Automate with Ansible: Part 5
Remember unattended-upgrades? Automate it with Ansible, bruh.
Previous
See also…
In the Linux Server Install Series, we set-up unattended-upgrades through the command line which also includes a portion that requires user interaction.
In Automate with Ansible: Part 5, we’ll take that and implement it— non-interactively.
Non-interactive Ansible
The dpkg-reconfigure
command is a command-line tool that allows you to reconfigure the settings of a package that was previously installed on a Debian-based system. It prompts the user to answer a series of questions to set the package's configuration options.
The --priority=low
option is used to set the priority of the questions to low, which means that they will be displayed last. The unattended-upgrades
is the package that you want to reconfigure.
By default the dpkg-reconfigure
command prompts the user to answer the questions interactively, but it’s possible to run it non-interactively by providing the answers through the debconf-set-selections
command.
Here is an example of how you can configure unattended-upgrades
package non-interactively using the debconf-set-selections
command:
- name: configure unattended-upgrades
shell: echo "unattended-upgrades unattended-upgrades/enable_auto_updates boolean true" | debconf-set-selections
This command creates a string that would be similar to what you would type in on the command line, but it will not prompt for any user input.
Then you can use the dpkg-reconfigure
command with --priority=low
option and unattended-upgrades package name to apply the new configuration to the package:
- name: apply unattended-upgrades
shell: dpkg-reconfigure -f noninteractive --priority=low unattended-upgrades
apt.yml
Your apt.yml
file should now look like this:
- hosts: "*" # This is a wildcard that will match all hosts.yml in the inventory
become: true # This will run all tasks as root
tasks:
- name: apt update && apt upgrade
apt:
update_cache: true
upgrade: yes
- name: Install packages
apt:
name: unattended-upgrades
state: present
update_cache: true
- name: configure unattended-upgrades
shell: echo "unattended-upgrades unattended-upgrades/enable_auto_updates boolean true" | debconf-set-selections
- name: apply unattended-upgrades
shell: dpkg-reconfigure -f noninteractive --priority=low unattended-upgrades
Run the playbook:
ansible-playbook ./playbooks/apt.yml --user batman --ask-pass --ask-become-pass -i ./inventory/hosts.yml
You should see an output similar to this: