ansible/vdk
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Tim Dittler
2020-01-13 14:51:16 +01:00
commit 7c454c1ed4
127 changed files with 7674 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

268
roles/weareinteractive.apt/README.md Executable file
View File

@@ -0,0 +1,268 @@
# Ansible weareinteractive.apt role
[![Build Status](https://img.shields.io/travis/weareinteractive/ansible-apt.svg)](https://travis-ci.org/weareinteractive/ansible-apt)
[![Galaxy](http://img.shields.io/badge/galaxy-weareinteractive.apt-blue.svg)](https://galaxy.ansible.com/weareinteractive/apt)
[![GitHub Tags](https://img.shields.io/github/tag/weareinteractive/ansible-apt.svg)](https://github.com/weareinteractive/ansible-apt)
[![GitHub Stars](https://img.shields.io/github/stars/weareinteractive/ansible-apt.svg)](https://github.com/weareinteractive/ansible-apt)
> `weareinteractive.apt` is an [Ansible](http://www.ansible.com) role which:
>
> * updates apt
> * cleans up apt
> * configures apt
> * installs packages
> * add repositories
> * add keys
> * apt pinning
> * manages unattended upgrades
> * optionally alters solution cost
> * optionally allows filesystems to be remounted
**Note:**
> Since Ansible Galaxy supports [organization](https://www.ansible.com/blog/ansible-galaxy-2-release) now, this role has moved from `franklinkim.apt` to `weareinteractive.apt`!
## Installation
Using `ansible-galaxy`:
```shell
$ ansible-galaxy install weareinteractive.apt
```
Using `requirements.yml`:
```yaml
- src: weareinteractive.apt
```
Using `git`:
```shell
$ git clone https://github.com/weareinteractive/ansible-apt.git weareinteractive.apt
```
## Dependencies
* Ansible >= 2.4
## Variables
Here is a list of all the default variables for this role, which are also available in `defaults/main.yml`.
```yaml
---
# apt_unattended_upgrades_blacklist:
# - vim
# - libc6
# apt_mails:
# - root
# - foo@dev.null
# apt_keys:
# - id: 473041FA
# file: /tmp/apt.gpg
# data: "{{ lookup('file', 'apt.asc') }}"
# keyring: /etc/apt/trusted.gpg.d/debian.gpg
# keyserver: keyserver.ubuntu.com
# url: https://ftp-master.debian.org/keys/archive-key-6.0.asc
# validate_certs: yes
# state: present
# apt_repositories:
# - codename: trusty
# filename: google-chrome
# mode: 0644
# repo: 'ppa:nginx/stable'
# state: present
# update_cache: yes
# sets the amount of time the cache is valid
apt_cache_valid_time: 3600
# upgrade system: safe | full | dist
apt_upgrade: no
# packages to install
apt_packages: []
# remove packages that are no longer needed for dependencies
apt_autoremove: yes
# remove .deb files for packages no longer on your system
apt_autoclean: yes
# .deb packages to install.
apt_deb_packages: []
# whether or not suggested packages should be installed.
apt_install_suggests: no
# do not install Recommended packages by default
apt_install_recommends: no
# allow 'apt-get autoremove' to remove recommended packages
apt_remove_recommends: no
# Enable the update/upgrade script
apt_periodic: yes
# Do “apt-get update” automatically every n-days (0=disable)
apt_update_package_lists: 1
# Do “apt-get upgrade download-only” every n-days (0=disable)
apt_download_upgradeable_packages: 0
# Do “apt-get autoclean” every n-days (0=disable)
apt_auto_clean_interval: 0
# enable unattended-upgrades
apt_unattended_upgrades: yes
# list of origins patterns to control which packages are upgraded
# replaces allowed-origins, kept for compatibility
apt_unattended_upgrades_origins: []
# List of allowed-origins, default value kept for compatibility
# set to null to use origins-pattern
apt_unattended_upgrades_allowed:
- ${distro_id}:${distro_codename}-security
# list of packages to not update (regexp are supported)
apt_unattended_upgrades_blacklist: []
# Split the upgrade into the smallest possible chunks so that
# they can be interrupted with SIGUSR1. This makes the upgrade
# a bit slower but it has the benefit that shutdown while a upgrade
# is running is possible (with a small delay)
apt_unattended_upgrades_minimal_steps: no
# Send email to this address for problems or packages upgrades
# If empty or unset then no email is sent, make sure that you
# have a working mail setup on your system. A package that provides
# 'mailx' must be installed. E.g. "user@example.com"
apt_mails: []
# Set this value to "true" to get emails only on errors. Default
# is to always send a mail if Unattended-Upgrade::Mail is set
apt_unattended_upgrades_notify_error_only: yes
# Do automatic removal of new unused dependencies after the upgrade
# (equivalent to apt-get autoremove)
apt_unattended_upgrades_autoremove: yes
# Automatically reboot *WITHOUT CONFIRMATION*
# if the file /var/run/reboot-required is found after the upgrade
apt_unattended_upgrades_automatic_reboot: no
# Automatically reboot even if there are users currently logged in.
apt_unattended_upgrades_automatic_reboot_with_users: no
# If automatic reboot is enabled and needed, reboot at the specific
# time instead of immediately
# Values: now | 02:00 | ...
apt_unattended_upgrades_automatic_reboot_time: now
# Enable logging to syslog.
apt_unattended_upgrades_syslog_enable: no
# Specify syslog facility.
apt_unattended_upgrades_syslog_facility: daemon
# Override download timer ? Default no
apt_unattended_upgrades_download_timer_override: null
# In case of override :
# apt_unattended_upgrades_download_timer_override:
# on_calendar_replace: (true|false) If true, delete default system schedule. If not, default and new schedules will be merged
# on_calendar: new schedule, see man systemd.time.7, example : 'Mon..Fri *-*-* 6:00'
# randomized_delay_sec: random delay in sec
# persistent: (true|false)
# See systemd.time.5 for random delay and persistent
# Override upgrade timer the same way
apt_unattended_upgrades_upgrade_timer_override: null
# apt_unattended_upgrades_upgrade_timer_override:
# on_calendar_replace:
# on_calendar:
# randomized_delay_sec:
# persistent:
# remount file system: currently supported options are rootfs and tmpfs
# tmpfs: remount tmp before running if mounted noexec
# rootfs: remount root filesystem r/w before running if mounted r/o
apt_remount_filesystems: []
# repositories to register
apt_repositories: []
# gpg keys for external repositories
apt_keys: []
# HTTP proxy server (optional)
# apt_http_proxy_address:
# HTTP pipeline depth (optional)
# apt_http_pipeline_depth: 5
# Change Aptitudes solution costs, default is not to change anything
# Mirror https://lists.debian.org/543FF3BD.1020609@zen.co.uk
# apt_aptitude_solution_cost:
# - priority
# - removals
# - canceled-actions
apt_aptitude_solution_cost: []
# List of preferences options.
# apt_preferences:
# - file: perl
# package: perl
# pin: "version 5.20*"
# priority: 1001
apt_preferences: []
```
## Handlers
These are the handlers that are defined in `handlers/main.yml`.
```yaml
---
- name: reload systemd
systemd:
daemon_reload: true
```
## Usage
This is an example playbook:
```yaml
---
- hosts: all
become: yes
roles:
- weareinteractive.apt
vars:
apt_cache_valid_time: 7200
apt_packages:
- vim
- tree
- ca-certificates
apt_deb_packages:
- "https://releases.hashicorp.com/vagrant/2.1.5/vagrant_2.1.5_x86_64.deb"
apt_mails:
- root
apt_preferences:
- file: perl
package: perl
pin: "version 5.20*"
priority: 1001
apt_unattended_upgrades_notify_error_only: no
```
## Testing
```shell
$ git clone https://github.com/weareinteractive/ansible-apt.git
$ cd ansible-apt
$ make test
```
## Contributing
In lieu of a formal style guide, take care to maintain the existing coding style. Add unit tests and examples for any new or changed functionality.
1. Fork it
2. Create your feature branch (`git checkout -b my-new-feature`)
3. Commit your changes (`git commit -am 'Add some feature'`)
4. Push to the branch (`git push origin my-new-feature`)
5. Create new Pull Request
*Note: To update the `README.md` file please install and run `ansible-role`:*
```shell
$ gem install ansible-role
$ ansible-role docgen
```
## License
Copyright (c) We Are Interactive under the MIT license.