Apply package updates before we reboot in launch-node

When launching a new server we should make sure that all available package updates are installed before we reboot the server. This way we get available security updates applied to things like our kernel. This change adds a new playbook that runs the unattended-upgrade command on debuntu servers. Will need to add support for other platforms in a followup change. Change-Id: Idc88dc33afdd209c388452493e6a7f5731fa0974
2019-02-26 14:17:23 -08:00 · 2019-02-26 14:17:23 -08:00 · 52a4bae170
parent fb34c32c1f
commit 52a4bae170
2 changed files with 9 additions and 0 deletions
--- a/launch/launch-node.py
+++ b/launch/launch-node.py
@ -182,6 +182,7 @@ def bootstrap_server(server, key, name, volume_device, keep,
        for playbook in [
                'set-hostnames.yaml',
                'base.yaml',
+                'apply-package-updates.yaml',
        ]:
            run(ansible_cmd + [
                os.path.join(SCRIPT_DIR, '..', 'playbooks', playbook)],
--- a/playbooks/apply-package-updates.yaml
+++ b/playbooks/apply-package-updates.yaml
@ -0,0 +1,8 @@
+- hosts: "{{ target }}"
+  user: root
+  tasks:
+    - name: Run unattended-upgrade on debuntu
+      shell: |
+        unattended-upgrade -d
+      when: ansible_facts['os_family'] == "Debian"
+  # TODO add equivalent for other platforms