88 lines
3 KiB
YAML
88 lines
3 KiB
YAML
---
|
|
|
|
#
|
|
# This role adds dnf automatic package and configuration.
|
|
# We want this on any public facing Fedora installs so we
|
|
# can pick up security updates.
|
|
#
|
|
- block:
|
|
- name: install dnf-automatic
|
|
dnf:
|
|
name: dnf-automatic
|
|
state: present
|
|
tags:
|
|
- packages
|
|
|
|
- name: install /etc/dnf/automatic.conf
|
|
template:
|
|
src: automatic.conf.j2
|
|
dest: /etc/dnf/automatic.conf
|
|
mode: 0644
|
|
tags:
|
|
- config
|
|
|
|
- name: enable and start dnf-automatic
|
|
command: systemctl enable dnf-automatic.timer
|
|
when: ansible_distribution_major_version|int < 8 and ansible_distribution is 'RedHat'
|
|
args:
|
|
creates: /etc/systemd/system/basic.target.wants/dnf-automatic.timer
|
|
tags:
|
|
- config
|
|
|
|
- name: check if dnf-automatic.timer is active
|
|
command: systemctl is-active dnf-automatic.timer
|
|
register: automaticative
|
|
check_mode: no
|
|
changed_when: 1 != 1
|
|
ignore_errors: true
|
|
when: ansible_distribution_major_version|int < 8 and ansible_distribution is 'RedHat'
|
|
|
|
- name: start dnf-automatic.timer if it is not active
|
|
command: systemctl start dnf-automatic.timer
|
|
when: automaticative is failed and ansible_distribution_major_version|int < 8 and ansible_distribution is 'RedHat'
|
|
|
|
- name: enable and start dnf-automatic f26+
|
|
command: systemctl enable dnf-automatic-install.timer
|
|
when: ansible_distribution_major_version|int >= 29 and ansible_distribution is 'Fedora'
|
|
register: dnfautomaticenable
|
|
changed_when: dnfautomaticenable.rc != 0
|
|
tags:
|
|
- config
|
|
|
|
- name: enable and start dnf-automatic RHEL8+
|
|
command: systemctl enable dnf-automatic-install.timer
|
|
when: ansible_distribution_major_version|int >= 8 and ansible_distribution is 'RedHat'
|
|
register: dnfautomaticenable
|
|
changed_when: dnfautomaticenable.rc != 0
|
|
tags:
|
|
- config
|
|
|
|
- name: check if dnf-automatic-install.timer is active
|
|
command: systemctl is-active dnf-automatic-install.timer
|
|
register: automaticative
|
|
check_mode: no
|
|
changed_when: 1 != 1
|
|
ignore_errors: true
|
|
when: ansible_distribution_major_version|int >= 8 and ansible_distribution is 'RedHat'
|
|
|
|
- name: check if dnf-automatic-install.timer is active
|
|
command: systemctl is-active dnf-automatic-install.timer
|
|
register: automaticative
|
|
check_mode: no
|
|
changed_when: 1 != 1
|
|
ignore_errors: true
|
|
when: ansible_distribution_major_version|int >= 29 and ansible_distribution is 'Fedora'
|
|
|
|
- name: start dnf-automatic-install.timer if it is not active
|
|
command: systemctl start dnf-automatic-install.timer
|
|
when: automaticative is failed and ansible_distribution_major_version|int >= 8 and ansible_distribution is 'RedHat'
|
|
|
|
- name: start dnf-automatic-install.timer if it is not active
|
|
command: systemctl start dnf-automatic-install.timer
|
|
when: automaticative is failed and ansible_distribution_major_version|int >= 29 and ansible_distribution is 'Fedora'
|
|
|
|
- name: disable silly makecache timer
|
|
systemd: name=dnf-makecache masked=yes
|
|
ignore_errors: true
|
|
|
|
when: ansible_pkg_mgr == 'dnf'
|