debops.unattended_upgrades default variables¶
Sections
Main configuration¶
-
unattended_upgrades__enabled¶
Enable or disable unattended package upgrades. If disabled,
unattended-upgrades package won't be removed if it's installed, and its
configuration will be restored to default values.
unattended_upgrades__enabled: True
-
unattended_upgrades__release¶
By default, unattended-upgrade performs only upgrades of packages from security repositories. This variable allows you to enable upgrades from all repositories (main, updates, backports).
unattended_upgrades__release: False
-
unattended_upgrades__base_packages¶
List of base APT packages which will be installed by the role.
unattended_upgrades__base_packages: [ 'unattended-upgrades' ]
-
unattended_upgrades__packages¶
List of additional APT packages which will be installed by the role.
unattended_upgrades__packages: []
Periodic APT updates¶
-
unattended_upgrades__periodic¶
Enable or disable daily execution of /etc/cron.daily/apt script. This
script runs unattended-upgrade, but also performs some other
actions which can be useful on their own. Enabling periodic APT runs
automatically enables repository updates, but not upgrades.
unattended_upgrades__periodic: '{{ False
if (ansible_local.apt.suite|d() == "archive")
else unattended_upgrades__enabled }}'
-
unattended_upgrades__periodic_download¶
Download new versions of installed packages without upgrading.
unattended_upgrades__periodic_download: '{{ unattended_upgrades__periodic }}'
-
unattended_upgrades__periodic_autoclean¶
Clean up obsolete and removed packages in APT cache every n days.
unattended_upgrades__periodic_autoclean: '7'
-
unattended_upgrades__periodic_verbosity¶
Specify verbosity level of the /etc/cron.daily/apt script, supported
levels are 0-3, higher level means higher verbosity. Enabling this option
will result in mails from cron with the script output being sent
to root.
unattended_upgrades__periodic_verbosity: '0'
Unattended upgrade origin patterns¶
See unattended_upgrades__origins for more details about how origin entries can be defined.
-
unattended_upgrades__origins¶
List of origin patterns which define repositories that will be considered for unattended package upgrades.
unattended_upgrades__origins: []
-
unattended_upgrades__origins_lookup¶
List of strings which are used to select different origin patterns depending on installed OS and its release. The first found match wins.
unattended_upgrades__origins_lookup:
- '{{ ansible_distribution + "_" + (ansible_distribution_release.split("/")[0]) }}'
- '{{ ansible_distribution }}'
- 'default'
-
unattended_upgrades__security_origins¶
Map of the security repositories of different Linux distributions.
unattended_upgrades__security_origins:
# https://www.debian.org/security/
'Debian_wheezy':
- 'o=Debian,l=Debian-Security'
# https://www.debian.org/security/
'Debian':
- 'o=Debian,n=${distro_codename},l=Debian-Security'
- 'o=Debian,n=${distro_codename}-security,l=Debian-Security'
- 'o=${distro_id},n=${distro_codename}-updates'
# https://www.devuan.org/
'Devuan':
- 'o=Devuan,n=${distro_codename}-security,l=Devuan-Security'
- 'o=Devuan,n=${distro_codename}-updates'
# https://www.ubuntu.com/usn/
'Ubuntu':
- 'o=Ubuntu,n=${distro_codename},a=${distro_codename}-security'
- 'o=Ubuntu,n=${distro_codename},a=${distro_codename}-updates'
'default':
- 'o=${distro_id},n=${distro_codename},l=${distro_id}-Security'
- 'o=${distro_id},n=${distro_codename}-updates'
-
unattended_upgrades__release_origins¶
List of origin patterns that specify the default repositories of the current
OS release. Enabled/disabled by the unattended_upgrades__release
variable.
unattended_upgrades__release_origins:
'Debian_wheezy':
- 'o=Debian'
- 'o=Debian Backports'
'Debian':
- 'o=${distro_id},n=${distro_codename}'
- 'o=${distro_id} Backports,n=${distro_codename}-backports'
'Devuan':
- 'o=${distro_id},n=${distro_codename}'
- 'o=${distro_id} Backports,n=${distro_codename}-backports'
'Ubuntu':
- 'o=Ubuntu,n=${distro_codename},a=${distro_codename}'
- 'o=Ubuntu,n=${distro_codename},a=${distro_codename}-backports'
'default':
- 'o=${distro_id},n=${distro_codename}'
- 'o=${distro_id},n=${distro_codename}-backports'
-
unattended_upgrades__dependent_origins¶
List of origin patterns which can be used by other Ansible roles to add their own repositories to be automatically upgraded. This list is saved in the remote host Ansible local facts to avoid idempotency loops.
unattended_upgrades__dependent_origins: []
Unattended upgrade blacklists¶
See unattended_upgrades__blacklist for more details about how blacklist entries can be defined.
-
unattended_upgrades__default_blacklist¶
Default list of APT packages which should not be upgraded automatically.
unattended_upgrades__default_blacklist: []
-
unattended_upgrades__blacklist¶
List of APT packages that won't be upgraded automatically, used on all hosts.
unattended_upgrades__blacklist: []
-
unattended_upgrades__group_blacklist¶
List of APT packages that won't be upgraded automatically, specific to a group of hosts in Ansible inventory.
unattended_upgrades__group_blacklist: []
-
unattended_upgrades__host_blacklist¶
List of APT packages that won't be upgraded automatically, host-specific.
unattended_upgrades__host_blacklist: []
-
unattended_upgrades__dependent_blacklist¶
List of APT packages that won't be upgraded automatically. This list should be used by other Ansible roles through role dependencies. Its contents will be saved in the remote host Ansible local facts to avoid idempotency loops.
unattended_upgrades__dependent_blacklist: []
Unattended upgrade misc options¶
-
unattended_upgrades__auto_fix_interrupted_dpkg¶
Automatically run dpkg --force-confold --configure -a before unattended upgrades to fix any dpkg errors.
unattended_upgrades__auto_fix_interrupted_dpkg: True
-
unattended_upgrades__ignore_app_require_restart¶
The unattended-upgrade script will automatically upgrade packages
that require a service restart. To disable this, set the option to False.
unattended_upgrades__ignore_app_require_restart: True
-
unattended_upgrades__minimal_steps¶
Split the upgrades into smallest possible steps so that the upgrade process can be interrupted if necessary.
unattended_upgrades__minimal_steps: True
-
unattended_upgrades__install_on_shutdown¶
Enable or disable unattended upgrades at the host shutdown instead of performing it in the background.
unattended_upgrades__install_on_shutdown: False
-
unattended_upgrades__mail_from¶
The email address used as the From: field. If empty, the default specified by /usr/bin/unattended-upgrade is used.
unattended_upgrades__mail_from: ''
-
unattended_upgrades__mail_to¶
List of email addresses to which the unattended-upgrade script will sent the emails with upgrade results. Specify an empty list to disable.
unattended_upgrades__mail_to: '{{ ansible_local.core.admin_private_email
| d([ "root@" + ansible_domain ]) }}'
-
unattended_upgrades__mail_only_on_error¶
Enable or disable an option to only send mail messages when errors occur during unattended upgrades.
unattended_upgrades__mail_only_on_error: True
-
unattended_upgrades__remove_unused¶
Enable or disable automatic removal of the unused package dependencies after unattended upgrade (apt-get autoremove).
unattended_upgrades__remove_unused: False
-
unattended_upgrades__auto_reboot¶
Automatically reboot the host without confirmation after unattended upgrade if any packages require it.
unattended_upgrades__auto_reboot: False
-
unattended_upgrades__auto_reboot_time¶
Specify the time of the automatic reboot instead of now.
unattended_upgrades__auto_reboot_time: '{{ "02:30"
if (ansible_virtualization_role in [ "host", "NA" ])
else ("02:%02d"|format(55 |random(seed=inventory_hostname, start=40))) }}'
-
unattended_upgrades__bandwidth_limit¶
Limit the amount of bandwidth used by APT to download packages, in kb/s (kilobytes per second).
unattended_upgrades__bandwidth_limit: ''