Skip to content

Unattended upgrades improvments #718

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 16 commits into from
Aug 31, 2024
Merged

Unattended upgrades improvments #718

merged 16 commits into from
Aug 31, 2024

Conversation

jdaln
Copy link
Contributor

@jdaln jdaln commented Aug 23, 2024

I had to postpone this a bit sorry.

This is a very early draft PR. Feel free to add commits. I will continue next week.

Relates to #699 .

@jdaln
Copy link
Contributor Author

jdaln commented Aug 28, 2024

@konstruktoid Should the RedHat side be done in the same PR?

I can propose some code but I am currently not able to test it.

@konstruktoid
Copy link
Owner

@konstruktoid Should the RedHat side be done in the same PR?

I can propose some code but I am currently not able to test it.

dnf_automatic doesn't have that many options, it just need to support https://github.com/konstruktoid/ansible-role-hardening/blob/master/tasks/automatic_updates.yml#L42

https://dnf.readthedocs.io/en/latest/automatic.html

@jdaln
Copy link
Contributor Author

jdaln commented Aug 29, 2024

@konstruktoid Should the RedHat side be done in the same PR?
I can propose some code but I am currently not able to test it.

dnf_automatic doesn't have that many options, it just need to support https://github.com/konstruktoid/ansible-role-hardening/blob/master/tasks/automatic_updates.yml#L42

https://dnf.readthedocs.io/en/latest/automatic.html
Alright, I mark this as ready. If this feature is wanted in the future, what could be done is something like this as a workaround:

- name: Configure reboot systemd service
      ansible.builtin.template:
        src: reboot-service.j2
        dest: /etc/systemd/system/reboot-if-needed.service
        mode: "0644"

    - name: Configure reboot systemd timer
      ansible.builtin.template:
        src: reboot-timer.j2
        dest: /etc/systemd/system/reboot-if-needed.timer
        mode: "0644"

    - name: Enable and start reboot timer
      ansible.builtin.systemd:
        name: reboot-if-needed.timer
        enabled: true
        state: started

with
reboot-service.j2

[Unit]
Description=Reboot the system if needed at a scheduled time

[Service]
Type=oneshot
ExecStart=/usr/bin/systemctl reboot

reboot-timer.j2

[Unit]
Description=Schedule reboot at a specific time if updates require a reboot

[Timer]
OnCalendar=*-*-* {{ reboot_time|default("02:00") }}
Persistent=true

[Install]
WantedBy=timers.target

@jdaln jdaln marked this pull request as ready for review August 29, 2024 12:29
@jdaln jdaln requested a review from konstruktoid as a code owner August 29, 2024 12:29
konstruktoid
konstruktoid requested changes Aug 30, 2024
View reviewed changes
@konstruktoid konstruktoid merged commit e8feeeb into konstruktoid:master Aug 31, 2024
2 checks passed
@konstruktoid
Copy link
Owner

Thanks @jdaln!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@konstruktoid konstruktoid konstruktoid approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jdaln @konstruktoid