locked tools) +* `unattended_automatic_reboot`: + * Default: `false` + * Description: Automatically reboot system if any upgraded package requires it, immediately after the upgrade. +* `unattended_automatic_reboot_time`: + * Default: `false` + * Description: Automatically reboot system if any upgraded package requires it, at the specific time (_HH:MM_) instead of immediately after the upgrade. +* `unattended_update_days`: + * Default: `None` + * Description: Set the days of the week that updates should be applied. The days can be specified as localized abbreviated or full names. Or as integers where "0" is Sunday, "1" is Monday etc. Example: `{"Mon";"Fri"};` +* `unattended_ignore_apps_require_restart`: + * Default: `false` + * Description: Unattended-upgrades won't automatically upgrade some critical packages requiring restart after an upgrade (i.e. there is `XB-Upgrade-Requires: app-restart` directive in their debian/control file). With this option set to `true`, unattended-upgrades will upgrade these packages regardless of the directive. +* `unattended_syslog_enable`: + * Default: `false` + * Description: Write events to syslog, which is useful in environments where syslog messages are sent to a central store. +* `unattended_syslog_facility`: + * Default: `None` + * Description: Write events to the specified syslog facility, or the daemon facility if not specified. Will only have affect if `unattended_syslog_enable` is set to `true`. +* `unattended_verbose`: + * Default: `0` (no report) + * Description: Define verbosity level of APT for periodic runs. The output will be sent to root. + * Possible options: + * `0`: no report + * `1`: progress report + * `2`: + command outputs + * `3`: + trace on +* `unattended_update_package_list`: + * Default: `1` + * Description: Do "apt-get update" automatically every n-days (0=disable). +* `unattended_download_upgradeable`: + * Default: `0` + * Description: Do "apt-get upgrade --download-only" every n-days (0=disable). +* `unattended_autoclean_interval`: + * Default: `7` + * Description: Do "apt-get autoclean" every n-days (0=disable). +* `unattended_clean_interval`: + * Default: `0` + * Description: Do "apt-get clean" every n-days (0=disable). +* `unattended_random_sleep`: + * Default: `1800` (30 minutes) + * Description: Define maximum for a random interval in seconds after which the apt job starts (only for systems without systemd). +* `unattended_dpkg_options`: + * Default: `[]` + * Description: Array of dpkg command-line options used during unattended-upgrades runs, e.g. `["--force-confdef"]`, `["--force-confold"]`. +* `unattended_dl_limit`: + * Default: `None` + * Description: Limit the download speed in kb/sec using apt bandwidth limit feature. +* `unattended_only_on_ac_power`: + * Default: `false` + * Description: Download and install upgrades only on AC power. It will also install the debian package `powermgmt-base`. +* `unattended_systemd_timer_override` + * Default: `false` + * Description: Deploy/Remove timer overrides. +* `unattended_apt_daily_oncalendar` + * Default: `"*-*-* 6,18:00"` + * Description: Apt daily schedule (download updates). +* `unattended_apt_daily_randomizeddelaysec` + * Default: `"12h"` + * Description: Apt daily randomized delay. +* `unattended_apt_daily_upgrade_oncalendar` + * Default: `"*-*-* 6:00"` + * Description: Apt daily upgrade schedule (install updates). +* `unattended_apt_daily_upgrade_randomizeddelaysec` + * Default: `"60m"` + * Description: Apt daily upgrade randomized delay. + +## Origins Patterns + +Origins Pattern is a more powerful alternative to the Allowed Origins option used in previous versions of +unattended-upgrade. + +Pattern is composed of specific keywords: + +* `a`,`archive`,`suite` – e.g. `stable`, `trusty-security` (`archive=stable`) +* `c`,`component` – e.g. `main`, `crontrib`, `non-free` (`component=main`) +* `l`,`label` – e.g. `Debian`, `Debian-Security`, `Ubuntu` +* `o`,`origin` – e.g. `Debian`, `Unofficial Multimedia Packages`, `Ubuntu` +* `n`,`codename` – e.g. `jessie`, `jessie-updates`, `trusty` (this is only supported with `unattended-upgrades` >= 0.80) +* `site` – e.g. `http.debian.net` + +You can review the available repositories using `apt-cache policy` and debug your choice using `unattended-upgrades -d` +command on a target system. + +Additionally, unattended-upgrades support two macros (variables), derived from `/etc/debian_version`: + +* `${distro_id}` – Installed distribution name, e.g. `Debian` or `Ubuntu`. +* `${distro_codename}` – Installed codename, e.g. `bullseye` or `jammy`. + +Using `${distro_codename}` should be preferred over using `stable` or `oldstable` as a selected, as once `stable` moves +to `oldstable`, no security updates will be installed at all, or worse, package from a newer distro release will be +installed by accident. The same goes for upgrading your installation from `oldstable` to `stable`, if you forget to +change this in your origin patterns, you may not receive the security updates for your newer distro release. With +`${distro_codename}`, both cases can never happen. + +## Systemd timers + +Documentation for systemd/Timers: + +### Debian Default Configuration + +* Download daily at random times during the entire day. +* Install daily between 6am - 7am + +```yaml +unattended_systemd_timer_override: false # (default) +# apt-daily timer +unattended_apt_daily_oncalendar: "*-*-* 6,18:00" # (default) +unattended_apt_daily_randomizeddelaysec: "12h" # (default) +# apt-daily-upgrade timer +unattended_apt_daily_upgrade_oncalendar: "*-*-* 6:00" # (default) +unattended_apt_daily_upgrade_randomizeddelaysec: "60m" # (default) +``` + +### Customized download and update timers + +* Download starts between 00:30am - 01:30am +* Installation starts between 04:00am - 05:30am + +```yaml +unattended_systemd_timer_override: true +# apt-daily timer +unattended_apt_daily_oncalendar: "*-*-* 00:30" +unattended_apt_daily_randomizeddelaysec: "60m" + +# apt-daily-upgrade timer +unattended_apt_daily_upgrade_oncalendar: "*-*-* 4:00" +unattended_apt_daily_upgrade_randomizeddelaysec: "90m" +``` + +## Role Usage Examples + +Example for Ubuntu, with custom [origins patterns](#patterns-examples), blacklisted packages and e-mail notification: + +```yaml +- hosts: all + roles: + - role: hifis.software_services.unattended_upgrades + unattended_origins_patterns: + - 'origin=Ubuntu,archive=${distro_codename}-security' + - 'o=Ubuntu,a=${distro_codename}-updates' + unattended_package_blacklist: [cowsay, vim] + unattended_mail: 'root@example.com' +``` + +_Note:_ You don't need to specify `unattended_origins_patterns`, the role will use distribution's default if the +variable is not set. + +### Running Only on Debian-based Systems + +If you manage multiple distribution with the same playbook, you may want to skip running this role on non-Debian +systems. You can [use `when` conditional with role](https://docs.ansible.com/ansible/latest/user_guide/playbooks_conditionals.html#conditionals-with-roles) to limit the role to particular systems: + +```yaml +- hosts: all + roles: + - role: hifis.software_services.unattended_upgrades + when: ansible_facts['os_family'] == 'Debian' +``` + +See [#38](https://github.com/jnv/ansible-role-unattended-upgrades/pull/38) for discussion. + +### Patterns Examples + +By default, only security updates are allowed for both Ubuntu and Debian. You can add more patterns to allow +unattended-updates install more packages automatically, however be aware that automated major updates may potentially +break your system. + +#### For Debian + +```yaml +unattended_origins_patterns: + - 'origin=Debian,codename=${distro_codename},label=Debian-Security' # security updates + - 'o=Debian,codename=${distro_codename},label=Debian' # updates including non-security updates + - 'o=Debian,codename=${distro_codename},a=proposed-updates' +``` + +#### For Ubuntu + +In Ubuntu, archive always contains the distribution codename + +```yaml +unattended_origins_patterns: + - 'origin=Ubuntu,archive=${distro_codename}-security' + - 'o=Ubuntu,a=${distro_codename}' + - 'o=Ubuntu,a=${distro_codename}-updates' + - 'o=Ubuntu,a=${distro_codename}-proposed-updates' +``` + +#### For Raspbian + +In Raspbian, it is only possible to update all packages from the default repository, including non-security updates, or +updating none. + +Updating all, including non-security: + +```yaml +unattended_origins_patterns: + - 'origin=Raspbian,codename=${distro_codename},label=Raspbian' +``` + +To not install any updates on a raspbian host, just set `unattended_origins_patterns` to an empty list: + +```yaml +unattended_origins_patterns: [] +``` + +## Author + +This role is maintained by [HIFIS Software Services](https://www.hifis.net/) +and was originally forked from [jnv/ansible-role-unattended-upgrades](https://github.com/jnv/ansible-role-unattended-upgrades), +created by [Jan Vlnas](https://github.com/jnv). + +## Contributors + +We would like to thank and give credits to the following contributors of this +project: + +* [alpha0010](https://github.com/alpha0010) +* [gcotelli](https://github.com/gcotelli) +* [lukashass](https://github.com/lukashass) +* [nono-lqdn](https://github.com/nono-lqdn) +* [turikhay](https://github.com/turikhay) +* [mabed](https://github.com/mabed-fr) +* [pgassmann](https://github.com/pgassmann) +* [kennethso168](https://github.com/kennethso168) diff --git a/defaults/main.yml b/roles/unattended_upgrades/defaults/main.yml similarity index 100% rename from defaults/main.yml rename to roles/unattended_upgrades/defaults/main.yml diff --git a/handlers/main.yml b/roles/unattended_upgrades/handlers/main.yml similarity index 90% rename from handlers/main.yml rename to roles/unattended_upgrades/handlers/main.yml index 46016b2..464e2b1 100644 --- a/handlers/main.yml +++ b/roles/unattended_upgrades/handlers/main.yml @@ -6,12 +6,12 @@ daemon_reload: true name: 'apt-daily.timer' state: 'restarted' - enabled: yes + enabled: true - name: 'Restart apt-daily-upgrade timer' ansible.builtin.systemd: daemon_reload: true name: 'apt-daily-upgrade.timer' state: 'restarted' - enabled: yes + enabled: true ... diff --git a/meta/main.yml b/roles/unattended_upgrades/meta/main.yml similarity index 55% rename from meta/main.yml rename to roles/unattended_upgrades/meta/main.yml index 981e940..fb9b963 100644 --- a/meta/main.yml +++ b/roles/unattended_upgrades/meta/main.yml @@ -6,17 +6,17 @@ galaxy_info: license: "GPLv2" min_ansible_version: "2.14" platforms: - - name: "Ubuntu" - versions: - - "jammy" - - "focal" - - name: "Debian" - versions: - - "buster" - - "bullseye" - - "bookworm" + - name: "Ubuntu" + versions: + - "jammy" + - "focal" + - name: "Debian" + versions: + - "buster" + - "bullseye" + - "bookworm" galaxy_tags: - - "system" + - "system" dependencies: [] diff --git a/tasks/main.yml b/roles/unattended_upgrades/tasks/main.yml similarity index 100% rename from tasks/main.yml rename to roles/unattended_upgrades/tasks/main.yml diff --git a/tasks/reboot.yml b/roles/unattended_upgrades/tasks/reboot.yml similarity index 100% rename from tasks/reboot.yml rename to roles/unattended_upgrades/tasks/reboot.yml diff --git a/tasks/systemd_timers.yml b/roles/unattended_upgrades/tasks/systemd_timers.yml similarity index 100% rename from tasks/systemd_timers.yml rename to roles/unattended_upgrades/tasks/systemd_timers.yml diff --git a/tasks/systemd_timers_remove.yml b/roles/unattended_upgrades/tasks/systemd_timers_remove.yml similarity index 100% rename from tasks/systemd_timers_remove.yml rename to roles/unattended_upgrades/tasks/systemd_timers_remove.yml diff --git a/tasks/unattended-upgrades.yml b/roles/unattended_upgrades/tasks/unattended-upgrades.yml similarity index 100% rename from tasks/unattended-upgrades.yml rename to roles/unattended_upgrades/tasks/unattended-upgrades.yml diff --git a/templates/apt_daily_override.conf.j2 b/roles/unattended_upgrades/templates/apt_daily_override.conf.j2 similarity index 100% rename from templates/apt_daily_override.conf.j2 rename to roles/unattended_upgrades/templates/apt_daily_override.conf.j2 diff --git a/templates/apt_daily_upgrade_override.conf.j2 b/roles/unattended_upgrades/templates/apt_daily_upgrade_override.conf.j2 similarity index 100% rename from templates/apt_daily_upgrade_override.conf.j2 rename to roles/unattended_upgrades/templates/apt_daily_upgrade_override.conf.j2 diff --git a/templates/unattended-upgrades.j2 b/roles/unattended_upgrades/templates/unattended-upgrades.j2 similarity index 100% rename from templates/unattended-upgrades.j2 rename to roles/unattended_upgrades/templates/unattended-upgrades.j2 diff --git a/vars/Debian-buster.yml b/roles/unattended_upgrades/vars/Debian-buster.yml similarity index 100% rename from vars/Debian-buster.yml rename to roles/unattended_upgrades/vars/Debian-buster.yml diff --git a/vars/Debian.yml b/roles/unattended_upgrades/vars/Debian.yml similarity index 100% rename from vars/Debian.yml rename to roles/unattended_upgrades/vars/Debian.yml diff --git a/vars/Ubuntu.yml b/roles/unattended_upgrades/vars/Ubuntu.yml similarity index 100% rename from vars/Ubuntu.yml rename to roles/unattended_upgrades/vars/Ubuntu.yml diff --git a/vars/main.yml b/roles/unattended_upgrades/vars/main.yml similarity index 100% rename from vars/main.yml rename to roles/unattended_upgrades/vars/main.yml