Skip to content
Snippets Groups Projects
Commit a8fb6e08 authored by urla's avatar urla
Browse files

w45zliuhzort

parent 937db834
Branches
Tags
No related merge requests found
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
APT__Periodic::AutocleanInterval "10";
// Automatically upgrade packages from these (origin:archive) pairs
// geändert durch Urs Lautebach 2022-Nov-11
// (auskommentierte Zeilen gelöscht
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}";
"${distro_id}:${distro_codename}-security";
// Extended Security Maintenance; doesn't necessarily exist for
// every release and this system may not have it installed, but if
// available, the policy for updates is such that unattended-upgrades
// should also install from here by default.
"${distro_id}ESMApps:${distro_codename}-apps-security";
"${distro_id}ESM:${distro_codename}-infra-security";
"${distro_id}:${distro_codename}-updates";
// "${distro_id}:${distro_codename}-proposed";
"${distro_id}:${distro_codename}-backports";
};
// Python regular expressions, matching packages to exclude from upgrading
Unattended-Upgrade::Package-Blacklist {
};
// This option controls whether the development release of Ubuntu will be
// upgraded automatically. Valid values are "true", "false", and "auto".
Unattended-Upgrade::DevRelease "auto";
// This option allows you to control if on a unclean dpkg exit
// unattended-upgrades will automatically run
// dpkg --force-confold --configure -a
Unattended-Upgrade::AutoFixInterruptedDpkg "true";
// Split the upgrade into the smallest possible chunks so that
// they can be interrupted with SIGTERM. This makes the upgrade
// a bit slower but it has the benefit that shutdown while a upgrade
// is running is possible (with a small delay)
Unattended-Upgrade::MinimalSteps "true";
// Remove unused automatically installed kernel-related packages
// (kernel images, kernel headers and kernel version locked tools).
Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
// Do automatic removal of newly unused dependencies after the upgrade
Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
// Do automatic removal of unused packages after the upgrade
// (equivalent to apt-get autoremove)
Unattended-Upgrade::Remove-Unused-Dependencies "false";
// Automatically reboot *WITHOUT CONFIRMATION* if
// the file /var/run/reboot-required is found after the upgrade
Unattended-Upgrade::Automatic-Reboot "false";
// Download and install upgrades only on AC power
// (i.e. skip or gracefully stop updates on battery)
Unattended-Upgrade::OnlyOnACPower "true";
# Diese Datei sollte /etc/cron.d/ansible-pull-cron-eintrag sein.
# Der hier definierte cron-Job startet das Skript, das über den nächsten Lauf von ansible-pull entscheidet:
# m h Tag Mon Wotag User Kommando
*/5 * * * * ansible_famila /home/ansible_famila/ansible-pull-evtl-aufrufen.sh
# Diese Datei sollte /etc/cron.d/ansible-pull-cron-eintrag-erstmalig sein.
# Der hier definierte cron-Job startet das Skript, das über den nächsten Lauf
# von ansible-pull entscheidet.
# Anders als das .regelmäßig-cronjob läuft dieser jede Minute (also sofort).
# Außerdem wird hier das Skript aus dem Homeverzeichnis aufgerufen, weil der
# cloned-repo-Ordner noch nicht von Git initialisiert wurde:
# m h Tag Mon Wotag User Kommando
* * * * * ansible_famila /home/ansible_famila/ansible-pull-evtl-aufrufen.sh
# Diese Datei sollte /etc/cron.d/ansible-pull-cron-eintrag-regelmaessig sein.
# Der hier definierte cron-Job startet das Skript, das über den nächsten Lauf von ansible-pull entscheidet.
# Anders als das .erstmalig-cronjob läuft dieser nur alle halbe Stunde.
# Außerdem wird hier das Skript aus dem Ordner cloned-repo/skripte aufgerufen,
# damit es unkomplizierter Updates erfahren kann:
# m h Tag Mon Wotag User Kommando
0 * * * * ansible_famila /home/ansible_famila/cloned-repo/skripte/ansible-pull-evtl-aufrufen.sh
# Diese Datei sollte "/etc/cron.d/famila-mintupdate-evtl-starten" sein.
# Der hier definierte cron-Job startet das Skript, das über den nächsten Lauf von mintupdate-cli entscheidet:
# startet das Skript, das entscheidet, ob ein mintupdate laufen soll:
# m h Tag Mon Wotag User Kommando
30 * * * * ansible_client /home/ansible_famila/cloned-repo/skripte/mintupdate-evtl-aufrufen.sh
...@@ -24,7 +24,7 @@ ...@@ -24,7 +24,7 @@
# - include: tasks/software-entfernen.yml # - include: tasks/software-entfernen.yml
- include: tasks/installs-apt.yml - include: tasks/installs-apt.yml
- include: tasks/installs-deb.yml - include: tasks/installs-deb.yml
- include: tasks/installs-download.yml # - include: tasks/installs-download.yml
...@@ -10,7 +10,7 @@ ...@@ -10,7 +10,7 @@
# Maschine installieren und User "dummy" einrichten # Maschine installieren und User "dummy" einrichten
apt update apt update
#apt upgrade -y; apt autoclean; apt autoremove #apt upgrade -y; apt autoclean; apt autoremove -y
apt install -y ansible git apt install -y ansible git
ANSIBLE_USER=ansible_famila ANSIBLE_USER=ansible_famila
...@@ -35,7 +35,7 @@ chown $ANSIBLE_USER:$ANSIBLE_USER /home/$ANSIBLE_USER/cloned-repo ...@@ -35,7 +35,7 @@ chown $ANSIBLE_USER:$ANSIBLE_USER /home/$ANSIBLE_USER/cloned-repo
chmod 0744 /home/$ANSIBLE_USER/cloned-repo chmod 0744 /home/$ANSIBLE_USER/cloned-repo
# Cronjob für ansible-pull einrichten: # Cronjob für ansible-pull einrichten:
cp files/_etc_cron.d_ansible-pull-cron-eintrag /etc/cron.d/ansible-pull-cron-eintrag cp files/_etc_cron.d_ansible-pull-cron-erstmalig /etc/cron.d/ansible-pull-cron-erstmalig
sudo shutdown -r now sudo shutdown -r now
......
#- name: /etc/ansible anlegen
# file:
# path: /etc/ansible
# state: directory
- name: /etc/ansible/ anlegen - name: /etc/ansible/ anlegen
ansible.builtin.file: path=/etc/ansible state=directory ansible.builtin.file: path=/etc/ansible state=directory
...@@ -13,18 +8,21 @@ ...@@ -13,18 +8,21 @@
backup: yes backup: yes
owner: ansible_famila owner: ansible_famila
- name: Starterskript anlegen/erneuern - name: "cron-job erneuern: erstmalig laufenden löschen"
ansible.builtin.file:
path: /etc/cron.d/ansible-pull-cron-erstmalig
state: absent
- name: "cron-job erneuern: regelmäßig laufenden einrichten"
ansible.builtin.copy: ansible.builtin.copy:
src: skripte/ansible-pull-evtl-aufrufen.sh src: files/_etc_cron.d_ansible-pull-cron-regelmaessig
dest: "/home/{{ ansible_folder }}/" dest: /etc/cron.d/ansible-pull-cron-regelmaessig
backup: yes
owner: ansible_famila owner: ansible_famila
- name: cron-job für mintupdate einrichten - name: cron-job für mintupdate einrichten/erneuern
ansible.builtin.copy: ansible.builtin.copy:
src: "files/_etc_cron.d_famila-mintupdate-cron-eintrag" src: "files/_etc_cron.d_famila-mintupdate-cron"
dest: "/etc/cron.d/famila-mintupdate-cron-eintrag" dest: "/etc/cron.d/famila-mintupdate-cron"
owner: ansible_famila owner: ansible_famila
mode: 0644 mode: 0644
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment