debops.unattended_upgrades default variables
Sections
Main configuration
- unattended_upgrades__enabled
Enable or disable unattended package upgrades. If disabled,
unattended-upgrades
package won't be removed if it's installed, and its
configuration will be restored to default values.
unattended_upgrades__enabled: True
- unattended_upgrades__release
By default, unattended-upgrade performs only upgrades of packages from security repositories. This variable allows you to enable upgrades from all repositories (main, updates, backports).
unattended_upgrades__release: False
- unattended_upgrades__base_packages
List of base APT packages which will be installed by the role.
unattended_upgrades__base_packages: [ 'unattended-upgrades' ]
- unattended_upgrades__packages
List of additional APT packages which will be installed by the role.
unattended_upgrades__packages: []
Periodic APT updates
- unattended_upgrades__periodic
Enable or disable daily execution of /etc/cron.daily/apt
script. This
script runs unattended-upgrade, but also performs some other
actions which can be useful on their own. Enabling periodic APT runs
automatically enables repository updates, but not upgrades.
unattended_upgrades__periodic: '{{ False
if (ansible_local.apt.suite | d() == "archive")
else unattended_upgrades__enabled }}'
- unattended_upgrades__periodic_download
Download new versions of installed packages without upgrading.
unattended_upgrades__periodic_download: '{{ unattended_upgrades__periodic }}'
- unattended_upgrades__periodic_autoclean
Clean up obsolete and removed packages in APT cache every n days.
unattended_upgrades__periodic_autoclean: '7'
- unattended_upgrades__periodic_verbosity
Specify verbosity level of the /etc/cron.daily/apt
script, supported
levels are 0-3, higher level means higher verbosity. Enabling this option
will result in mails from cron with the script output being sent
to root
.
unattended_upgrades__periodic_verbosity: '0'
Unattended upgrade origin patterns
See unattended_upgrades__origins for more details about how origin entries can be defined.
- unattended_upgrades__origins
List of origin patterns which define repositories that will be considered for unattended package upgrades.
unattended_upgrades__origins: []
- unattended_upgrades__origins_lookup
List of strings which are used to select different origin patterns depending on installed OS and its release. The first found match wins.
unattended_upgrades__origins_lookup:
- '{{ ansible_distribution + "_" + (ansible_distribution_release.split("/")[0]) }}'
- '{{ ansible_distribution }}'
- 'default'
- unattended_upgrades__security_origins
Map of the security repositories of different Linux distributions.
unattended_upgrades__security_origins:
# https://www.debian.org/security/
'Debian':
- 'o=Debian,n=${distro_codename},l=Debian-Security'
- 'o=Debian,n=${distro_codename}-security,l=Debian-Security'
- 'o=${distro_id},n=${distro_codename}-updates'
# https://www.devuan.org/
'Devuan':
- 'o=Devuan,n=${distro_codename}-security,l=Devuan-Security'
- 'o=Devuan,n=${distro_codename}-updates'
# https://www.ubuntu.com/usn/
'Ubuntu':
- 'o=Ubuntu,n=${distro_codename},a=${distro_codename}-security'
- 'o=Ubuntu,n=${distro_codename},a=${distro_codename}-updates'
'default':
- 'o=${distro_id},n=${distro_codename},l=${distro_id}-Security'
- 'o=${distro_id},n=${distro_codename}-updates'
- unattended_upgrades__release_origins
List of origin patterns that specify the default repositories of the current
OS release. Enabled/disabled by the unattended_upgrades__release
variable.
unattended_upgrades__release_origins:
'Debian':
- 'o=${distro_id},n=${distro_codename}'
- 'o=${distro_id} Backports,n=${distro_codename}-backports'
'Devuan':
- 'o=${distro_id},n=${distro_codename}'
- 'o=${distro_id} Backports,n=${distro_codename}-backports'
'Ubuntu':
- 'o=Ubuntu,n=${distro_codename},a=${distro_codename}'
- 'o=Ubuntu,n=${distro_codename},a=${distro_codename}-backports'
'default':
- 'o=${distro_id},n=${distro_codename}'
- 'o=${distro_id},n=${distro_codename}-backports'
- unattended_upgrades__dependent_origins
List of origin patterns which can be used by other Ansible roles to add their own repositories to be automatically upgraded. This list is saved in the remote host Ansible local facts to avoid idempotency loops.
unattended_upgrades__dependent_origins: []
Unattended upgrade blacklists
See unattended_upgrades__blacklist for more details about how blacklist entries can be defined.
- unattended_upgrades__default_blacklist
Default list of APT packages which should not be upgraded automatically.
unattended_upgrades__default_blacklist: []
- unattended_upgrades__blacklist
List of APT packages that won't be upgraded automatically, used on all hosts.
unattended_upgrades__blacklist: []
- unattended_upgrades__group_blacklist
List of APT packages that won't be upgraded automatically, specific to a group of hosts in Ansible inventory.
unattended_upgrades__group_blacklist: []
- unattended_upgrades__host_blacklist
List of APT packages that won't be upgraded automatically, host-specific.
unattended_upgrades__host_blacklist: []
- unattended_upgrades__dependent_blacklist
List of APT packages that won't be upgraded automatically. This list should be used by other Ansible roles through role dependencies. Its contents will be saved in the remote host Ansible local facts to avoid idempotency loops.
unattended_upgrades__dependent_blacklist: []
Unattended upgrade misc options
- unattended_upgrades__auto_fix_interrupted_dpkg
Automatically run dpkg --force-confold --configure -a before unattended upgrades to fix any dpkg errors.
unattended_upgrades__auto_fix_interrupted_dpkg: True
- unattended_upgrades__ignore_app_require_restart
The unattended-upgrade script will automatically upgrade packages
that require a service restart. To disable this, set the option to False
.
unattended_upgrades__ignore_app_require_restart: True
- unattended_upgrades__minimal_steps
Split the upgrades into smallest possible steps so that the upgrade process can be interrupted if necessary.
unattended_upgrades__minimal_steps: True
- unattended_upgrades__install_on_shutdown
Enable or disable unattended upgrades at the host shutdown instead of performing it in the background.
unattended_upgrades__install_on_shutdown: False
- unattended_upgrades__mail_from
The email address used as the From: field. If empty, the default specified by /usr/bin/unattended-upgrade is used.
unattended_upgrades__mail_from: ''
- unattended_upgrades__mail_to
List of email addresses to which the unattended-upgrade script will sent the emails with upgrade results. Specify an empty list to disable.
unattended_upgrades__mail_to: '{{ ansible_local.core.admin_private_email
| d(["root@" + ansible_domain]) }}'
- unattended_upgrades__mail_only_on_error
Enable or disable an option to only send mail messages when errors occur during unattended upgrades.
unattended_upgrades__mail_only_on_error: True
- unattended_upgrades__remove_unused
Enable or disable automatic removal of the unused package dependencies after unattended upgrade (apt-get autoremove).
unattended_upgrades__remove_unused: False
- unattended_upgrades__auto_reboot
Automatically reboot the host without confirmation after unattended upgrade if any packages require it.
unattended_upgrades__auto_reboot: False
- unattended_upgrades__auto_reboot_time
Specify the time of the automatic reboot instead of now
.
unattended_upgrades__auto_reboot_time: '{{ "02:30"
if (ansible_virtualization_role in ["host", "NA"])
else ("02:%02d" | format(55 | random(seed=inventory_hostname, start=40))) }}'
- unattended_upgrades__bandwidth_limit
Limit the amount of bandwidth used by APT to download packages, in kb/s (kilobytes per second).
unattended_upgrades__bandwidth_limit: ''