- name: Ensure common packages are installed.
apt: "name={{ common_packages }} state=present"
+
+- name: Install unattended upgrades
+ apt:
+ name: 'unattended-upgrades'
+ state: "{{(unattended_upgrades|bool)|ternary('present', 'absent')}}"
+
+- name: Enable extra repos for unattended upgrades
+ template:
+ dest: /etc/apt/apt.conf.d/51unattended_upgrades_extra_repos.conf
+ src: unattended_upgrades_extra_repos.conf.j2
+ vars:
+ repos_base:
+ - "${distro_id}:${distro_codename}-updates"
+ - "${distro_id}:${distro_codename}-backports"
+ repos_Ubuntu:
+ - "LP-PPA-efficios-ci:${distro_codename}"
+ repose_Debian: []
+ repos: "{{repos_base|union(lookup('vars', 'repos_' + ansible_distribution, default=[]))}}"
+
+- name: Enable unattended upgrades
+ block:
+ - copy:
+ dest: /etc/apt/apt.conf.d/20auto-upgrades
+ content: "APT::Periodic::Update-Package-Lists \"1\";\nAPT::Periodic::Unattended-Upgrade \"1\";\n"
+ when: unattended_upgrades | bool
+ - file:
+ path: /etc/apt/apt.conf.d/20auto-upgrades
+ state: "{{(unattended_upgrades|bool)|ternary('file', 'absent')}}"
+ owner: root
+ group: root
+ mode: '0644'
+- name: Install microcode for physical hosts
+ when: ansible_virtualization_role == 'host'
+ block:
+ - name: Install AMD microcode
+ when: "'AuthenticAMD' in ansible_processor"
+ ansible.builtin.apt:
+ name: amd64-microcode
+ register: amd64_microcode
+ - name: Install Intel microcode
+ when: "'GenuineIntel' in ansible_processor"
+ ansible.builtin.apt:
+ name: intel-microcode
+ register: intel_microcode
+ - name: Update initramfs
+ when: amd64_microcode.changed or intel_microcode.changed
+ ansible.builtin.command:
+ argv: ['update-initramfs', '-u', '-k', 'all']
+ - name: Set reboot required
+ when: amd64_microcode.changed or intel_microcode.changed
+ ansible.builtin.copy:
+ dest: /var/run/reboot-required
+ content: '*** System restart required ***'
+ owner: root
+ group: root
+ mode: '0644'
projects / lttng-ci.git / blobdiff