From b61b08de5b5ce94307b14ebf4bd9491ebd54641e Mon Sep 17 00:00:00 2001 From: Allar Viik Date: Wed, 24 Jan 2024 11:36:06 +0000 Subject: [PATCH] Refactored & linted `updates` role to be faster --- .../roles/updates/tasks/debian_family.yml | 26 +++++++------------ nova/core/roles/updates/tasks/freebsd.yml | 2 +- .../roles/updates/tasks/redhat_family.yml | 2 +- 3 files changed, 11 insertions(+), 19 deletions(-) diff --git a/nova/core/roles/updates/tasks/debian_family.yml b/nova/core/roles/updates/tasks/debian_family.yml index 1c7988c6..8a532c49 100644 --- a/nova/core/roles/updates/tasks/debian_family.yml +++ b/nova/core/roles/updates/tasks/debian_family.yml @@ -2,7 +2,7 @@ - name: Updating packages... ansible.builtin.apt: update_cache: true - state: latest + state: present autoclean: true autoremove: true upgrade: full @@ -28,26 +28,22 @@ - name: Including unattended upgrades tasks... when: debian_family_unattended_upgrades block: - - name: Installing unattended upgrades package ... + - name: Installing unattended upgrades package... ansible.builtin.apt: name: unattended-upgrades - state: latest + state: present register: linux_updates until: not linux_updates.failed retries: 5 delay: 3 - - name: Ensure that /etc/apt/apt.conf.d/20auto-upgrades exists ... - ansible.builtin.file: - path: /etc/apt/apt.conf.d/20auto-upgrades - state: touch - mode: "0644" - - - name: Enable unattended upgrades ... + - name: Enable unattended upgrades... ansible.builtin.lineinfile: path: /etc/apt/apt.conf.d/{{ item.file }} regexp: "{{ item.match }}" line: "{{ item.value }}" + create: true + mode: "0644" loop: - file: 20auto-upgrades match: .*Update-Package-Lists @@ -70,7 +66,7 @@ match: Unattended-Upgrade::Origins-Pattern { "origin=*";}; value: Unattended-Upgrade::Origins-Pattern { "origin=*";}; - - name: Set Automatic-Reboot value for upgrades ... + - name: Set Automatic-Reboot value for upgrades... ansible.builtin.lineinfile: path: /etc/apt/apt.conf.d/50unattended-upgrades regexp: .*Automatic-Reboot @@ -79,17 +75,13 @@ - name: Disabling unattended upgrades... when: not debian_family_unattended_upgrades block: - - name: Ensure that /etc/apt/apt.conf.d/20auto-upgrades exists ... - ansible.builtin.file: - path: /etc/apt/apt.conf.d/20auto-upgrades - state: touch - mode: "0644" - - name: Disabling unattended upgrades & updates... ansible.builtin.lineinfile: path: /etc/apt/apt.conf.d/20auto-upgrades regexp: "{{ item.regexp }}" line: "{{ item.line }}" + create: true + mode: "0644" loop: - regexp: .*Unattended-Upgrade line: APT::Periodic::Unattended-Upgrade "0"; diff --git a/nova/core/roles/updates/tasks/freebsd.yml b/nova/core/roles/updates/tasks/freebsd.yml index 3fa2ec51..839e1182 100644 --- a/nova/core/roles/updates/tasks/freebsd.yml +++ b/nova/core/roles/updates/tasks/freebsd.yml @@ -2,4 +2,4 @@ - name: Updating all packages... ansible.builtin.package: name: "*" - state: latest + state: latest # Latest is used in order to perform a full upgrade diff --git a/nova/core/roles/updates/tasks/redhat_family.yml b/nova/core/roles/updates/tasks/redhat_family.yml index ac953aaa..d0706019 100644 --- a/nova/core/roles/updates/tasks/redhat_family.yml +++ b/nova/core/roles/updates/tasks/redhat_family.yml @@ -3,7 +3,7 @@ ansible.builtin.yum: name: "*" update_cache: true - state: latest + state: latest # Latest is used in order to perform a full upgrade - name: Running update cleanup... ansible.builtin.yum: