Ansible Role: sys_auto_update

An Ansible Role to install and configure automatic updates on various linux distributions.

Motivation

Doing updates on multiple machines is critical, but time consuming. Having a service, which is taking care of automatic updates from time to time reduces the effort for maintenance. Automatic updates can be applied to small home machines and with some minor tuning to productive enterprise machines, too.

You should also have a patching / maintenance plan to due stuff like upgrades, checking various security settings and do reboots.

Description

This Ansible Role installs and configures automatic updates:

• install and configure needed packages (yum-cron, dnf-automatic)
• configure the services properly
• start the services or timers

Requirements

Used Modules:

• Ansible Package Module
• Ansible Service Module
• Ansible Template Module

Installation

Install from Ansible Galaxy

ansible-galaxy install while_true_do.sys_auto_update

Install from Github

git clone https://github.com/while-true-do/ansible-role-sys_auto_update.git while_true_do.sys_auto_update

Usage

Role Variables

---
# defaults file for while_true_do.sys_auto_update

## Package Management
# Defaults are based on Fedora Linux
wtd_sys_auto_update_package: "dnf-automatic"
# State can be present|latest|absent
wtd_sys_auto_update_package_state: "present"

## Configuration Management
wtd_sys_auto_update_conf_cmd:
  # Can be default|security, depending on your distribution
  update_type: "default"
  download_updates: "yes"
  apply_updates: "yes"
  random_sleep: 360

wtd_sys_auto_update_conf_notify:
  # unset = use hostname
  system_name: ""
  # can be stdio|mail
  notify_via: "stdio"
  email_from: "root@localhost"
  email_to: "root"
  email_host: "localhost"

## Service Management
wtd_sys_auto_update_service: "dnf-automatic"
# State can be started|stopped
wtd_sys_auto_update_service_state: "started"
wtd_sys_auto_update_service_enabled: true

Example Playbook

Running Ansible Roles can be done in a playbook.

Simple

---
- hosts: all
  roles:
    - role: while_true_do.sys_auto_update

Advanced

Apply security updates and send notifications via e-mail.

- hosts: all
  roles:
    - role: while_true_do.sys_auto_update
    wtd_sys_auto_update_conf_cmd:
      update_type: "security"

    wtd_sys_auto_update_conf_notify:
      notify_via: "mail"
      email_to: "mail@example.com"

Known Issues

1. RedHat Testing is currently not possible in public, due to limitations in subscriptions.
2. Some services and features cannot be tested properly, due to limitations in docker.

Testing

Most of the "generic" tests are located in the Test Library.

Ansible specific testing is done with Molecule.

Infrastructure testing is done with testinfra.

Automated testing is done with Travis CI.

Contribute

Thank you so much for considering to contribute. We are very happy, when somebody is joining the hard work. Please fell free to open Bugs, Feature Requests or Pull Requests after reading the Contribution Guideline.

See who has contributed already in the kudos.txt.

License

This work is licensed under a BSD-3-Clause License.

Contact

• Site https://while-true-do.io
• Twitter https://twitter.com/wtd_news
• Code https://github.com/while-true-do
• Mail hello@while-true-do.io
• IRC freenode, #while-true-do
• Telegram https://t.me/while_true_do