commit 58809f7fc7f0ef8b3da310fd6d80956699cf0eda Author: decentral1se Date: Mon May 30 09:49:44 2022 +0200 init diff --git a/.ansible-lint.yml b/.ansible-lint.yml new file mode 100644 index 0000000..f9f8d89 --- /dev/null +++ b/.ansible-lint.yml @@ -0,0 +1,5 @@ +--- +skip_list: + - fqcn-builtins + - no-handler + - risky-shell-pipe diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..94baeea --- /dev/null +++ b/.drone.yml @@ -0,0 +1,16 @@ +---- +kind: pipeline +name: default +steps: + - name: integration test + image: python:3.9-buster + environment: + REMOTE_USER: molecule + HCLOUD_TOKEN: + from_secret: HCLOUD_TOKEN + commands: + - apt update && apt install -y pwgen + - mkdir -p /root/.ansible/roles && ln -sr . /root/.ansible/roles/autonomic.apt-upgrades + - export INSTANCE_UUID=$(pwgen 8 1) + - pip install -r requirements.txt + - molecule test diff --git a/.envrc.sample b/.envrc.sample new file mode 100644 index 0000000..8a266bf --- /dev/null +++ b/.envrc.sample @@ -0,0 +1,18 @@ +# Your username that you use for accounts on our machines. +export REMOTE_USER= +export ANSIBLE_USER=$REMOTE_USER + +# The path to our pass credentials store +export PASSWORD_STORE_DIR= + +# The Hetzner Cloud API token for managing our instances +# Uncomment the prod/test line below depending on what you're doing +# export HCLOUD_TOKEN=$(pass show logins/hetzner/prod/api_key) +# export HCLOUD_TOKEN=$(pass show logins/hetzner/test/api_key) +export HCLOUD_TOKEN=$(pass show logins/hetzner/cicd/api_key) + +# For molecule role testing +export INSTANCE_UUID=$RANDOM + +# So molecule will show credentials in the logs +export MOLECULE_NO_LOG=False diff --git a/.yamllint.yml b/.yamllint.yml new file mode 100755 index 0000000..456c99c --- /dev/null +++ b/.yamllint.yml @@ -0,0 +1,16 @@ +--- +extends: default + +yaml-files: + - "*.yaml" + - "*.yml" + +ignore: | + .venv + .drone.yml + +rules: + line-length: disable + braces: + max-spaces-inside: 1 + level: error diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..db10852 --- /dev/null +++ b/LICENSE @@ -0,0 +1,15 @@ +autonomic.apt-upgrades: Upgrade system packages +Copyright (C) 2022 Autonomic Co-operative + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see . diff --git a/README.md b/README.md new file mode 100644 index 0000000..070458e --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +# autonomic.apt-upgrades diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..7f4a0d9 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,14 @@ +--- +dependencies: [] +galaxy_info: + role_name: apt_upgrades + namespace: autonomic + author: autonomic + description: Upgrade apt packages using Ansible and reboot if needed + company: Autonomic + license: GPLv3 + min_ansible_version: 2.9 + platforms: + - name: Debian + versions: + - buster diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml new file mode 100644 index 0000000..3dc6082 --- /dev/null +++ b/molecule/default/converge.yml @@ -0,0 +1,7 @@ +--- +- name: Converge + hosts: all + tasks: + - name: Include autonomic.apt-upgrades + include_role: + name: autonomic.apt-upgrades diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..20f2c3f --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,19 @@ +--- +dependency: + name: galaxy + +driver: + name: hetznercloud + +platforms: + - name: "autonomic.apt-upgrades-${INSTANCE_UUID}" + server_type: "cx11" + image: "debian-10" + +provisioner: + name: ansible + +lint: | + set -e + yamllint -c .yamllint.yml . + ansible-lint --exclude .drone.yml -c .ansible-lint.yml . diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..7d6c96a --- /dev/null +++ b/requirements.txt @@ -0,0 +1,4 @@ +ansible-lint==6.0.0 +ansible==5.4.0 +molecule-hetznercloud==1.3.0 +molecule==3.6.1 diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..de2c74d --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,46 @@ +--- +- name: Update apt repo and cache + apt: + update_cache: true + force_apt_get: true + cache_valid_time: 3600 + +- name: Upgrade all packages + apt: + upgrade: full + force_apt_get: true + autoremove: true + register: upgrade_cmd + +- name: List newly installed and upgraded packages + shell: grep -E "^$(date +%Y-%m-%d).+ (install|upgrade) " /var/log/dpkg.log |cut -d " " -f 3-5 + register: new_or_upgraded_pkgs + when: upgrade_cmd.changed + +- name: Show installed/updated packages output + debug: + msg: "{{ new_or_upgraded_pkgs is defined and new_or_upgraded_pkgs.stdout_lines }}" + when: new_or_upgraded_pkgs.changed + +- name: Check if a reboot is needed + stat: + path: /var/run/reboot-required + register: reboot_required_file + +- name: Check if a docker upgrade happened + set_fact: + docker_upgrade: "{{ new_or_upgraded_pkgs is defined and 'stdout_lines' in new_or_upgraded_pkgs and 'docker' in new_or_upgraded_pkgs.stdout_lines }}" + +- name: Output warning when reboot is needed + debug: + msg: "--- WARNING: REBOOT REQUIRED ---" + when: reboot_required_file.stat.exists | bool or docker_upgrade | bool + +- name: Show prompt to take note of reboot + pause: + prompt: | + "{{ inventory_hostname }} requires a reboot, please take note and perform + this manually after this role finishes! Thank you for your system admin + labours!" + delegate_to: localhost + when: reboot_required_file.stat.exists | bool or docker_upgrade | bool