smauro/prod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
prod/ansible/playbooks/apt_update_upgrade.yml

75 lines
2.3 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
- name: APT update + dist-upgrade (minimal + vault become)
hosts: debians
gather_facts: false
become: true
become_method: sudo
vars:
apt_update_timeout_seconds: 300
apt_http_timeout_seconds: 20
apt_force_ipv4: true
pre_tasks:
- name: Charger les variables vault (become_passwords)
ansible.builtin.include_vars:
file: "../group_vars/all/vault.yml"
name: vault_secrets
- name: Normaliser la map des mots de passe
ansible.builtin.set_fact:
_become_map: >-
{{ vault_secrets.become_passwords
if (vault_secrets is mapping and 'become_passwords' in vault_secrets)
else vault_secrets }}
- name: Vérifier que le mot de passe existe pour lhôte courant
ansible.builtin.assert:
that:
- _become_map is mapping
- inventory_hostname in _become_map
fail_msg: >-
Mot de passe manquant pour {{ inventory_hostname }}.
Clés disponibles: {{ _become_map.keys() | list | sort | join(', ') }}
- name: Définir le mot de passe sudo (variable officielle)
ansible.builtin.set_fact:
ansible_become_password: "{{ _become_map[inventory_hostname] }}"
no_log: true
tasks:
- name: APT update (apt-get update with timeout)
block:
- ansible.builtin.command: >
timeout {{ apt_update_timeout_seconds }}s
apt-get
-o Acquire::http::Timeout={{ apt_http_timeout_seconds }}
-o Acquire::https::Timeout={{ apt_http_timeout_seconds }}
{% if apt_force_ipv4 %}-o Acquire::ForceIPv4=true{% endif %}
update
register: apt_update
changed_when: false
rescue:
- ansible.builtin.shell: |
apt-get update 2>&1 | tail -n 200
args:
executable: /bin/bash
register: apt_update_debug
changed_when: false
- ansible.builtin.fail:
msg: |
APT update a échoué sur {{ inventory_hostname }}.
{{ apt_update_debug.stdout }}
- name: APT dist-upgrade + nettoyage
ansible.builtin.apt:
upgrade: dist
force_apt_get: true
dpkg_options: "force-confdef,force-confold"
autoremove: true
autoclean: true
lock_timeout: 600
environment:
DEBIAN_FRONTEND: noninteractive
Reference in New Issue View Git Blame Copy Permalink