ansible-roles/apt/tasks/hold_packages.yml

104 lines
2.6 KiB
YAML

---
- ansible.builtin.include_role:
name: evolix/remount-usr
- name: "hold packages (apt)"
ansible.builtin.shell:
cmd: "set -o pipefail && (dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) || apt-mark hold {{ item }})"
executable: /bin/bash
check_mode: no
register: apt_mark
changed_when: "item + ' set on hold.' in apt_mark.stdout"
failed_when:
- apt_mark.rc != 0
- apt_mark.stdout | length > 0
loop: "{{ apt_hold_packages }}"
tags:
- apt
- name: "/etc/evolinux is present"
ansible.builtin.file:
dest: /etc/evolinux
mode: "0700"
state: directory
tags:
- apt
- name: "hold packages (config)"
ansible.builtin.lineinfile:
dest: /etc/evolinux/apt_hold_packages.cf
line: "{{ item }}"
create: True
state: present
loop: "{{ apt_hold_packages }}"
tags:
- apt
- name: "unhold packages (apt)"
ansible.builtin.shell:
cmd: "set -o pipefail && (dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) && apt-mark unhold {{ item }})"
executable: /bin/bash
check_mode: no
register: apt_mark
changed_when: "'Canceled hold on' + item in apt_mark.stdout"
failed_when: apt_mark.rc != 0 and not apt_mark.stdout = ''
loop: "{{ apt_unhold_packages }}"
tags:
- apt
- name: "unhold packages (config)"
ansible.builtin.lineinfile:
dest: /etc/evolinux/apt_hold_packages.cf
line: "{{ item }}"
create: True
state: absent
loop: "{{ apt_unhold_packages }}"
tags:
- apt
- name: /usr/share/scripts exists
ansible.builtin.file:
dest: /usr/share/scripts
mode: "0700"
owner: root
group: root
state: directory
tags:
- apt
- name: Check scripts is installed
ansible.builtin.copy:
src: check_held_packages.sh
dest: /usr/share/scripts/check_held_packages.sh
force: yes
mode: "0755"
tags:
- apt
- name: Check if Cron is installed
ansible.builtin.shell:
cmd: "dpkg --list 'cron' 2>/dev/null | grep -q -E '^(i|h)i'"
register: is_cron
changed_when: False
failed_when: False
check_mode: no
tags:
- apt
- name: Check for held packages (script)
ansible.builtin.cron:
cron_file: apt-hold-packages
name: check_held_packages
job: "/usr/share/scripts/check_held_packages.sh"
user: root
minute: "{{ apt_check_hold_cron_minute }}"
hour: "{{ apt_check_hold_cron_hour }}"
weekday: "{{ apt_check_hold_cron_weekday }}"
day: "{{ apt_check_hold_cron_day }}"
month: "{{ apt_check_hold_cron_month }}"
state: "present"
tags:
- apt
when: is_cron.rc == 0