Automate with Ansible: Part 5

Remember unattended-upgrades? Automate it with Ansible, bruh.

Previous

Automate with Ansible: Part 4

See also…

In the Linux Server Install Series, we set-up unattended-upgrades through the command line which also includes a portion that requires user interaction.

Linux Server Install: Part 2

In Automate with Ansible: Part 5, we’ll take that and implement it— non-interactively.

Non-interactive Ansible

The dpkg-reconfigure command is a command-line tool that allows you to reconfigure the settings of a package that was previously installed on a Debian-based system. It prompts the user to answer a series of questions to set the package's configuration options.

The --priority=low option is used to set the priority of the questions to low, which means that they will be displayed last. The unattended-upgrades is the package that you want to reconfigure.

By default the dpkg-reconfigure command prompts the user to answer the questions interactively, but it’s possible to run it non-interactively by providing the answers through the debconf-set-selections command.

Here is an example of how you can configure unattended-upgrades package non-interactively using the debconf-set-selections command:

- name: configure unattended-upgrades
  shell: echo "unattended-upgrades unattended-upgrades/enable_auto_updates boolean true" | debconf-set-selections

This command creates a string that would be similar to what you would type in on the command line, but it will not prompt for any user input.

Then you can use the dpkg-reconfigure command with --priority=low option and unattended-upgrades package name to apply the new configuration to the package:

- name: apply unattended-upgrades
  shell: dpkg-reconfigure -f noninteractive --priority=low unattended-upgrades

apt.yml

Your apt.yml file should now look like this:

- hosts: "*" # This is a wildcard that will match all hosts.yml in the inventory
  become: true # This will run all tasks as root
  tasks:
    - name: apt update && apt upgrade
      apt:
        update_cache: true
        upgrade: yes
    - name: Install packages
      apt:
        name: unattended-upgrades
        state: present
        update_cache: true
    - name: configure unattended-upgrades
      shell: echo "unattended-upgrades unattended-upgrades/enable_auto_updates boolean true" | debconf-set-selections
    - name: apply unattended-upgrades
      shell: dpkg-reconfigure -f noninteractive --priority=low unattended-upgrades

Run the playbook:

ansible-playbook ./playbooks/apt.yml --user batman --ask-pass --ask-become-pass -i ./inventory/hosts.yml

You should see an output similar to this:

Next

Automate with Ansible: Part 6