Default variable details

Some of debops.unattended_upgrades default variables have more extensive configuration than simple strings or lists, here you can find documentation and examples for them.

unattended_upgrades__blacklist

The unattended_upgrades__blacklist and similar lists allow you to specify packages which shouldn't be upgraded automatically. The lists can be nested. You can specify them as simple package names or dictionaries with specific keys:

name

Required, string or list specifying a package name to include in the blacklist.

state

Required. Choices:

present

The specified package(s) will be added in the blacklist.

absent

The specified package(s) will be removed in the blacklist.

Examples

Include specified packages in the upgrade blacklist on all hosts:

unattended_upgrades__blacklist:

  - 'zsh'

  - name: 'postgresql'
    state: '{{ "present" if (ansible_hostname in [ "database", "db" ]) else "absent" }}'

  - name: [ '^linux-.*', 'vim' ]
    state: '{{ "present"
              if (ansible_local|d() and ansible_local.tags|d()
                  and "production" in ansible_local.tags)
              else "absent" }}'

unattended_upgrades__origins

The unattended_upgrades__origins and unattended_upgrades__dependent_origins lists define origin patterns of repositories that will be considered for unattended package upgrades. The lists can be nested. You can specify them as simple origin patterns or dictionaries with specific keys:

origin

Required, string or list of origin patterns.

Alternatively, origins also works.

state

Required. Choices:

present

The specified origin patterns will be considered for unattended package upgrades.

absent

The specified origin patterns will be not considered for unattended package upgrades.

Origins syntax

Lines below have the format format is keyword=value,.... A package will be upgraded only if the values in its metadata match all the supplied keywords in a line. (In other words, omitted keywords are wild cards.) The keywords originate from the Release file, but several aliases are accepted. The accepted keywords are:

a,archive,suite (eg, "stable")
c,component     (eg, "main", "crontrib", "non-free")
l,label         (eg, "Debian", "Debian-Security")
o,origin        (eg, "Debian", "Unofficial Multimedia Packages")
n,codename      (eg, "jessie", "jessie-updates")
  site          (eg, "http.debian.net")

The available values on the system are printed by the command "apt-cache policy", and can be debugged by running "unattended-upgrades -d" and looking at the log file.

Within lines unattended-upgrades allows 2 macros whose values are derived from /etc/debian_version:

${distro_id}            Installed origin.
${distro_codename}      Installed codename (eg, "jessie")

Codename based matching: This will follow the migration of a release through different archives (e. g. from testing to stable and later oldstable):

"o=Debian,n=jessie";
"o=Debian,n=jessie-updates";
"o=Debian,n=jessie-proposed-updates";
"o=Debian,n=jessie,l=Debian-Security";

Archive or Suite based matching: Note that this will silently match a different release after migration to the specified archive (e. g. testing becomes the new stable):

"o=Debian,a=stable";
"o=Debian,a=stable-updates";
"o=Debian,a=proposed-updates";
"origin=Debian,codename=${distro_codename},label=Debian-Security";

Examples

Include specified origin patterns for all hosts:

unattended_upgrades__origins:

  - 'o=packages.gitlab.com/gitlab/gitlab-ce,n=${distro_codename},l=gitlab-ce'

  - origin: 'site=download.owncloud.org'

  - origin: [ 'site=download.example.org', 'o=Example Testing Packages' ]
    state: '{{ "present" if (ansible_hostname in [ "testing", "staging" ]) else "absent" }}'