You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2021/04/16 18:02:10 UTC
[airavata] branch develop updated: Ansible: setup yum-cron to
automatically install security updates
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata.git
The following commit(s) were added to refs/heads/develop by this push:
new a933b5b Ansible: setup yum-cron to automatically install security updates
new 5d99d5c Merge branch 'yum-cron-security' into develop
a933b5b is described below
commit a933b5b9481b99bf85f1aec5f4bd6a7307a097e4
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Fri Apr 16 14:01:29 2021 -0400
Ansible: setup yum-cron to automatically install security updates
---
.../roles/env_setup/tasks/files/yum-cron.conf | 81 ++++++++++++++++++++++
dev-tools/ansible/roles/env_setup/tasks/main.yml | 22 ++++++
2 files changed, 103 insertions(+)
diff --git a/dev-tools/ansible/roles/env_setup/tasks/files/yum-cron.conf b/dev-tools/ansible/roles/env_setup/tasks/files/yum-cron.conf
new file mode 100644
index 0000000..1f9ed25
--- /dev/null
+++ b/dev-tools/ansible/roles/env_setup/tasks/files/yum-cron.conf
@@ -0,0 +1,81 @@
+[commands]
+# What kind of update to use:
+# default = yum upgrade
+# security = yum --security upgrade
+# security-severity:Critical = yum --sec-severity=Critical upgrade
+# minimal = yum --bugfix update-minimal
+# minimal-security = yum --security update-minimal
+# minimal-security-severity:Critical = --sec-severity=Critical update-minimal
+update_cmd = security
+
+# Whether a message should be emitted when updates are available,
+# were downloaded, or applied.
+update_messages = yes
+
+# Whether updates should be downloaded when they are available.
+download_updates = yes
+
+# Whether updates should be applied when they are available. Note
+# that download_updates must also be yes for the update to be applied.
+apply_updates = yes
+
+# Maximum amout of time to randomly sleep, in minutes. The program
+# will sleep for a random amount of time between 0 and random_sleep
+# minutes before running. This is useful for e.g. staggering the
+# times that multiple systems will access update servers. If
+# random_sleep is 0 or negative, the program will run immediately.
+# 6*60 = 360
+random_sleep = 360
+
+
+[emitters]
+# Name to use for this system in messages that are emitted. If
+# system_name is None, the hostname will be used.
+system_name = None
+
+# How to send messages. Valid options are stdio and email. If
+# emit_via includes stdio, messages will be sent to stdout; this is useful
+# to have cron send the messages. If emit_via includes email, this
+# program will send email itself according to the configured options.
+# If emit_via is None or left blank, no messages will be sent.
+emit_via = stdio
+
+# The width, in characters, that messages that are emitted should be
+# formatted to.
+output_width = 80
+
+
+[email]
+# The address to send email messages from.
+# NOTE: 'localhost' will be replaced with the value of system_name.
+email_from = root@localhost
+
+# List of addresses to send messages to.
+email_to = root
+
+# Name of the host to connect to to send email messages.
+email_host = localhost
+
+
+[groups]
+# NOTE: This only works when group_command != objects, which is now the default
+# List of groups to update
+group_list = None
+
+# The types of group packages to install
+group_package_types = mandatory, default
+
+[base]
+# This section overrides yum.conf
+
+# Use this to filter Yum core messages
+# -4: critical
+# -3: critical+errors
+# -2: critical+errors+warnings (default)
+debuglevel = -2
+
+# skip_broken = True
+mdpolicy = group:main
+
+# Uncomment to auto-import new gpg keys (dangerous)
+# assumeyes = True
diff --git a/dev-tools/ansible/roles/env_setup/tasks/main.yml b/dev-tools/ansible/roles/env_setup/tasks/main.yml
index bcd5327..a7ae890 100644
--- a/dev-tools/ansible/roles/env_setup/tasks/main.yml
+++ b/dev-tools/ansible/roles/env_setup/tasks/main.yml
@@ -83,4 +83,26 @@
become: yes
become_user: root
when: ansible_os_family == "RedHat"
+
+# Automatic security updates installation
+
+- name: Install yum-cron, yum-utils (RedHat)
+ yum: name={{ item }} state=latest update_cache=yes
+ become: yes
+ when: ansible_os_family == "RedHat"
+ with_items:
+ - yum-cron
+ - yum-utils
+
+- name: Copy yum-cron.conf config file
+ copy:
+ src: yum-cron.conf
+ dest: /etc/yum/yum-cron.conf
+ become: yes
+ when: ansible_os_family == "RedHat"
+
+- name: Enable and start yum-cron
+ service: name=yum-cron state=started enabled=yes daemon_reload=yes
+ become: yes
+ when: ansible_os_family == "RedHat"
...