# Copyright 2022 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ### ### Sets up the host systems to perform updates ### ### Based on configuration hosted on the machine, can be updated by Ansible Pull or a future agent ### - name: Create folder for abm-install if not exist file: path: "{{ abm_install_folder }}" state: directory mode: '0755' - name: Setup default update configuration file template: src: "abm-update-config.j2.conf" dest: "{{ abm_install_folder }}/abm-update-config.conf" owner: root group: root mode: '0600' ### unattended upgrades configuration & setup # Set the upgrades to all happen daily (conditional to timer) and enable auto removal - name: Replace unattended upgrades configuration template: src: "20auto-upgrades.j2.conf" dest: "/etc/apt/apt.conf.d/20auto-upgrades" owner: root group: root mode: '0600' - name: Create folder for update timer config file: path: "/etc/systemd/system/apt-daily.timer.d" state: directory mode: '0700' - name: Create folder for upgrade timer config file: path: "/etc/systemd/system/apt-daily-upgrade.timer.d/" state: directory mode: '0700' - name: Set timer for apt UPDATE via unattended upgrades template: src: "apt-timer-update-override.j2.conf" dest: "/etc/systemd/system/apt-daily.timer.d/override.conf" owner: root group: root mode: '0600' - name: Set timer for apt UPGRADE via unattended upgrades template: src: "apt-timer-upgrade-override.j2.conf" dest: "/etc/systemd/system/apt-daily-upgrade.timer.d/override.conf" owner: root group: root mode: '0600' - name: Cron file for OS update template: src: "system-update-cron.j2" dest: "/etc/cron.d/system-update-cron" owner: root group: root mode: '0700' ### gcloud cron updates - name: Script for gcloud cron update template: src: "gcloud-update-script.sh" dest: "{{ abm_install_folder }}/gcloud-update-script.sh" owner: root group: root mode: '0700' - name: Set up logrotate for gcloud updates template: src: gcloud-update-logrotate.j2 dest: /etc/logrotate.d/gcloud-update-log-rotate owner: root group: root mode: 0644 - name: Cron file for gcloud update template: src: "gcloud-update-cron.j2" dest: "/etc/cron.d/gcloud-update-cron" owner: root group: root mode: '0700'