added logic

defaults/main.yml

@@ -0,0 +1,185 @@
+---
+
+# Cache update time for apt module
+unattended_cache_valid_time: 3600
+
+#########################################
+######### auto-upgrades.j2 vars #########
+#########################################
+
+# APT::Periodic::Enable "1";
+#   Enable the update/upgrade script (0=disable)
+unattended_enabled: 1
+
+# APT::Periodic::Unattended-Upgrade "1";
+#   Run the "unattended-upgrade" security upgrade script
+#   every n-days (0=disabled)
+#   Requires the package "unattended-upgrades" and will write
+#   a log in /var/log/unattended-upgrad
+unattended_upgrade: 1
+
+# APT::Periodic::Update-Package-Lists "1";
+#   Do "apt-get update" automatically every n-days (0=disable)
+unattended_update_package_list: 1
+
+# APT::Periodic::Download-Upgradeable-Packages "0";
+#   Do "apt-get upgrade --download-only" every n-days (0=disable)
+#unattended_download_upgradeable: 0
+
+# APT::Periodic::AutocleanInterval "0";
+#   Do "apt-get autoclean" every n-days (0=disable)
+unattended_autoclean_interval: 7
+
+# APT::Periodic::CleanInterval "0";
+#   Do "apt-get clean" every n-days (0=disable)
+#unattended_clean_interval: 0
+
+# APT::Periodic::Verbose "0";
+#   Send report mail to root
+#     0:  no report             (or null string)
+#     1:  progress report       (actually any string)
+#     2:  + command outputs     (remove -qq, remove 2>/dev/null, add -d)
+#     3:  + trace on
+#unattended_verbose: 0
+
+## Cron systems only
+
+# APT::Periodic::RandomSleep
+#   When the apt job starts, it will sleep for a random period between 0
+#   and APT::Periodic::RandomSleep seconds
+#   The default value is "1800" so that the script will stall for up to 30
+#   minutes (1800 seconds) so that the mirror servers are not crushed by
+#   everyone running their updates all at the same time
+#   Kept undefined to allow default (1800)
+#unattended_random_sleep: 0
+
+#########################################
+###### unattended-upgrades.j2 vars ######
+#########################################
+
+# Unattended-Upgrade::Origins-Pattern
+#   Unattended-Upgrade::Origins-Pattern controls which packages are
+#   upgraded.
+#
+#   Lines below have the format format is "keyword=value,...".  A
+#   package will be upgraded only if the values in its metadata match
+#   all the supplied keywords in a line.  (In other words, omitted
+#   keywords are wild cards.) The keywords originate from the Release
+#   file, but several aliases are accepted.  The accepted keywords are:
+#     a,archive,suite (eg, "stable")
+#     c,component     (eg, "main", "crontrib", "non-free")
+#     l,label         (eg, "Debian", "Debian-Security")
+#     o,origin        (eg, "Debian", "Unofficial Multimedia Packages")
+#     n,codename      (eg, "jessie", "jessie-updates")
+#     site          (eg, "http.debian.net")
+#   The available values on the system are printed by the command
+#   "apt-cache policy", and can be debugged by running
+#   "unattended-upgrades -d" and looking at the log file.
+#
+#   Within lines unattended-upgrades allows 2 macros whose values are
+#   derived from /etc/debian_version:
+#     ${distro_id}            Installed origin.
+#     ${distro_codename}      Installed codename (eg, "jessie")
+#
+#   Automatically upgrade packages from these origin patterns
+#   e.g.: 'o=Debian,a=stable', 'o=Debian,a=stable-updates'
+#
+#   Left unset, distribution-specific defaults will be used through
+#   __unattended_origins_patterns variable only if this variable
+#   is not provided externally
+#unattended_origins_patterns: []
+
+# Unattended-Upgrade::Package-Blacklist
+#   List of packages to not update (regexp are supported)
+unattended_package_blacklist: []
+
+# Unattended-Upgrade::AutoFixInterruptedDpkg
+#   On a unclean dpkg exit unattended-upgrades will run
+#     dpkg --force-confold --configure -a
+#   The default is true, to ensure updates keep getting installed
+unattended_autofix_interrupted_dpkg: true
+
+# Unattended-Upgrade::MinimalSteps
+#   Split the upgrade into the smallest possible chunks so that
+#   they can be interrupted with SIGUSR1. This makes the upgrade
+#   a bit slower but it has the benefit that shutdown while a upgrade
+#   is running is possible (with a small delay)
+unattended_minimal_steps: true
+
+# Unattended-Upgrade::InstallOnShutdown
+#   Install all unattended-upgrades when the machine is shuting down
+#   instead of doing it in the background while the machine is running
+#   This will (obviously) make shutdown slower
+unattended_install_on_shutdown: false
+
+# Unattended-Upgrade::Mail
+#   Send email to this address for problems or packages upgrades
+#   If empty or unset then no email is sent, make sure that you
+#   have a working mail setup on your system. A package that provides
+#   'mailx' must be installed.
+unattended_mail: false
+
+# Unattended-Upgrade::MailOnlyOnError
+#   Set this value to "true" to get emails only on errors. Default
+#   is to always send a mail if Unattended-Upgrade::Mail is set
+unattended_mail_only_on_error: false
+
+# Unattended-Upgrade::Remove-Unused-Dependencies
+#   Do automatic removal of all unused dependencies after the upgrade
+#   (equivalent to apt-get autoremove)
+unattended_remove_unused_dependencies: false
+
+# Unattended-Upgrade::Remove-New-Unused-Dependencies
+#    Remove any new unused dependencies after the upgrade
+unattended_remove_new_unused_dependencies: true
+
+# Unattended-Upgrade::Automatic-Reboot
+#   Automatically reboot *WITHOUT CONFIRMATION* if a
+#   the file /var/run/reboot-required is found after the upgrade
+unattended_automatic_reboot: false
+
+# Unattended-Upgrade::Automatic-Reboot-Time
+#   If automatic reboot is enabled and needed, reboot at the specific
+#   time instead of immediately
+unattended_automatic_reboot_time: false
+
+# Unattended-Upgrade::Update-Days
+#   Set the days of the week that updates should be applied. The days 
+#   can be specified as localized abbreviated or full names. Or as 
+#   integers where "0" is Sunday, "1" is Monday etc. Example: {"Mon";"Fri"};
+#unattended_update_days: '{"Mon";"Tue";"Wed";"Thu";"Fri";"Sat";"Sun"}'
+
+# Unattended-Upgrade::IgnoreAppsRequireRestart
+#   Do upgrade application even if it requires restart after upgrade
+#   I.e. "XB-Upgrade-Requires: app-restart" is set in the debian/control file
+unattended_ignore_apps_require_restart: false
+
+# Unattended-Upgrade::SyslogEnable
+#   Write events to syslog, which is useful in environments where syslog
+#   messages are sent to a central store.
+unattended_syslog_enable: false
+
+# Unattended-Upgrade::SyslogFacility
+#   Write events to the specified syslog facility, or the daemon facility if
+#   not specified. Requires the Unattended-Upgrade::SyslogEnable option to be
+#   set to true.
+#unattended_syslog_facility: "daemon"
+
+# Dpkg::Options
+#   Append options for governing dpkg behavior, e.g. --force-confdef.
+#   Provide dpkg options that take effect during unattended upgrades.
+#   By default no flags are appended. Configuration file changes can
+#   block installation of certain packages. Passing the flags
+#   "--force-confdef" and "--force-confold" will ensure updates are applied
+#   and old configuration files are preserved.
+unattended_dpkg_options: []
+
+# unattended_dpkg_options:
+#   - "--force-confdef"
+#   - "--force-confold"
+
+# Acquire::http::Dl-Limit
+#   Use apt bandwidth limit feature, this example limits the download speed to 70kb/sec
+#unattended_dl_limit: 70
+
+...

handlers/main.yml

@@ -0,0 +1,2 @@
+---
+...

meta/main.yml

@@ -0,0 +1,24 @@
+---
+dependencies: []
+
+galaxy_info:
+  role_name: unattended_upgrades
+  author: ckaserer
+  namespace: racqspace
+  description: Configure Ubuntu unattended-upgrades.
+  license: "MIT"
+  min_ansible_version: 2.4
+  platforms:
+    - name: Ubuntu
+      versions:
+        - focal
+  galaxy_tags:
+    - apt
+    - autoupdate
+    - maintenance
+    - system
+    - ubuntu
+    - unattended
+    - upgrade
+    - update
+...

molecule/default/converge.yml

@@ -0,0 +1,34 @@
+---
+- name: Converge
+  hosts: instance
+  vars:
+    unattended_periodic_enabled: 0
+    unattended_upgrade: 2
+    unattended_update_package_list: 2
+    unattended_download_upgradeable: 1
+    unattended_autoclean_interval: 1 
+    unattended_clean_interval: 1
+    unattended_verbose: 0
+    unattended_random_sleep: 1234
+
+    unattended_package_blacklist: []
+    unattended_autofix_interrupted_dpkg: false
+    unattended_minimal_steps: false
+    unattended_install_on_shutdown: true
+    unattended_mail: "root"
+    unattended_mail_only_on_error: true
+    unattended_remove_unused_dependencies: true
+    unattended_remove_new_unused_dependencies: true
+    unattended_automatic_reboot: true
+    unattended_automatic_reboot_time: "02:00"
+    unattended_update_days: '{"Mon";"Tue";"Wed";"Thu";"Fri";"Sat";"Sun"}'
+    unattended_ignore_apps_require_restart: true
+    unattended_syslog_enable: true
+    unattended_syslog_facility: "daemon"
+    unattended_dpkg_options:
+     - "--force-confdef"
+     - "--force-confold"
+    unattended_dl_limit: 70
+  roles:
+    - role: racqspace.unattended_upgrades
+...

molecule/default/molecule.yml

@@ -0,0 +1,16 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: instance
+    image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2004}-ansible:latest"
+    command: ${MOLECULE_DOCKER_COMMAND:-""}
+    pre_build_image: true
+    privileged: true
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup
+provisioner:
+  name: ansible
+...