0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 3 years have passed since last update.

Ubuntu Server 設定(1)

Posted at

この記事について

  • CentOSの終了に伴って、Ubuntuへ移行するとしたら、どのような設定を実施するかを調査し、実際に設定した内容についてまとめるものです
  • 項目が多岐に渡るので、空いた時間でアウトプットできる単位で、まとめていきます
  • すべてを試す訳ではなく、必要と思われるものや今後使えそうなものについて記載していきます
  • 構築するにあたり、ansibleで実装していきます

参考ドキュメント

前提

  • 検証用のサーバとして構築する

目次

Automatic Updates

タスクの新規作成

--- /dev/null
+++ b/base/tasks/automatic-updates.yml
@@ -0,0 +1,5 @@
+---
+- name: Automatic Updates
+  apt:
+    name: unattended-upgrades
+    state: present
diff --git a/base/tasks/main.yml b/base/tasks/main.yml
index 99a3e15..efa92af 100644
--- a/base/tasks/main.yml
+++ b/base/tasks/main.yml
@@ -1,2 +1,3 @@
 ---
 # tasks file for base
+- include: automatic-updates.yml

ansible実行


22:21 $ ansible-playbook -i inventory  -l ubuntu -b playbook.yml --syntax-check

playbook: playbook.yml
✔ ~/ghq/github.com/tshu1/ubuntu-2004 [base-settings L|✔]
22:21 $ ansible-playbook -i inventory  -l ubuntu -b playbook.yml --list-task

playbook: playbook.yml

  play #1 (all): all	TAGS: []
    tasks:
      base : Automatic Updates	TAGS: []


22:21 $ ansible-playbook -i inventory  -l ubuntu -b playbook.yml --check

PLAY [all] **************************************************************************************************************************

TASK [Gathering Facts] **************************************************************************************************************
ok: [localhost]

TASK [base : Automatic Updates] *****************************************************************************************************
ok: [localhost]

PLAY RECAP **************************************************************************************************************************
localhost                  : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0


22:22 $ ansible-playbook -i inventory  -l ubuntu -b playbook.yml

PLAY [all] **************************************************************************************************************************

TASK [Gathering Facts] **************************************************************************************************************
ok: [localhost]

TASK [base : Automatic Updates] *****************************************************************************************************
ok: [localhost]

PLAY RECAP **************************************************************************************************************************
localhost                  : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
  • 確認不足だったようで、もとからインストールされていたみたい

現行のファイルを手元に持ってきてansibleの管理対象とする

  • /etc/apt/apt.conf.d/50unattended-upgrades
  • /etc/apt/apt.conf.d/20auto-upgrades

## ファイルを取得
22:42 $ ansible ubuntu -i inventory -m fetch -a "src=/etc/apt/apt.conf.d/50unattended-upgrades dest=./base/files/" -b
localhost | CHANGED => {
    "changed": true,
    "checksum": "7de96b69782cfb1d8feb2dc8e22b9da512b6495e",
    "dest": "/Users/tshu1/ghq/github.com/tshu1/ubuntu-2004/base/files/localhost/etc/apt/apt.conf.d/50unattended-upgrades",
    "md5sum": "6cfaf67893454c604aaef30a57e63521",
    "remote_checksum": "7de96b69782cfb1d8feb2dc8e22b9da512b6495e",
    "remote_md5sum": null
}


22:43 $ ansible ubuntu -i inventory -m fetch -a "src=/etc/apt/apt.conf.d/20auto-upgrades dest=./base/files/" -b
localhost | CHANGED => {
    "changed": true,
    "checksum": "91d0ccbd3dddaa6f5f5efeee64c42df4680170ba",
    "dest": "/Users/tshu1/ghq/github.com/tshu1/ubuntu-2004/base/files/localhost/etc/apt/apt.conf.d/20auto-upgrades",
    "md5sum": "1c261d6541420797f8b824d65ac5c197",
    "remote_checksum": "91d0ccbd3dddaa6f5f5efeee64c42df4680170ba",
    "remote_md5sum": null
}

## ごみ処理

22:48 $ cd base/files/
22:49 $ ls -la
total 0
drwxr-xr-x   3 tshu1  staff   96  1  3 22:42 .
drwxr-xr-x  12 tshu1  staff  384  1  3 14:08 ..
drwxr-xr-x   3 tshu1  staff   96  1  3 22:42 localhost
22:49 $ mv localhost/etc .
22:49 $ ls -la
total 0
drwxr-xr-x   4 tshu1  staff  128  1  3 22:49 .
drwxr-xr-x  12 tshu1  staff  384  1  3 14:08 ..
drwxr-xr-x   3 tshu1  staff   96  1  3 22:42 etc
drwxr-xr-x   2 tshu1  staff   64  1  3 22:49 localhost
22:49 $ rmdir localhost/

22:50 $ tree
.
├── README.md
├── Vagrantfile
├── ansible.cfg
├── base
│   ├── README.md
│   ├── defaults
│   │   └── main.yml
│   ├── files
│   │   └── etc
│   │       └── apt
│   │           └── apt.conf.d
│   │               ├── 20auto-upgrades
│   │               └── 50unattended-upgrades

automatic-updates.ymlの修正

diff --git a/base/tasks/automatic-updates.yml b/base/tasks/automatic-updates.yml
index f41c361..88c34e1 100644
--- a/base/tasks/automatic-updates.yml
+++ b/base/tasks/automatic-updates.yml
@@ -1,5 +1,12 @@
 ---
-- name: Automatic Updates
+- name: Automatic Updates pkg install
   apt:
     name: unattended-upgrades
     state: present
+- name: Automatic Updates config file copy to remote server
+  copy:
+    src: "{{ role_path }}/files/etc/apt/apt.conf.d/{{ item }}"
+    dest: "/etc/apt/apt.conf.d/{{ item }}"
+  with_items:
+    - 50unattended-upgrades
+    - 20auto-upgrades
  • ansible実行結果
    • 何も修正していないので、okのステータス
23:17 $ ansible-playbook -i inventory  -l ubuntu -b playbook.yml

PLAY [all] **************************************************************************************************************************

TASK [Gathering Facts] **************************************************************************************************************
ok: [localhost]

TASK [base : Automatic Updates pkg install] *****************************************************************************************
ok: [localhost]

TASK [base : Automatic Updates config file copy to remote server] *******************************************************************
ok: [localhost] => (item=50unattended-upgrades)
ok: [localhost] => (item=20auto-upgrades)

PLAY RECAP **************************************************************************************************************************
localhost                  : ok=3    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

UbuntuのDocumentsに記載がある通り以下の設定を追加する

  • 毎日、upgrade可能なパッケージをダウンロードする
  • 毎週、パッケージファイルを削除する
diff --git a/base/files/etc/apt/apt.conf.d/20auto-upgrades b/base/files/etc/apt/apt.conf.d/20auto-upgrades
index 8d6d7c8..5d37e9f 100644
--- a/base/files/etc/apt/apt.conf.d/20auto-upgrades
+++ b/base/files/etc/apt/apt.conf.d/20auto-upgrades
@@ -1,2 +1,4 @@
 APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Download-Upgradeable-Packages "1";
+APT::Periodic::AutocleanInterval "7";
 APT::Periodic::Unattended-Upgrade "1";
  • ansible実行
23:27 $ ansible-playbook -i inventory  -l ubuntu -b playbook.yml

PLAY [all] **************************************************************************************************************************

TASK [Gathering Facts] **************************************************************************************************************
ok: [localhost]

TASK [base : Automatic Updates pkg install] *****************************************************************************************
ok: [localhost]

TASK [base : Automatic Updates config file copy to remote server] *******************************************************************
ok: [localhost] => (item=50unattended-upgrades)
changed: [localhost] => (item=20auto-upgrades)

PLAY RECAP **************************************************************************************************************************
localhost                  : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

auto upgradeの実行状況を把握する

Documentにある通り、apticronを使用して実現する

  • 複数のパッケージインストールになったので、ansibleの設定を修正し、新たにapticronの設定を追加
diff --git a/base/tasks/automatic-updates.yml b/base/tasks/automatic-updates.yml
index 88c34e1..cb71018 100644
--- a/base/tasks/automatic-updates.yml
+++ b/base/tasks/automatic-updates.yml
@@ -1,12 +1,18 @@
 ---
 - name: Automatic Updates pkg install
   apt:
-    name: unattended-upgrades
+    pkg:
+      - unattended-upgrades
+      - apticron
     state: present
 - name: Automatic Updates config file copy to remote server
   copy:
-    src: "{{ role_path }}/files/etc/apt/apt.conf.d/{{ item }}"
+    src:  "{{ role_path }}/files/etc/apt/apt.conf.d/{{ item }}"
     dest: "/etc/apt/apt.conf.d/{{ item }}"
   with_items:
     - 50unattended-upgrades
     - 20auto-upgrades
+- name: apticron config file copy to remote server
+  copy:
+    src:  "{{ role_path }}/files/etc/apticron/apticron.conf"
+    dest: "/etc/apticron/apticron.conf"
  • ansible実行
23:45 $ ansible-playbook -i inventory  -l ubuntu -b playbook.yml

PLAY [all] **************************************************************************************************************************

TASK [Gathering Facts] **************************************************************************************************************
ok: [localhost]

TASK [base : Automatic Updates pkg install] *****************************************************************************************
ok: [localhost]

TASK [base : Automatic Updates config file copy to remote server] *******************************************************************
ok: [localhost] => (item=50unattended-upgrades)
ok: [localhost] => (item=20auto-upgrades)

TASK [base : apticron config file copy to remote server] ****************************************************************************
changed: [localhost]

PLAY RECAP **************************************************************************************************************************
localhost                  : ok=4    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
  • 実際にサーバに入って確認してみるとcronの設定がされていた
  • 毎時7分だったので、まだ実行されたログはなかった

root@ubuntu-focal:/home/ansible# more /etc/cron.d/apticron
# cron entry for apticron

7 * * * * root if test -x /usr/sbin/apticron; then /usr/sbin/apticron --cron; else true; fi
  • このファイルも管理対象に加える
diff --git a/base/files/etc/cron.d/apticron b/base/files/etc/cron.d/apticron
new file mode 100644
index 0000000..470408b
--- /dev/null
+++ b/base/files/etc/cron.d/apticron
@@ -0,0 +1,3 @@
+# cron entry for apticron
+
+7 * * * * root if test -x /usr/sbin/apticron; then /usr/sbin/apticron --cron; else true; fi
diff --git a/base/tasks/automatic-updates.yml b/base/tasks/automatic-updates.yml
index cb71018..fb7bcad 100644
--- a/base/tasks/automatic-updates.yml
+++ b/base/tasks/automatic-updates.yml
@@ -14,5 +14,8 @@
     - 20auto-upgrades
 - name: apticron config file copy to remote server
   copy:
-    src:  "{{ role_path }}/files/etc/apticron/apticron.conf"
-    dest: "/etc/apticron/apticron.conf"
+    src:  "{{ role_path }}/files/etc/{{ item.src }}"
+    dest: "/etc/{{ item.dest }}"
+  with_items:
+    - { src: 'apticron/apticron.conf', dest: 'apticron/apticron.conf' }
+    - { src: 'cron.d/apticron', dest: 'cron.d/apticron' }
  • cronの実行時間を5分に変更
diff --git a/base/files/etc/cron.d/apticron b/base/files/etc/cron.d/apticron
index 470408b..4c5c5da 100644
--- a/base/files/etc/cron.d/apticron
+++ b/base/files/etc/cron.d/apticron
@@ -1,3 +1,3 @@
 # cron entry for apticron

-7 * * * * root if test -x /usr/sbin/apticron; then /usr/sbin/apticron --cron; else true; fi
+5 * * * * root if test -x /usr/sbin/apticron; then /usr/sbin/apticron --cron; else true; fi
  • 実行ログの確認
Jan  3 15:05:01 ubuntu-focal CRON[36384]: (root) CMD (if test -x /usr/sbin/apticron; then /usr/sbin/apticron --cron; else true; fi)

auto upgradeの実行状況の確認

  • mail.logを確認したところ、Connection timed outで配送できていなかったので、queueの中身を確認
root@ubuntu-focal:/home/ansible# mailq
-Queue ID-  --Size-- ----Arrival Time---- -Sender/Recipient-------
E0303BCD87     5433 Sun Jan  3 15:05:08  root@ubuntu-focal
(connect to alt2.gmail-smtp-in.l.google.com[2607:f8b0:4003:c0b::1a]:25: Network is unreachable)
                                         hogemoge@gmail.com

-- 5 Kbytes in 1 Request.
root@ubuntu-focal:/home/ansible# postcat -q E0303BCD87
*** ENVELOPE RECORDS deferred/E/E0303BCD87 ***
message_size:            5433             190               1               0            5433               0
message_arrival_time: Sun Jan  3 15:05:08 2021
create_time: Sun Jan  3 15:05:08 2021
named_attribute: rewrite_context=local
sender_fullname: root
sender: root@ubuntu-focal
*** MESSAGE CONTENTS deferred/E/E0303BCD87 ***
Received: by ubuntu-focal (Postfix, from userid 0)
	id E0303BCD87; Sun,  3 Jan 2021 15:05:08 +0000 (UTC)
To: hogemoge@gmail.com
Subject: 4 Ubuntu package update(s) for ubuntu-focal
MIME-Version: 1.0
Content-type: text/plain; charset=UTF-8
Content-transfer-encoding: 8bit
Message-Id: <20210103150508.E0303BCD87@ubuntu-focal>
Date: Sun,  3 Jan 2021 15:05:08 +0000 (UTC)
From: root <root@ubuntu-focal>

apticron report [Sun, 03 Jan 2021 15:05:08 +0000]
========================================================================

apticron has detected that some packages need upgrading on:

	ubuntu-focal
	[ 10.0.2.15 ]

The following packages are currently pending an upgrade:

	apport 2.20.11-0ubuntu27.14
	open-vm-tools 2:11.1.5-1~ubuntu20.04.2
	python3-apport 2.20.11-0ubuntu27.14
	python3-problem-report 2.20.11-0ubuntu27.14

========================================================================

Package Details:

apt-listchanges: Reading changelogs...
apt-listchanges: Changelogs
---------------------------

--- Changes for apport (apport python3-apport python3-problem-report) ---
apport (2.20.11-0ubuntu27.14) focal; urgency=medium

  * data/apport: only drop supplemental groups if the user is root. (LP: #1906565)

 -- Brian Murray <brian@ubuntu.com>  Thu, 03 Dec 2020 09:26:27 -0800

--- Changes for open-vm-tools ---
open-vm-tools (2:11.1.5-1~ubuntu20.04.2) focal; urgency=medium

  * Update to latest release v11.1.5 (LP: #1892266)
    - Revert "Add net-tools as dependency again." as we don't want to
      modify the focal seed/ISO content without a real issue behind it.

 -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 22 Jun 2020 08:40:58 +0200

open-vm-tools (2:11.1.5-1ubuntu1) groovy; urgency=medium

  * d/p/fix-FTBFS-glibc2.32.patch: fix tirpc flags to propagate correctly
    fixing an FTFBS with glibc >=2.32
  * d/rules: avoid FTBFS by ignoring nonnull errors for now

 -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 29 Sep 2020 13:37:20 +0200

open-vm-tools (2:11.1.5-1) unstable; urgency=medium

  * [5515c98] Don't recommend xserver-xorg-input-vmmouse.
    Thanks to Raphaël Hertzog (Closes: #966465)
  * [8a31efc] Update upstream source from tag 'upstream/11.1.5'
    Update to upstream version '11.1.5'
    with Debian dir 62c70f15b660e7719555a78e6658ced5ca05ca35
    Closes: #968688
  * [09714a7] Removing patches that were applied upstream

 -- Bernd Zeimetz <bzed@debian.org>  Thu, 20 Aug 2020 09:52:24 +0200

open-vm-tools (2:11.1.0-3) unstable; urgency=medium

  * [03d18b3] Fix gcc-10 related issues. (Closes: #957631)

 -- Bernd Zeimetz <bzed@debian.org>  Mon, 27 Jul 2020 22:38:58 +0200

open-vm-tools (2:11.1.0-2) unstable; urgency=medium

  [ Christian Ehrhardt ]
  * [4d69c6a] d/p/lp-1877678-: fixes for the sdmp plugin that is new in 11.1.0.
    Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
  * [38bd11e] d/control: change net-tools dependency to iproute2.
    Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>

  [ Bernd Zeimetz ]
  * [c15c08d] Add net-tools as dependency again.
    Various scripts still use ifconfig.

 -- Bernd Zeimetz <bzed@debian.org>  Fri, 19 Jun 2020 14:05:44 +0200

open-vm-tools (2:11.1.0-1) unstable; urgency=medium

  [ Christian Ehrhardt ]
  * [6b7d31d] New upstream version 11.1.0
    (Closes: #960061) (LP: #1877672)
  * [3ece93a14] d/control, d/rules, d//*sdmp*: add service discovery plugin (sdmp)
    (Closes: #960065) (LP: #1877678)
    Thanks to Oliver Kurth for the initial contribution, changes in addition:
    - d/control: improve description
    - rules fix whitespace damage
    - maintscripts: fixed some whihtespace damage
    - maintscripts: fixed maintainer scripts per skeletons from dh_make
    - maintscripts: added the service-active-before-restart check to postinst
      as well (was only in rm)
    - maintscripts: use deb-systemd-invoke
    - d/control: add further dependencies used in sdmp
  * [e0c9fbc14] remove patches applied upstream in 11.1.0
    - d/p/4ee0bd3c8_Rectify-a-log-spew-in-vmsvc-logging-vmware-vmsvc-root.log
    - d/p/89c0d4445_GitHub-Issue-367.-Remove-references-to-deprecated-G_INLINE_FUNC
    - d/p/f1f0b812e_add-appinfo-plugin
  * [f4cf14931] d/rules: drop perm fixup of vm-support as it is properly
    in /usr/bin/ now
  * [d71e99e33] lintian: add overrides for intentional cases
  * [ba27a73eb] d/p/debian/vmxnet_fix_kernel_4.7.patch: drop unused patch
  * [7488e6e2f] d/copyright: fix tab in text

 -- Bernd Zeimetz <bzed@debian.org>  Fri, 29 May 2020 09:46:40 +0200

open-vm-tools (2:11.0.5-5) unstable; urgency=medium

  * [8700b5e] Revert "Run vmtoolsd with Nice=-20"
    After discussing this issue with upstream we came to the conclusion that
    reverting this is the best option as it is possible to start programs
    trough vmtoolsd and they would also run with a nice level of -20.
    Upstream will fix this issue in a sane way.
  * [8a3a303] Add appinfo plugin.
    Thanks to Oliver Kurth (Closes: #954958)

 -- Bernd Zeimetz <bzed@debian.org>  Thu, 09 Apr 2020 11:42:15 +0200

========================================================================

You can perform the upgrade by issuing the command:

	apt-get dist-upgrade

as root on ubuntu-focal

--
apticron
*** HEADER EXTRACTED deferred/E/E0303BCD87 ***
named_attribute: encoding=8bit
named_attribute: dsn_orig_rcpt=rfc822;hogemoge@gmail.com
original_recipient: hogemoge@gmail.com
recipient: hogemoge@gmail.com
*** MESSAGE FILE END deferred/E/E0303BCD87 ***

  • mailのエラーは別途原因調査して修正する
0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?