commit
58809f7fc7
@ -0,0 +1,5 @@ |
||||
--- |
||||
skip_list: |
||||
- fqcn-builtins |
||||
- no-handler |
||||
- risky-shell-pipe |
@ -0,0 +1,16 @@ |
||||
---- |
||||
kind: pipeline |
||||
name: default |
||||
steps: |
||||
- name: integration test |
||||
image: python:3.9-buster |
||||
environment: |
||||
REMOTE_USER: molecule |
||||
HCLOUD_TOKEN: |
||||
from_secret: HCLOUD_TOKEN |
||||
commands: |
||||
- apt update && apt install -y pwgen |
||||
- mkdir -p /root/.ansible/roles && ln -sr . /root/.ansible/roles/autonomic.apt-upgrades |
||||
- export INSTANCE_UUID=$(pwgen 8 1) |
||||
- pip install -r requirements.txt |
||||
- molecule test |
@ -0,0 +1,18 @@ |
||||
# Your username that you use for accounts on our machines. |
||||
export REMOTE_USER= |
||||
export ANSIBLE_USER=$REMOTE_USER |
||||
|
||||
# The path to our pass credentials store |
||||
export PASSWORD_STORE_DIR= |
||||
|
||||
# The Hetzner Cloud API token for managing our instances |
||||
# Uncomment the prod/test line below depending on what you're doing |
||||
# export HCLOUD_TOKEN=$(pass show logins/hetzner/prod/api_key) |
||||
# export HCLOUD_TOKEN=$(pass show logins/hetzner/test/api_key) |
||||
export HCLOUD_TOKEN=$(pass show logins/hetzner/cicd/api_key) |
||||
|
||||
# For molecule role testing |
||||
export INSTANCE_UUID=$RANDOM |
||||
|
||||
# So molecule will show credentials in the logs |
||||
export MOLECULE_NO_LOG=False |
@ -0,0 +1,16 @@ |
||||
--- |
||||
extends: default |
||||
|
||||
yaml-files: |
||||
- "*.yaml" |
||||
- "*.yml" |
||||
|
||||
ignore: | |
||||
.venv |
||||
.drone.yml |
||||
|
||||
rules: |
||||
line-length: disable |
||||
braces: |
||||
max-spaces-inside: 1 |
||||
level: error |
@ -0,0 +1,15 @@ |
||||
autonomic.apt-upgrades: Upgrade system packages |
||||
Copyright (C) 2022 Autonomic Co-operative <helo@autonomic.zone> |
||||
|
||||
This program is free software: you can redistribute it and/or modify |
||||
it under the terms of the GNU General Public License as published by |
||||
the Free Software Foundation, either version 3 of the License, or |
||||
(at your option) any later version. |
||||
|
||||
This program is distributed in the hope that it will be useful, |
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
GNU General Public License for more details. |
||||
|
||||
You should have received a copy of the GNU General Public License |
||||
along with this program. If not, see <https://www.gnu.org/licenses/>. |
@ -0,0 +1,14 @@ |
||||
--- |
||||
dependencies: [] |
||||
galaxy_info: |
||||
role_name: apt_upgrades |
||||
namespace: autonomic |
||||
author: autonomic |
||||
description: Upgrade apt packages using Ansible and reboot if needed |
||||
company: Autonomic |
||||
license: GPLv3 |
||||
min_ansible_version: 2.9 |
||||
platforms: |
||||
- name: Debian |
||||
versions: |
||||
- buster |
@ -0,0 +1,7 @@ |
||||
--- |
||||
- name: Converge |
||||
hosts: all |
||||
tasks: |
||||
- name: Include autonomic.apt-upgrades |
||||
include_role: |
||||
name: autonomic.apt-upgrades |
@ -0,0 +1,19 @@ |
||||
--- |
||||
dependency: |
||||
name: galaxy |
||||
|
||||
driver: |
||||
name: hetznercloud |
||||
|
||||
platforms: |
||||
- name: "autonomic.apt-upgrades-${INSTANCE_UUID}" |
||||
server_type: "cx11" |
||||
image: "debian-10" |
||||
|
||||
provisioner: |
||||
name: ansible |
||||
|
||||
lint: | |
||||
set -e |
||||
yamllint -c .yamllint.yml . |
||||
ansible-lint --exclude .drone.yml -c .ansible-lint.yml . |
@ -0,0 +1,4 @@ |
||||
ansible-lint==6.0.0 |
||||
ansible==5.4.0 |
||||
molecule-hetznercloud==1.3.0 |
||||
molecule==3.6.1 |
@ -0,0 +1,46 @@ |
||||
--- |
||||
- name: Update apt repo and cache |
||||
apt: |
||||
update_cache: true |
||||
force_apt_get: true |
||||
cache_valid_time: 3600 |
||||
|
||||
- name: Upgrade all packages |
||||
apt: |
||||
upgrade: full |
||||
force_apt_get: true |
||||
autoremove: true |
||||
register: upgrade_cmd |
||||
|
||||
- name: List newly installed and upgraded packages |
||||
shell: grep -E "^$(date +%Y-%m-%d).+ (install|upgrade) " /var/log/dpkg.log |cut -d " " -f 3-5 |
||||
register: new_or_upgraded_pkgs |
||||
when: upgrade_cmd.changed |
||||
|
||||
- name: Show installed/updated packages output |
||||
debug: |
||||
msg: "{{ new_or_upgraded_pkgs is defined and new_or_upgraded_pkgs.stdout_lines }}" |
||||
when: new_or_upgraded_pkgs.changed |
||||
|
||||
- name: Check if a reboot is needed |
||||
stat: |
||||
path: /var/run/reboot-required |
||||
register: reboot_required_file |
||||
|
||||
- name: Check if a docker upgrade happened |
||||
set_fact: |
||||
docker_upgrade: "{{ new_or_upgraded_pkgs is defined and 'stdout_lines' in new_or_upgraded_pkgs and 'docker' in new_or_upgraded_pkgs.stdout_lines }}" |
||||
|
||||
- name: Output warning when reboot is needed |
||||
debug: |
||||
msg: "--- WARNING: REBOOT REQUIRED ---" |
||||
when: reboot_required_file.stat.exists | bool or docker_upgrade | bool |
||||
|
||||
- name: Show prompt to take note of reboot |
||||
pause: |
||||
prompt: | |
||||
"{{ inventory_hostname }} requires a reboot, please take note and perform |
||||
this manually after this role finishes! Thank you for your system admin |
||||
labours!" |
||||
delegate_to: localhost |
||||
when: reboot_required_file.stat.exists | bool or docker_upgrade | bool |
Reference in new issue