この記事について
- CentOSの終了に伴って、Ubuntuへ移行するとしたら、どのような設定を実施するかを調査し、実際に設定した内容についてまとめるものです
- 項目が多岐に渡るので、空いた時間でアウトプットできる単位で、まとめていきます
- すべてを試す訳ではなく、必要と思われるものや今後使えそうなものについて記載していきます
- 構築するにあたり、ansibleで実装していきます
参考ドキュメント
前提
- 検証用のサーバとして構築する
目次
Automatic Updates
タスクの新規作成
--- /dev/null
+++ b/base/tasks/automatic-updates.yml
@@ -0,0 +1,5 @@
+---
+- name: Automatic Updates
+ apt:
+ name: unattended-upgrades
+ state: present
diff --git a/base/tasks/main.yml b/base/tasks/main.yml
index 99a3e15..efa92af 100644
--- a/base/tasks/main.yml
+++ b/base/tasks/main.yml
@@ -1,2 +1,3 @@
---
# tasks file for base
+- include: automatic-updates.yml
ansible実行
22:21 $ ansible-playbook -i inventory -l ubuntu -b playbook.yml --syntax-check
playbook: playbook.yml
✔ ~/ghq/github.com/tshu1/ubuntu-2004 [base-settings L|✔]
22:21 $ ansible-playbook -i inventory -l ubuntu -b playbook.yml --list-task
playbook: playbook.yml
play #1 (all): all TAGS: []
tasks:
base : Automatic Updates TAGS: []
22:21 $ ansible-playbook -i inventory -l ubuntu -b playbook.yml --check
PLAY [all] **************************************************************************************************************************
TASK [Gathering Facts] **************************************************************************************************************
ok: [localhost]
TASK [base : Automatic Updates] *****************************************************************************************************
ok: [localhost]
PLAY RECAP **************************************************************************************************************************
localhost : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
22:22 $ ansible-playbook -i inventory -l ubuntu -b playbook.yml
PLAY [all] **************************************************************************************************************************
TASK [Gathering Facts] **************************************************************************************************************
ok: [localhost]
TASK [base : Automatic Updates] *****************************************************************************************************
ok: [localhost]
PLAY RECAP **************************************************************************************************************************
localhost : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
- 確認不足だったようで、もとからインストールされていたみたい
現行のファイルを手元に持ってきてansibleの管理対象とする
- /etc/apt/apt.conf.d/50unattended-upgrades
- /etc/apt/apt.conf.d/20auto-upgrades
## ファイルを取得
22:42 $ ansible ubuntu -i inventory -m fetch -a "src=/etc/apt/apt.conf.d/50unattended-upgrades dest=./base/files/" -b
localhost | CHANGED => {
"changed": true,
"checksum": "7de96b69782cfb1d8feb2dc8e22b9da512b6495e",
"dest": "/Users/tshu1/ghq/github.com/tshu1/ubuntu-2004/base/files/localhost/etc/apt/apt.conf.d/50unattended-upgrades",
"md5sum": "6cfaf67893454c604aaef30a57e63521",
"remote_checksum": "7de96b69782cfb1d8feb2dc8e22b9da512b6495e",
"remote_md5sum": null
}
22:43 $ ansible ubuntu -i inventory -m fetch -a "src=/etc/apt/apt.conf.d/20auto-upgrades dest=./base/files/" -b
localhost | CHANGED => {
"changed": true,
"checksum": "91d0ccbd3dddaa6f5f5efeee64c42df4680170ba",
"dest": "/Users/tshu1/ghq/github.com/tshu1/ubuntu-2004/base/files/localhost/etc/apt/apt.conf.d/20auto-upgrades",
"md5sum": "1c261d6541420797f8b824d65ac5c197",
"remote_checksum": "91d0ccbd3dddaa6f5f5efeee64c42df4680170ba",
"remote_md5sum": null
}
## ごみ処理
22:48 $ cd base/files/
22:49 $ ls -la
total 0
drwxr-xr-x 3 tshu1 staff 96 1 3 22:42 .
drwxr-xr-x 12 tshu1 staff 384 1 3 14:08 ..
drwxr-xr-x 3 tshu1 staff 96 1 3 22:42 localhost
22:49 $ mv localhost/etc .
22:49 $ ls -la
total 0
drwxr-xr-x 4 tshu1 staff 128 1 3 22:49 .
drwxr-xr-x 12 tshu1 staff 384 1 3 14:08 ..
drwxr-xr-x 3 tshu1 staff 96 1 3 22:42 etc
drwxr-xr-x 2 tshu1 staff 64 1 3 22:49 localhost
22:49 $ rmdir localhost/
22:50 $ tree
.
├── README.md
├── Vagrantfile
├── ansible.cfg
├── base
│ ├── README.md
│ ├── defaults
│ │ └── main.yml
│ ├── files
│ │ └── etc
│ │ └── apt
│ │ └── apt.conf.d
│ │ ├── 20auto-upgrades
│ │ └── 50unattended-upgrades
automatic-updates.ymlの修正
diff --git a/base/tasks/automatic-updates.yml b/base/tasks/automatic-updates.yml
index f41c361..88c34e1 100644
--- a/base/tasks/automatic-updates.yml
+++ b/base/tasks/automatic-updates.yml
@@ -1,5 +1,12 @@
---
-- name: Automatic Updates
+- name: Automatic Updates pkg install
apt:
name: unattended-upgrades
state: present
+- name: Automatic Updates config file copy to remote server
+ copy:
+ src: "{{ role_path }}/files/etc/apt/apt.conf.d/{{ item }}"
+ dest: "/etc/apt/apt.conf.d/{{ item }}"
+ with_items:
+ - 50unattended-upgrades
+ - 20auto-upgrades
- ansible実行結果
- 何も修正していないので、okのステータス
23:17 $ ansible-playbook -i inventory -l ubuntu -b playbook.yml
PLAY [all] **************************************************************************************************************************
TASK [Gathering Facts] **************************************************************************************************************
ok: [localhost]
TASK [base : Automatic Updates pkg install] *****************************************************************************************
ok: [localhost]
TASK [base : Automatic Updates config file copy to remote server] *******************************************************************
ok: [localhost] => (item=50unattended-upgrades)
ok: [localhost] => (item=20auto-upgrades)
PLAY RECAP **************************************************************************************************************************
localhost : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
UbuntuのDocumentsに記載がある通り以下の設定を追加する
- 毎日、upgrade可能なパッケージをダウンロードする
- 毎週、パッケージファイルを削除する
diff --git a/base/files/etc/apt/apt.conf.d/20auto-upgrades b/base/files/etc/apt/apt.conf.d/20auto-upgrades
index 8d6d7c8..5d37e9f 100644
--- a/base/files/etc/apt/apt.conf.d/20auto-upgrades
+++ b/base/files/etc/apt/apt.conf.d/20auto-upgrades
@@ -1,2 +1,4 @@
APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Download-Upgradeable-Packages "1";
+APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
- ansible実行
23:27 $ ansible-playbook -i inventory -l ubuntu -b playbook.yml
PLAY [all] **************************************************************************************************************************
TASK [Gathering Facts] **************************************************************************************************************
ok: [localhost]
TASK [base : Automatic Updates pkg install] *****************************************************************************************
ok: [localhost]
TASK [base : Automatic Updates config file copy to remote server] *******************************************************************
ok: [localhost] => (item=50unattended-upgrades)
changed: [localhost] => (item=20auto-upgrades)
PLAY RECAP **************************************************************************************************************************
localhost : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
auto upgradeの実行状況を把握する
Documentにある通り、apticronを使用して実現する
- 複数のパッケージインストールになったので、ansibleの設定を修正し、新たにapticronの設定を追加
diff --git a/base/tasks/automatic-updates.yml b/base/tasks/automatic-updates.yml
index 88c34e1..cb71018 100644
--- a/base/tasks/automatic-updates.yml
+++ b/base/tasks/automatic-updates.yml
@@ -1,12 +1,18 @@
---
- name: Automatic Updates pkg install
apt:
- name: unattended-upgrades
+ pkg:
+ - unattended-upgrades
+ - apticron
state: present
- name: Automatic Updates config file copy to remote server
copy:
- src: "{{ role_path }}/files/etc/apt/apt.conf.d/{{ item }}"
+ src: "{{ role_path }}/files/etc/apt/apt.conf.d/{{ item }}"
dest: "/etc/apt/apt.conf.d/{{ item }}"
with_items:
- 50unattended-upgrades
- 20auto-upgrades
+- name: apticron config file copy to remote server
+ copy:
+ src: "{{ role_path }}/files/etc/apticron/apticron.conf"
+ dest: "/etc/apticron/apticron.conf"
- ansible実行
23:45 $ ansible-playbook -i inventory -l ubuntu -b playbook.yml
PLAY [all] **************************************************************************************************************************
TASK [Gathering Facts] **************************************************************************************************************
ok: [localhost]
TASK [base : Automatic Updates pkg install] *****************************************************************************************
ok: [localhost]
TASK [base : Automatic Updates config file copy to remote server] *******************************************************************
ok: [localhost] => (item=50unattended-upgrades)
ok: [localhost] => (item=20auto-upgrades)
TASK [base : apticron config file copy to remote server] ****************************************************************************
changed: [localhost]
PLAY RECAP **************************************************************************************************************************
localhost : ok=4 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
- 実際にサーバに入って確認してみるとcronの設定がされていた
- 毎時7分だったので、まだ実行されたログはなかった
root@ubuntu-focal:/home/ansible# more /etc/cron.d/apticron
# cron entry for apticron
7 * * * * root if test -x /usr/sbin/apticron; then /usr/sbin/apticron --cron; else true; fi
- このファイルも管理対象に加える
diff --git a/base/files/etc/cron.d/apticron b/base/files/etc/cron.d/apticron
new file mode 100644
index 0000000..470408b
--- /dev/null
+++ b/base/files/etc/cron.d/apticron
@@ -0,0 +1,3 @@
+# cron entry for apticron
+
+7 * * * * root if test -x /usr/sbin/apticron; then /usr/sbin/apticron --cron; else true; fi
diff --git a/base/tasks/automatic-updates.yml b/base/tasks/automatic-updates.yml
index cb71018..fb7bcad 100644
--- a/base/tasks/automatic-updates.yml
+++ b/base/tasks/automatic-updates.yml
@@ -14,5 +14,8 @@
- 20auto-upgrades
- name: apticron config file copy to remote server
copy:
- src: "{{ role_path }}/files/etc/apticron/apticron.conf"
- dest: "/etc/apticron/apticron.conf"
+ src: "{{ role_path }}/files/etc/{{ item.src }}"
+ dest: "/etc/{{ item.dest }}"
+ with_items:
+ - { src: 'apticron/apticron.conf', dest: 'apticron/apticron.conf' }
+ - { src: 'cron.d/apticron', dest: 'cron.d/apticron' }
- cronの実行時間を5分に変更
diff --git a/base/files/etc/cron.d/apticron b/base/files/etc/cron.d/apticron
index 470408b..4c5c5da 100644
--- a/base/files/etc/cron.d/apticron
+++ b/base/files/etc/cron.d/apticron
@@ -1,3 +1,3 @@
# cron entry for apticron
-7 * * * * root if test -x /usr/sbin/apticron; then /usr/sbin/apticron --cron; else true; fi
+5 * * * * root if test -x /usr/sbin/apticron; then /usr/sbin/apticron --cron; else true; fi
- 実行ログの確認
Jan 3 15:05:01 ubuntu-focal CRON[36384]: (root) CMD (if test -x /usr/sbin/apticron; then /usr/sbin/apticron --cron; else true; fi)
auto upgradeの実行状況の確認
- mail.logを確認したところ、Connection timed outで配送できていなかったので、queueの中身を確認
root@ubuntu-focal:/home/ansible# mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
E0303BCD87 5433 Sun Jan 3 15:05:08 root@ubuntu-focal
(connect to alt2.gmail-smtp-in.l.google.com[2607:f8b0:4003:c0b::1a]:25: Network is unreachable)
hogemoge@gmail.com
-- 5 Kbytes in 1 Request.
root@ubuntu-focal:/home/ansible# postcat -q E0303BCD87
*** ENVELOPE RECORDS deferred/E/E0303BCD87 ***
message_size: 5433 190 1 0 5433 0
message_arrival_time: Sun Jan 3 15:05:08 2021
create_time: Sun Jan 3 15:05:08 2021
named_attribute: rewrite_context=local
sender_fullname: root
sender: root@ubuntu-focal
*** MESSAGE CONTENTS deferred/E/E0303BCD87 ***
Received: by ubuntu-focal (Postfix, from userid 0)
id E0303BCD87; Sun, 3 Jan 2021 15:05:08 +0000 (UTC)
To: hogemoge@gmail.com
Subject: 4 Ubuntu package update(s) for ubuntu-focal
MIME-Version: 1.0
Content-type: text/plain; charset=UTF-8
Content-transfer-encoding: 8bit
Message-Id: <20210103150508.E0303BCD87@ubuntu-focal>
Date: Sun, 3 Jan 2021 15:05:08 +0000 (UTC)
From: root <root@ubuntu-focal>
apticron report [Sun, 03 Jan 2021 15:05:08 +0000]
========================================================================
apticron has detected that some packages need upgrading on:
ubuntu-focal
[ 10.0.2.15 ]
The following packages are currently pending an upgrade:
apport 2.20.11-0ubuntu27.14
open-vm-tools 2:11.1.5-1~ubuntu20.04.2
python3-apport 2.20.11-0ubuntu27.14
python3-problem-report 2.20.11-0ubuntu27.14
========================================================================
Package Details:
apt-listchanges: Reading changelogs...
apt-listchanges: Changelogs
---------------------------
--- Changes for apport (apport python3-apport python3-problem-report) ---
apport (2.20.11-0ubuntu27.14) focal; urgency=medium
* data/apport: only drop supplemental groups if the user is root. (LP: #1906565)
-- Brian Murray <brian@ubuntu.com> Thu, 03 Dec 2020 09:26:27 -0800
--- Changes for open-vm-tools ---
open-vm-tools (2:11.1.5-1~ubuntu20.04.2) focal; urgency=medium
* Update to latest release v11.1.5 (LP: #1892266)
- Revert "Add net-tools as dependency again." as we don't want to
modify the focal seed/ISO content without a real issue behind it.
-- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 22 Jun 2020 08:40:58 +0200
open-vm-tools (2:11.1.5-1ubuntu1) groovy; urgency=medium
* d/p/fix-FTBFS-glibc2.32.patch: fix tirpc flags to propagate correctly
fixing an FTFBS with glibc >=2.32
* d/rules: avoid FTBFS by ignoring nonnull errors for now
-- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 29 Sep 2020 13:37:20 +0200
open-vm-tools (2:11.1.5-1) unstable; urgency=medium
* [5515c98] Don't recommend xserver-xorg-input-vmmouse.
Thanks to Raphaël Hertzog (Closes: #966465)
* [8a31efc] Update upstream source from tag 'upstream/11.1.5'
Update to upstream version '11.1.5'
with Debian dir 62c70f15b660e7719555a78e6658ced5ca05ca35
Closes: #968688
* [09714a7] Removing patches that were applied upstream
-- Bernd Zeimetz <bzed@debian.org> Thu, 20 Aug 2020 09:52:24 +0200
open-vm-tools (2:11.1.0-3) unstable; urgency=medium
* [03d18b3] Fix gcc-10 related issues. (Closes: #957631)
-- Bernd Zeimetz <bzed@debian.org> Mon, 27 Jul 2020 22:38:58 +0200
open-vm-tools (2:11.1.0-2) unstable; urgency=medium
[ Christian Ehrhardt ]
* [4d69c6a] d/p/lp-1877678-: fixes for the sdmp plugin that is new in 11.1.0.
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
* [38bd11e] d/control: change net-tools dependency to iproute2.
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
[ Bernd Zeimetz ]
* [c15c08d] Add net-tools as dependency again.
Various scripts still use ifconfig.
-- Bernd Zeimetz <bzed@debian.org> Fri, 19 Jun 2020 14:05:44 +0200
open-vm-tools (2:11.1.0-1) unstable; urgency=medium
[ Christian Ehrhardt ]
* [6b7d31d] New upstream version 11.1.0
(Closes: #960061) (LP: #1877672)
* [3ece93a14] d/control, d/rules, d//*sdmp*: add service discovery plugin (sdmp)
(Closes: #960065) (LP: #1877678)
Thanks to Oliver Kurth for the initial contribution, changes in addition:
- d/control: improve description
- rules fix whitespace damage
- maintscripts: fixed some whihtespace damage
- maintscripts: fixed maintainer scripts per skeletons from dh_make
- maintscripts: added the service-active-before-restart check to postinst
as well (was only in rm)
- maintscripts: use deb-systemd-invoke
- d/control: add further dependencies used in sdmp
* [e0c9fbc14] remove patches applied upstream in 11.1.0
- d/p/4ee0bd3c8_Rectify-a-log-spew-in-vmsvc-logging-vmware-vmsvc-root.log
- d/p/89c0d4445_GitHub-Issue-367.-Remove-references-to-deprecated-G_INLINE_FUNC
- d/p/f1f0b812e_add-appinfo-plugin
* [f4cf14931] d/rules: drop perm fixup of vm-support as it is properly
in /usr/bin/ now
* [d71e99e33] lintian: add overrides for intentional cases
* [ba27a73eb] d/p/debian/vmxnet_fix_kernel_4.7.patch: drop unused patch
* [7488e6e2f] d/copyright: fix tab in text
-- Bernd Zeimetz <bzed@debian.org> Fri, 29 May 2020 09:46:40 +0200
open-vm-tools (2:11.0.5-5) unstable; urgency=medium
* [8700b5e] Revert "Run vmtoolsd with Nice=-20"
After discussing this issue with upstream we came to the conclusion that
reverting this is the best option as it is possible to start programs
trough vmtoolsd and they would also run with a nice level of -20.
Upstream will fix this issue in a sane way.
* [8a3a303] Add appinfo plugin.
Thanks to Oliver Kurth (Closes: #954958)
-- Bernd Zeimetz <bzed@debian.org> Thu, 09 Apr 2020 11:42:15 +0200
========================================================================
You can perform the upgrade by issuing the command:
apt-get dist-upgrade
as root on ubuntu-focal
--
apticron
*** HEADER EXTRACTED deferred/E/E0303BCD87 ***
named_attribute: encoding=8bit
named_attribute: dsn_orig_rcpt=rfc822;hogemoge@gmail.com
original_recipient: hogemoge@gmail.com
recipient: hogemoge@gmail.com
*** MESSAGE FILE END deferred/E/E0303BCD87 ***
- mailのエラーは別途原因調査して修正する