This commit is contained in:
decentral1se 2022-05-30 09:49:44 +02:00
commit 58809f7fc7
No known key found for this signature in database
GPG Key ID: 03789458B3D0C410
11 changed files with 161 additions and 0 deletions

5
.ansible-lint.yml Normal file
View File

@ -0,0 +1,5 @@
---
skip_list:
- fqcn-builtins
- no-handler
- risky-shell-pipe

16
.drone.yml Normal file
View File

@ -0,0 +1,16 @@
----
kind: pipeline
name: default
steps:
- name: integration test
image: python:3.9-buster
environment:
REMOTE_USER: molecule
HCLOUD_TOKEN:
from_secret: HCLOUD_TOKEN
commands:
- apt update && apt install -y pwgen
- mkdir -p /root/.ansible/roles && ln -sr . /root/.ansible/roles/autonomic.apt-upgrades
- export INSTANCE_UUID=$(pwgen 8 1)
- pip install -r requirements.txt
- molecule test

18
.envrc.sample Normal file
View File

@ -0,0 +1,18 @@
# Your username that you use for accounts on our machines.
export REMOTE_USER=
export ANSIBLE_USER=$REMOTE_USER
# The path to our pass credentials store
export PASSWORD_STORE_DIR=
# The Hetzner Cloud API token for managing our instances
# Uncomment the prod/test line below depending on what you're doing
# export HCLOUD_TOKEN=$(pass show logins/hetzner/prod/api_key)
# export HCLOUD_TOKEN=$(pass show logins/hetzner/test/api_key)
export HCLOUD_TOKEN=$(pass show logins/hetzner/cicd/api_key)
# For molecule role testing
export INSTANCE_UUID=$RANDOM
# So molecule will show credentials in the logs
export MOLECULE_NO_LOG=False

16
.yamllint.yml Executable file
View File

@ -0,0 +1,16 @@
---
extends: default
yaml-files:
- "*.yaml"
- "*.yml"
ignore: |
.venv
.drone.yml
rules:
line-length: disable
braces:
max-spaces-inside: 1
level: error

15
LICENSE Normal file
View File

@ -0,0 +1,15 @@
autonomic.apt-upgrades: Upgrade system packages
Copyright (C) 2022 Autonomic Co-operative <helo@autonomic.zone>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.

1
README.md Normal file
View File

@ -0,0 +1 @@
# autonomic.apt-upgrades

14
meta/main.yml Normal file
View File

@ -0,0 +1,14 @@
---
dependencies: []
galaxy_info:
role_name: apt_upgrades
namespace: autonomic
author: autonomic
description: Upgrade apt packages using Ansible and reboot if needed
company: Autonomic
license: GPLv3
min_ansible_version: 2.9
platforms:
- name: Debian
versions:
- buster

View File

@ -0,0 +1,7 @@
---
- name: Converge
hosts: all
tasks:
- name: Include autonomic.apt-upgrades
include_role:
name: autonomic.apt-upgrades

View File

@ -0,0 +1,19 @@
---
dependency:
name: galaxy
driver:
name: hetznercloud
platforms:
- name: "autonomic.apt-upgrades-${INSTANCE_UUID}"
server_type: "cx11"
image: "debian-10"
provisioner:
name: ansible
lint: |
set -e
yamllint -c .yamllint.yml .
ansible-lint --exclude .drone.yml -c .ansible-lint.yml .

4
requirements.txt Normal file
View File

@ -0,0 +1,4 @@
ansible-lint==6.0.0
ansible==5.4.0
molecule-hetznercloud==1.3.0
molecule==3.6.1

46
tasks/main.yml Normal file
View File

@ -0,0 +1,46 @@
---
- name: Update apt repo and cache
apt:
update_cache: true
force_apt_get: true
cache_valid_time: 3600
- name: Upgrade all packages
apt:
upgrade: full
force_apt_get: true
autoremove: true
register: upgrade_cmd
- name: List newly installed and upgraded packages
shell: grep -E "^$(date +%Y-%m-%d).+ (install|upgrade) " /var/log/dpkg.log |cut -d " " -f 3-5
register: new_or_upgraded_pkgs
when: upgrade_cmd.changed
- name: Show installed/updated packages output
debug:
msg: "{{ new_or_upgraded_pkgs is defined and new_or_upgraded_pkgs.stdout_lines }}"
when: new_or_upgraded_pkgs.changed
- name: Check if a reboot is needed
stat:
path: /var/run/reboot-required
register: reboot_required_file
- name: Check if a docker upgrade happened
set_fact:
docker_upgrade: "{{ new_or_upgraded_pkgs is defined and 'stdout_lines' in new_or_upgraded_pkgs and 'docker' in new_or_upgraded_pkgs.stdout_lines }}"
- name: Output warning when reboot is needed
debug:
msg: "--- WARNING: REBOOT REQUIRED ---"
when: reboot_required_file.stat.exists | bool or docker_upgrade | bool
- name: Show prompt to take note of reboot
pause:
prompt: |
"{{ inventory_hostname }} requires a reboot, please take note and perform
this manually after this role finishes! Thank you for your system admin
labours!"
delegate_to: localhost
when: reboot_required_file.stat.exists | bool or docker_upgrade | bool