ansible-role-security
ansible-role-security copied to clipboard
geerlingguy
Make upgrades more configurable
I would only want to run upgrades once a week hence my 50periodic would look like this:
APT::Periodic::Update-Package-Lists "7";
APT::Periodic::Download-Upgradeable-Packages "7";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "7";
If I run multiple nodes and I have set restart to true I wouldn't want to have all nodes restarting at the same time so my overrides.conf at /etc/systemd/system/apt-daily-upgrade.timer.d/override.conf would look like this
[Timer]
OnCalendar=
OnCalendar=Sun *-*-* 04:00:00
# if multiple nodes are running, add a random delay to avoid all nodes
# running upgrades at the same time (in case restart is enabled)
RandomizedDelaySec=1h
Furthermore what if I only want to run security updates meaning my 50unattended-upgrades will look like the following
Unattended-Upgrade::Origins-Pattern {
"origin=Debian,codename=${distro_codename},label=Debian-Security";
"origin=Debian,codename=${distro_codename}-security,label=Debian-Security";
};
Given the number of configuration options I would perhaps recommend copying in files. files of which the path the user can define.
This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
Please read this blog post to see the reasons why I mark issues as stale.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.