2022-07-10 10:48:13 +02:00
|
|
|
---
|
|
|
|
- name: Autoupdate
|
|
|
|
hosts: all
|
|
|
|
tasks:
|
|
|
|
|
|
|
|
- name: Create updates dir /usr/local/sbin/autoupdate.d
|
|
|
|
ansible.builtin.file:
|
|
|
|
path: /usr/local/sbin/autoupdate.d
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
state: directory
|
|
|
|
mode: "0700"
|
|
|
|
|
|
|
|
- name: /usr/local/sbin/autoupdate.sh
|
|
|
|
blockinfile:
|
|
|
|
path: /usr/local/sbin/autoupdate.sh
|
|
|
|
mode: "0500"
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
create: yes
|
|
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK"
|
|
|
|
block: |
|
|
|
|
. /etc/bash/gaboshlib.include
|
|
|
|
g_nice
|
|
|
|
g_lockfile
|
|
|
|
g_all-to-syslog
|
2023-07-18 14:16:43 +02:00
|
|
|
DISPLAY=""
|
2022-07-10 10:48:13 +02:00
|
|
|
set -o pipefail
|
2022-12-04 17:24:11 +01:00
|
|
|
for update in $(find /usr/local/sbin/autoupdate.d -name "*.update" -type f | sort)
|
2022-07-10 10:48:13 +02:00
|
|
|
do
|
|
|
|
g_echo "Running: $update"
|
|
|
|
. "$update"
|
|
|
|
sleep 60
|
|
|
|
done
|
|
|
|
backup: yes
|
|
|
|
validate: /bin/bash -n %s
|
|
|
|
|
|
|
|
- name: /usr/local/sbin/autoupdate.sh shebang
|
|
|
|
lineinfile:
|
|
|
|
path: /usr/local/sbin/autoupdate.sh
|
|
|
|
insertbefore: BOF
|
|
|
|
line: "#!/bin/bash"
|
|
|
|
|
|
|
|
- name: /usr/local/sbin/autoupdate.d/debian.update
|
|
|
|
blockinfile:
|
|
|
|
path: /usr/local/sbin/autoupdate.d/debian.update
|
|
|
|
mode: "0400"
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
create: yes
|
|
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK"
|
|
|
|
block: |
|
|
|
|
g_echo_ok "Prüfe auf Systemupdates"
|
|
|
|
apt-get update || g_echo_error "apt-get update fehlgeschlagen"
|
|
|
|
if ! apt-get -s dist-upgrade 2>&1 | sed -e "s/'/'\\\\''/g; 1s/^/'/; \$s/\$/'/" | tee $g_tmp/sys-updatelist | egrep "^0.+, 0 .+, 0 .+ 0 .+\."
|
|
|
|
then
|
|
|
|
g_echo_warn "Systemupdate wird eingespielt: $(cat $g_tmp/sys-updatelist)"
|
|
|
|
DEBIAN_FRONTEND=noninteractive apt-get -yy dist-upgrade | sed -e "s/'/'\\\\''/g; 1s/^/'/; \$s/\$/'/" | tee $g_tmp/sys-update || g_echo_error "apt-get -yy dist-upgrade failed $($g_tmp/sys-update)"
|
|
|
|
DEBIAN_FRONTEND=noninteractive needrestart -b -r a | egrep -q "^NEEDRESTART-KSTA: [2|3]" && g_echo_warn "Server Reboot benötigt"
|
2022-09-28 14:48:24 +02:00
|
|
|
g_echo_warn $(DEBIAN_FRONTEND=noninteractive apt-get -yy auroremove 2>&1 | egrep -A10 "^The following packages will be REMOVED:")
|
2022-07-10 10:48:13 +02:00
|
|
|
fi
|
2022-09-21 17:41:33 +02:00
|
|
|
[ -x /usr/bin/flatpak ] && flatpak update --system --noninteractive --force-remove
|
2022-07-10 10:48:13 +02:00
|
|
|
backup: yes
|
|
|
|
validate: /bin/bash -n %s
|
|
|
|
|
2022-09-28 12:40:09 +02:00
|
|
|
- name: /usr/local/sbin/autoupdate.d/server.update
|
|
|
|
blockinfile:
|
|
|
|
path: /usr/local/sbin/autoupdate.d/server.update
|
|
|
|
mode: "0400"
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
create: yes
|
|
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK"
|
2022-11-29 13:47:41 +01:00
|
|
|
block: |
|
2023-07-03 14:58:28 +02:00
|
|
|
# Server-Config in Git
|
2022-11-29 13:47:41 +01:00
|
|
|
[ -e /root/server-$(hostname -s)/$(hostname -s).sh ] && bash -x /root/server-$(hostname -s)/$(hostname -s).sh >/var/log/server-$(hostname -s)-update.log 2>&1
|
2022-09-28 14:50:02 +02:00
|
|
|
g_echo_warn "$(egrep -B1 "^changed" /var/log/server-$(hostname -s)-update.log)"
|
2022-11-29 13:47:41 +01:00
|
|
|
g_echo_error "$(egrep -q -B1 -i '^error|^fatal' /var/log/server-$(hostname -s)-update.log && egrep -B50 '^error|^fatal' /var/log/server-$(hostname -s)-update.log)"
|
2023-07-03 14:58:28 +02:00
|
|
|
backup: yes
|
|
|
|
validate: /bin/bash -n %s
|
|
|
|
|
|
|
|
- name: /usr/local/sbin/autoupdate.d/client.update
|
|
|
|
blockinfile:
|
|
|
|
path: /usr/local/sbin/autoupdate.d/client.update
|
|
|
|
mode: "0400"
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
create: yes
|
|
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK"
|
|
|
|
block: |
|
|
|
|
# individual update script
|
|
|
|
updatesrv="update.$(domainname -d)"
|
|
|
|
if host ${updatesrv} >/dev/null 2>&1
|
|
|
|
then
|
|
|
|
mac=$(ip addr show $(ip route list | grep default | cut -d" " -f5) | grep "link/ether " | perl -pe 's/.*link\/ether //; s/:/-/g' | cut -d" " -f1)
|
|
|
|
usr=$(getent passwd 1000 | cut -d: -f1)
|
|
|
|
hst=$(hostname | cut -d. -f1 | perl -pe 's/ //g')
|
2023-07-18 14:16:43 +02:00
|
|
|
curl -s https://update.$(domainname -f)/${mac}--${usr}--${hst}.sh >${g_tmp}/update.sh
|
2023-07-05 16:40:55 +02:00
|
|
|
head -n1 ${g_tmp}/update.sh | grep -q "^#!/bin/bash" && bash ${g_tmp}/update.sh
|
2023-07-03 14:58:28 +02:00
|
|
|
fi
|
2022-09-28 12:40:09 +02:00
|
|
|
backup: yes
|
|
|
|
validate: /bin/bash -n %s
|
|
|
|
|
2022-07-10 10:48:13 +02:00
|
|
|
- name: /etc/cron.d/autoupdate_local
|
|
|
|
blockinfile:
|
|
|
|
path: /etc/cron.d/autoupdate_local
|
|
|
|
mode: "0400"
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
create: yes
|
|
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK"
|
|
|
|
block: |
|
|
|
|
## Auto-Update
|
|
|
|
5 6 * * * root /usr/local/sbin/autoupdate.sh
|
|
|
|
backup: yes
|