diff --git a/automation/playbooks/roles/geerlingguy.docker/.ansible-lint b/automation/playbooks/roles/geerlingguy.docker/.ansible-lint new file mode 100644 index 0000000..2cd8c9f --- /dev/null +++ b/automation/playbooks/roles/geerlingguy.docker/.ansible-lint @@ -0,0 +1,4 @@ +skip_list: + - 'yaml' + - 'risky-shell-pipe' + - 'role-name' diff --git a/automation/playbooks/roles/geerlingguy.docker/.github/FUNDING.yml b/automation/playbooks/roles/geerlingguy.docker/.github/FUNDING.yml new file mode 100644 index 0000000..96b4938 --- /dev/null +++ b/automation/playbooks/roles/geerlingguy.docker/.github/FUNDING.yml @@ -0,0 +1,4 @@ +# These are supported funding model platforms +--- +github: geerlingguy +patreon: geerlingguy diff --git a/automation/playbooks/roles/geerlingguy.docker/.github/workflows/ci.yml b/automation/playbooks/roles/geerlingguy.docker/.github/workflows/ci.yml new file mode 100644 index 0000000..bb4b327 --- /dev/null +++ b/automation/playbooks/roles/geerlingguy.docker/.github/workflows/ci.yml @@ -0,0 +1,73 @@ +--- +name: CI +'on': + pull_request: + push: + branches: + - master + schedule: + - cron: "0 7 * * 0" + +defaults: + run: + working-directory: 'geerlingguy.docker' + +jobs: + + lint: + name: Lint + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v4 + with: + path: 'geerlingguy.docker' + + - name: Set up Python 3. + uses: actions/setup-python@v5 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: pip3 install yamllint + + - name: Lint code. + run: | + yamllint . + + molecule: + name: Molecule + runs-on: ubuntu-latest + strategy: + matrix: + distro: + - rockylinux9 + - rockylinux8 + - ubuntu2404 + - ubuntu2204 + - ubuntu2004 + - debian12 + - debian11 + - debian10 + - fedora39 + + steps: + - name: Check out the codebase. + uses: actions/checkout@v4 + with: + path: 'geerlingguy.docker' + + - name: Set up Python 3. + uses: actions/setup-python@v5 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: pip3 install ansible molecule molecule-plugins[docker] docker + + - name: Run Molecule tests. + run: molecule test + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + MOLECULE_DISTRO: ${{ matrix.distro }} diff --git a/automation/playbooks/roles/geerlingguy.docker/.github/workflows/release.yml b/automation/playbooks/roles/geerlingguy.docker/.github/workflows/release.yml new file mode 100644 index 0000000..c9faaea --- /dev/null +++ b/automation/playbooks/roles/geerlingguy.docker/.github/workflows/release.yml @@ -0,0 +1,40 @@ +--- +# This workflow requires a GALAXY_API_KEY secret present in the GitHub +# repository or organization. +# +# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy +# See: https://github.com/ansible/galaxy/issues/46 + +name: Release +'on': + push: + tags: + - '*' + +defaults: + run: + working-directory: 'geerlingguy.docker' + +jobs: + + release: + name: Release + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v4 + with: + path: 'geerlingguy.docker' + + - name: Set up Python 3. + uses: actions/setup-python@v5 + with: + python-version: '3.x' + + - name: Install Ansible. + run: pip3 install ansible-core + + - name: Trigger a new import on Galaxy. + run: >- + ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} + $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2) diff --git a/automation/playbooks/roles/geerlingguy.docker/.github/workflows/stale.yml b/automation/playbooks/roles/geerlingguy.docker/.github/workflows/stale.yml new file mode 100644 index 0000000..5a2fd42 --- /dev/null +++ b/automation/playbooks/roles/geerlingguy.docker/.github/workflows/stale.yml @@ -0,0 +1,34 @@ +--- +name: Close inactive issues +'on': + schedule: + - cron: "55 6 * * 1" # semi-random time + +jobs: + close-issues: + runs-on: ubuntu-latest + permissions: + issues: write + pull-requests: write + steps: + - uses: actions/stale@v8 + with: + days-before-stale: 120 + days-before-close: 60 + exempt-issue-labels: bug,pinned,security,planned + exempt-pr-labels: bug,pinned,security,planned + stale-issue-label: "stale" + stale-pr-label: "stale" + stale-issue-message: | + This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! + + Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale. + close-issue-message: | + This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. + stale-pr-message: | + This pr has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! + + Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale. + close-pr-message: | + This pr has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. + repo-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/automation/playbooks/roles/geerlingguy.docker/.gitignore b/automation/playbooks/roles/geerlingguy.docker/.gitignore new file mode 100644 index 0000000..8840c8f --- /dev/null +++ b/automation/playbooks/roles/geerlingguy.docker/.gitignore @@ -0,0 +1,5 @@ +*.retry +*/__pycache__ +*.pyc +.cache + diff --git a/automation/playbooks/roles/geerlingguy.docker/.yamllint b/automation/playbooks/roles/geerlingguy.docker/.yamllint new file mode 100644 index 0000000..4dd9139 --- /dev/null +++ b/automation/playbooks/roles/geerlingguy.docker/.yamllint @@ -0,0 +1,10 @@ +--- +extends: default + +rules: + line-length: + max: 200 + level: warning + +ignore: | + .github/workflows/stale.yml diff --git a/automation/playbooks/roles/geerlingguy.docker/LICENSE b/automation/playbooks/roles/geerlingguy.docker/LICENSE new file mode 100644 index 0000000..4275cf3 --- /dev/null +++ b/automation/playbooks/roles/geerlingguy.docker/LICENSE @@ -0,0 +1,20 @@ +The MIT License (MIT) + +Copyright (c) 2017 Jeff Geerling + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/automation/playbooks/roles/geerlingguy.docker/README.md b/automation/playbooks/roles/geerlingguy.docker/README.md new file mode 100644 index 0000000..e679eb4 --- /dev/null +++ b/automation/playbooks/roles/geerlingguy.docker/README.md @@ -0,0 +1,165 @@ +# Ansible Role: Docker + +[![CI](https://github.com/geerlingguy/ansible-role-docker/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-docker/actions?query=workflow%3ACI) + +An Ansible Role that installs [Docker](https://www.docker.com) on Linux. + +## Requirements + +None. + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + +```yaml +# Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition). +docker_edition: 'ce' +docker_packages: + - "docker-{{ docker_edition }}" + - "docker-{{ docker_edition }}-cli" + - "docker-{{ docker_edition }}-rootless-extras" +docker_packages_state: present +``` + +The `docker_edition` should be either `ce` (Community Edition) or `ee` (Enterprise Edition). +You can also specify a specific version of Docker to install using the distribution-specific format: +Red Hat/CentOS: `docker-{{ docker_edition }}-` (Note: you have to add this to all packages); +Debian/Ubuntu: `docker-{{ docker_edition }}=` (Note: you have to add this to all packages). + +You can control whether the package is installed, uninstalled, or at the latest version by setting `docker_packages_state` to `present`, `absent`, or `latest`, respectively. Note that the Docker daemon will be automatically restarted if the Docker package is updated. This is a side effect of flushing all handlers (running any of the handlers that have been notified by this and any other role up to this point in the play). + +```yaml +docker_obsolete_packages: + - docker + - docker.io + - docker-engine + - podman-docker + - containerd + - runc +``` + +A list of packages to be uninstalled prior to running this role. See [Docker's installation instructions](https://docs.docker.com/engine/install/debian/#uninstall-old-versions) for an up-to-date list of old packages that should be removed. + +```yaml +docker_service_manage: true +docker_service_state: started +docker_service_enabled: true +docker_restart_handler_state: restarted +``` + +Variables to control the state of the `docker` service, and whether it should start on boot. If you're installing Docker inside a Docker container without systemd or sysvinit, you should set `docker_service_manage` to `false`. + +```yaml +docker_install_compose_plugin: false +docker_compose_package: docker-compose-plugin +docker_compose_package_state: present +``` + +Docker Compose Plugin installation options. These differ from the below in that docker-compose is installed as a docker plugin (and used with `docker compose`) instead of a standalone binary. + +```yaml +docker_install_compose: true +docker_compose_version: "1.26.0" +docker_compose_arch: "{{ ansible_architecture }}" +docker_compose_path: /usr/local/bin/docker-compose +``` + +Docker Compose installation options. + +```yaml +docker_add_repo: true +``` + +Controls whether this role will add the official Docker repository. Set to `false` if you want to use the default docker packages for your system or manage the package repository on your own. + +```yaml +docker_repo_url: https://download.docker.com/linux +``` + +The main Docker repo URL, common between Debian and RHEL systems. + +```yaml +docker_apt_release_channel: stable +docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}" +docker_apt_repository: "deb [arch={{ docker_apt_arch }}] {{ docker_repo_url }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" +docker_apt_ignore_key_error: True +docker_apt_gpg_key: "{{ docker_repo_url }}/{{ ansible_distribution | lower }}/gpg" +docker_apt_filename: "docker" +``` + +(Used only for Debian/Ubuntu.) You can switch the channel to `nightly` if you want to use the Nightly release. + +You can change `docker_apt_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror. +Usually in combination with changing `docker_apt_repository` as well. `docker_apt_filename` controls the name of the source list file created in `sources.list.d`. If you are upgrading from an older (<7.0.0) version of this role, you should change this to the name of the existing file (e.g. `download_docker_com_linux_debian` on Debian) to avoid conflicting lists. + +```yaml +docker_yum_repo_url: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora','centos') }}/docker-{{ docker_edition }}.repo" +docker_yum_repo_enable_nightly: '0' +docker_yum_repo_enable_test: '0' +docker_yum_gpg_key: "{{ docker_repo_url }}/centos/gpg" +``` + +(Used only for RedHat/CentOS.) You can enable the Nightly or Test repo by setting the respective vars to `1`. + +You can change `docker_yum_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror. +Usually in combination with changing `docker_yum_repository` as well. + +```yaml +docker_users: + - user1 + - user2 +``` + +A list of system users to be added to the `docker` group (so they can use Docker on the server). + +```yaml +docker_daemon_options: + storage-driver: "devicemapper" + log-opts: + max-size: "100m" +``` + +Custom `dockerd` options can be configured through this dictionary representing the json file `/etc/docker/daemon.json`. + +## Use with Ansible (and `docker` Python library) + +Many users of this role wish to also use Ansible to then _build_ Docker images and manage Docker containers on the server where Docker is installed. In this case, you can easily add in the `docker` Python library using the `geerlingguy.pip` role: + +```yaml +- hosts: all + + vars: + pip_install_packages: + - name: docker + + roles: + - geerlingguy.pip + - geerlingguy.docker +``` + +## Dependencies + +None. + +## Example Playbook + +```yaml +- hosts: all + roles: + - geerlingguy.docker +``` + +## License + +MIT / BSD + +## Sponsors + +* [We Manage](https://we-manage.de): Helping start-ups and grown-ups scaling their infrastructure in a sustainable way. + +The above sponsor(s) are supporting Jeff Geerling on [GitHub Sponsors](https://github.com/sponsors/geerlingguy). You can sponsor Jeff's work too, to help him continue improving these Ansible open source projects! + +## Author Information + +This role was created in 2017 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). diff --git a/automation/playbooks/roles/geerlingguy.docker/defaults/main.yml b/automation/playbooks/roles/geerlingguy.docker/defaults/main.yml new file mode 100644 index 0000000..7449b5b --- /dev/null +++ b/automation/playbooks/roles/geerlingguy.docker/defaults/main.yml @@ -0,0 +1,65 @@ +--- +# Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition). +docker_edition: 'ce' +docker_packages: + - "docker-{{ docker_edition }}" + - "docker-{{ docker_edition }}-cli" + - "docker-{{ docker_edition }}-rootless-extras" + - "containerd.io" + - docker-buildx-plugin +docker_packages_state: present +docker_obsolete_packages: + - docker + - docker.io + - docker-engine + - podman-docker + - containerd + - runc + +# Service options. +docker_service_manage: true +docker_service_state: started +docker_service_enabled: true +docker_restart_handler_state: restarted + +# Docker Compose Plugin options. +docker_install_compose_plugin: true +docker_compose_package: docker-compose-plugin +docker_compose_package_state: present + +# Docker Compose options. +docker_install_compose: false +docker_compose_version: "v2.11.1" +docker_compose_arch: "{{ ansible_architecture }}" +docker_compose_url: "https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-linux-{{ docker_compose_arch }}" +docker_compose_path: /usr/local/bin/docker-compose + +# Enable repo setup +docker_add_repo: true + +# Docker repo URL. +docker_repo_url: https://download.docker.com/linux + +# Used only for Debian/Ubuntu/Pop!_OS/Linux Mint. Switch 'stable' to 'nightly' if needed. +docker_apt_release_channel: stable +# docker_apt_ansible_distribution is a workaround for Ubuntu variants which can't be identified as such by Ansible, +# and is only necessary until Docker officially supports them. +docker_apt_ansible_distribution: "{{ 'ubuntu' if ansible_distribution in ['Pop!_OS', 'Linux Mint'] else ansible_distribution }}" +docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'armhf' if ansible_architecture == 'armv7l' else 'amd64' }}" +docker_apt_repository: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/keyrings/docker.asc] {{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" +docker_apt_ignore_key_error: true +docker_apt_gpg_key: "{{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }}/gpg" +docker_apt_gpg_key_checksum: "sha256:1500c1f56fa9e26b9b8f42452a553675796ade0807cdce11975eb98170b3a570" +docker_apt_filename: "docker" + +# Used only for RedHat/CentOS/Fedora. +docker_yum_repo_url: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora','centos') }}/docker-{{ docker_edition }}.repo" +docker_yum_repo_enable_nightly: '0' +docker_yum_repo_enable_test: '0' +docker_yum_gpg_key: "{{ docker_repo_url }}/centos/gpg" + +# A list of users who will be added to the docker group. +docker_users: [] + +# Docker daemon options as a dict +docker_daemon_options: {} diff --git a/automation/playbooks/roles/geerlingguy.docker/handlers/main.yml b/automation/playbooks/roles/geerlingguy.docker/handlers/main.yml new file mode 100644 index 0000000..72594c8 --- /dev/null +++ b/automation/playbooks/roles/geerlingguy.docker/handlers/main.yml @@ -0,0 +1,7 @@ +--- +- name: restart docker + service: + name: docker + state: "{{ docker_restart_handler_state }}" + ignore_errors: "{{ ansible_check_mode }}" + when: docker_service_manage | bool diff --git a/automation/playbooks/roles/geerlingguy.docker/meta/.galaxy_install_info b/automation/playbooks/roles/geerlingguy.docker/meta/.galaxy_install_info new file mode 100644 index 0000000..ae8084d --- /dev/null +++ b/automation/playbooks/roles/geerlingguy.docker/meta/.galaxy_install_info @@ -0,0 +1,2 @@ +install_date: Fri Jun 28 22:02:02 2024 +version: 7.3.0 diff --git a/automation/playbooks/roles/geerlingguy.docker/meta/main.yml b/automation/playbooks/roles/geerlingguy.docker/meta/main.yml new file mode 100644 index 0000000..a492efe --- /dev/null +++ b/automation/playbooks/roles/geerlingguy.docker/meta/main.yml @@ -0,0 +1,38 @@ +--- +dependencies: [] + +galaxy_info: + role_name: docker + author: geerlingguy + description: Docker for Linux. + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 2.10 + platforms: + - name: Fedora + versions: + - all + - name: Debian + versions: + - buster + - bullseye + - bookworm + - name: Ubuntu + versions: + - bionic + - focal + - jammy + - name: Alpine + version: + - all + - name: ArchLinux + versions: + - all + galaxy_tags: + - web + - system + - containers + - docker + - orchestration + - compose + - server diff --git a/automation/playbooks/roles/geerlingguy.docker/molecule/default/converge.yml b/automation/playbooks/roles/geerlingguy.docker/molecule/default/converge.yml new file mode 100644 index 0000000..629095b --- /dev/null +++ b/automation/playbooks/roles/geerlingguy.docker/molecule/default/converge.yml @@ -0,0 +1,24 @@ +--- +- name: Converge + hosts: all + become: true + + pre_tasks: + - name: Update apt cache. + apt: update_cache=yes cache_valid_time=600 + when: ansible_os_family == 'Debian' + + - name: Wait for systemd to complete initialization. # noqa 303 + command: systemctl is-system-running + register: systemctl_status + until: > + 'running' in systemctl_status.stdout or + 'degraded' in systemctl_status.stdout + retries: 30 + delay: 5 + when: ansible_service_mgr == 'systemd' + changed_when: false + failed_when: systemctl_status.rc > 1 + + roles: + - role: geerlingguy.docker diff --git a/automation/playbooks/roles/geerlingguy.docker/molecule/default/molecule.yml b/automation/playbooks/roles/geerlingguy.docker/molecule/default/molecule.yml new file mode 100644 index 0000000..147da5d --- /dev/null +++ b/automation/playbooks/roles/geerlingguy.docker/molecule/default/molecule.yml @@ -0,0 +1,21 @@ +--- +role_name_check: 1 +dependency: + name: galaxy + options: + ignore-errors: true +driver: + name: docker +platforms: + - name: instance + image: "geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux8}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host + privileged: true + pre_build_image: true +provisioner: + name: ansible + playbooks: + converge: ${MOLECULE_PLAYBOOK:-converge.yml} diff --git a/automation/playbooks/roles/geerlingguy.docker/tasks/docker-compose.yml b/automation/playbooks/roles/geerlingguy.docker/tasks/docker-compose.yml new file mode 100644 index 0000000..53a4482 --- /dev/null +++ b/automation/playbooks/roles/geerlingguy.docker/tasks/docker-compose.yml @@ -0,0 +1,31 @@ +--- +- name: Check current docker-compose version. + command: "{{ docker_compose_path }} --version" + register: docker_compose_vsn + check_mode: false + changed_when: false + failed_when: false + +- set_fact: + docker_compose_current_version: "{{ docker_compose_vsn.stdout | regex_search('(\\d+(\\.\\d+)+)') }}" + when: > + docker_compose_vsn.stdout is defined + and (docker_compose_vsn.stdout | length > 0) + +- name: Delete existing docker-compose version if it's different. + file: + path: "{{ docker_compose_path }}" + state: absent + when: > + docker_compose_current_version is defined + and (docker_compose_version | regex_replace('v', '')) not in docker_compose_current_version + +- name: Install Docker Compose (if configured). + get_url: + url: "{{ docker_compose_url }}" + dest: "{{ docker_compose_path }}" + mode: 0755 + when: > + (docker_compose_current_version is not defined) + or (docker_compose_current_version | length == 0) + or (docker_compose_current_version is version((docker_compose_version | regex_replace('v', '')), '<')) diff --git a/automation/playbooks/roles/geerlingguy.docker/tasks/docker-users.yml b/automation/playbooks/roles/geerlingguy.docker/tasks/docker-users.yml new file mode 100644 index 0000000..6e387e6 --- /dev/null +++ b/automation/playbooks/roles/geerlingguy.docker/tasks/docker-users.yml @@ -0,0 +1,10 @@ +--- +- name: Ensure docker users are added to the docker group. + user: + name: "{{ item }}" + groups: docker + append: true + with_items: "{{ docker_users }}" + +- name: Reset ssh connection to apply user changes. + meta: reset_connection diff --git a/automation/playbooks/roles/geerlingguy.docker/tasks/main.yml b/automation/playbooks/roles/geerlingguy.docker/tasks/main.yml new file mode 100644 index 0000000..dcd47de --- /dev/null +++ b/automation/playbooks/roles/geerlingguy.docker/tasks/main.yml @@ -0,0 +1,98 @@ +--- +- name: Load OS-specific vars. + include_vars: "{{ lookup('first_found', params) }}" + vars: + params: + files: + - '{{ansible_distribution}}.yml' + - '{{ansible_os_family}}.yml' + - main.yml + paths: + - 'vars' + +- include_tasks: setup-RedHat.yml + when: ansible_os_family == 'RedHat' + +- include_tasks: setup-Debian.yml + when: ansible_os_family == 'Debian' + +- name: Install Docker packages. + package: + name: "{{ docker_packages }}" + state: "{{ docker_packages_state }}" + notify: restart docker + ignore_errors: "{{ ansible_check_mode }}" + when: "ansible_version.full is version_compare('2.12', '<') or ansible_os_family not in ['RedHat', 'Debian']" + +- name: Install Docker packages (with downgrade option). + package: + name: "{{ docker_packages }}" + state: "{{ docker_packages_state }}" + allow_downgrade: true + notify: restart docker + ignore_errors: "{{ ansible_check_mode }}" + when: "ansible_version.full is version_compare('2.12', '>=') and ansible_os_family in ['RedHat', 'Debian']" + +- name: Install docker-compose plugin. + package: + name: "{{ docker_compose_package }}" + state: "{{ docker_compose_package_state }}" + notify: restart docker + ignore_errors: "{{ ansible_check_mode }}" + when: "docker_install_compose_plugin | bool == true and (ansible_version.full is version_compare('2.12', '<') or ansible_os_family not in ['RedHat', 'Debian'])" + +- name: Install docker-compose-plugin (with downgrade option). + package: + name: "{{ docker_compose_package }}" + state: "{{ docker_compose_package_state }}" + allow_downgrade: true + notify: restart docker + ignore_errors: "{{ ansible_check_mode }}" + when: "docker_install_compose_plugin | bool == true and ansible_version.full is version_compare('2.12', '>=') and ansible_os_family in ['RedHat', 'Debian']" + +- name: Ensure /etc/docker/ directory exists. + file: + path: /etc/docker + state: directory + mode: 0755 + when: docker_daemon_options.keys() | length > 0 + +- name: Configure Docker daemon options. + copy: + content: "{{ docker_daemon_options | to_nice_json }}" + dest: /etc/docker/daemon.json + mode: 0644 + when: docker_daemon_options.keys() | length > 0 + notify: restart docker + +- name: Ensure Docker is started and enabled at boot. + service: + name: docker + state: "{{ docker_service_state }}" + enabled: "{{ docker_service_enabled }}" + ignore_errors: "{{ ansible_check_mode }}" + when: docker_service_manage | bool + +- name: Ensure handlers are notified now to avoid firewall conflicts. + meta: flush_handlers + +- include_tasks: docker-compose.yml + when: docker_install_compose | bool + +- name: Get docker group info using getent. + getent: + database: group + key: docker + split: ':' + when: docker_users | length > 0 + +- name: Check if there are any users to add to the docker group. + set_fact: + at_least_one_user_to_modify: true + when: + - docker_users | length > 0 + - item not in ansible_facts.getent_group["docker"][2] + with_items: "{{ docker_users }}" + +- include_tasks: docker-users.yml + when: at_least_one_user_to_modify is defined diff --git a/automation/playbooks/roles/geerlingguy.docker/tasks/setup-Debian.yml b/automation/playbooks/roles/geerlingguy.docker/tasks/setup-Debian.yml new file mode 100644 index 0000000..a864b3f --- /dev/null +++ b/automation/playbooks/roles/geerlingguy.docker/tasks/setup-Debian.yml @@ -0,0 +1,48 @@ +--- +- # See https://docs.docker.com/engine/install/debian/#uninstall-old-versions + name: Ensure old versions of Docker are not installed. + package: + name: "{{ docker_obsolete_packages }}" + state: absent + +- name: Ensure dependencies are installed. + apt: + name: + - apt-transport-https + - ca-certificates + state: present + when: docker_add_repo | bool + +- name: Ensure directory exists for /etc/apt/keyrings + file: + path: /etc/apt/keyrings + state: directory + mode: '0755' + +- name: Add Docker apt key. + ansible.builtin.get_url: + url: "{{ docker_apt_gpg_key }}" + dest: /etc/apt/keyrings/docker.asc + mode: '0644' + force: false + checksum: "{{ docker_apt_gpg_key_checksum | default(omit) }}" + register: add_repository_key + ignore_errors: "{{ docker_apt_ignore_key_error }}" + when: docker_add_repo | bool + +- name: Ensure curl is present (on older systems without SNI). + package: name=curl state=present + when: add_repository_key is failed and docker_add_repo | bool + +- name: Add Docker apt key (alternative for older systems without SNI). + shell: > + curl -sSL {{ docker_apt_gpg_key }} | apt-key add - + when: add_repository_key is failed and docker_add_repo | bool + +- name: Add Docker repository. + apt_repository: + repo: "{{ docker_apt_repository }}" + state: present + filename: "{{ docker_apt_filename }}" + update_cache: true + when: docker_add_repo | bool diff --git a/automation/playbooks/roles/geerlingguy.docker/tasks/setup-RedHat.yml b/automation/playbooks/roles/geerlingguy.docker/tasks/setup-RedHat.yml new file mode 100644 index 0000000..d49316e --- /dev/null +++ b/automation/playbooks/roles/geerlingguy.docker/tasks/setup-RedHat.yml @@ -0,0 +1,61 @@ +--- +- name: Ensure old versions of Docker are not installed. + package: + name: + - docker + - docker-common + - docker-engine + state: absent + +- name: Add Docker GPG key. + rpm_key: + key: "{{ docker_yum_gpg_key }}" + state: present + when: docker_add_repo | bool + +- name: Add Docker repository. + get_url: + url: "{{ docker_yum_repo_url }}" + dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo' + owner: root + group: root + mode: 0644 + when: docker_add_repo | bool + +- name: Configure Docker Nightly repo. + ini_file: + dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo' + section: 'docker-{{ docker_edition }}-nightly' + option: enabled + value: '{{ docker_yum_repo_enable_nightly }}' + mode: 0644 + no_extra_spaces: true + when: docker_add_repo | bool + +- name: Configure Docker Test repo. + ini_file: + dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo' + section: 'docker-{{ docker_edition }}-test' + option: enabled + value: '{{ docker_yum_repo_enable_test }}' + mode: 0644 + no_extra_spaces: true + when: docker_add_repo | bool + +- name: Configure containerd on RHEL 8. + block: + - name: Ensure runc is not installed. + package: + name: runc + state: absent + + - name: Ensure container-selinux is installed. + package: + name: container-selinux + state: present + + - name: Ensure containerd.io is installed. + package: + name: containerd.io + state: present + when: ansible_distribution_major_version | int == 8 diff --git a/automation/playbooks/roles/geerlingguy.docker/vars/Alpine.yml b/automation/playbooks/roles/geerlingguy.docker/vars/Alpine.yml new file mode 100755 index 0000000..b81917a --- /dev/null +++ b/automation/playbooks/roles/geerlingguy.docker/vars/Alpine.yml @@ -0,0 +1,2 @@ +--- +docker_packages: "docker" diff --git a/automation/playbooks/roles/geerlingguy.docker/vars/Archlinux.yml b/automation/playbooks/roles/geerlingguy.docker/vars/Archlinux.yml new file mode 100644 index 0000000..f68d962 --- /dev/null +++ b/automation/playbooks/roles/geerlingguy.docker/vars/Archlinux.yml @@ -0,0 +1,3 @@ +--- +docker_packages: "docker" +docker_compose_package: docker-compose diff --git a/automation/playbooks/roles/geerlingguy.docker/vars/main.yml b/automation/playbooks/roles/geerlingguy.docker/vars/main.yml new file mode 100755 index 0000000..805232b --- /dev/null +++ b/automation/playbooks/roles/geerlingguy.docker/vars/main.yml @@ -0,0 +1,2 @@ +--- +# Empty file diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/.editorconfig b/automation/playbooks/roles/hifis.unattended_upgrades/.editorconfig new file mode 100644 index 0000000..c6c8b36 --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/.editorconfig @@ -0,0 +1,9 @@ +root = true + +[*] +indent_style = space +indent_size = 2 +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = true +insert_final_newline = true diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/.github/CODEOWNERS b/automation/playbooks/roles/hifis.unattended_upgrades/.github/CODEOWNERS new file mode 100644 index 0000000..2890f25 --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/.github/CODEOWNERS @@ -0,0 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Helmholtz Centre for Environmental Research (UFZ) +# SPDX-FileCopyrightText: 2022 Helmholtz-Zentrum Dresden-Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 + +* @hifis-net/hifis-software-technology diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/.github/dependabot.yml b/automation/playbooks/roles/hifis.unattended_upgrades/.github/dependabot.yml new file mode 100644 index 0000000..806c304 --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/.github/dependabot.yml @@ -0,0 +1,19 @@ +--- +version: 2 +updates: + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + # Check for updates to GitHub Actions every weekday + interval: "daily" + + - package-ecosystem: "pip" + directory: "/" + schedule: + # Check for updates to pip packages every weekday + interval: "daily" + ignore: + - dependency-name: "python" + update-types: ["version-update:semver-major"] +... diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/.github/workflows/ci.yml b/automation/playbooks/roles/hifis.unattended_upgrades/.github/workflows/ci.yml new file mode 100644 index 0000000..35ea363 --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/.github/workflows/ci.yml @@ -0,0 +1,76 @@ +--- +name: "CI" +on: + pull_request: + push: + branches: + - "main" + tags: + - "v*.*.*" + schedule: + - cron: '0 0 * * *' + +env: + PY_COLORS: 1 + ANSIBLE_FORCE_COLOR: 1 + +jobs: + + lint: + name: "Lint" + runs-on: "ubuntu-22.04" + steps: + - name: "Check out the codebase." + uses: "actions/checkout@v4" + + - name: "Prepare the job environment." + uses: "./.github/workflows/prepare-action" + + - name: "Lint code." + run: | + pipenv run yamllint --strict --format colored . + pipenv run ansible-lint -v --force-color --offline + + test: + name: "Run Molecule tests." + runs-on: "ubuntu-22.04" + strategy: + fail-fast: false + matrix: + image: + - "ghcr.io/hifis-net/ubuntu-systemd:22.04" + - "ghcr.io/hifis-net/ubuntu-systemd:20.04" + - "ghcr.io/hifis-net/debian-systemd:12" + - "ghcr.io/hifis-net/debian-systemd:11" + - "ghcr.io/hifis-net/debian-systemd:10" + + steps: + - name: "Check out the codebase." + uses: "actions/checkout@v4" + + - name: "Enable lingering required for podman and systemd in GH Actions." + run: | # Compare with https://github.com/eriksjolund/user-systemd-service-actions-workflow/blob/efe872924fd2dd35bb482544126ce751303e14c2/README.md + sudo loginctl enable-linger $UID + sleep 1 + + - name: "Prepare the job environment." + uses: "./.github/workflows/prepare-action" + + - name: "Run Molecule tests." + run: "pipenv run molecule test" + env: + MOLECULE_IMAGE: "${{ matrix.image }}" + + release: + name: "Release new version on Ansible Galaxy" + runs-on: "ubuntu-22.04" + if: "startsWith(github.ref, 'refs/tags/v')" + needs: ["lint", "test"] + steps: + - name: "checkout" + uses: "actions/checkout@v4" + - name: "galaxy" + uses: "robertdebock/galaxy-action@1.2.1" + with: + galaxy_api_key: "${{ secrets.galaxy_api_key }}" + git_branch: "main" diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/.github/workflows/prepare-action/action.yml b/automation/playbooks/roles/hifis.unattended_upgrades/.github/workflows/prepare-action/action.yml new file mode 100644 index 0000000..8e06663 --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/.github/workflows/prepare-action/action.yml @@ -0,0 +1,20 @@ +--- +name: "Install dependencies and prepare the environment." +description: "Install the necessary dependencies for jobs." +runs: + using: "composite" + steps: + - name: "Install pipenv." + run: "pipx install pipenv" + shell: "bash" + + - name: "Set up Python 3." + uses: "actions/setup-python@v4" + id: "setup-python" + with: + python-version: "3.10" + cache: "pipenv" + + - name: "Install dependencies via pipenv." + run: "pipenv install --dev" + shell: "bash" diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/.github_changelog_generator b/automation/playbooks/roles/hifis.unattended_upgrades/.github_changelog_generator new file mode 100644 index 0000000..5ec5ffc --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/.github_changelog_generator @@ -0,0 +1,3 @@ +user=hifis-net +project=ansible-role-unattended-upgrades +since-tag=v1.12.2 diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/.gitignore b/automation/playbooks/roles/hifis.unattended_upgrades/.gitignore new file mode 100644 index 0000000..66a6a9f --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/.gitignore @@ -0,0 +1,6 @@ +.vagrant/ +*~ +*.log +.idea/ +.pipenv/ +.vscode/ diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/.yamllint b/automation/playbooks/roles/hifis.unattended_upgrades/.yamllint new file mode 100644 index 0000000..9365134 --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/.yamllint @@ -0,0 +1,41 @@ +--- +# Based on ansible-lint config +extends: "default" + +ignore: | + .cache/ + +rules: + braces: + max-spaces-inside: 1 + level: "error" + brackets: + max-spaces-inside: 1 + level: "error" + colons: + max-spaces-after: -1 + level: "error" + commas: + max-spaces-after: -1 + level: "error" + comments: "disable" + comments-indentation: "disable" + document-start: "disable" + empty-lines: + max: 3 + level: "error" + hyphens: + level: "error" + indentation: "disable" + key-duplicates: "enable" + line-length: "disable" + new-line-at-end-of-file: "disable" + new-lines: + type: "unix" + quoted-strings: + quote-type: "any" + required: True + extra-required: [ ] + extra-allowed: [ ] + trailing-spaces: "disable" + truthy: "disable" diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/CHANGELOG.md b/automation/playbooks/roles/hifis.unattended_upgrades/CHANGELOG.md new file mode 100644 index 0000000..e8205f1 --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/CHANGELOG.md @@ -0,0 +1,207 @@ +# Changelog + +## [v3.2.1](https://github.com/hifis-net/ansible-role-unattended-upgrades/tree/v3.2.1) (2023-11-03) + +[Full Changelog](https://github.com/hifis-net/ansible-role-unattended-upgrades/compare/v3.2.0...v3.2.1) + +**Fixed bugs:** + +- "Bullseye-Workaround" needs to be applied to bookworm and later as well [\#146](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/146) + +**Closed issues:** + +- Unattended-Upgrade::Origins-Pattern from 50unattended-upgrades apparently can't be "overruled" [\#145](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/145) + +**Merged pull requests:** + +- fix: reformat allowed origins pattern [\#160](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/160) ([Normo](https://github.com/Normo)) +- fix: allow ${distro\_codename}-security on Debian bookworm [\#159](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/159) ([Normo](https://github.com/Normo)) +- chore\(deps-dev\): bump ansible-lint from 6.18.0 to 6.21.1 [\#157](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/157) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible from 8.3.0 to 8.5.0 [\#155](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/155) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump actions/checkout from 3 to 4 [\#147](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/147) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump molecule from 6.0.1 to 6.0.2 [\#144](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/144) ([dependabot[bot]](https://github.com/apps/dependabot)) + +## [v3.2.0](https://github.com/hifis-net/ansible-role-unattended-upgrades/tree/v3.2.0) (2023-08-25) + +[Full Changelog](https://github.com/hifis-net/ansible-role-unattended-upgrades/compare/v3.1.0...v3.2.0) + +**Implemented enhancements:** + +- Add support for Debian Bookworm [\#134](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/134) + +**Closed issues:** + +- Remove official support for EOL Ubuntu 18.04 [\#139](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/139) + +**Merged pull requests:** + +- chore: prepare release of version 3.2.0 [\#142](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/142) ([tobiashuste](https://github.com/tobiashuste)) +- fix: remove official support for EOL Ubuntu 18.04 [\#141](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/141) ([tobiashuste](https://github.com/tobiashuste)) +- feat: add support for Debian 12 bookworm [\#140](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/140) ([tobiashuste](https://github.com/tobiashuste)) +- Bump ansible-lint from 6.17.2 to 6.18.0 [\#138](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/138) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump molecule from 5.1.0 to 6.0.1 [\#137](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/137) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible from 8.1.0 to 8.3.0 [\#136](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/136) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump molecule-plugins from 23.4.1 to 23.5.0 [\#133](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/133) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible-lint from 6.16.2 to 6.17.2 [\#131](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/131) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump molecule from 5.0.1 to 5.1.0 [\#130](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/130) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible from 8.0.0 to 8.1.0 [\#129](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/129) ([dependabot[bot]](https://github.com/apps/dependabot)) + +## [v3.1.0](https://github.com/hifis-net/ansible-role-unattended-upgrades/tree/v3.1.0) (2023-06-09) + +[Full Changelog](https://github.com/hifis-net/ansible-role-unattended-upgrades/compare/v3.0.0...v3.1.0) + +**Implemented enhancements:** + +- Added custom of apt-daily timers apt-daily-upgrade [\#85](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/85) +- Test custom apt-daily timers [\#121](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/121) ([Normo](https://github.com/Normo)) + +**Closed issues:** + +- Remove support for ansible-core 2.12 [\#124](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/124) + +**Merged pull requests:** + +- Prepare release version 3.1.0 [\#127](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/127) ([Normo](https://github.com/Normo)) +- Update minimum ansible version to 2.13 [\#125](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/125) ([Normo](https://github.com/Normo)) +- Add support for custom apt-daily and apt-daily-upgrade timers [\#120](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/120) ([pgassmann](https://github.com/pgassmann)) +- Bump ansible from 7.6.0 to 8.0.0 [\#119](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/119) ([dependabot[bot]](https://github.com/apps/dependabot)) + +## [v3.0.0](https://github.com/hifis-net/ansible-role-unattended-upgrades/tree/v3.0.0) (2023-05-26) + +[Full Changelog](https://github.com/hifis-net/ansible-role-unattended-upgrades/compare/v2.0.1...v3.0.0) + +**UPGRADE NOTES AND BREAKING CHANGES:** + +As of this release, all Apt options for `unattended-upgrades` made in the default OS configuration files `/etc/apt/apt.conf.d/20auto-upgrades` and `/etc/apt/apt.conf.d/50unattended-upgrades` are now completely overwritten instead of being merged. This means that from now on only the options set by this role are active. + +**Fixed bugs:** + +- apt options are not overridden but merged [\#94](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/94) + +**Closed issues:** + +- ValueError: not enough values to unpack \(expected 2, got 1\) on Ubuntu Jammy [\#55](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/55) + +**Merged pull requests:** + +- Bump ansible from 7.5.0 to 7.6.0 [\#115](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/115) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump yamllint from 1.31.0 to 1.32.0 [\#114](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/114) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible-lint from 6.16.1 to 6.16.2 [\#113](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/113) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible-lint from 6.16.0 to 6.16.1 [\#112](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/112) ([dependabot[bot]](https://github.com/apps/dependabot)) +- fix: reformat config template [\#111](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/111) ([Normo](https://github.com/Normo)) +- Bump ansible-lint from 6.14.3 to 6.16.0 [\#109](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/109) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Erase all unattended-upgrades options first [\#107](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/107) ([Normo](https://github.com/Normo)) +- Bump yamllint from 1.28.0 to 1.31.0 [\#106](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/106) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible from 7.1.0 to 7.5.0 [\#105](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/105) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump molecule from 4.0.4 to 5.0.1 [\#104](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/104) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Add test for Unattended-Upgrade::Sender [\#103](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/103) ([Normo](https://github.com/Normo)) +- Unattended-Upgrade::Sender support [\#101](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/101) ([turikhay](https://github.com/turikhay)) +- Bump ansible-lint from 6.10.2 to 6.14.3 [\#99](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/99) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible-lint from 6.10.0 to 6.10.2 [\#82](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/82) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Do not cancel ci jobs if one ci job in the matrix fails [\#81](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/81) ([Normo](https://github.com/Normo)) +- Prepare release version 3.0.0 [\#117](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/117) ([Normo](https://github.com/Normo)) + +## [v2.0.1](https://github.com/hifis-net/ansible-role-unattended-upgrades/tree/v2.0.1) (2022-12-15) + +[Full Changelog](https://github.com/hifis-net/ansible-role-unattended-upgrades/compare/v2.0.0...v2.0.1) + +**Fixed bugs:** + +- Fix minimum specification of Ansible version [\#77](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/77) ([tobiashuste](https://github.com/tobiashuste)) + +**Closed issues:** + +- `unattended_dl_limit` doesn't work [\#76](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/76) +- ansible.builtin.import\_tasks problem [\#75](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/75) +- Detach fork [\#66](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/66) + +**Merged pull requests:** + +- Bump ansible-lint from 6.9.1 to 6.10.0 [\#79](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/79) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible from 7.0.0 to 7.1.0 [\#74](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/74) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump molecule from 4.0.3 to 4.0.4 [\#73](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/73) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible-lint from 6.9.0 to 6.9.1 [\#72](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/72) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Make sure GitHub Actions runs on the main branch [\#70](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/70) ([tobiashuste](https://github.com/tobiashuste)) +- Fix deprecation warning in GitHub Actions [\#69](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/69) ([tobiashuste](https://github.com/tobiashuste)) +- Prepare release v2.0.1 [\#78](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/78) ([Normo](https://github.com/Normo)) +- Leave a hint about the original fork [\#71](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/71) ([Normo](https://github.com/Normo)) + +## [v2.0.0](https://github.com/hifis-net/ansible-role-unattended-upgrades/tree/v2.0.0) (2022-12-02) + +[Full Changelog](https://github.com/hifis-net/ansible-role-unattended-upgrades/compare/v1.12.2...v2.0.0) + +**UPGRADE NOTES AND BREAKING CHANGES:** + +If you have used this role before version 2.0.0, the files `20auto-upgrades` and `50unattended-upgrades` will differ from the system defaults (instead of the configuration being placed in a separate file, as we do now). +These can be left as-is as they will be overridden. +During OS upgrades, when asked if these files should be overwritten by the maintainer's package, say yes. +They will then be reset to their default states, and you won't be asked these questions again. + +**Implemented enhancements:** + +- \[Feature Request\] Use force\_apt\_get [\#32](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/32) +- Override configuration in a separate apt.conf.d file [\#10](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/10) +- Test role via Molecule [\#8](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/8) + +**Fixed bugs:** + +- Molecule folder not linted by molecule [\#48](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/48) +- Change caused by indentation [\#53](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/53) +- Fix installation of powermgmt-base package [\#35](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/35) + +**Closed issues:** + +- Documentation role name mismatch [\#41](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/41) +- Some configurations options are missing [\#56](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/56) +- Remove support for OS that reached EOL [\#38](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/38) +- Add changelog [\#33](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/33) +- Add contribution guide [\#16](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/16) +- Rename default branch to `main` [\#13](https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/13) + +**Merged pull requests:** + +- Bump ansible-lint from 6.8.6 to 6.9.0 [\#62](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/62) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible from 6.5.0 to 7.0.0 [\#60](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/60) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Add missing option Unattended-Upgrade::MailReport [\#57](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/57) ([nono-lqdn](https://github.com/nono-lqdn)) +- Bump ansible-lint from 6.8.2 to 6.8.6 [\#54](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/54) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump molecule from 4.0.2 to 4.0.3 [\#49](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/49) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump molecule from 4.0.1 to 4.0.2 [\#47](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/47) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible-lint from 6.8.1 to 6.8.2 [\#46](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/46) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible from 6.4.0 to 6.5.0 [\#45](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/45) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible-lint from 6.8.0 to 6.8.1 [\#44](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/44) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible-lint from 6.5.0 to 6.8.0 [\#43](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/43) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Fix role name in README [\#42](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/42) ([lukashass](https://github.com/lukashass)) +- Bump molecule-podman from 2.0.2 to 2.0.3 [\#40](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/40) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible from 6.2.0 to 6.4.0 [\#25](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/25) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump yamllint from 1.27.1 to 1.28.0 [\#24](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/24) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Update README.md [\#19](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/19) ([Normo](https://github.com/Normo)) +- Bump ansible-lint from 6.4.0 to 6.5.0 [\#15](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/15) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Prepare release version 2.0.0 [\#67](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/67) ([Normo](https://github.com/Normo)) +- Add codeowners to autoassign reviewers [\#65](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/65) ([Normo](https://github.com/Normo)) +- Ensure new default branch main is used by Galaxy [\#64](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/64) ([Normo](https://github.com/Normo)) +- Lint molecule folder [\#63](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/63) ([Normo](https://github.com/Normo)) +- Fix indentation for unattended\_origins\_patterns in template file [\#61](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/61) ([Normo](https://github.com/Normo)) +- Remove support for OS that reached EOL [\#39](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/39) ([Normo](https://github.com/Normo)) +- Add changelog [\#37](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/37) ([Normo](https://github.com/Normo)) +- Fix installation of powermgmt-base [\#36](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/36) ([Normo](https://github.com/Normo)) +- Force usage of apt-get instead of aptitude [\#34](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/34) ([Normo](https://github.com/Normo)) +- Test Remove-Unused-Kernel-Packages option [\#31](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/31) ([Normo](https://github.com/Normo)) +- Add options for controlling the removal of unused kernel packages [\#29](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/29) ([gcotelli](https://github.com/gcotelli)) +- Stop overwriting default config [\#28](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/28) ([alpha0010](https://github.com/alpha0010)) +- Add contribution guide [\#22](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/22) ([Normo](https://github.com/Normo)) +- Remove custom ansible-lint config [\#18](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/18) ([Normo](https://github.com/Normo)) +- Fix 'All names should start with an uppercase letter' warnings [\#17](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/17) ([Normo](https://github.com/Normo)) +- Fix CI badge in README [\#14](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/14) ([tobiashuste](https://github.com/tobiashuste)) +- Replace deprecated include with import\_tasks [\#12](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/12) ([Normo](https://github.com/Normo)) +- Update README.md [\#11](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/11) ([Normo](https://github.com/Normo)) +- Test the role via molecule and update supported OS [\#9](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/9) ([tobiashuste](https://github.com/tobiashuste)) +- Bump actions/checkout from 2 to 3 [\#6](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/6) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible/ansible-lint-action from 6.0.2 to 6.3.0 [\#5](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/5) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Add dependabot config to daily check for GitHub actions updates [\#4](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/4) ([Normo](https://github.com/Normo)) +- Force quoted strings [\#3](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/3) ([Normo](https://github.com/Normo)) +- Add yamllint configuration [\#2](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/2) ([Normo](https://github.com/Normo)) +- Fork https://github.com/jnv/ansible-role-unattended-upgrades [\#1](https://github.com/hifis-net/ansible-role-unattended-upgrades/pull/1) ([Normo](https://github.com/Normo)) + + + +\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/CONTRIBUTING.md b/automation/playbooks/roles/hifis.unattended_upgrades/CONTRIBUTING.md new file mode 100644 index 0000000..f056c7e --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/CONTRIBUTING.md @@ -0,0 +1,189 @@ + + +# Contributing + +## Please Help to Improve this Project + +You would like to contribute to this project and want to know how to do that? +Let me tell you first that you are awesome because you take care! +Let's make this Ansible role even better. +Any contributions and help to improve this project via issues, pull requests +and more are most welcome and much appreciated. +We are here to help you with your contributions at any time. +Please mention us in issues and pull requests if you need help or if you have +questions. + +## Why Do We Need Contributors and Contributions + +Coding is team-work and open-source software is community-work. +In order to enhance the project or correct bugs and regressions in the project +we need you and your support because the project benefits from your expertise, +knowledge, opinions, perspectives, and labour. +Together we are improving this Ansible role step-by-step. +Please follow these guidelines and be respectful as we respect your work and +your contributions in the same manner and support you and help you with your +contributions. +Feel free to get into contact with us or with other contributors as the +community will help you with your questions and contributions. + +## Contributions We are Looking For + +There are different ways to contribute to this project: + +1. Discuss issues and pull requests +2. Submit bug reports or contribute new feature proposals +3. Contribute fixes or implement new features +4. Do testing + +### Investigate Before Contributing + +Before you start contributing and create issues and pull requests we ask you +to first check whether an issue or pull request already exists for the error, +enhancement, feature or test case you have in mind. + +### Discuss Issues and Pull Requests + +You can contribute by participating in discussions you find in issues and +pull requests or by starting your own discussions. + +### Submit Bug Reports or Contribute New Feature Proposals + +If you found a bug in the Ansible role or a typo in the documentation or +if you would like to discuss or suggest functional or quality aspects of the +role you are welcome to create issues to get in contact with us. + +### Contribute Fixes or Implement New Features + +If you would like to provide a fix for a bug or a typo in the documentation or +even add or change specific features of the role or specific parts of the +documentation, you are welcome to fork this repository, create a separate +branch, create a pull request and add your contributions. +Please also label the pull request, refer to related issues and assign +reviewers that take care of reviewing your suggested changes. +We would like you to check that the CI pipeline passes before asking reviewers +to review your suggestions. + +### Do Testing + +While automated tests are by far our preferred testing method we also +acknowledge contributors doing exploratory testing. +Sometimes the existing automated tests are not sufficient to account for +specific corner cases and to reveal hidden bugs. +Testing the role manually is always a good approach to make sure that the role +passes a particular additional test case. +Even more valuable are automated tests because they are repeatable. +That is why these test methods work best in combination. +Once a bug is revealed in an exploratory test, additional automated test-cases +need to be added that mark this behaviour as a defect. +As a consequence, a fix need to be developed that makes the CI pipeline and +the new regression tests pass again. +Please feel free to support the project by providing automated test cases. +In order to do so you need to fork the repository, create a separate branch, +create a pull request and add the test cases and fixes to that new branch. +Please also use labels for your pull request, name issues that you refer to +and assign reviewers who would be able to review your suggested test cases and +fixes. +Please make sure that the CI pipeline passes before you name reviewers for your +pull request. + +### GitHub Actions CI Pipeline and Code Reviews + +Finally, as soon as your changes are ready and you would like to ask someone +to review your contributions you need to check that all GitHub Actions CI +pipeline jobs pass in your pull request before assigning reviewers to your +pull request. + +## Contributions Workflow via Pull Requests + +In summary, if you would like to contribute with pull requests for +enhancements, bug-fixes or test cases, we kindly ask you to follow this +workflow: + +![Workflow Blockdiagram with Kroki](https://kroki.hzdr.de/blockdiag/svg/eNqNU8tO5DAQvPMVrTmRwwrYF7tCcNkT30A4dJyejDXGDm0bNkL8-7YfM3I0WsEpUXd1uV1VHoxT-1HjBG9nAHokhAeDAxm4hc1VB4uLDJZec2vzeJNA9oV80BMGarBfO1A7UnvQW9DeR4KL3s7RGGB6jjLQWzRMOC5Af7UPvpBtHe8blm9dqTDNzuvgeCmwgdGqXQP8LscJm6yAtVmA9bAG-eOAXK9T4DiODfRnlwvpzr1VzgbWQwza2QIOa-LrDoy2AdCOudXbLFY711uRF41Z4NzNqYCmK1xKN0y_OnjCPYGPLFuGHQb4cw8zek_-cK0XTa_EzdDvsuyhc-4rs4_TlPxx1rdWXnZinHI8O85alLkWXcafiKfW1ysJQa6dylcDk6YmdnHOEQI4js7iIjKtFNncZIxjTTZgqgjSiIRe4Uyl2Qbsy10JhHxrBuSv7pDQ7_87_MSLz5ycBBX-8BG5uJNcLxr6zzCL33nxaqP8N8ofzso6H3VNoNVb2zoz0riKuUByhJtWqPWUsKbcxkK61eYj4Pj4lTOO0x2NnnZhMJHa8K-7E9OySs1Jm_LTeT_7B8Nka6c=) + +For those of you who want to know how forked-based contributions work on +_GitHub_, we would like to point to the _GitHub Docs_ about +[contributing to projects](https://docs.github.com/en/get-started/quickstart/contributing-to-projects). + +## Set Up a Local Development Environment (Optional) + +In order to add contributions via pull requests you most probably need to +create a local development environment to make sure that your changes +work as expected. +After cloning the project locally the _Python_ dependencies need to be +installed: + +```shell +$ pipenv install --dev +``` + +As mentioned in the suggested contribution workflow above, linting and testing +your contributions locally is optional, but we encourage you to do so. +The following sections show how to lint and test your contributions locally. + +### Linting the Project + +This role is linted via +[Ansible Lint](https://ansible-lint.readthedocs.io/en/latest/) +and +[yamllint](https://yamllint.readthedocs.io/en/stable/) +which guarantees that the role adheres to a set of +[Ansible Lint rules](https://ansible-lint.readthedocs.io/en/latest/default_rules/) +and +[yamllint rules](https://yamllint.readthedocs.io/en/stable/rules.html): + +```shell +$ pipenv run molecule lint +``` + +### REUSE Specification Compliance + +Each file in this project needs to have a proper license and copyright header. +Please check that each file you add to the project contains license and +copyright information and that it thereby meets the +[REUSE Specification](https://reuse.software/spec/): + +```shell +$ pipenv run reuse lint +``` + +### Testing the Ansible Role + +This role is tested via +[Ansible Molecule](https://molecule.readthedocs.io/en/latest/). +During development of your changes we would like you to use _Molecule_ and +the existing automated test cases to verify that your changes do not break +existing test cases: + +```shell +$ pipenv run molecule test +```` + +## How are Contributors Given Credit for Their Valuable Work? + +Please add yourself to the list of contributors in file +[README.md](README.md#contributors) +via a pull request if you made significant contributions to this role. +Significant contributions are done by suggesting pull requests that fix +bugs or add features or test cases to the project. +Since all other contributions are welcome and may be significant as well +you can request to be added as a contributor which is then decided on a +case-by-case basis. + +## Ground Rules and Contributions We are Not Looking For + +While we welcome and appreciate all contributions we want people to be kind, +respectful and mindful and won't support people who aren't. +Please help and support each other. +In order to get an idea what this actually means and involves we would like to +ask you to read the Codes of Conduct of +[The Carpentries](https://docs.carpentries.org/topic_folders/policies/code-of-conduct.html#code-of-conduct-detailed-view), +the +[Ansible Community](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html#community-code-of-conduct), +and the +[GitLab Community](https://about.gitlab.com/community/contribute/code-of-conduct/). diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/LICENSE b/automation/playbooks/roles/hifis.unattended_upgrades/LICENSE new file mode 100644 index 0000000..d511905 --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/LICENSE @@ -0,0 +1,339 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/Pipfile b/automation/playbooks/roles/hifis.unattended_upgrades/Pipfile new file mode 100644 index 0000000..a284b56 --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/Pipfile @@ -0,0 +1,16 @@ +[[source]] +name = "pypi" +url = "https://pypi.org/simple" +verify_ssl = true + +[dev-packages] +yamllint = "~=1.32.0" +ansible-lint = "~=6.21.1" +molecule = "~=6.0.2" +molecule-plugins = {extras = ["podman"], version = "~=23.5.0"} + +[packages] +ansible = "~=8.5.0" + +[requires] +python_version = "3.10" diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/Pipfile.lock b/automation/playbooks/roles/hifis.unattended_upgrades/Pipfile.lock new file mode 100644 index 0000000..0988b8c --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/Pipfile.lock @@ -0,0 +1,1059 @@ +{ + "_meta": { + "hash": { + "sha256": "5a1a07a80ff50f443ae241fda3f3e37d35824bea8b2aa6fdcc59d9f55802a18d" + }, + "pipfile-spec": 6, + "requires": { + "python_version": "3.10" + }, + "sources": [ + { + "name": "pypi", + "url": "https://pypi.org/simple", + "verify_ssl": true + } + ] + }, + "default": { + "ansible": { + "hashes": [ + "sha256:2749032e26b0dbc9a694528b85fd89e7f950b8c7b53606f17dd997f23ac7cc88", + "sha256:327c509bdaf5cdb2489d85c09d2c107e9432f9874c8bb5c0702a731160915f2d" + ], + "index": "pypi", + "markers": "python_version >= '3.9'", + "version": "==8.5.0" + }, + "ansible-core": { + "hashes": [ + "sha256:3efa234de5fce79ec98853f3369535b27cacd7ce498495b996030cd15c373735", + "sha256:8cc539cb8d4349af3ffd901c70722f7a7a203ae6427ddac95ffdf546a6e41602" + ], + "markers": "python_version >= '3.9'", + "version": "==2.15.5" + }, + "cffi": { + "hashes": [ + "sha256:0c9ef6ff37e974b73c25eecc13952c55bceed9112be2d9d938ded8e856138bcc", + "sha256:131fd094d1065b19540c3d72594260f118b231090295d8c34e19a7bbcf2e860a", + "sha256:1b8ebc27c014c59692bb2664c7d13ce7a6e9a629be20e54e7271fa696ff2b417", + "sha256:2c56b361916f390cd758a57f2e16233eb4f64bcbeee88a4881ea90fca14dc6ab", + "sha256:2d92b25dbf6cae33f65005baf472d2c245c050b1ce709cc4588cdcdd5495b520", + "sha256:31d13b0f99e0836b7ff893d37af07366ebc90b678b6664c955b54561fc36ef36", + "sha256:32c68ef735dbe5857c810328cb2481e24722a59a2003018885514d4c09af9743", + "sha256:3686dffb02459559c74dd3d81748269ffb0eb027c39a6fc99502de37d501faa8", + "sha256:582215a0e9adbe0e379761260553ba11c58943e4bbe9c36430c4ca6ac74b15ed", + "sha256:5b50bf3f55561dac5438f8e70bfcdfd74543fd60df5fa5f62d94e5867deca684", + "sha256:5bf44d66cdf9e893637896c7faa22298baebcd18d1ddb6d2626a6e39793a1d56", + "sha256:6602bc8dc6f3a9e02b6c22c4fc1e47aa50f8f8e6d3f78a5e16ac33ef5fefa324", + "sha256:673739cb539f8cdaa07d92d02efa93c9ccf87e345b9a0b556e3ecc666718468d", + "sha256:68678abf380b42ce21a5f2abde8efee05c114c2fdb2e9eef2efdb0257fba1235", + "sha256:68e7c44931cc171c54ccb702482e9fc723192e88d25a0e133edd7aff8fcd1f6e", + "sha256:6b3d6606d369fc1da4fd8c357d026317fbb9c9b75d36dc16e90e84c26854b088", + "sha256:748dcd1e3d3d7cd5443ef03ce8685043294ad6bd7c02a38d1bd367cfd968e000", + "sha256:7651c50c8c5ef7bdb41108b7b8c5a83013bfaa8a935590c5d74627c047a583c7", + "sha256:7b78010e7b97fef4bee1e896df8a4bbb6712b7f05b7ef630f9d1da00f6444d2e", + "sha256:7e61e3e4fa664a8588aa25c883eab612a188c725755afff6289454d6362b9673", + "sha256:80876338e19c951fdfed6198e70bc88f1c9758b94578d5a7c4c91a87af3cf31c", + "sha256:8895613bcc094d4a1b2dbe179d88d7fb4a15cee43c052e8885783fac397d91fe", + "sha256:88e2b3c14bdb32e440be531ade29d3c50a1a59cd4e51b1dd8b0865c54ea5d2e2", + "sha256:8f8e709127c6c77446a8c0a8c8bf3c8ee706a06cd44b1e827c3e6a2ee6b8c098", + "sha256:9cb4a35b3642fc5c005a6755a5d17c6c8b6bcb6981baf81cea8bfbc8903e8ba8", + "sha256:9f90389693731ff1f659e55c7d1640e2ec43ff725cc61b04b2f9c6d8d017df6a", + "sha256:a09582f178759ee8128d9270cd1344154fd473bb77d94ce0aeb2a93ebf0feaf0", + "sha256:a6a14b17d7e17fa0d207ac08642c8820f84f25ce17a442fd15e27ea18d67c59b", + "sha256:a72e8961a86d19bdb45851d8f1f08b041ea37d2bd8d4fd19903bc3083d80c896", + "sha256:abd808f9c129ba2beda4cfc53bde801e5bcf9d6e0f22f095e45327c038bfe68e", + "sha256:ac0f5edd2360eea2f1daa9e26a41db02dd4b0451b48f7c318e217ee092a213e9", + "sha256:b29ebffcf550f9da55bec9e02ad430c992a87e5f512cd63388abb76f1036d8d2", + "sha256:b2ca4e77f9f47c55c194982e10f058db063937845bb2b7a86c84a6cfe0aefa8b", + "sha256:b7be2d771cdba2942e13215c4e340bfd76398e9227ad10402a8767ab1865d2e6", + "sha256:b84834d0cf97e7d27dd5b7f3aca7b6e9263c56308ab9dc8aae9784abb774d404", + "sha256:b86851a328eedc692acf81fb05444bdf1891747c25af7529e39ddafaf68a4f3f", + "sha256:bcb3ef43e58665bbda2fb198698fcae6776483e0c4a631aa5647806c25e02cc0", + "sha256:c0f31130ebc2d37cdd8e44605fb5fa7ad59049298b3f745c74fa74c62fbfcfc4", + "sha256:c6a164aa47843fb1b01e941d385aab7215563bb8816d80ff3a363a9f8448a8dc", + "sha256:d8a9d3ebe49f084ad71f9269834ceccbf398253c9fac910c4fd7053ff1386936", + "sha256:db8e577c19c0fda0beb7e0d4e09e0ba74b1e4c092e0e40bfa12fe05b6f6d75ba", + "sha256:dc9b18bf40cc75f66f40a7379f6a9513244fe33c0e8aa72e2d56b0196a7ef872", + "sha256:e09f3ff613345df5e8c3667da1d918f9149bd623cd9070c983c013792a9a62eb", + "sha256:e4108df7fe9b707191e55f33efbcb2d81928e10cea45527879a4749cbe472614", + "sha256:e6024675e67af929088fda399b2094574609396b1decb609c55fa58b028a32a1", + "sha256:e70f54f1796669ef691ca07d046cd81a29cb4deb1e5f942003f401c0c4a2695d", + "sha256:e715596e683d2ce000574bae5d07bd522c781a822866c20495e52520564f0969", + "sha256:e760191dd42581e023a68b758769e2da259b5d52e3103c6060ddc02c9edb8d7b", + "sha256:ed86a35631f7bfbb28e108dd96773b9d5a6ce4811cf6ea468bb6a359b256b1e4", + "sha256:ee07e47c12890ef248766a6e55bd38ebfb2bb8edd4142d56db91b21ea68b7627", + "sha256:fa3a0128b152627161ce47201262d3140edb5a5c3da88d73a1b790a959126956", + "sha256:fcc8eb6d5902bb1cf6dc4f187ee3ea80a1eba0a89aba40a5cb20a5087d961357" + ], + "markers": "python_version >= '3.8'", + "version": "==1.16.0" + }, + "cryptography": { + "hashes": [ + "sha256:0c327cac00f082013c7c9fb6c46b7cc9fa3c288ca702c74773968173bda421bf", + "sha256:0d2a6a598847c46e3e321a7aef8af1436f11c27f1254933746304ff014664d84", + "sha256:227ec057cd32a41c6651701abc0328135e472ed450f47c2766f23267b792a88e", + "sha256:22892cc830d8b2c89ea60148227631bb96a7da0c1b722f2aac8824b1b7c0b6b8", + "sha256:392cb88b597247177172e02da6b7a63deeff1937fa6fec3bbf902ebd75d97ec7", + "sha256:3be3ca726e1572517d2bef99a818378bbcf7d7799d5372a46c79c29eb8d166c1", + "sha256:573eb7128cbca75f9157dcde974781209463ce56b5804983e11a1c462f0f4e88", + "sha256:580afc7b7216deeb87a098ef0674d6ee34ab55993140838b14c9b83312b37b86", + "sha256:5a70187954ba7292c7876734183e810b728b4f3965fbe571421cb2434d279179", + "sha256:73801ac9736741f220e20435f84ecec75ed70eda90f781a148f1bad546963d81", + "sha256:7d208c21e47940369accfc9e85f0de7693d9a5d843c2509b3846b2db170dfd20", + "sha256:8254962e6ba1f4d2090c44daf50a547cd5f0bf446dc658a8e5f8156cae0d8548", + "sha256:88417bff20162f635f24f849ab182b092697922088b477a7abd6664ddd82291d", + "sha256:a48e74dad1fb349f3dc1d449ed88e0017d792997a7ad2ec9587ed17405667e6d", + "sha256:b948e09fe5fb18517d99994184854ebd50b57248736fd4c720ad540560174ec5", + "sha256:c707f7afd813478e2019ae32a7c49cd932dd60ab2d2a93e796f68236b7e1fbf1", + "sha256:d38e6031e113b7421db1de0c1b1f7739564a88f1684c6b89234fbf6c11b75147", + "sha256:d3977f0e276f6f5bf245c403156673db103283266601405376f075c849a0b936", + "sha256:da6a0ff8f1016ccc7477e6339e1d50ce5f59b88905585f77193ebd5068f1e797", + "sha256:e270c04f4d9b5671ebcc792b3ba5d4488bf7c42c3c241a3748e2599776f29696", + "sha256:e886098619d3815e0ad5790c973afeee2c0e6e04b4da90b88e6bd06e2a0b1b72", + "sha256:ec3b055ff8f1dce8e6ef28f626e0972981475173d7973d63f271b29c8a2897da", + "sha256:fba1e91467c65fe64a82c689dc6cf58151158993b13eb7a7f3f4b7f395636723" + ], + "markers": "python_version >= '3.7'", + "version": "==41.0.5" + }, + "jinja2": { + "hashes": [ + "sha256:31351a702a408a9e7595a8fc6150fc3f43bb6bf7e319770cbc0db9df9437e852", + "sha256:6088930bfe239f0e6710546ab9c19c9ef35e29792895fed6e6e31a023a182a61" + ], + "markers": "python_version >= '3.7'", + "version": "==3.1.2" + }, + "markupsafe": { + "hashes": [ + "sha256:05fb21170423db021895e1ea1e1f3ab3adb85d1c2333cbc2310f2a26bc77272e", + "sha256:0a4e4a1aff6c7ac4cd55792abf96c915634c2b97e3cc1c7129578aa68ebd754e", + "sha256:10bbfe99883db80bdbaff2dcf681dfc6533a614f700da1287707e8a5d78a8431", + "sha256:134da1eca9ec0ae528110ccc9e48041e0828d79f24121a1a146161103c76e686", + "sha256:14ff806850827afd6b07a5f32bd917fb7f45b046ba40c57abdb636674a8b559c", + "sha256:1577735524cdad32f9f694208aa75e422adba74f1baee7551620e43a3141f559", + "sha256:1b40069d487e7edb2676d3fbdb2b0829ffa2cd63a2ec26c4938b2d34391b4ecc", + "sha256:1b8dd8c3fd14349433c79fa8abeb573a55fc0fdd769133baac1f5e07abf54aeb", + "sha256:1f67c7038d560d92149c060157d623c542173016c4babc0c1913cca0564b9939", + "sha256:282c2cb35b5b673bbcadb33a585408104df04f14b2d9b01d4c345a3b92861c2c", + "sha256:2c1b19b3aaacc6e57b7e25710ff571c24d6c3613a45e905b1fde04d691b98ee0", + "sha256:2ef12179d3a291be237280175b542c07a36e7f60718296278d8593d21ca937d4", + "sha256:338ae27d6b8745585f87218a3f23f1512dbf52c26c28e322dbe54bcede54ccb9", + "sha256:3c0fae6c3be832a0a0473ac912810b2877c8cb9d76ca48de1ed31e1c68386575", + "sha256:3fd4abcb888d15a94f32b75d8fd18ee162ca0c064f35b11134be77050296d6ba", + "sha256:42de32b22b6b804f42c5d98be4f7e5e977ecdd9ee9b660fda1a3edf03b11792d", + "sha256:47d4f1c5f80fc62fdd7777d0d40a2e9dda0a05883ab11374334f6c4de38adffd", + "sha256:504b320cd4b7eff6f968eddf81127112db685e81f7e36e75f9f84f0df46041c3", + "sha256:525808b8019e36eb524b8c68acdd63a37e75714eac50e988180b169d64480a00", + "sha256:56d9f2ecac662ca1611d183feb03a3fa4406469dafe241673d521dd5ae92a155", + "sha256:5bbe06f8eeafd38e5d0a4894ffec89378b6c6a625ff57e3028921f8ff59318ac", + "sha256:65c1a9bcdadc6c28eecee2c119465aebff8f7a584dd719facdd9e825ec61ab52", + "sha256:68e78619a61ecf91e76aa3e6e8e33fc4894a2bebe93410754bd28fce0a8a4f9f", + "sha256:69c0f17e9f5a7afdf2cc9fb2d1ce6aabdb3bafb7f38017c0b77862bcec2bbad8", + "sha256:6b2b56950d93e41f33b4223ead100ea0fe11f8e6ee5f641eb753ce4b77a7042b", + "sha256:715d3562f79d540f251b99ebd6d8baa547118974341db04f5ad06d5ea3eb8007", + "sha256:787003c0ddb00500e49a10f2844fac87aa6ce977b90b0feaaf9de23c22508b24", + "sha256:7ef3cb2ebbf91e330e3bb937efada0edd9003683db6b57bb108c4001f37a02ea", + "sha256:8023faf4e01efadfa183e863fefde0046de576c6f14659e8782065bcece22198", + "sha256:8758846a7e80910096950b67071243da3e5a20ed2546e6392603c096778d48e0", + "sha256:8afafd99945ead6e075b973fefa56379c5b5c53fd8937dad92c662da5d8fd5ee", + "sha256:8c41976a29d078bb235fea9b2ecd3da465df42a562910f9022f1a03107bd02be", + "sha256:8e254ae696c88d98da6555f5ace2279cf7cd5b3f52be2b5cf97feafe883b58d2", + "sha256:8f9293864fe09b8149f0cc42ce56e3f0e54de883a9de90cd427f191c346eb2e1", + "sha256:9402b03f1a1b4dc4c19845e5c749e3ab82d5078d16a2a4c2cd2df62d57bb0707", + "sha256:962f82a3086483f5e5f64dbad880d31038b698494799b097bc59c2edf392fce6", + "sha256:9aad3c1755095ce347e26488214ef77e0485a3c34a50c5a5e2471dff60b9dd9c", + "sha256:9dcdfd0eaf283af041973bff14a2e143b8bd64e069f4c383416ecd79a81aab58", + "sha256:aa57bd9cf8ae831a362185ee444e15a93ecb2e344c8e52e4d721ea3ab6ef1823", + "sha256:aa7bd130efab1c280bed0f45501b7c8795f9fdbeb02e965371bbef3523627779", + "sha256:ab4a0df41e7c16a1392727727e7998a467472d0ad65f3ad5e6e765015df08636", + "sha256:ad9e82fb8f09ade1c3e1b996a6337afac2b8b9e365f926f5a61aacc71adc5b3c", + "sha256:af598ed32d6ae86f1b747b82783958b1a4ab8f617b06fe68795c7f026abbdcad", + "sha256:b076b6226fb84157e3f7c971a47ff3a679d837cf338547532ab866c57930dbee", + "sha256:b7ff0f54cb4ff66dd38bebd335a38e2c22c41a8ee45aa608efc890ac3e3931bc", + "sha256:bfce63a9e7834b12b87c64d6b155fdd9b3b96191b6bd334bf37db7ff1fe457f2", + "sha256:c011a4149cfbcf9f03994ec2edffcb8b1dc2d2aede7ca243746df97a5d41ce48", + "sha256:c9c804664ebe8f83a211cace637506669e7890fec1b4195b505c214e50dd4eb7", + "sha256:ca379055a47383d02a5400cb0d110cef0a776fc644cda797db0c5696cfd7e18e", + "sha256:cb0932dc158471523c9637e807d9bfb93e06a95cbf010f1a38b98623b929ef2b", + "sha256:cd0f502fe016460680cd20aaa5a76d241d6f35a1c3350c474bac1273803893fa", + "sha256:ceb01949af7121f9fc39f7d27f91be8546f3fb112c608bc4029aef0bab86a2a5", + "sha256:d080e0a5eb2529460b30190fcfcc4199bd7f827663f858a226a81bc27beaa97e", + "sha256:dd15ff04ffd7e05ffcb7fe79f1b98041b8ea30ae9234aed2a9168b5797c3effb", + "sha256:df0be2b576a7abbf737b1575f048c23fb1d769f267ec4358296f31c2479db8f9", + "sha256:e09031c87a1e51556fdcb46e5bd4f59dfb743061cf93c4d6831bf894f125eb57", + "sha256:e4dd52d80b8c83fdce44e12478ad2e85c64ea965e75d66dbeafb0a3e77308fcc", + "sha256:f698de3fd0c4e6972b92290a45bd9b1536bffe8c6759c62471efaa8acb4c37bc", + "sha256:fec21693218efe39aa7f8599346e90c705afa52c5b31ae019b2e57e8f6542bb2", + "sha256:ffcc3f7c66b5f5b7931a5aa68fc9cecc51e685ef90282f4a82f0f5e9b704ad11" + ], + "markers": "python_version >= '3.7'", + "version": "==2.1.3" + }, + "packaging": { + "hashes": [ + "sha256:048fb0e9405036518eaaf48a55953c750c11e1a1b68e0dd1a9d62ed0c092cfc5", + "sha256:8c491190033a9af7e1d931d0b5dacc2ef47509b34dd0de67ed209b5203fc88c7" + ], + "markers": "python_version >= '3.7'", + "version": "==23.2" + }, + "pycparser": { + "hashes": [ + "sha256:8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9", + "sha256:e644fdec12f7872f86c58ff790da456218b10f863970249516d60a5eaca77206" + ], + "version": "==2.21" + }, + "pyyaml": { + "hashes": [ + "sha256:04ac92ad1925b2cff1db0cfebffb6ffc43457495c9b3c39d3fcae417d7125dc5", + "sha256:062582fca9fabdd2c8b54a3ef1c978d786e0f6b3a1510e0ac93ef59e0ddae2bc", + "sha256:0d3304d8c0adc42be59c5f8a4d9e3d7379e6955ad754aa9d6ab7a398b59dd1df", + "sha256:1635fd110e8d85d55237ab316b5b011de701ea0f29d07611174a1b42f1444741", + "sha256:184c5108a2aca3c5b3d3bf9395d50893a7ab82a38004c8f61c258d4428e80206", + "sha256:18aeb1bf9a78867dc38b259769503436b7c72f7a1f1f4c93ff9a17de54319b27", + "sha256:1d4c7e777c441b20e32f52bd377e0c409713e8bb1386e1099c2415f26e479595", + "sha256:1e2722cc9fbb45d9b87631ac70924c11d3a401b2d7f410cc0e3bbf249f2dca62", + "sha256:1fe35611261b29bd1de0070f0b2f47cb6ff71fa6595c077e42bd0c419fa27b98", + "sha256:28c119d996beec18c05208a8bd78cbe4007878c6dd15091efb73a30e90539696", + "sha256:326c013efe8048858a6d312ddd31d56e468118ad4cdeda36c719bf5bb6192290", + "sha256:40df9b996c2b73138957fe23a16a4f0ba614f4c0efce1e9406a184b6d07fa3a9", + "sha256:42f8152b8dbc4fe7d96729ec2b99c7097d656dc1213a3229ca5383f973a5ed6d", + "sha256:49a183be227561de579b4a36efbb21b3eab9651dd81b1858589f796549873dd6", + "sha256:4fb147e7a67ef577a588a0e2c17b6db51dda102c71de36f8549b6816a96e1867", + "sha256:50550eb667afee136e9a77d6dc71ae76a44df8b3e51e41b77f6de2932bfe0f47", + "sha256:510c9deebc5c0225e8c96813043e62b680ba2f9c50a08d3724c7f28a747d1486", + "sha256:5773183b6446b2c99bb77e77595dd486303b4faab2b086e7b17bc6bef28865f6", + "sha256:596106435fa6ad000c2991a98fa58eeb8656ef2325d7e158344fb33864ed87e3", + "sha256:6965a7bc3cf88e5a1c3bd2e0b5c22f8d677dc88a455344035f03399034eb3007", + "sha256:69b023b2b4daa7548bcfbd4aa3da05b3a74b772db9e23b982788168117739938", + "sha256:6c22bec3fbe2524cde73d7ada88f6566758a8f7227bfbf93a408a9d86bcc12a0", + "sha256:704219a11b772aea0d8ecd7058d0082713c3562b4e271b849ad7dc4a5c90c13c", + "sha256:7e07cbde391ba96ab58e532ff4803f79c4129397514e1413a7dc761ccd755735", + "sha256:81e0b275a9ecc9c0c0c07b4b90ba548307583c125f54d5b6946cfee6360c733d", + "sha256:855fb52b0dc35af121542a76b9a84f8d1cd886ea97c84703eaa6d88e37a2ad28", + "sha256:8d4e9c88387b0f5c7d5f281e55304de64cf7f9c0021a3525bd3b1c542da3b0e4", + "sha256:9046c58c4395dff28dd494285c82ba00b546adfc7ef001486fbf0324bc174fba", + "sha256:9eb6caa9a297fc2c2fb8862bc5370d0303ddba53ba97e71f08023b6cd73d16a8", + "sha256:a0cd17c15d3bb3fa06978b4e8958dcdc6e0174ccea823003a106c7d4d7899ac5", + "sha256:afd7e57eddb1a54f0f1a974bc4391af8bcce0b444685d936840f125cf046d5bd", + "sha256:b1275ad35a5d18c62a7220633c913e1b42d44b46ee12554e5fd39c70a243d6a3", + "sha256:b786eecbdf8499b9ca1d697215862083bd6d2a99965554781d0d8d1ad31e13a0", + "sha256:ba336e390cd8e4d1739f42dfe9bb83a3cc2e80f567d8805e11b46f4a943f5515", + "sha256:baa90d3f661d43131ca170712d903e6295d1f7a0f595074f151c0aed377c9b9c", + "sha256:bc1bf2925a1ecd43da378f4db9e4f799775d6367bdb94671027b73b393a7c42c", + "sha256:bd4af7373a854424dabd882decdc5579653d7868b8fb26dc7d0e99f823aa5924", + "sha256:bf07ee2fef7014951eeb99f56f39c9bb4af143d8aa3c21b1677805985307da34", + "sha256:bfdf460b1736c775f2ba9f6a92bca30bc2095067b8a9d77876d1fad6cc3b4a43", + "sha256:c8098ddcc2a85b61647b2590f825f3db38891662cfc2fc776415143f599bb859", + "sha256:d2b04aac4d386b172d5b9692e2d2da8de7bfb6c387fa4f801fbf6fb2e6ba4673", + "sha256:d483d2cdf104e7c9fa60c544d92981f12ad66a457afae824d146093b8c294c54", + "sha256:d858aa552c999bc8a8d57426ed01e40bef403cd8ccdd0fc5f6f04a00414cac2a", + "sha256:e7d73685e87afe9f3b36c799222440d6cf362062f78be1013661b00c5c6f678b", + "sha256:f003ed9ad21d6a4713f0a9b5a7a0a79e08dd0f221aff4525a2be4c346ee60aab", + "sha256:f22ac1c3cac4dbc50079e965eba2c1058622631e526bd9afd45fedd49ba781fa", + "sha256:faca3bdcf85b2fc05d06ff3fbc1f83e1391b3e724afa3feba7d13eeab355484c", + "sha256:fca0e3a251908a499833aa292323f32437106001d436eca0e6e7833256674585", + "sha256:fd1592b3fdf65fff2ad0004b5e363300ef59ced41c2e6b3a99d4089fa8c5435d", + "sha256:fd66fc5d0da6d9815ba2cebeb4205f95818ff4b79c3ebe268e75d961704af52f" + ], + "markers": "python_version >= '3.6'", + "version": "==6.0.1" + }, + "resolvelib": { + "hashes": [ + "sha256:04ce76cbd63fded2078ce224785da6ecd42b9564b1390793f64ddecbe997b309", + "sha256:d2da45d1a8dfee81bdd591647783e340ef3bcb104b54c383f70d422ef5cc7dbf" + ], + "version": "==1.0.1" + } + }, + "develop": { + "ansible-compat": { + "hashes": [ + "sha256:2be8c7b510d2e15eed1e9ef443209d67d9aec8f427026b88936d4535ff59863d", + "sha256:f09c3137c9f5f65d38caed44f1a1565c0e7170df720d461e76839beda6018edb" + ], + "markers": "python_version >= '3.9'", + "version": "==4.1.10" + }, + "ansible-core": { + "hashes": [ + "sha256:3efa234de5fce79ec98853f3369535b27cacd7ce498495b996030cd15c373735", + "sha256:8cc539cb8d4349af3ffd901c70722f7a7a203ae6427ddac95ffdf546a6e41602" + ], + "markers": "python_version >= '3.9'", + "version": "==2.15.5" + }, + "ansible-lint": { + "hashes": [ + "sha256:05ffc6dfc8f3cbbf56f7f9770b3436fc7909bad5c1d75470efa064531f02df6e", + "sha256:5087434a56c0df829fd35cde157aeb61dd6d7077e5d467e7d2a1622f1f543842" + ], + "index": "pypi", + "markers": "python_version >= '3.9'", + "version": "==6.21.1" + }, + "attrs": { + "hashes": [ + "sha256:1f28b4522cdc2fb4256ac1a020c78acf9cba2c6b461ccd2c126f3aa8e8335d04", + "sha256:6279836d581513a26f1bf235f9acd333bc9115683f14f7e8fae46c98fc50e015" + ], + "markers": "python_version >= '3.7'", + "version": "==23.1.0" + }, + "black": { + "hashes": [ + "sha256:037e9b4664cafda5f025a1728c50a9e9aedb99a759c89f760bd83730e76ba884", + "sha256:1b917a2aa020ca600483a7b340c165970b26e9029067f019e3755b56e8dd5916", + "sha256:1f8ce316753428ff68749c65a5f7844631aa18c8679dfd3ca9dc1a289979c258", + "sha256:33d40f5b06be80c1bbce17b173cda17994fbad096ce60eb22054da021bf933d1", + "sha256:3f157a8945a7b2d424da3335f7ace89c14a3b0625e6593d21139c2d8214d55ce", + "sha256:5ed45ac9a613fb52dad3b61c8dea2ec9510bf3108d4db88422bacc7d1ba1243d", + "sha256:6d23d7822140e3fef190734216cefb262521789367fbdc0b3f22af6744058982", + "sha256:7670242e90dc129c539e9ca17665e39a146a761e681805c54fbd86015c7c84f7", + "sha256:7b4d10b0f016616a0d93d24a448100adf1699712fb7a4efd0e2c32bbb219b173", + "sha256:7cb5936e686e782fddb1c73f8aa6f459e1ad38a6a7b0e54b403f1f05a1507ee9", + "sha256:7d56124b7a61d092cb52cce34182a5280e160e6aff3137172a68c2c2c4b76bcb", + "sha256:840015166dbdfbc47992871325799fd2dc0dcf9395e401ada6d88fe11498abad", + "sha256:9c74de4c77b849e6359c6f01987e94873c707098322b91490d24296f66d067dc", + "sha256:b15b75fc53a2fbcac8a87d3e20f69874d161beef13954747e053bca7a1ce53a0", + "sha256:cfcce6f0a384d0da692119f2d72d79ed07c7159879d0bb1bb32d2e443382bf3a", + "sha256:d431e6739f727bb2e0495df64a6c7a5310758e87505f5f8cde9ff6c0f2d7e4fe", + "sha256:e293e4c2f4a992b980032bbd62df07c1bcff82d6964d6c9496f2cd726e246ace", + "sha256:ec3f8e6234c4e46ff9e16d9ae96f4ef69fa328bb4ad08198c8cee45bb1f08c69" + ], + "markers": "python_version >= '3.8'", + "version": "==23.10.1" + }, + "bracex": { + "hashes": [ + "sha256:a27eaf1df42cf561fed58b7a8f3fdf129d1ea16a81e1fadd1d17989bc6384beb", + "sha256:efdc71eff95eaff5e0f8cfebe7d01adf2c8637c8c92edaf63ef348c241a82418" + ], + "markers": "python_version >= '3.8'", + "version": "==2.4" + }, + "certifi": { + "hashes": [ + "sha256:539cc1d13202e33ca466e88b2807e29f4c13049d6d87031a3c110744495cb082", + "sha256:92d6037539857d8206b8f6ae472e8b77db8058fec5937a1ef3f54304089edbb9" + ], + "markers": "python_version >= '3.6'", + "version": "==2023.7.22" + }, + "cffi": { + "hashes": [ + "sha256:0c9ef6ff37e974b73c25eecc13952c55bceed9112be2d9d938ded8e856138bcc", + "sha256:131fd094d1065b19540c3d72594260f118b231090295d8c34e19a7bbcf2e860a", + "sha256:1b8ebc27c014c59692bb2664c7d13ce7a6e9a629be20e54e7271fa696ff2b417", + "sha256:2c56b361916f390cd758a57f2e16233eb4f64bcbeee88a4881ea90fca14dc6ab", + "sha256:2d92b25dbf6cae33f65005baf472d2c245c050b1ce709cc4588cdcdd5495b520", + "sha256:31d13b0f99e0836b7ff893d37af07366ebc90b678b6664c955b54561fc36ef36", + "sha256:32c68ef735dbe5857c810328cb2481e24722a59a2003018885514d4c09af9743", + "sha256:3686dffb02459559c74dd3d81748269ffb0eb027c39a6fc99502de37d501faa8", + "sha256:582215a0e9adbe0e379761260553ba11c58943e4bbe9c36430c4ca6ac74b15ed", + "sha256:5b50bf3f55561dac5438f8e70bfcdfd74543fd60df5fa5f62d94e5867deca684", + "sha256:5bf44d66cdf9e893637896c7faa22298baebcd18d1ddb6d2626a6e39793a1d56", + "sha256:6602bc8dc6f3a9e02b6c22c4fc1e47aa50f8f8e6d3f78a5e16ac33ef5fefa324", + "sha256:673739cb539f8cdaa07d92d02efa93c9ccf87e345b9a0b556e3ecc666718468d", + "sha256:68678abf380b42ce21a5f2abde8efee05c114c2fdb2e9eef2efdb0257fba1235", + "sha256:68e7c44931cc171c54ccb702482e9fc723192e88d25a0e133edd7aff8fcd1f6e", + "sha256:6b3d6606d369fc1da4fd8c357d026317fbb9c9b75d36dc16e90e84c26854b088", + "sha256:748dcd1e3d3d7cd5443ef03ce8685043294ad6bd7c02a38d1bd367cfd968e000", + "sha256:7651c50c8c5ef7bdb41108b7b8c5a83013bfaa8a935590c5d74627c047a583c7", + "sha256:7b78010e7b97fef4bee1e896df8a4bbb6712b7f05b7ef630f9d1da00f6444d2e", + "sha256:7e61e3e4fa664a8588aa25c883eab612a188c725755afff6289454d6362b9673", + "sha256:80876338e19c951fdfed6198e70bc88f1c9758b94578d5a7c4c91a87af3cf31c", + "sha256:8895613bcc094d4a1b2dbe179d88d7fb4a15cee43c052e8885783fac397d91fe", + "sha256:88e2b3c14bdb32e440be531ade29d3c50a1a59cd4e51b1dd8b0865c54ea5d2e2", + "sha256:8f8e709127c6c77446a8c0a8c8bf3c8ee706a06cd44b1e827c3e6a2ee6b8c098", + "sha256:9cb4a35b3642fc5c005a6755a5d17c6c8b6bcb6981baf81cea8bfbc8903e8ba8", + "sha256:9f90389693731ff1f659e55c7d1640e2ec43ff725cc61b04b2f9c6d8d017df6a", + "sha256:a09582f178759ee8128d9270cd1344154fd473bb77d94ce0aeb2a93ebf0feaf0", + "sha256:a6a14b17d7e17fa0d207ac08642c8820f84f25ce17a442fd15e27ea18d67c59b", + "sha256:a72e8961a86d19bdb45851d8f1f08b041ea37d2bd8d4fd19903bc3083d80c896", + "sha256:abd808f9c129ba2beda4cfc53bde801e5bcf9d6e0f22f095e45327c038bfe68e", + "sha256:ac0f5edd2360eea2f1daa9e26a41db02dd4b0451b48f7c318e217ee092a213e9", + "sha256:b29ebffcf550f9da55bec9e02ad430c992a87e5f512cd63388abb76f1036d8d2", + "sha256:b2ca4e77f9f47c55c194982e10f058db063937845bb2b7a86c84a6cfe0aefa8b", + "sha256:b7be2d771cdba2942e13215c4e340bfd76398e9227ad10402a8767ab1865d2e6", + "sha256:b84834d0cf97e7d27dd5b7f3aca7b6e9263c56308ab9dc8aae9784abb774d404", + "sha256:b86851a328eedc692acf81fb05444bdf1891747c25af7529e39ddafaf68a4f3f", + "sha256:bcb3ef43e58665bbda2fb198698fcae6776483e0c4a631aa5647806c25e02cc0", + "sha256:c0f31130ebc2d37cdd8e44605fb5fa7ad59049298b3f745c74fa74c62fbfcfc4", + "sha256:c6a164aa47843fb1b01e941d385aab7215563bb8816d80ff3a363a9f8448a8dc", + "sha256:d8a9d3ebe49f084ad71f9269834ceccbf398253c9fac910c4fd7053ff1386936", + "sha256:db8e577c19c0fda0beb7e0d4e09e0ba74b1e4c092e0e40bfa12fe05b6f6d75ba", + "sha256:dc9b18bf40cc75f66f40a7379f6a9513244fe33c0e8aa72e2d56b0196a7ef872", + "sha256:e09f3ff613345df5e8c3667da1d918f9149bd623cd9070c983c013792a9a62eb", + "sha256:e4108df7fe9b707191e55f33efbcb2d81928e10cea45527879a4749cbe472614", + "sha256:e6024675e67af929088fda399b2094574609396b1decb609c55fa58b028a32a1", + "sha256:e70f54f1796669ef691ca07d046cd81a29cb4deb1e5f942003f401c0c4a2695d", + "sha256:e715596e683d2ce000574bae5d07bd522c781a822866c20495e52520564f0969", + "sha256:e760191dd42581e023a68b758769e2da259b5d52e3103c6060ddc02c9edb8d7b", + "sha256:ed86a35631f7bfbb28e108dd96773b9d5a6ce4811cf6ea468bb6a359b256b1e4", + "sha256:ee07e47c12890ef248766a6e55bd38ebfb2bb8edd4142d56db91b21ea68b7627", + "sha256:fa3a0128b152627161ce47201262d3140edb5a5c3da88d73a1b790a959126956", + "sha256:fcc8eb6d5902bb1cf6dc4f187ee3ea80a1eba0a89aba40a5cb20a5087d961357" + ], + "markers": "python_version >= '3.8'", + "version": "==1.16.0" + }, + "charset-normalizer": { + "hashes": [ + "sha256:06435b539f889b1f6f4ac1758871aae42dc3a8c0e24ac9e60c2384973ad73027", + "sha256:06a81e93cd441c56a9b65d8e1d043daeb97a3d0856d177d5c90ba85acb3db087", + "sha256:0a55554a2fa0d408816b3b5cedf0045f4b8e1a6065aec45849de2d6f3f8e9786", + "sha256:0b2b64d2bb6d3fb9112bafa732def486049e63de9618b5843bcdd081d8144cd8", + "sha256:10955842570876604d404661fbccbc9c7e684caf432c09c715ec38fbae45ae09", + "sha256:122c7fa62b130ed55f8f285bfd56d5f4b4a5b503609d181f9ad85e55c89f4185", + "sha256:1ceae2f17a9c33cb48e3263960dc5fc8005351ee19db217e9b1bb15d28c02574", + "sha256:1d3193f4a680c64b4b6a9115943538edb896edc190f0b222e73761716519268e", + "sha256:1f79682fbe303db92bc2b1136016a38a42e835d932bab5b3b1bfcfbf0640e519", + "sha256:2127566c664442652f024c837091890cb1942c30937add288223dc895793f898", + "sha256:22afcb9f253dac0696b5a4be4a1c0f8762f8239e21b99680099abd9b2b1b2269", + "sha256:25baf083bf6f6b341f4121c2f3c548875ee6f5339300e08be3f2b2ba1721cdd3", + "sha256:2e81c7b9c8979ce92ed306c249d46894776a909505d8f5a4ba55b14206e3222f", + "sha256:3287761bc4ee9e33561a7e058c72ac0938c4f57fe49a09eae428fd88aafe7bb6", + "sha256:34d1c8da1e78d2e001f363791c98a272bb734000fcef47a491c1e3b0505657a8", + "sha256:37e55c8e51c236f95b033f6fb391d7d7970ba5fe7ff453dad675e88cf303377a", + "sha256:3d47fa203a7bd9c5b6cee4736ee84ca03b8ef23193c0d1ca99b5089f72645c73", + "sha256:3e4d1f6587322d2788836a99c69062fbb091331ec940e02d12d179c1d53e25fc", + "sha256:42cb296636fcc8b0644486d15c12376cb9fa75443e00fb25de0b8602e64c1714", + "sha256:45485e01ff4d3630ec0d9617310448a8702f70e9c01906b0d0118bdf9d124cf2", + "sha256:4a78b2b446bd7c934f5dcedc588903fb2f5eec172f3d29e52a9096a43722adfc", + "sha256:4ab2fe47fae9e0f9dee8c04187ce5d09f48eabe611be8259444906793ab7cbce", + "sha256:4d0d1650369165a14e14e1e47b372cfcb31d6ab44e6e33cb2d4e57265290044d", + "sha256:549a3a73da901d5bc3ce8d24e0600d1fa85524c10287f6004fbab87672bf3e1e", + "sha256:55086ee1064215781fff39a1af09518bc9255b50d6333f2e4c74ca09fac6a8f6", + "sha256:572c3763a264ba47b3cf708a44ce965d98555f618ca42c926a9c1616d8f34269", + "sha256:573f6eac48f4769d667c4442081b1794f52919e7edada77495aaed9236d13a96", + "sha256:5b4c145409bef602a690e7cfad0a15a55c13320ff7a3ad7ca59c13bb8ba4d45d", + "sha256:6463effa3186ea09411d50efc7d85360b38d5f09b870c48e4600f63af490e56a", + "sha256:65f6f63034100ead094b8744b3b97965785388f308a64cf8d7c34f2f2e5be0c4", + "sha256:663946639d296df6a2bb2aa51b60a2454ca1cb29835324c640dafb5ff2131a77", + "sha256:6897af51655e3691ff853668779c7bad41579facacf5fd7253b0133308cf000d", + "sha256:68d1f8a9e9e37c1223b656399be5d6b448dea850bed7d0f87a8311f1ff3dabb0", + "sha256:6ac7ffc7ad6d040517be39eb591cac5ff87416c2537df6ba3cba3bae290c0fed", + "sha256:6b3251890fff30ee142c44144871185dbe13b11bab478a88887a639655be1068", + "sha256:6c4caeef8fa63d06bd437cd4bdcf3ffefe6738fb1b25951440d80dc7df8c03ac", + "sha256:6ef1d82a3af9d3eecdba2321dc1b3c238245d890843e040e41e470ffa64c3e25", + "sha256:753f10e867343b4511128c6ed8c82f7bec3bd026875576dfd88483c5c73b2fd8", + "sha256:7cd13a2e3ddeed6913a65e66e94b51d80a041145a026c27e6bb76c31a853c6ab", + "sha256:7ed9e526742851e8d5cc9e6cf41427dfc6068d4f5a3bb03659444b4cabf6bc26", + "sha256:7f04c839ed0b6b98b1a7501a002144b76c18fb1c1850c8b98d458ac269e26ed2", + "sha256:802fe99cca7457642125a8a88a084cef28ff0cf9407060f7b93dca5aa25480db", + "sha256:80402cd6ee291dcb72644d6eac93785fe2c8b9cb30893c1af5b8fdd753b9d40f", + "sha256:8465322196c8b4d7ab6d1e049e4c5cb460d0394da4a27d23cc242fbf0034b6b5", + "sha256:86216b5cee4b06df986d214f664305142d9c76df9b6512be2738aa72a2048f99", + "sha256:87d1351268731db79e0f8e745d92493ee2841c974128ef629dc518b937d9194c", + "sha256:8bdb58ff7ba23002a4c5808d608e4e6c687175724f54a5dade5fa8c67b604e4d", + "sha256:8c622a5fe39a48f78944a87d4fb8a53ee07344641b0562c540d840748571b811", + "sha256:8d756e44e94489e49571086ef83b2bb8ce311e730092d2c34ca8f7d925cb20aa", + "sha256:8f4a014bc36d3c57402e2977dada34f9c12300af536839dc38c0beab8878f38a", + "sha256:9063e24fdb1e498ab71cb7419e24622516c4a04476b17a2dab57e8baa30d6e03", + "sha256:90d558489962fd4918143277a773316e56c72da56ec7aa3dc3dbbe20fdfed15b", + "sha256:923c0c831b7cfcb071580d3f46c4baf50f174be571576556269530f4bbd79d04", + "sha256:95f2a5796329323b8f0512e09dbb7a1860c46a39da62ecb2324f116fa8fdc85c", + "sha256:96b02a3dc4381e5494fad39be677abcb5e6634bf7b4fa83a6dd3112607547001", + "sha256:9f96df6923e21816da7e0ad3fd47dd8f94b2a5ce594e00677c0013018b813458", + "sha256:a10af20b82360ab00827f916a6058451b723b4e65030c5a18577c8b2de5b3389", + "sha256:a50aebfa173e157099939b17f18600f72f84eed3049e743b68ad15bd69b6bf99", + "sha256:a981a536974bbc7a512cf44ed14938cf01030a99e9b3a06dd59578882f06f985", + "sha256:a9a8e9031d613fd2009c182b69c7b2c1ef8239a0efb1df3f7c8da66d5dd3d537", + "sha256:ae5f4161f18c61806f411a13b0310bea87f987c7d2ecdbdaad0e94eb2e404238", + "sha256:aed38f6e4fb3f5d6bf81bfa990a07806be9d83cf7bacef998ab1a9bd660a581f", + "sha256:b01b88d45a6fcb69667cd6d2f7a9aeb4bf53760d7fc536bf679ec94fe9f3ff3d", + "sha256:b261ccdec7821281dade748d088bb6e9b69e6d15b30652b74cbbac25e280b796", + "sha256:b2b0a0c0517616b6869869f8c581d4eb2dd83a4d79e0ebcb7d373ef9956aeb0a", + "sha256:b4a23f61ce87adf89be746c8a8974fe1c823c891d8f86eb218bb957c924bb143", + "sha256:bd8f7df7d12c2db9fab40bdd87a7c09b1530128315d047a086fa3ae3435cb3a8", + "sha256:beb58fe5cdb101e3a055192ac291b7a21e3b7ef4f67fa1d74e331a7f2124341c", + "sha256:c002b4ffc0be611f0d9da932eb0f704fe2602a9a949d1f738e4c34c75b0863d5", + "sha256:c083af607d2515612056a31f0a8d9e0fcb5876b7bfc0abad3ecd275bc4ebc2d5", + "sha256:c180f51afb394e165eafe4ac2936a14bee3eb10debc9d9e4db8958fe36afe711", + "sha256:c235ebd9baae02f1b77bcea61bce332cb4331dc3617d254df3323aa01ab47bd4", + "sha256:cd70574b12bb8a4d2aaa0094515df2463cb429d8536cfb6c7ce983246983e5a6", + "sha256:d0eccceffcb53201b5bfebb52600a5fb483a20b61da9dbc885f8b103cbe7598c", + "sha256:d965bba47ddeec8cd560687584e88cf699fd28f192ceb452d1d7ee807c5597b7", + "sha256:db364eca23f876da6f9e16c9da0df51aa4f104a972735574842618b8c6d999d4", + "sha256:ddbb2551d7e0102e7252db79ba445cdab71b26640817ab1e3e3648dad515003b", + "sha256:deb6be0ac38ece9ba87dea880e438f25ca3eddfac8b002a2ec3d9183a454e8ae", + "sha256:e06ed3eb3218bc64786f7db41917d4e686cc4856944f53d5bdf83a6884432e12", + "sha256:e27ad930a842b4c5eb8ac0016b0a54f5aebbe679340c26101df33424142c143c", + "sha256:e537484df0d8f426ce2afb2d0f8e1c3d0b114b83f8850e5f2fbea0e797bd82ae", + "sha256:eb00ed941194665c332bf8e078baf037d6c35d7c4f3102ea2d4f16ca94a26dc8", + "sha256:eb6904c354526e758fda7167b33005998fb68c46fbc10e013ca97f21ca5c8887", + "sha256:eb8821e09e916165e160797a6c17edda0679379a4be5c716c260e836e122f54b", + "sha256:efcb3f6676480691518c177e3b465bcddf57cea040302f9f4e6e191af91174d4", + "sha256:f27273b60488abe721a075bcca6d7f3964f9f6f067c8c4c605743023d7d3944f", + "sha256:f30c3cb33b24454a82faecaf01b19c18562b1e89558fb6c56de4d9118a032fd5", + "sha256:fb69256e180cb6c8a894fee62b3afebae785babc1ee98b81cdf68bbca1987f33", + "sha256:fd1abc0d89e30cc4e02e4064dc67fcc51bd941eb395c502aac3ec19fab46b519", + "sha256:ff8fa367d09b717b2a17a052544193ad76cd49979c805768879cb63d9ca50561" + ], + "markers": "python_full_version >= '3.7.0'", + "version": "==3.3.2" + }, + "click": { + "hashes": [ + "sha256:ae74fb96c20a0277a1d615f1e4d73c8414f5a98db8b799a7931d1582f3390c28", + "sha256:ca9853ad459e787e2192211578cc907e7594e294c7ccc834310722b41b9ca6de" + ], + "markers": "python_version >= '3.7'", + "version": "==8.1.7" + }, + "click-help-colors": { + "hashes": [ + "sha256:756245e542d29226bb3bc056bfa58886f212ba2b82f4e8cf5fc884176ac96d72", + "sha256:82ef028cb0a332a154fa42fd7cca2c728a019b32bcb5a26bb32367551014a16f" + ], + "version": "==0.9.2" + }, + "cryptography": { + "hashes": [ + "sha256:0c327cac00f082013c7c9fb6c46b7cc9fa3c288ca702c74773968173bda421bf", + "sha256:0d2a6a598847c46e3e321a7aef8af1436f11c27f1254933746304ff014664d84", + "sha256:227ec057cd32a41c6651701abc0328135e472ed450f47c2766f23267b792a88e", + "sha256:22892cc830d8b2c89ea60148227631bb96a7da0c1b722f2aac8824b1b7c0b6b8", + "sha256:392cb88b597247177172e02da6b7a63deeff1937fa6fec3bbf902ebd75d97ec7", + "sha256:3be3ca726e1572517d2bef99a818378bbcf7d7799d5372a46c79c29eb8d166c1", + "sha256:573eb7128cbca75f9157dcde974781209463ce56b5804983e11a1c462f0f4e88", + "sha256:580afc7b7216deeb87a098ef0674d6ee34ab55993140838b14c9b83312b37b86", + "sha256:5a70187954ba7292c7876734183e810b728b4f3965fbe571421cb2434d279179", + "sha256:73801ac9736741f220e20435f84ecec75ed70eda90f781a148f1bad546963d81", + "sha256:7d208c21e47940369accfc9e85f0de7693d9a5d843c2509b3846b2db170dfd20", + "sha256:8254962e6ba1f4d2090c44daf50a547cd5f0bf446dc658a8e5f8156cae0d8548", + "sha256:88417bff20162f635f24f849ab182b092697922088b477a7abd6664ddd82291d", + "sha256:a48e74dad1fb349f3dc1d449ed88e0017d792997a7ad2ec9587ed17405667e6d", + "sha256:b948e09fe5fb18517d99994184854ebd50b57248736fd4c720ad540560174ec5", + "sha256:c707f7afd813478e2019ae32a7c49cd932dd60ab2d2a93e796f68236b7e1fbf1", + "sha256:d38e6031e113b7421db1de0c1b1f7739564a88f1684c6b89234fbf6c11b75147", + "sha256:d3977f0e276f6f5bf245c403156673db103283266601405376f075c849a0b936", + "sha256:da6a0ff8f1016ccc7477e6339e1d50ce5f59b88905585f77193ebd5068f1e797", + "sha256:e270c04f4d9b5671ebcc792b3ba5d4488bf7c42c3c241a3748e2599776f29696", + "sha256:e886098619d3815e0ad5790c973afeee2c0e6e04b4da90b88e6bd06e2a0b1b72", + "sha256:ec3b055ff8f1dce8e6ef28f626e0972981475173d7973d63f271b29c8a2897da", + "sha256:fba1e91467c65fe64a82c689dc6cf58151158993b13eb7a7f3f4b7f395636723" + ], + "markers": "python_version >= '3.7'", + "version": "==41.0.5" + }, + "enrich": { + "hashes": [ + "sha256:0a2ab0d2931dff8947012602d1234d2a3ee002d9a355b5d70be6bf5466008893", + "sha256:f29b2c8c124b4dbd7c975ab5c3568f6c7a47938ea3b7d2106c8a3bd346545e4f" + ], + "markers": "python_version >= '3.6'", + "version": "==1.2.7" + }, + "filelock": { + "hashes": [ + "sha256:521f5f56c50f8426f5e03ad3b281b490a87ef15bc6c526f168290f0c7148d44e", + "sha256:57dbda9b35157b05fb3e58ee91448612eb674172fab98ee235ccb0b5bee19a1c" + ], + "markers": "python_version >= '3.8'", + "version": "==3.13.1" + }, + "idna": { + "hashes": [ + "sha256:814f528e8dead7d329833b91c5faa87d60bf71824cd12a7530b5526063d02cb4", + "sha256:90b77e79eaa3eba6de819a0c442c0b4ceefc341a7a2ab77d7562bf49f425c5c2" + ], + "markers": "python_version >= '3.5'", + "version": "==3.4" + }, + "jinja2": { + "hashes": [ + "sha256:31351a702a408a9e7595a8fc6150fc3f43bb6bf7e319770cbc0db9df9437e852", + "sha256:6088930bfe239f0e6710546ab9c19c9ef35e29792895fed6e6e31a023a182a61" + ], + "markers": "python_version >= '3.7'", + "version": "==3.1.2" + }, + "jsonschema": { + "hashes": [ + "sha256:c9ff4d7447eed9592c23a12ccee508baf0dd0d59650615e847feb6cdca74f392", + "sha256:eee9e502c788e89cb166d4d37f43084e3b64ab405c795c03d343a4dbc2c810fc" + ], + "markers": "python_version >= '3.8'", + "version": "==4.19.2" + }, + "jsonschema-specifications": { + "hashes": [ + "sha256:05adf340b659828a004220a9613be00fa3f223f2b82002e273dee62fd50524b1", + "sha256:c91a50404e88a1f6ba40636778e2ee08f6e24c5613fe4c53ac24578a5a7f72bb" + ], + "markers": "python_version >= '3.8'", + "version": "==2023.7.1" + }, + "markdown-it-py": { + "hashes": [ + "sha256:355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1", + "sha256:e3f60a94fa066dc52ec76661e37c851cb232d92f9886b15cb560aaada2df8feb" + ], + "markers": "python_version >= '3.8'", + "version": "==3.0.0" + }, + "markupsafe": { + "hashes": [ + "sha256:05fb21170423db021895e1ea1e1f3ab3adb85d1c2333cbc2310f2a26bc77272e", + "sha256:0a4e4a1aff6c7ac4cd55792abf96c915634c2b97e3cc1c7129578aa68ebd754e", + "sha256:10bbfe99883db80bdbaff2dcf681dfc6533a614f700da1287707e8a5d78a8431", + "sha256:134da1eca9ec0ae528110ccc9e48041e0828d79f24121a1a146161103c76e686", + "sha256:14ff806850827afd6b07a5f32bd917fb7f45b046ba40c57abdb636674a8b559c", + "sha256:1577735524cdad32f9f694208aa75e422adba74f1baee7551620e43a3141f559", + "sha256:1b40069d487e7edb2676d3fbdb2b0829ffa2cd63a2ec26c4938b2d34391b4ecc", + "sha256:1b8dd8c3fd14349433c79fa8abeb573a55fc0fdd769133baac1f5e07abf54aeb", + "sha256:1f67c7038d560d92149c060157d623c542173016c4babc0c1913cca0564b9939", + "sha256:282c2cb35b5b673bbcadb33a585408104df04f14b2d9b01d4c345a3b92861c2c", + "sha256:2c1b19b3aaacc6e57b7e25710ff571c24d6c3613a45e905b1fde04d691b98ee0", + "sha256:2ef12179d3a291be237280175b542c07a36e7f60718296278d8593d21ca937d4", + "sha256:338ae27d6b8745585f87218a3f23f1512dbf52c26c28e322dbe54bcede54ccb9", + "sha256:3c0fae6c3be832a0a0473ac912810b2877c8cb9d76ca48de1ed31e1c68386575", + "sha256:3fd4abcb888d15a94f32b75d8fd18ee162ca0c064f35b11134be77050296d6ba", + "sha256:42de32b22b6b804f42c5d98be4f7e5e977ecdd9ee9b660fda1a3edf03b11792d", + "sha256:47d4f1c5f80fc62fdd7777d0d40a2e9dda0a05883ab11374334f6c4de38adffd", + "sha256:504b320cd4b7eff6f968eddf81127112db685e81f7e36e75f9f84f0df46041c3", + "sha256:525808b8019e36eb524b8c68acdd63a37e75714eac50e988180b169d64480a00", + "sha256:56d9f2ecac662ca1611d183feb03a3fa4406469dafe241673d521dd5ae92a155", + "sha256:5bbe06f8eeafd38e5d0a4894ffec89378b6c6a625ff57e3028921f8ff59318ac", + "sha256:65c1a9bcdadc6c28eecee2c119465aebff8f7a584dd719facdd9e825ec61ab52", + "sha256:68e78619a61ecf91e76aa3e6e8e33fc4894a2bebe93410754bd28fce0a8a4f9f", + "sha256:69c0f17e9f5a7afdf2cc9fb2d1ce6aabdb3bafb7f38017c0b77862bcec2bbad8", + "sha256:6b2b56950d93e41f33b4223ead100ea0fe11f8e6ee5f641eb753ce4b77a7042b", + "sha256:715d3562f79d540f251b99ebd6d8baa547118974341db04f5ad06d5ea3eb8007", + "sha256:787003c0ddb00500e49a10f2844fac87aa6ce977b90b0feaaf9de23c22508b24", + "sha256:7ef3cb2ebbf91e330e3bb937efada0edd9003683db6b57bb108c4001f37a02ea", + "sha256:8023faf4e01efadfa183e863fefde0046de576c6f14659e8782065bcece22198", + "sha256:8758846a7e80910096950b67071243da3e5a20ed2546e6392603c096778d48e0", + "sha256:8afafd99945ead6e075b973fefa56379c5b5c53fd8937dad92c662da5d8fd5ee", + "sha256:8c41976a29d078bb235fea9b2ecd3da465df42a562910f9022f1a03107bd02be", + "sha256:8e254ae696c88d98da6555f5ace2279cf7cd5b3f52be2b5cf97feafe883b58d2", + "sha256:8f9293864fe09b8149f0cc42ce56e3f0e54de883a9de90cd427f191c346eb2e1", + "sha256:9402b03f1a1b4dc4c19845e5c749e3ab82d5078d16a2a4c2cd2df62d57bb0707", + "sha256:962f82a3086483f5e5f64dbad880d31038b698494799b097bc59c2edf392fce6", + "sha256:9aad3c1755095ce347e26488214ef77e0485a3c34a50c5a5e2471dff60b9dd9c", + "sha256:9dcdfd0eaf283af041973bff14a2e143b8bd64e069f4c383416ecd79a81aab58", + "sha256:aa57bd9cf8ae831a362185ee444e15a93ecb2e344c8e52e4d721ea3ab6ef1823", + "sha256:aa7bd130efab1c280bed0f45501b7c8795f9fdbeb02e965371bbef3523627779", + "sha256:ab4a0df41e7c16a1392727727e7998a467472d0ad65f3ad5e6e765015df08636", + "sha256:ad9e82fb8f09ade1c3e1b996a6337afac2b8b9e365f926f5a61aacc71adc5b3c", + "sha256:af598ed32d6ae86f1b747b82783958b1a4ab8f617b06fe68795c7f026abbdcad", + "sha256:b076b6226fb84157e3f7c971a47ff3a679d837cf338547532ab866c57930dbee", + "sha256:b7ff0f54cb4ff66dd38bebd335a38e2c22c41a8ee45aa608efc890ac3e3931bc", + "sha256:bfce63a9e7834b12b87c64d6b155fdd9b3b96191b6bd334bf37db7ff1fe457f2", + "sha256:c011a4149cfbcf9f03994ec2edffcb8b1dc2d2aede7ca243746df97a5d41ce48", + "sha256:c9c804664ebe8f83a211cace637506669e7890fec1b4195b505c214e50dd4eb7", + "sha256:ca379055a47383d02a5400cb0d110cef0a776fc644cda797db0c5696cfd7e18e", + "sha256:cb0932dc158471523c9637e807d9bfb93e06a95cbf010f1a38b98623b929ef2b", + "sha256:cd0f502fe016460680cd20aaa5a76d241d6f35a1c3350c474bac1273803893fa", + "sha256:ceb01949af7121f9fc39f7d27f91be8546f3fb112c608bc4029aef0bab86a2a5", + "sha256:d080e0a5eb2529460b30190fcfcc4199bd7f827663f858a226a81bc27beaa97e", + "sha256:dd15ff04ffd7e05ffcb7fe79f1b98041b8ea30ae9234aed2a9168b5797c3effb", + "sha256:df0be2b576a7abbf737b1575f048c23fb1d769f267ec4358296f31c2479db8f9", + "sha256:e09031c87a1e51556fdcb46e5bd4f59dfb743061cf93c4d6831bf894f125eb57", + "sha256:e4dd52d80b8c83fdce44e12478ad2e85c64ea965e75d66dbeafb0a3e77308fcc", + "sha256:f698de3fd0c4e6972b92290a45bd9b1536bffe8c6759c62471efaa8acb4c37bc", + "sha256:fec21693218efe39aa7f8599346e90c705afa52c5b31ae019b2e57e8f6542bb2", + "sha256:ffcc3f7c66b5f5b7931a5aa68fc9cecc51e685ef90282f4a82f0f5e9b704ad11" + ], + "markers": "python_version >= '3.7'", + "version": "==2.1.3" + }, + "mdurl": { + "hashes": [ + "sha256:84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8", + "sha256:bb413d29f5eea38f31dd4754dd7377d4465116fb207585f97bf925588687c1ba" + ], + "markers": "python_version >= '3.7'", + "version": "==0.1.2" + }, + "molecule": { + "hashes": [ + "sha256:b919353f799746de60b16a27575627783e39c268fdf2f2aa0372f0162c7b5478", + "sha256:f4e941017587d6aadf4c75ec55338d16c17ad6119a2f8306cfe7b9e05d49db11" + ], + "index": "pypi", + "markers": "python_version >= '3.9'", + "version": "==6.0.2" + }, + "molecule-plugins": { + "extras": [ + "podman" + ], + "hashes": [ + "sha256:893dba8d077adb30fcd50a5d082300404ced3bb745451bc0927d4a1ada131d31", + "sha256:f13ea047b8650c892604b81b76382bc80bb4ae25ea50b23f30e81fd9d5802aff" + ], + "markers": "python_version >= '3.9'", + "version": "==23.5.0" + }, + "mypy-extensions": { + "hashes": [ + "sha256:4392f6c0eb8a5668a69e23d168ffa70f0be9ccfd32b5cc2d26a34ae5b844552d", + "sha256:75dbf8955dc00442a438fc4d0666508a9a97b6bd41aa2f0ffe9d2f2725af0782" + ], + "markers": "python_version >= '3.5'", + "version": "==1.0.0" + }, + "packaging": { + "hashes": [ + "sha256:048fb0e9405036518eaaf48a55953c750c11e1a1b68e0dd1a9d62ed0c092cfc5", + "sha256:8c491190033a9af7e1d931d0b5dacc2ef47509b34dd0de67ed209b5203fc88c7" + ], + "markers": "python_version >= '3.7'", + "version": "==23.2" + }, + "pathspec": { + "hashes": [ + "sha256:1d6ed233af05e679efb96b1851550ea95bbb64b7c490b0f5aa52996c11e92a20", + "sha256:e0d8d0ac2f12da61956eb2306b69f9469b42f4deb0f3cb6ed47b9cce9996ced3" + ], + "markers": "python_version >= '3.7'", + "version": "==0.11.2" + }, + "platformdirs": { + "hashes": [ + "sha256:cf8ee52a3afdb965072dcc652433e0c7e3e40cf5ea1477cd4b3b1d2eb75495b3", + "sha256:e9d171d00af68be50e9202731309c4e658fd8bc76f55c11c7dd760d023bda68e" + ], + "markers": "python_version >= '3.7'", + "version": "==3.11.0" + }, + "pluggy": { + "hashes": [ + "sha256:cf61ae8f126ac6f7c451172cf30e3e43d3ca77615509771b3a984a0730651e12", + "sha256:d89c696a773f8bd377d18e5ecda92b7a3793cbe66c87060a6fb58c7b6e1061f7" + ], + "markers": "python_version >= '3.8'", + "version": "==1.3.0" + }, + "pycparser": { + "hashes": [ + "sha256:8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9", + "sha256:e644fdec12f7872f86c58ff790da456218b10f863970249516d60a5eaca77206" + ], + "version": "==2.21" + }, + "pygments": { + "hashes": [ + "sha256:13fc09fa63bc8d8671a6d247e1eb303c4b343eaee81d861f3404db2935653692", + "sha256:1daff0494820c69bc8941e407aa20f577374ee88364ee10a98fdbe0aece96e29" + ], + "markers": "python_version >= '3.7'", + "version": "==2.16.1" + }, + "pyyaml": { + "hashes": [ + "sha256:04ac92ad1925b2cff1db0cfebffb6ffc43457495c9b3c39d3fcae417d7125dc5", + "sha256:062582fca9fabdd2c8b54a3ef1c978d786e0f6b3a1510e0ac93ef59e0ddae2bc", + "sha256:0d3304d8c0adc42be59c5f8a4d9e3d7379e6955ad754aa9d6ab7a398b59dd1df", + "sha256:1635fd110e8d85d55237ab316b5b011de701ea0f29d07611174a1b42f1444741", + "sha256:184c5108a2aca3c5b3d3bf9395d50893a7ab82a38004c8f61c258d4428e80206", + "sha256:18aeb1bf9a78867dc38b259769503436b7c72f7a1f1f4c93ff9a17de54319b27", + "sha256:1d4c7e777c441b20e32f52bd377e0c409713e8bb1386e1099c2415f26e479595", + "sha256:1e2722cc9fbb45d9b87631ac70924c11d3a401b2d7f410cc0e3bbf249f2dca62", + "sha256:1fe35611261b29bd1de0070f0b2f47cb6ff71fa6595c077e42bd0c419fa27b98", + "sha256:28c119d996beec18c05208a8bd78cbe4007878c6dd15091efb73a30e90539696", + "sha256:326c013efe8048858a6d312ddd31d56e468118ad4cdeda36c719bf5bb6192290", + "sha256:40df9b996c2b73138957fe23a16a4f0ba614f4c0efce1e9406a184b6d07fa3a9", + "sha256:42f8152b8dbc4fe7d96729ec2b99c7097d656dc1213a3229ca5383f973a5ed6d", + "sha256:49a183be227561de579b4a36efbb21b3eab9651dd81b1858589f796549873dd6", + "sha256:4fb147e7a67ef577a588a0e2c17b6db51dda102c71de36f8549b6816a96e1867", + "sha256:50550eb667afee136e9a77d6dc71ae76a44df8b3e51e41b77f6de2932bfe0f47", + "sha256:510c9deebc5c0225e8c96813043e62b680ba2f9c50a08d3724c7f28a747d1486", + "sha256:5773183b6446b2c99bb77e77595dd486303b4faab2b086e7b17bc6bef28865f6", + "sha256:596106435fa6ad000c2991a98fa58eeb8656ef2325d7e158344fb33864ed87e3", + "sha256:6965a7bc3cf88e5a1c3bd2e0b5c22f8d677dc88a455344035f03399034eb3007", + "sha256:69b023b2b4daa7548bcfbd4aa3da05b3a74b772db9e23b982788168117739938", + "sha256:6c22bec3fbe2524cde73d7ada88f6566758a8f7227bfbf93a408a9d86bcc12a0", + "sha256:704219a11b772aea0d8ecd7058d0082713c3562b4e271b849ad7dc4a5c90c13c", + "sha256:7e07cbde391ba96ab58e532ff4803f79c4129397514e1413a7dc761ccd755735", + "sha256:81e0b275a9ecc9c0c0c07b4b90ba548307583c125f54d5b6946cfee6360c733d", + "sha256:855fb52b0dc35af121542a76b9a84f8d1cd886ea97c84703eaa6d88e37a2ad28", + "sha256:8d4e9c88387b0f5c7d5f281e55304de64cf7f9c0021a3525bd3b1c542da3b0e4", + "sha256:9046c58c4395dff28dd494285c82ba00b546adfc7ef001486fbf0324bc174fba", + "sha256:9eb6caa9a297fc2c2fb8862bc5370d0303ddba53ba97e71f08023b6cd73d16a8", + "sha256:a0cd17c15d3bb3fa06978b4e8958dcdc6e0174ccea823003a106c7d4d7899ac5", + "sha256:afd7e57eddb1a54f0f1a974bc4391af8bcce0b444685d936840f125cf046d5bd", + "sha256:b1275ad35a5d18c62a7220633c913e1b42d44b46ee12554e5fd39c70a243d6a3", + "sha256:b786eecbdf8499b9ca1d697215862083bd6d2a99965554781d0d8d1ad31e13a0", + "sha256:ba336e390cd8e4d1739f42dfe9bb83a3cc2e80f567d8805e11b46f4a943f5515", + "sha256:baa90d3f661d43131ca170712d903e6295d1f7a0f595074f151c0aed377c9b9c", + "sha256:bc1bf2925a1ecd43da378f4db9e4f799775d6367bdb94671027b73b393a7c42c", + "sha256:bd4af7373a854424dabd882decdc5579653d7868b8fb26dc7d0e99f823aa5924", + "sha256:bf07ee2fef7014951eeb99f56f39c9bb4af143d8aa3c21b1677805985307da34", + "sha256:bfdf460b1736c775f2ba9f6a92bca30bc2095067b8a9d77876d1fad6cc3b4a43", + "sha256:c8098ddcc2a85b61647b2590f825f3db38891662cfc2fc776415143f599bb859", + "sha256:d2b04aac4d386b172d5b9692e2d2da8de7bfb6c387fa4f801fbf6fb2e6ba4673", + "sha256:d483d2cdf104e7c9fa60c544d92981f12ad66a457afae824d146093b8c294c54", + "sha256:d858aa552c999bc8a8d57426ed01e40bef403cd8ccdd0fc5f6f04a00414cac2a", + "sha256:e7d73685e87afe9f3b36c799222440d6cf362062f78be1013661b00c5c6f678b", + "sha256:f003ed9ad21d6a4713f0a9b5a7a0a79e08dd0f221aff4525a2be4c346ee60aab", + "sha256:f22ac1c3cac4dbc50079e965eba2c1058622631e526bd9afd45fedd49ba781fa", + "sha256:faca3bdcf85b2fc05d06ff3fbc1f83e1391b3e724afa3feba7d13eeab355484c", + "sha256:fca0e3a251908a499833aa292323f32437106001d436eca0e6e7833256674585", + "sha256:fd1592b3fdf65fff2ad0004b5e363300ef59ced41c2e6b3a99d4089fa8c5435d", + "sha256:fd66fc5d0da6d9815ba2cebeb4205f95818ff4b79c3ebe268e75d961704af52f" + ], + "markers": "python_version >= '3.6'", + "version": "==6.0.1" + }, + "referencing": { + "hashes": [ + "sha256:449b6669b6121a9e96a7f9e410b245d471e8d48964c67113ce9afe50c8dd7bdf", + "sha256:794ad8003c65938edcdbc027f1933215e0d0ccc0291e3ce20a4d87432b59efc0" + ], + "markers": "python_version >= '3.8'", + "version": "==0.30.2" + }, + "requests": { + "hashes": [ + "sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f", + "sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1" + ], + "markers": "python_version >= '3.7'", + "version": "==2.31.0" + }, + "resolvelib": { + "hashes": [ + "sha256:04ce76cbd63fded2078ce224785da6ecd42b9564b1390793f64ddecbe997b309", + "sha256:d2da45d1a8dfee81bdd591647783e340ef3bcb104b54c383f70d422ef5cc7dbf" + ], + "version": "==1.0.1" + }, + "rich": { + "hashes": [ + "sha256:2b38e2fe9ca72c9a00170a1a2d20c63c790d0e10ef1fe35eba76e1e7b1d7d245", + "sha256:5c14d22737e6d5084ef4771b62d5d4363165b403455a30a1c8ca39dc7b644bef" + ], + "markers": "python_full_version >= '3.7.0'", + "version": "==13.6.0" + }, + "rpds-py": { + "hashes": [ + "sha256:023574366002bf1bd751ebaf3e580aef4a468b3d3c216d2f3f7e16fdabd885ed", + "sha256:031f76fc87644a234883b51145e43985aa2d0c19b063e91d44379cd2786144f8", + "sha256:052a832078943d2b2627aea0d19381f607fe331cc0eb5df01991268253af8417", + "sha256:0699ab6b8c98df998c3eacf51a3b25864ca93dab157abe358af46dc95ecd9801", + "sha256:0713631d6e2d6c316c2f7b9320a34f44abb644fc487b77161d1724d883662e31", + "sha256:0774a46b38e70fdde0c6ded8d6d73115a7c39d7839a164cc833f170bbf539116", + "sha256:0898173249141ee99ffcd45e3829abe7bcee47d941af7434ccbf97717df020e5", + "sha256:09586f51a215d17efdb3a5f090d7cbf1633b7f3708f60a044757a5d48a83b393", + "sha256:102eac53bb0bf0f9a275b438e6cf6904904908562a1463a6fc3323cf47d7a532", + "sha256:10f32b53f424fc75ff7b713b2edb286fdbfc94bf16317890260a81c2c00385dc", + "sha256:150eec465dbc9cbca943c8e557a21afdcf9bab8aaabf386c44b794c2f94143d2", + "sha256:1d7360573f1e046cb3b0dceeb8864025aa78d98be4bb69f067ec1c40a9e2d9df", + "sha256:1f36a9d751f86455dc5278517e8b65580eeee37d61606183897f122c9e51cef3", + "sha256:24656dc36f866c33856baa3ab309da0b6a60f37d25d14be916bd3e79d9f3afcf", + "sha256:25860ed5c4e7f5e10c496ea78af46ae8d8468e0be745bd233bab9ca99bfd2647", + "sha256:26857f0f44f0e791f4a266595a7a09d21f6b589580ee0585f330aaccccb836e3", + "sha256:2bb2e4826be25e72013916eecd3d30f66fd076110de09f0e750163b416500721", + "sha256:2f6da6d842195fddc1cd34c3da8a40f6e99e4a113918faa5e60bf132f917c247", + "sha256:30adb75ecd7c2a52f5e76af50644b3e0b5ba036321c390b8e7ec1bb2a16dd43c", + "sha256:3339eca941568ed52d9ad0f1b8eb9fe0958fa245381747cecf2e9a78a5539c42", + "sha256:34ad87a831940521d462ac11f1774edf867c34172010f5390b2f06b85dcc6014", + "sha256:3777cc9dea0e6c464e4b24760664bd8831738cc582c1d8aacf1c3f546bef3f65", + "sha256:3953c6926a63f8ea5514644b7afb42659b505ece4183fdaaa8f61d978754349e", + "sha256:3c4eff26eddac49d52697a98ea01b0246e44ca82ab09354e94aae8823e8bda02", + "sha256:40578a6469e5d1df71b006936ce95804edb5df47b520c69cf5af264d462f2cbb", + "sha256:40f93086eef235623aa14dbddef1b9fb4b22b99454cb39a8d2e04c994fb9868c", + "sha256:4134aa2342f9b2ab6c33d5c172e40f9ef802c61bb9ca30d21782f6e035ed0043", + "sha256:442626328600bde1d09dc3bb00434f5374948838ce75c41a52152615689f9403", + "sha256:4a5ee600477b918ab345209eddafde9f91c0acd931f3776369585a1c55b04c57", + "sha256:4ce5a708d65a8dbf3748d2474b580d606b1b9f91b5c6ab2a316e0b0cf7a4ba50", + "sha256:516a611a2de12fbea70c78271e558f725c660ce38e0006f75139ba337d56b1f6", + "sha256:52c215eb46307c25f9fd2771cac8135d14b11a92ae48d17968eda5aa9aaf5071", + "sha256:53c43e10d398e365da2d4cc0bcaf0854b79b4c50ee9689652cdc72948e86f487", + "sha256:5752b761902cd15073a527b51de76bbae63d938dc7c5c4ad1e7d8df10e765138", + "sha256:5e8a78bd4879bff82daef48c14d5d4057f6856149094848c3ed0ecaf49f5aec2", + "sha256:5ed505ec6305abd2c2c9586a7b04fbd4baf42d4d684a9c12ec6110deefe2a063", + "sha256:5ee97c683eaface61d38ec9a489e353d36444cdebb128a27fe486a291647aff6", + "sha256:61fa268da6e2e1cd350739bb61011121fa550aa2545762e3dc02ea177ee4de35", + "sha256:64ccc28683666672d7c166ed465c09cee36e306c156e787acef3c0c62f90da5a", + "sha256:66414dafe4326bca200e165c2e789976cab2587ec71beb80f59f4796b786a238", + "sha256:68fe9199184c18d997d2e4293b34327c0009a78599ce703e15cd9a0f47349bba", + "sha256:6a555ae3d2e61118a9d3e549737bb4a56ff0cec88a22bd1dfcad5b4e04759175", + "sha256:6bdc11f9623870d75692cc33c59804b5a18d7b8a4b79ef0b00b773a27397d1f6", + "sha256:6cf4393c7b41abbf07c88eb83e8af5013606b1cdb7f6bc96b1b3536b53a574b8", + "sha256:6eef672de005736a6efd565577101277db6057f65640a813de6c2707dc69f396", + "sha256:734c41f9f57cc28658d98270d3436dba65bed0cfc730d115b290e970150c540d", + "sha256:73e0a78a9b843b8c2128028864901f55190401ba38aae685350cf69b98d9f7c9", + "sha256:775049dfa63fb58293990fc59473e659fcafd953bba1d00fc5f0631a8fd61977", + "sha256:7854a207ef77319ec457c1eb79c361b48807d252d94348305db4f4b62f40f7f3", + "sha256:78ca33811e1d95cac8c2e49cb86c0fb71f4d8409d8cbea0cb495b6dbddb30a55", + "sha256:79edd779cfc46b2e15b0830eecd8b4b93f1a96649bcb502453df471a54ce7977", + "sha256:7bf347b495b197992efc81a7408e9a83b931b2f056728529956a4d0858608b80", + "sha256:7fde6d0e00b2fd0dbbb40c0eeec463ef147819f23725eda58105ba9ca48744f4", + "sha256:81de24a1c51cfb32e1fbf018ab0bdbc79c04c035986526f76c33e3f9e0f3356c", + "sha256:879fb24304ead6b62dbe5034e7b644b71def53c70e19363f3c3be2705c17a3b4", + "sha256:8e7f2219cb72474571974d29a191714d822e58be1eb171f229732bc6fdedf0ac", + "sha256:9164ec8010327ab9af931d7ccd12ab8d8b5dc2f4c6a16cbdd9d087861eaaefa1", + "sha256:945eb4b6bb8144909b203a88a35e0a03d22b57aefb06c9b26c6e16d72e5eb0f0", + "sha256:99a57006b4ec39dbfb3ed67e5b27192792ffb0553206a107e4aadb39c5004cd5", + "sha256:9e9184fa6c52a74a5521e3e87badbf9692549c0fcced47443585876fcc47e469", + "sha256:9ff93d3aedef11f9c4540cf347f8bb135dd9323a2fc705633d83210d464c579d", + "sha256:a360cfd0881d36c6dc271992ce1eda65dba5e9368575663de993eeb4523d895f", + "sha256:a5d7ed104d158c0042a6a73799cf0eb576dfd5fc1ace9c47996e52320c37cb7c", + "sha256:ac17044876e64a8ea20ab132080ddc73b895b4abe9976e263b0e30ee5be7b9c2", + "sha256:ad857f42831e5b8d41a32437f88d86ead6c191455a3499c4b6d15e007936d4cf", + "sha256:b2039f8d545f20c4e52713eea51a275e62153ee96c8035a32b2abb772b6fc9e5", + "sha256:b455492cab07107bfe8711e20cd920cc96003e0da3c1f91297235b1603d2aca7", + "sha256:b4a9fe992887ac68256c930a2011255bae0bf5ec837475bc6f7edd7c8dfa254e", + "sha256:b5a53f5998b4bbff1cb2e967e66ab2addc67326a274567697379dd1e326bded7", + "sha256:b788276a3c114e9f51e257f2a6f544c32c02dab4aa7a5816b96444e3f9ffc336", + "sha256:bddd4f91eede9ca5275e70479ed3656e76c8cdaaa1b354e544cbcf94c6fc8ac4", + "sha256:c0503c5b681566e8b722fe8c4c47cce5c7a51f6935d5c7012c4aefe952a35eed", + "sha256:c1b3cd23d905589cb205710b3988fc8f46d4a198cf12862887b09d7aaa6bf9b9", + "sha256:c48f3fbc3e92c7dd6681a258d22f23adc2eb183c8cb1557d2fcc5a024e80b094", + "sha256:c63c3ef43f0b3fb00571cff6c3967cc261c0ebd14a0a134a12e83bdb8f49f21f", + "sha256:c6c45a2d2b68c51fe3d9352733fe048291e483376c94f7723458cfd7b473136b", + "sha256:caa1afc70a02645809c744eefb7d6ee8fef7e2fad170ffdeacca267fd2674f13", + "sha256:cc435d059f926fdc5b05822b1be4ff2a3a040f3ae0a7bbbe672babb468944722", + "sha256:cf693eb4a08eccc1a1b636e4392322582db2a47470d52e824b25eca7a3977b53", + "sha256:cf71343646756a072b85f228d35b1d7407da1669a3de3cf47f8bbafe0c8183a4", + "sha256:d08f63561c8a695afec4975fae445245386d645e3e446e6f260e81663bfd2e38", + "sha256:d29ddefeab1791e3c751e0189d5f4b3dbc0bbe033b06e9c333dca1f99e1d523e", + "sha256:d7f5e15c953ace2e8dde9824bdab4bec50adb91a5663df08d7d994240ae6fa31", + "sha256:d858532212f0650be12b6042ff4378dc2efbb7792a286bee4489eaa7ba010586", + "sha256:d97dd44683802000277bbf142fd9f6b271746b4846d0acaf0cefa6b2eaf2a7ad", + "sha256:dcdc88b6b01015da066da3fb76545e8bb9a6880a5ebf89e0f0b2e3ca557b3ab7", + "sha256:dd609fafdcdde6e67a139898196698af37438b035b25ad63704fd9097d9a3482", + "sha256:defa2c0c68734f4a82028c26bcc85e6b92cced99866af118cd6a89b734ad8e0d", + "sha256:e22260a4741a0e7a206e175232867b48a16e0401ef5bce3c67ca5b9705879066", + "sha256:e225a6a14ecf44499aadea165299092ab0cba918bb9ccd9304eab1138844490b", + "sha256:e3df0bc35e746cce42579826b89579d13fd27c3d5319a6afca9893a9b784ff1b", + "sha256:e6fcc026a3f27c1282c7ed24b7fcac82cdd70a0e84cc848c0841a3ab1e3dea2d", + "sha256:e782379c2028a3611285a795b89b99a52722946d19fc06f002f8b53e3ea26ea9", + "sha256:e8cdd52744f680346ff8c1ecdad5f4d11117e1724d4f4e1874f3a67598821069", + "sha256:e9616f5bd2595f7f4a04b67039d890348ab826e943a9bfdbe4938d0eba606971", + "sha256:e98c4c07ee4c4b3acf787e91b27688409d918212dfd34c872201273fdd5a0e18", + "sha256:ebdab79f42c5961682654b851f3f0fc68e6cc7cd8727c2ac4ffff955154123c1", + "sha256:f0f17f2ce0f3529177a5fff5525204fad7b43dd437d017dd0317f2746773443d", + "sha256:f4e56860a5af16a0fcfa070a0a20c42fbb2012eed1eb5ceeddcc7f8079214281" + ], + "markers": "python_version >= '3.8'", + "version": "==0.10.6" + }, + "ruamel.yaml": { + "hashes": [ + "sha256:6024b986f06765d482b5b07e086cc4b4cd05dd22ddcbc758fa23d54873cf313d", + "sha256:b16b6c3816dff0a93dca12acf5e70afd089fa5acb80604afd1ffa8b465b7722c" + ], + "markers": "python_version >= '3'", + "version": "==0.17.40" + }, + "ruamel.yaml.clib": { + "hashes": [ + "sha256:024cfe1fc7c7f4e1aff4a81e718109e13409767e4f871443cbff3dba3578203d", + "sha256:03d1162b6d1df1caa3a4bd27aa51ce17c9afc2046c31b0ad60a0a96ec22f8001", + "sha256:07238db9cbdf8fc1e9de2489a4f68474e70dffcb32232db7c08fa61ca0c7c462", + "sha256:09b055c05697b38ecacb7ac50bdab2240bfca1a0c4872b0fd309bb07dc9aa3a9", + "sha256:1758ce7d8e1a29d23de54a16ae867abd370f01b5a69e1a3ba75223eaa3ca1a1b", + "sha256:184565012b60405d93838167f425713180b949e9d8dd0bbc7b49f074407c5a8b", + "sha256:1b617618914cb00bf5c34d4357c37aa15183fa229b24767259657746c9077615", + "sha256:25ac8c08322002b06fa1d49d1646181f0b2c72f5cbc15a85e80b4c30a544bb15", + "sha256:25c515e350e5b739842fc3228d662413ef28f295791af5e5110b543cf0b57d9b", + "sha256:3213ece08ea033eb159ac52ae052a4899b56ecc124bb80020d9bbceeb50258e9", + "sha256:3f215c5daf6a9d7bbed4a0a4f760f3113b10e82ff4c5c44bec20a68c8014f675", + "sha256:3fcc54cb0c8b811ff66082de1680b4b14cf8a81dce0d4fbf665c2265a81e07a1", + "sha256:46d378daaac94f454b3a0e3d8d78cafd78a026b1d71443f4966c696b48a6d899", + "sha256:4ecbf9c3e19f9562c7fdd462e8d18dd902a47ca046a2e64dba80699f0b6c09b7", + "sha256:53a300ed9cea38cf5a2a9b069058137c2ca1ce658a874b79baceb8f892f915a7", + "sha256:56f4252222c067b4ce51ae12cbac231bce32aee1d33fbfc9d17e5b8d6966c312", + "sha256:5c365d91c88390c8d0a8545df0b5857172824b1c604e867161e6b3d59a827eaa", + "sha256:665f58bfd29b167039f714c6998178d27ccd83984084c286110ef26b230f259f", + "sha256:700e4ebb569e59e16a976857c8798aee258dceac7c7d6b50cab63e080058df91", + "sha256:7048c338b6c86627afb27faecf418768acb6331fc24cfa56c93e8c9780f815fa", + "sha256:75e1ed13e1f9de23c5607fe6bd1aeaae21e523b32d83bb33918245361e9cc51b", + "sha256:7f67a1ee819dc4562d444bbafb135832b0b909f81cc90f7aa00260968c9ca1b3", + "sha256:840f0c7f194986a63d2c2465ca63af8ccbbc90ab1c6001b1978f05119b5e7334", + "sha256:84b554931e932c46f94ab306913ad7e11bba988104c5cff26d90d03f68258cd5", + "sha256:87ea5ff66d8064301a154b3933ae406b0863402a799b16e4a1d24d9fbbcbe0d3", + "sha256:955eae71ac26c1ab35924203fda6220f84dce57d6d7884f189743e2abe3a9fbe", + "sha256:9eb5dee2772b0f704ca2e45b1713e4e5198c18f515b52743576d196348f374d3", + "sha256:a5aa27bad2bb83670b71683aae140a1f52b0857a2deff56ad3f6c13a017a26ed", + "sha256:a6a9ffd280b71ad062eae53ac1659ad86a17f59a0fdc7699fd9be40525153337", + "sha256:a75879bacf2c987c003368cf14bed0ffe99e8e85acfa6c0bfffc21a090f16880", + "sha256:aab7fd643f71d7946f2ee58cc88c9b7bfc97debd71dcc93e03e2d174628e7e2d", + "sha256:b16420e621d26fdfa949a8b4b47ade8810c56002f5389970db4ddda51dbff248", + "sha256:b42169467c42b692c19cf539c38d4602069d8c1505e97b86387fcf7afb766e1d", + "sha256:b5edda50e5e9e15e54a6a8a0070302b00c518a9d32accc2346ad6c984aacd279", + "sha256:bba64af9fa9cebe325a62fa398760f5c7206b215201b0ec825005f1b18b9bccf", + "sha256:beb2e0404003de9a4cab9753a8805a8fe9320ee6673136ed7f04255fe60bb512", + "sha256:bef08cd86169d9eafb3ccb0a39edb11d8e25f3dae2b28f5c52fd997521133069", + "sha256:c2a72e9109ea74e511e29032f3b670835f8a59bbdc9ce692c5b4ed91ccf1eedb", + "sha256:c58ecd827313af6864893e7af0a3bb85fd529f862b6adbefe14643947cfe2942", + "sha256:c69212f63169ec1cfc9bb44723bf2917cbbd8f6191a00ef3410f5a7fe300722d", + "sha256:cabddb8d8ead485e255fe80429f833172b4cadf99274db39abc080e068cbcc31", + "sha256:d176b57452ab5b7028ac47e7b3cf644bcfdc8cacfecf7e71759f7f51a59e5c92", + "sha256:d92f81886165cb14d7b067ef37e142256f1c6a90a65cd156b063a43da1708cfd", + "sha256:da09ad1c359a728e112d60116f626cc9f29730ff3e0e7db72b9a2dbc2e4beed5", + "sha256:e2b4c44b60eadec492926a7270abb100ef9f72798e18743939bdbf037aab8c28", + "sha256:e79e5db08739731b0ce4850bed599235d601701d5694c36570a99a0c5ca41a9d", + "sha256:ebc06178e8821efc9692ea7544aa5644217358490145629914d8020042c24aa1", + "sha256:edaef1c1200c4b4cb914583150dcaa3bc30e592e907c01117c08b13a07255ec2", + "sha256:f481f16baec5290e45aebdc2a5168ebc6d35189ae6fea7a58787613a25f6e875", + "sha256:fff3573c2db359f091e1589c3d7c5fc2f86f5bdb6f24252c2d8e539d4e45f412" + ], + "markers": "python_version < '3.13' and platform_python_implementation == 'CPython'", + "version": "==0.2.8" + }, + "subprocess-tee": { + "hashes": [ + "sha256:b3c124993f8b88d1eb1c2fde0bc2069787eac720ba88771cba17e8c93324825d", + "sha256:eca56973a1c1237093c2055b2731bcaab784683b83f22c76f26e4c5763402e28" + ], + "markers": "python_version >= '3.8'", + "version": "==0.4.1" + }, + "tomli": { + "hashes": [ + "sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc", + "sha256:de526c12914f0c550d15924c62d72abc48d6fe7364aa87328337a31007fe8a4f" + ], + "markers": "python_version < '3.11'", + "version": "==2.0.1" + }, + "typing-extensions": { + "hashes": [ + "sha256:8f92fc8806f9a6b641eaa5318da32b44d401efaac0f6678c9bc448ba3605faa0", + "sha256:df8e4339e9cb77357558cbdbceca33c303714cf861d1eef15e1070055ae8b7ef" + ], + "markers": "python_version < '3.11'", + "version": "==4.8.0" + }, + "urllib3": { + "hashes": [ + "sha256:c97dfde1f7bd43a71c8d2a58e369e9b2bf692d1334ea9f9cae55add7d0dd0f84", + "sha256:fdb6d215c776278489906c2f8916e6e7d4f5a9b602ccbcfdf7f016fc8da0596e" + ], + "markers": "python_version >= '3.7'", + "version": "==2.0.7" + }, + "wcmatch": { + "hashes": [ + "sha256:14554e409b142edeefab901dc68ad570b30a72a8ab9a79106c5d5e9a6d241bd5", + "sha256:86c17572d0f75cbf3bcb1a18f3bf2f9e72b39a9c08c9b4a74e991e1882a8efb3" + ], + "markers": "python_version >= '3.8'", + "version": "==8.5" + }, + "yamllint": { + "hashes": [ + "sha256:d01dde008c65de5b235188ab3110bebc59d18e5c65fc8a58267cd211cd9df34a", + "sha256:d97a66e48da820829d96077d76b8dfbe6c6140f106e558dae87e81ac4e6b30b7" + ], + "index": "pypi", + "markers": "python_version >= '3.7'", + "version": "==1.32.0" + } + } +} diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/README.md b/automation/playbooks/roles/hifis.unattended_upgrades/README.md new file mode 100644 index 0000000..5dd5eeb --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/README.md @@ -0,0 +1,282 @@ +# Unattended-Upgrades Role for Ansible + +[![CI status](https://github.com/hifis-net/ansible-role-unattended-upgrades/actions/workflows/ci.yml/badge.svg)](https://github.com/hifis-net/ansible-role-unattended-upgrades/actions/workflows/ci.yml) +[![Ansible Role: hifis.unattended_upgrades](https://img.shields.io/ansible/role/59313)](https://galaxy.ansible.com/hifis/unattended_upgrades) +[![Ansible Quality Score](https://img.shields.io/ansible/quality/59313)](https://galaxy.ansible.com/hifis/unattended_upgrades) +[![Ansible Role Downloads](https://img.shields.io/ansible/role/d/59313)](https://galaxy.ansible.com/hifis/unattended_upgrades) +[![Latest release](https://img.shields.io/github/v/release/hifis-net/ansible-role-unattended-upgrades)](https://github.com/hifis-net/ansible-role-unattended-upgrades/releases) + +Install and setup [unattended-upgrades](https://launchpad.net/unattended-upgrades) for Ubuntu and Debian, to periodically install security upgrades. + +## Requirements + +The role uses [apt module](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/apt_module.html) which has additional dependencies. + +If you set `unattended_mail` to an e-mail address, make sure `mailx` command is available and your system is able to send e-mails. + +The role requires unattended-upgrades version 0.70 and newer, which is available since Debian Wheezy and Ubuntu 12.04 respectively. This is due to [Origins Patterns](#origins-patterns) usage; if this is not available on your system, you may use [the first version of the role](https://github.com/hifis-net/ansible-role-unattended-upgrades/tree/v0.1). + +### Automatic Reboot + +If you enable automatic reboot feature (`unattended_automatic_reboot`), the role will attempt to install `update-notifier-common` package, which is required on some systems for detecting and executing reboot after the upgrade. You may optionally define a specific time for rebooting (`unattended_automatic_reboot_time`). + +## Role Variables + +* `unattended_cache_valid_time`: + * Default: `3600` + * Description: Update the apt cache if it's older than the given time in seconds; passed to the [apt module](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/apt_module.html) during package installation. +* `unattended_origins_patterns`: + * Default: + * Debian: `['origin=Debian,codename=${distro_codename},label=Debian-Security']` + * Ubuntu: `['origin=Ubuntu,archive=${distro_codename}-security,label=Ubuntu']` + * Description: Array of origins patterns to determine whether the package can be automatically installed, for more details see [Origins Patterns](#origins-patterns) below. +* `unattended_package_blacklist`: + * Default: `[]` + * Description: Packages which won't be automatically upgraded. +* `unattended_autofix_interrupted_dpkg`: + * Default: `true` + * Description: Whether on unclean dpkg exit to run `dpkg --force-confold --configure -a`. +* `unattended_minimal_steps`: + * Default: `true` + * Description: Split the upgrade into the smallest possible chunks so that they can be interrupted with SIGUSR1. +* `unattended_install_on_shutdown`: + * Default: `false` + * Description: Install all unattended-upgrades when the machine is shutting down. +* `unattended_mail`: + * Default: `false` (don't send any e-mail) + * Description: E-mail address to send information about upgrades or problems with unattended upgrades. +* `unattended_mail_sender`: + * Default: `false` (same as `root`) + * Description: Use the specified value in the "From" field of outgoing mails +* `unattended_mail_only_on_error`: + * Default: `false` + * Description: Send e-mail only on errors, otherwise e-mail will be sent every time there's a package upgrade. +* `unattended_mail_report`: + * Default: `false` + * Description: Choose on what event to send an email. Possible values are "always", "only-on-error" or "on-change". +* `unattended_remove_unused_dependencies`: + * Default: `false` + * Description: Do automatic removal of all unused dependencies after the upgrade. +* `unattended_remove_new_unused_dependencies`: + * Default: `true` + * Description: Do automatic removal of new unused dependencies after the upgrade. +* `unattended_remove_unused_kernel_packages`: + * Default: `false` + * Description: Remove unused automatically installed kernel-related packages (kernel images, kernel headers and kernel version locked tools) +* `unattended_automatic_reboot`: + * Default: `false` + * Description: Automatically reboot system if any upgraded package requires it, immediately after the upgrade. +* `unattended_automatic_reboot_time`: + * Default: `false` + * Description: Automatically reboot system if any upgraded package requires it, at the specific time (_HH:MM_) instead of immediately after the upgrade. +* `unattended_update_days`: + * Default: `None` + * Description: Set the days of the week that updates should be applied. The days can be specified as localized abbreviated or full names. Or as integers where "0" is Sunday, "1" is Monday etc. Example: `{"Mon";"Fri"};` +* `unattended_ignore_apps_require_restart`: + * Default: `false` + * Description: Unattended-upgrades won't automatically upgrade some critical packages requiring restart after an upgrade (i.e. there is `XB-Upgrade-Requires: app-restart` directive in their debian/control file). With this option set to `true`, unattended-upgrades will upgrade these packages regardless of the directive. +* `unattended_syslog_enable`: + * Default: `false` + * Description: Write events to syslog, which is useful in environments where syslog messages are sent to a central store. +* `unattended_syslog_facility`: + * Default: `None` + * Description: Write events to the specified syslog facility, or the daemon facility if not specified. Will only have affect if `unattended_syslog_enable` is set to `true`. +* `unattended_verbose`: + * Default: `0` (no report) + * Description: Define verbosity level of APT for periodic runs. The output will be sent to root. + * Possible options: + * `0`: no report + * `1`: progress report + * `2`: + command outputs + * `3`: + trace on +* `unattended_update_package_list`: + * Default: `1` + * Description: Do "apt-get update" automatically every n-days (0=disable). +* `unattended_download_upgradeable`: + * Default: `0` + * Description: Do "apt-get upgrade --download-only" every n-days (0=disable). +* `unattended_autoclean_interval`: + * Default: `7` + * Description: Do "apt-get autoclean" every n-days (0=disable). +* `unattended_clean_interval`: + * Default: `0` + * Description: Do "apt-get clean" every n-days (0=disable). +* `unattended_random_sleep`: + * Default: `1800` (30 minutes) + * Description: Define maximum for a random interval in seconds after which the apt job starts (only for systems without systemd). +* `unattended_dpkg_options`: + * Default: `[]` + * Description: Array of dpkg command-line options used during unattended-upgrades runs, e.g. `["--force-confdef"]`, `["--force-confold"]`. +* `unattended_dl_limit`: + * Default: `None` + * Description: Limit the download speed in kb/sec using apt bandwidth limit feature. +* `unattended_only_on_ac_power`: + * Default: `false` + * Description: Download and install upgrades only on AC power. It will also install the debian package `powermgmt-base`. +* `unattended_systemd_timer_override` + * Default: `false` + * Description: Deploy/Remove timer overrides. +* `unattended_apt_daily_oncalendar` + * Default: `"*-*-* 6,18:00"` + * Description: Apt daily schedule (download updates). +* `unattended_apt_daily_randomizeddelaysec` + * Default: `"12h"` + * Description: Apt daily randomized delay. +* `unattended_apt_daily_upgrade_oncalendar` + * Default: `"*-*-* 6:00"` + * Description: Apt daily upgrade schedule (install updates). +* `unattended_apt_daily_upgrade_randomizeddelaysec` + * Default: `"60m"` + * Description: Apt daily upgrade randomized delay. + +## Origins Patterns + +Origins Pattern is a more powerful alternative to the Allowed Origins option used in previous versions of unattended-upgrade. + +Pattern is composed of specific keywords: + +* `a`,`archive`,`suite` – e.g. `stable`, `trusty-security` (`archive=stable`) +* `c`,`component` – e.g. `main`, `crontrib`, `non-free` (`component=main`) +* `l`,`label` – e.g. `Debian`, `Debian-Security`, `Ubuntu` +* `o`,`origin` – e.g. `Debian`, `Unofficial Multimedia Packages`, `Ubuntu` +* `n`,`codename` – e.g. `jessie`, `jessie-updates`, `trusty` (this is only supported with `unattended-upgrades` >= 0.80) +* `site` – e.g. `http.debian.net` + +You can review the available repositories using `apt-cache policy` and debug your choice using `unattended-upgrades -d` command on a target system. + +Additionally, unattended-upgrades support two macros (variables), derived from `/etc/debian_version`: + +* `${distro_id}` – Installed distribution name, e.g. `Debian` or `Ubuntu`. +* `${distro_codename}` – Installed codename, e.g. `bullseye` or `jammy`. + +Using `${distro_codename}` should be preferred over using `stable` or `oldstable` as a selected, as once `stable` moves to `oldstable`, no security updates will be installed at all, or worse, package from a newer distro release will be installed by accident. The same goes for upgrading your installation from `oldstable` to `stable`, if you forget to change this in your origin patterns, you may not receive the security updates for your newer distro release. With `${distro_codename}`, both cases can never happen. + +## Systemd timers + +Documentation for systemd/Timers: + +### Debian Default Configuration + +* Download daily at random times during the entire day. +* Install daily between 6am - 7am + +```yaml +unattended_systemd_timer_override: false # (default) +# apt-daily timer +unattended_apt_daily_oncalendar: "*-*-* 6,18:00" # (default) +unattended_apt_daily_randomizeddelaysec: "12h" # (default) +# apt-daily-upgrade timer +unattended_apt_daily_upgrade_oncalendar: "*-*-* 6:00" # (default) +unattended_apt_daily_upgrade_randomizeddelaysec: "60m" # (default) +``` + +### Customized download and update timers + +* Download starts between 00:30am - 01:30am +* Installation starts between 04:00am - 05:30am + +```yaml +unattended_systemd_timer_override: true +# apt-daily timer +unattended_apt_daily_oncalendar: "*-*-* 00:30" +unattended_apt_daily_randomizeddelaysec: "60m" + +# apt-daily-upgrade timer +unattended_apt_daily_upgrade_oncalendar: "*-*-* 4:00" +unattended_apt_daily_upgrade_randomizeddelaysec: "90m" +``` + +## Role Usage Examples + +Example for Ubuntu, with custom [origins patterns](#patterns-examples), blacklisted packages and e-mail notification: + +```yaml +- hosts: all + roles: + - role: hifis.unattended_upgrades + unattended_origins_patterns: + - 'origin=Ubuntu,archive=${distro_codename}-security' + - 'o=Ubuntu,a=${distro_codename}-updates' + unattended_package_blacklist: [cowsay, vim] + unattended_mail: 'root@example.com' +``` + +_Note:_ You don't need to specify `unattended_origins_patterns`, the role will use distribution's default if the variable is not set. + +### Running Only on Debian-based Systems + +If you manage multiple distribution with the same playbook, you may want to skip running this role on non-Debian systems. You can [use `when` conditional with role](https://docs.ansible.com/ansible/latest/user_guide/playbooks_conditionals.html#conditionals-with-roles) to limit the role to particular systems: + +```yaml +- hosts: all + roles: + - role: hifis.unattended_upgrades + when: ansible_facts['os_family'] == 'Debian' +``` + +See [#38](https://github.com/jnv/ansible-role-unattended-upgrades/pull/38) for discussion. + +### Patterns Examples + +By default, only security updates are allowed for both Ubuntu and Debian. You can add more patterns to allow unattended-updates install more packages automatically, however be aware that automated major updates may potentially break your system. + +#### For Debian + +```yaml +unattended_origins_patterns: + - 'origin=Debian,codename=${distro_codename},label=Debian-Security' # security updates + - 'o=Debian,codename=${distro_codename},label=Debian' # updates including non-security updates + - 'o=Debian,codename=${distro_codename},a=proposed-updates' +``` + +#### For Ubuntu + +In Ubuntu, archive always contains the distribution codename + +```yaml +unattended_origins_patterns: + - 'origin=Ubuntu,archive=${distro_codename}-security' + - 'o=Ubuntu,a=${distro_codename}' + - 'o=Ubuntu,a=${distro_codename}-updates' + - 'o=Ubuntu,a=${distro_codename}-proposed-updates' +``` + +#### For Raspbian + +In Raspbian, it is only possible to update all packages from the default repository, including non-security updates, or updating none. + +Updating all, including non-security: + +```yaml +unattended_origins_patterns: + - 'origin=Raspbian,codename=${distro_codename},label=Raspbian' +``` + +To not install any updates on a raspbian host, just set `unattended_origins_patterns` to an empty list: + +```yaml +unattended_origins_patterns: [] +``` + +## License + +GPL-2.0-or-later + +## Author + +This role is maintained by [HIFIS Software Services](https://www.hifis.net/) +and was originally forked from [jnv/ansible-role-unattended-upgrades](https://github.com/jnv/ansible-role-unattended-upgrades), +created by [Jan Vlnas](https://github.com/jnv). + +## Contributors + +We would like to thank and give credits to the following contributors of this +project: + +* [alpha0010](https://github.com/alpha0010) +* [gcotelli](https://github.com/gcotelli) +* [lukashass](https://github.com/lukashass) +* [nono-lqdn](https://github.com/nono-lqdn) +* [turikhay](https://github.com/turikhay) +* [mabed](https://github.com/mabed-fr) +* [pgassmann](https://github.com/pgassmann) diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/defaults/main.yml b/automation/playbooks/roles/hifis.unattended_upgrades/defaults/main.yml new file mode 100644 index 0000000..cb8ff96 --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/defaults/main.yml @@ -0,0 +1,171 @@ +--- +# Cache update time for apt module +unattended_cache_valid_time: 3600 + +#Unattended-Upgrade::Origins-Pattern +# Automatically upgrade packages from these origin patterns +# e.g.: 'o=Debian,a=stable', 'o=Debian,a=stable-updates' +# +# Left unset, distribution-specific defaults will be used through +# __unattended_origins_patterns variable only if this variable +# is not provided externally +# REFS https://github.com/ansible/ansible/issues/8121 +#unattended_origins_patterns: [] + +#Unattended-Upgrade::Package-Blacklist +# List of packages to not update +unattended_package_blacklist: [] + +#Unattended-Upgrade::AutoFixInterruptedDpkg +# On a unclean dpkg exit unattended-upgrades will run +# dpkg --force-confold --configure -a +# The default is true, to ensure updates keep getting installed +unattended_autofix_interrupted_dpkg: true + +#Unattended-Upgrade::MinimalSteps +# Split the upgrade into the smallest possible chunks so that +# they can be interrupted with SIGUSR1. This makes the upgrade +# a bit slower but it has the benefit that shutdown while a upgrade +# is running is possible (with a small delay) +unattended_minimal_steps: true + +#Unattended-Upgrade::InstallOnShutdown +# Install all unattended-upgrades when the machine is shuting down +# instead of doing it in the background while the machine is running +# This will (obviously) make shutdown slower +unattended_install_on_shutdown: false + +#Unattended-Upgrade::Mail +# Send email to this address for problems or packages upgrades +# If empty or unset then no email is sent, make sure that you +# have a working mail setup on your system. A package that provides +# 'mailx' must be installed. +unattended_mail: false + +# Unattended-Upgrade::Sender +# Use the specified value in the "From" field of outgoing mails. +unattended_mail_sender: false + +#Unattended-Upgrade::MailOnlyOnError +# Set this value to "true" to get emails only on errors. Default +# is to always send a mail if Unattended-Upgrade::Mail is set +unattended_mail_only_on_error: false + +#Unattended-Upgrade::MailReport +# Set this value to one of: +# "always", "only-on-error" or "on-change" +# If this is not set, then any legacy MailOnlyOnError (boolean) value +# is used to chose between "only-on-error" and "on-change" +unattended_mail_report: false + +#Unattended-Upgrade::Remove-Unused-Dependencies +# Do automatic removal of all unused dependencies after the upgrade +# (equivalent to apt-get autoremove) +unattended_remove_unused_dependencies: false + +#Unattended-Upgrade::Remove-New-Unused-Dependencies +# Remove any new unused dependencies after the upgrade +unattended_remove_new_unused_dependencies: true + +#Unattended-Upgrade::Remove-Unused-Kernel-Packages +# Remove unused automatically installed kernel-related packages +# (kernel images, kernel headers and kernel version locked tools) +unattended_remove_unused_kernel_packages: false + +#Unattended-Upgrade::Automatic-Reboot +# Automatically reboot *WITHOUT CONFIRMATION* if a +# the file /var/run/reboot-required is found after the upgrade +unattended_automatic_reboot: false + +#Unattended-Upgrade::Automatic-Reboot-Time +# If automatic reboot is enabled and needed, reboot at the specific +# time instead of immediately +unattended_automatic_reboot_time: false + +#Unattended-Upgrade::IgnoreAppsRequireRestart +# Do upgrade application even if it requires restart after upgrade +# I.e. "XB-Upgrade-Requires: app-restart" is set in the debian/control file +unattended_ignore_apps_require_restart: false + +#Unattended-Upgrade::SyslogEnable +# Write events to syslog, which is useful in environments where syslog +# messages are sent to a central store. +unattended_syslog_enable: false + +#Unattended-Upgrade::SyslogFacility +# Write events to the specified syslog facility, or the daemon facility if +# not specified. Requires the Unattended-Upgrade::SyslogEnable option to be +# set to true. +#unattended_syslog_facility: "daemon" + +### APT::Periodic configuration +# Snatched from /usr/lib/apt/apt.systemd.daily + +#APT::Periodic::Update-Package-Lists "0"; +# - Do "apt-get update" automatically every n-days (0=disable) +unattended_update_package_list: 1 + +#APT::Periodic::Download-Upgradeable-Packages "0"; +# - Do "apt-get upgrade --download-only" every n-days (0=disable) +#unattended_download_upgradeable: 0 + +#APT::Periodic::AutocleanInterval "0"; +# - Do "apt-get autoclean" every n-days (0=disable) +unattended_autoclean_interval: 7 + +#APT::Periodic::CleanInterval "0"; +# - Do "apt-get clean" every n-days (0=disable) +#unattended_clean_interval: 0 + +#APT::Periodic::Verbose "0"; +# - Send report mail to root +# 0: no report (or null string) +# 1: progress report (actually any string) +# 2: + command outputs (remove -qq, remove 2>/dev/null, add -d) +# 3: + trace on +#unattended_verbose: 0 + +## Cron systems only + +#APT::Periodic::RandomSleep +# When the apt job starts, it will sleep for a random period between 0 +# and APT::Periodic::RandomSleep seconds +# The default value is "1800" so that the script will stall for up to 30 +# minutes (1800 seconds) so that the mirror servers are not crushed by +# everyone running their updates all at the same time +# Kept undefined to allow default (1800) +#unattended_random_sleep: 0 + +#Dpkg::Options +# Provide dpkg options that take effect during unattended upgrades. +# By default no flags are appended. Configuration file changes can +# block installation of certain packages. Passing the flags +# "--force-confdef" and "--force-confold" will ensure updates are applied +# and old configuration files are preserved. +unattended_dpkg_options: [] + +# unattended_dpkg_options: +# - "--force-confdef" +# - "--force-confold" + + +# Use apt bandwidth limit feature, this example limits the download speed to 70kb/sec +#unattended_dl_limit: 70 + +# Unattended-Upgrade::OnlyOnACPower +# Download and install upgrades only on AC power +# (i.e. skip or gracefully stop updates on battery) +unattended_only_on_ac_power: false + +# Customize systemd timers for apt-daily and apt-daily-upgrade +unattended_systemd_timer_override: false + +# apt-daily timer +# Documentation at https://wiki.archlinux.org/title/systemd/Timers +unattended_apt_daily_oncalendar: "*-*-* 6,18:00" +unattended_apt_daily_randomizeddelaysec: "12h" + +# apt-daily-upgrade timer +# Documentation at https://wiki.archlinux.org/title/systemd/Timers +unattended_apt_daily_upgrade_oncalendar: "*-*-* 6:00" +unattended_apt_daily_upgrade_randomizeddelaysec: "60m" diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/handlers/main.yml b/automation/playbooks/roles/hifis.unattended_upgrades/handlers/main.yml new file mode 100644 index 0000000..46016b2 --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/handlers/main.yml @@ -0,0 +1,17 @@ +--- +# handlers file for unattended-upgrades + +- name: 'Restart apt-daily timer' + ansible.builtin.systemd: + daemon_reload: true + name: 'apt-daily.timer' + state: 'restarted' + enabled: yes + +- name: 'Restart apt-daily-upgrade timer' + ansible.builtin.systemd: + daemon_reload: true + name: 'apt-daily-upgrade.timer' + state: 'restarted' + enabled: yes +... diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/meta/.galaxy_install_info b/automation/playbooks/roles/hifis.unattended_upgrades/meta/.galaxy_install_info new file mode 100644 index 0000000..8ba702d --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/meta/.galaxy_install_info @@ -0,0 +1,2 @@ +install_date: Fri Jun 28 21:59:44 2024 +version: v3.2.1 diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/meta/main.yml b/automation/playbooks/roles/hifis.unattended_upgrades/meta/main.yml new file mode 100644 index 0000000..c5556d5 --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/meta/main.yml @@ -0,0 +1,23 @@ +--- +galaxy_info: + standalone: true + role_name: "unattended_upgrades" + author: "hifis" + description: "Setup unattended-upgrades on Debian-based systems" + license: "GPLv2" + min_ansible_version: "2.13" + platforms: + - name: "Ubuntu" + versions: + - "jammy" + - "focal" + - name: "Debian" + versions: + - "buster" + - "bullseye" + - "bookworm" + + galaxy_tags: + - "system" + +dependencies: [] diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/molecule/default/converge.yml b/automation/playbooks/roles/hifis.unattended_upgrades/molecule/default/converge.yml new file mode 100644 index 0000000..0d2db5b --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/molecule/default/converge.yml @@ -0,0 +1,10 @@ +--- +# Play to create and provision instance. +- name: "Converge" + hosts: "all" + tasks: + - name: "Include unattended_upgrades role" + ansible.builtin.include_role: + name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" + +... diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/molecule/default/molecule.yml b/automation/playbooks/roles/hifis.unattended_upgrades/molecule/default/molecule.yml new file mode 100644 index 0000000..99e0c22 --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/molecule/default/molecule.yml @@ -0,0 +1,58 @@ +--- +dependency: + name: "galaxy" +driver: + name: "podman" +platforms: + - name: "instance" + image: "${MOLECULE_IMAGE:-ghcr.io/hifis-net/ubuntu-systemd:22.04}" + pre_build_image: true + privileged: true + override_command: false + systemd: true + tty: true +provisioner: + name: "ansible" + options: + diff: True + inventory: + hosts: + all: + vars: + unattended_autofix_interrupted_dpkg: false + unattended_minimal_steps: true + unattended_install_on_shutdown: true + unattended_automatic_reboot: true + unattended_update_days: '{"Sat"}' + unattended_remove_unused_kernel_packages: true + unattended_only_on_ac_power: true + unattended_mail_sender: "jane@example.org" + unattended_systemd_timer_override: true + unattended_apt_daily_oncalendar: "*-*-* 11:08" + unattended_apt_daily_randomizeddelaysec: "0s" + unattended_apt_daily_upgrade_oncalendar: "*-*-* 11:31" + unattended_apt_daily_upgrade_randomizeddelaysec: "0s" + playbooks: + prepare: "prepare.yml" + check: "converge.yml" + converge: "converge.yml" + verify: "verify.yml" +verifier: + name: "ansible" +scenario: + name: "default" + test_sequence: + - "destroy" + - "dependency" + - "syntax" + - "create" + - "prepare" + - "check" + - "converge" + - "idempotence" + - "check" + - "side_effect" + - "verify" + - "destroy" + +... diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/molecule/default/prepare.yml b/automation/playbooks/roles/hifis.unattended_upgrades/molecule/default/prepare.yml new file mode 100644 index 0000000..96bbaeb --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/molecule/default/prepare.yml @@ -0,0 +1,11 @@ +--- +# Play to install dependencies. +- name: "Prepare" + hosts: "all" + tasks: + - name: "Install dependencies" + ansible.builtin.apt: + update_cache: "yes" + force_apt_get: "yes" + +... diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/molecule/default/verify.yml b/automation/playbooks/roles/hifis.unattended_upgrades/molecule/default/verify.yml new file mode 100644 index 0000000..eea1d20 --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/molecule/default/verify.yml @@ -0,0 +1,79 @@ +--- +- name: "Verify unattended upgrades installation" + hosts: "all" + vars: + ubuntu_defaults: + - 'Unattended-Upgrade::Allowed-Origins:: "${distro_id}:${distro_codename}";' + - 'Unattended-Upgrade::Allowed-Origins:: "${distro_id}:${distro_codename}-security";' + - 'Unattended-Upgrade::Allowed-Origins:: "${distro_id}ESMApps:${distro_codename}-apps-security";' + - 'Unattended-Upgrade::Allowed-Origins:: "${distro_id}ESM:${distro_codename}-infra-security";' + debian_defaults: + - 'Unattended-Upgrade::Origins-Pattern:: "origin=Debian,codename=${distro_codename},label=Debian";' + + tasks: + - name: "Get apt-config variables" + ansible.builtin.command: "apt-config dump" + register: "aptconfig" + changed_when: false + + - name: "Check for registered variables" + ansible.builtin.assert: + that: "item in aptconfig.stdout" + with_items: + - 'APT::Periodic::Unattended-Upgrade "1"' + - 'Unattended-Upgrade::Origins-Pattern "";' + - 'Unattended-Upgrade::AutoFixInterruptedDpkg "false"' + - 'Unattended-Upgrade::MinimalSteps "true"' + - 'Unattended-Upgrade::InstallOnShutdown "true"' + - 'Unattended-Upgrade::Automatic-Reboot "true"' + # NOTE: this uses the array syntax, which requires one + # top-level record, then one item per line + - 'Unattended-Upgrade::Update-Days "";' + - 'Unattended-Upgrade::Update-Days:: "Sat";' + - 'Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";' + - 'Unattended-Upgrade::OnlyOnACPower "true";' + - 'Unattended-Upgrade::Sender "jane@example.org"' + + - name: "Ubuntu specific verification" + when: "ansible_distribution == 'Ubuntu'" + block: + - name: "Check for registered variables on Ubuntu" + ansible.builtin.assert: + that: "item in aptconfig.stdout" + with_items: + - 'Unattended-Upgrade::Origins-Pattern:: "origin=Ubuntu,archive=${distro_codename}-security,label=Ubuntu";' + + - name: "Check absence of Ubuntu defaults" + ansible.builtin.assert: + that: "item not in aptconfig.stdout" + with_items: "{{ ubuntu_defaults }}" + + - name: "Debian specific verification" + when: "ansible_distribution == 'Debian'" + block: + - name: "Check for registered variables on Debian" + ansible.builtin.assert: + that: "item in aptconfig.stdout" + with_items: + - 'Unattended-Upgrade::Origins-Pattern:: "origin=Debian,codename=${distro_codename},label=Debian-Security";' + + - name: "Check absence of Debian defaults" + ansible.builtin.assert: + that: "item not in aptconfig.stdout" + with_items: "{{ debian_defaults }}" + + - name: "Dry run unattended-upgrades" + ansible.builtin.command: "/usr/bin/unattended-upgrades --dry-run" + register: "dry_run" + failed_when: "dry_run.rc != 0" + changed_when: false + + - name: "Verify custom apt-daily timers" # noqa command-instead-of-shell + ansible.builtin.shell: + cmd: "{{ item }}" + changed_when: false + loop: + - 'systemctl list-timers apt-daily* | grep apt-daily.service | grep "11:08:00"' + - 'systemctl list-timers apt-daily* | grep apt-daily-upgrade.service | grep "11:31:00"' + +... diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/tasks/main.yml b/automation/playbooks/roles/hifis.unattended_upgrades/tasks/main.yml new file mode 100644 index 0000000..f91126e --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/tasks/main.yml @@ -0,0 +1,14 @@ +--- +- name: "Import tasks from the unattended-upgrades playbook" + ansible.builtin.import_tasks: "unattended-upgrades.yml" + tags: "unattended" + +- name: "Import tasks to install systemd timer schedule overrides" + ansible.builtin.import_tasks: "systemd_timers.yml" + tags: "unattended_systemd_timers" + when: 'unattended_systemd_timer_override' + +- name: "Import tasks to remove systemd timer schedule overrides" + ansible.builtin.import_tasks: "systemd_timers_remove.yml" + tags: "unattended_systemd_timers" + when: 'not unattended_systemd_timer_override' diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/tasks/reboot.yml b/automation/playbooks/roles/hifis.unattended_upgrades/tasks/reboot.yml new file mode 100644 index 0000000..0a28b00 --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/tasks/reboot.yml @@ -0,0 +1,9 @@ +--- +# Ignored, since newer distros don't need this package +# https://github.com/jnv/ansible-role-unattended-upgrades/issues/6 +- name: "Install update-notifier-common" + ansible.builtin.apt: + name: "update-notifier-common" + state: "present" + force_apt_get: "yes" + failed_when: false diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/tasks/systemd_timers.yml b/automation/playbooks/roles/hifis.unattended_upgrades/tasks/systemd_timers.yml new file mode 100644 index 0000000..9faa6c2 --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/tasks/systemd_timers.yml @@ -0,0 +1,60 @@ +--- + +- name: 'Test apt-daily timer expression' + ansible.builtin.command: + cmd: 'systemd-analyze calendar "{{ unattended_apt_daily_oncalendar }}"' + register: '_apt_daily' + changed_when: '_apt_daily.rc != 0' + check_mode: false + +- name: 'Test apt-daily-upgrade timer expression' + ansible.builtin.command: + cmd: 'systemd-analyze calendar "{{ unattended_apt_daily_upgrade_oncalendar }}"' + register: '_apt_daily_upgrade' + changed_when: '_apt_daily_upgrade.rc != 0' + check_mode: false + +- name: 'Ensure directory apt-daily.timer.d exists' + ansible.builtin.file: + path: '/etc/systemd/system/apt-daily.timer.d' + mode: '0755' + state: 'directory' + owner: 'root' + group: 'root' + register: '_apt_daily_timer_d' + +- name: 'Ensure directory apt-daily-upgrade.timer.d exists' + ansible.builtin.file: + path: '/etc/systemd/system/apt-daily-upgrade.timer.d' + mode: '0755' + state: 'directory' + owner: 'root' + group: 'root' + register: '_apt_daily_upgrade_timer_d' + +- name: 'Deploy apt-daily timer' + ansible.builtin.template: + src: 'apt_daily_override.conf.j2' + dest: '/etc/systemd/system/apt-daily.timer.d/schedule_override.conf' + mode: '0644' + owner: 'root' + group: 'root' + when: + - '_apt_daily.rc == 0' + - '_apt_daily_timer_d' # skip if run for the first time in check mode + notify: + - 'Restart apt-daily timer' + +- name: 'Deploy apt-daily-upgrade timer' + ansible.builtin.template: + src: 'apt_daily_upgrade_override.conf.j2' + dest: '/etc/systemd/system/apt-daily-upgrade.timer.d/schedule_override.conf' + mode: '0644' + owner: 'root' + group: 'root' + when: + - '_apt_daily_upgrade.rc == 0' + - '_apt_daily_upgrade_timer_d' # skip if run for the first time in check mode + notify: + - 'Restart apt-daily-upgrade timer' +... diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/tasks/systemd_timers_remove.yml b/automation/playbooks/roles/hifis.unattended_upgrades/tasks/systemd_timers_remove.yml new file mode 100644 index 0000000..d8065e6 --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/tasks/systemd_timers_remove.yml @@ -0,0 +1,16 @@ +--- + +- name: 'Remove apt-daily timer override' + ansible.builtin.file: + path: '/etc/systemd/system/apt-daily.timer.d/schedule_override.conf' + state: 'absent' + notify: + - 'Restart apt-daily timer' + +- name: 'Remove apt-daily-upgrade timer override' + ansible.builtin.file: + path: '/etc/systemd/system/apt-daily-upgrade.timer.d/schedule_override.conf' + state: 'absent' + notify: + - 'Restart apt-daily-upgrade timer' +... diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/tasks/unattended-upgrades.yml b/automation/playbooks/roles/hifis.unattended_upgrades/tasks/unattended-upgrades.yml new file mode 100644 index 0000000..53a09e9 --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/tasks/unattended-upgrades.yml @@ -0,0 +1,39 @@ +--- +- name: "Add distribution-specific variables" + ansible.builtin.include_vars: "{{ lookup('ansible.builtin.first_found', params) }}" + vars: + params: + files: + - "{{ ansible_distribution }}-{{ ansible_distribution_release }}.yml" + - "{{ ansible_distribution }}.yml" + paths: + - 'vars' + +- name: "Install powermgmt-base" + ansible.builtin.apt: + name: "powermgmt-base" + state: "present" + cache_valid_time: "{{ unattended_cache_valid_time }}" + update_cache: "yes" + force_apt_get: "yes" + when: "unattended_only_on_ac_power" + +- name: "Install unattended-upgrades" + ansible.builtin.apt: + name: "unattended-upgrades" + state: "present" + cache_valid_time: "{{ unattended_cache_valid_time }}" + update_cache: "yes" + force_apt_get: "yes" + +- name: "Install reboot dependencies" + ansible.builtin.import_tasks: "reboot.yml" + when: "unattended_automatic_reboot | bool" + +- name: "Create Apt auto-upgrades & unattended-upgrades configuration" + ansible.builtin.template: + src: "unattended-upgrades.j2" + dest: "/etc/apt/apt.conf.d/90-ansible-unattended-upgrades" + owner: "root" + group: "root" + mode: "0644" diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/templates/apt_daily_override.conf.j2 b/automation/playbooks/roles/hifis.unattended_upgrades/templates/apt_daily_override.conf.j2 new file mode 100644 index 0000000..a03e163 --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/templates/apt_daily_override.conf.j2 @@ -0,0 +1,11 @@ +[Unit] +Description=Daily apt download activities + +[Timer] +OnCalendar= +OnCalendar={{ unattended_apt_daily_oncalendar }} +RandomizedDelaySec={{ unattended_apt_daily_randomizeddelaysec }} +Persistent=true + +[Install] +WantedBy=timers.target diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/templates/apt_daily_upgrade_override.conf.j2 b/automation/playbooks/roles/hifis.unattended_upgrades/templates/apt_daily_upgrade_override.conf.j2 new file mode 100644 index 0000000..b624247 --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/templates/apt_daily_upgrade_override.conf.j2 @@ -0,0 +1,12 @@ +[Unit] +Description=Daily apt upgrade and clean activities +After=apt-daily.timer + +[Timer] +OnCalendar= +OnCalendar={{ unattended_apt_daily_upgrade_oncalendar }} +RandomizedDelaySec={{ unattended_apt_daily_upgrade_randomizeddelaysec }} +Persistent=true + +[Install] +WantedBy=timers.target diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/templates/unattended-upgrades.j2 b/automation/playbooks/roles/hifis.unattended_upgrades/templates/unattended-upgrades.j2 new file mode 100644 index 0000000..502bbcd --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/templates/unattended-upgrades.j2 @@ -0,0 +1,181 @@ +{{ ansible_managed | comment('c') }} + +// Erase unattended-upgrades configuration tree +{% for option in __clear_options %} +#clear {{ option }}; +{% endfor %} + +// Overrides for `20auto-upgrades`. ////////////////////////////////////////// + +APT::Periodic::Unattended-Upgrade "1"; +{% if unattended_update_package_list is defined %} + +APT::Periodic::Update-Package-Lists "{{unattended_update_package_list}}"; +{% endif %} +{% if unattended_download_upgradeable is defined %} + +APT::Periodic::Download-Upgradeable-Packages "{{unattended_download_upgradeable}}"; +{% endif %} +{% if unattended_autoclean_interval is defined %} + +APT::Periodic::AutocleanInterval "{{unattended_autoclean_interval}}"; +{% endif %} +{% if unattended_clean_interval is defined %} + +APT::Periodic::CleanInterval "{{unattended_clean_interval}}"; +{% endif %} +{% if unattended_verbose is defined %} + +APT::Periodic::Verbose "{{unattended_verbose}}"; +{% endif %} +{% if unattended_random_sleep is defined %} + +APT::Periodic::RandomSleep "{{unattended_random_sleep}}"; +{% endif %} + + +// Overrides for `50unattended-upgrades`. //////////////////////////////////// + +// Unattended-Upgrade::Origins-Pattern controls which packages are +// upgraded. +Unattended-Upgrade::Origins-Pattern { +{% if unattended_origins_patterns is defined %} +{% for origin in unattended_origins_patterns %} + "{{ origin }}"; +{% endfor %} +{% else %} +{% for origin in __unattended_origins_patterns %} + "{{ origin }}"; +{% endfor %} +{% endif %} +}; + +// List of packages to not update (regexp are supported) +Unattended-Upgrade::Package-Blacklist { +{% for package in unattended_package_blacklist %} + "{{package}}"; +{% endfor %} +}; +{% if not unattended_autofix_interrupted_dpkg %} + +// This option allows you to control if on a unclean dpkg exit +// unattended-upgrades will automatically run +// dpkg --force-confold --configure -a +// The default is true, to ensure updates keep getting installed +Unattended-Upgrade::AutoFixInterruptedDpkg "false"; +{% endif %} + +// Split the upgrade into the smallest possible chunks so that +// they can be interrupted with SIGUSR1. This makes the upgrade +// a bit slower but it has the benefit that shutdown while a upgrade +// is running is possible (with a small delay) +Unattended-Upgrade::MinimalSteps "{{ unattended_minimal_steps | lower }}"; +{% if unattended_install_on_shutdown %} + +// Install all unattended-upgrades when the machine is shuting down +// instead of doing it in the background while the machine is running +// This will (obviously) make shutdown slower +Unattended-Upgrade::InstallOnShutdown "true"; +{% endif %} +{% if unattended_mail %} + +// Send email to this address for problems or packages upgrades +// If empty or unset then no email is sent, make sure that you +// have a working mail setup on your system. A package that provides +// 'mailx' must be installed. +Unattended-Upgrade::Mail "{{unattended_mail}}"; +{% endif %} +{% if unattended_mail_sender %} + +Unattended-Upgrade::Sender "{{unattended_mail_sender}}"; +{% endif %} +{% if unattended_mail_only_on_error %} + +// Set this value to "true" to get emails only on errors. Default +// is to always send a mail if Unattended-Upgrade::Mail is set +Unattended-Upgrade::MailOnlyOnError "true"; +{% endif %} +{% if unattended_mail_report %} + +// Set this value to one of: +// "always", "only-on-error" or "on-change" +// If this is not set, then any legacy MailOnlyOnError (boolean) value +// is used to chose between "only-on-error" and "on-change" +Unattended-Upgrade::MailReport "{{ unattended_mail_report }}"; +{% endif %} +{% if unattended_remove_unused_dependencies %} + +// Do automatic removal of all unused dependencies after the upgrade +// (equivalent to apt-get autoremove) +Unattended-Upgrade::Remove-Unused-Dependencies "true"; +{% endif %} +{% if not unattended_remove_new_unused_dependencies %} + +// Do automatic removal of new unused dependencies after the upgrade +Unattended-Upgrade::Remove-New-Unused-Dependencies "false"; +{% endif %} +{% if unattended_remove_unused_kernel_packages %} + +// Remove unused automatically installed kernel-related packages +// (kernel images, kernel headers and kernel version locked tools). +Unattended-Upgrade::Remove-Unused-Kernel-Packages "true"; +{% endif %} +{% if unattended_automatic_reboot %} + +// Automatically reboot *WITHOUT CONFIRMATION* if a +// the file /var/run/reboot-required is found after the upgrade +Unattended-Upgrade::Automatic-Reboot "true"; +{% endif %} +{% if unattended_automatic_reboot_time %} + +// If automatic reboot is enabled and needed, reboot at the specific +// time instead of immediately +// Default: "now" +Unattended-Upgrade::Automatic-Reboot-Time "{{ unattended_automatic_reboot_time }}"; +{% endif %} +{% if unattended_update_days is defined %} + +// Set the days of the week that updates should be applied. The days can be specified +// as localized abbreviated or full names. Or as integers where "0" is Sunday, "1" is +// Monday etc. +// Example - apply updates only on Monday and Friday: +// {"Mon";"Fri"}; +Unattended-Upgrade::Update-Days {{ unattended_update_days }}; +{% endif %} +{% if unattended_ignore_apps_require_restart %} + +// Do upgrade application even if it requires restart after upgrade +// I.e. "XB-Upgrade-Requires: app-restart" is set in the debian/control file +Unattended-Upgrade::IgnoreAppsRequireRestart "true"; +{% endif %} +{% if unattended_syslog_enable %} + +// Write events to syslog, which is useful in environments where syslog +// messages are sent to a central store. +Unattended-Upgrade::SyslogEnable "{{ unattended_syslog_enable }}"; +{% if unattended_syslog_facility is defined %} +// Write events to the specified syslog facility, or the daemon facility +// if not specified. Requires the Unattended-Upgrade::SyslogEnable option +// to be set to true. +Unattended-Upgrade::SyslogFacility "{{ unattended_syslog_facility }}"; +{% endif %} +{% endif %} +{% if unattended_dpkg_options %} + +// Append options for governing dpkg behavior, e.g. --force-confdef. +Dpkg::Options { +{% for dpkg_option in unattended_dpkg_options %} + "{{ dpkg_option }}"; +{% endfor %} +}; +{% endif %} +{% if unattended_dl_limit is defined %} + +// Use apt bandwidth limit feature, this example limits the download +// speed to 70kb/sec +Acquire::http::Dl-Limit "{{ unattended_dl_limit }}"; +{% endif %} + +// Download and install upgrades only on AC power +// (i.e. skip or gracefully stop updates on battery) +Unattended-Upgrade::OnlyOnACPower "{{ unattended_only_on_ac_power | to_json }}"; diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/vars/Debian-buster.yml b/automation/playbooks/roles/hifis.unattended_upgrades/vars/Debian-buster.yml new file mode 100644 index 0000000..706a604 --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/vars/Debian-buster.yml @@ -0,0 +1,3 @@ +--- +__unattended_origins_patterns: + - 'origin=Debian,codename=${distro_codename},label=Debian-Security' diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/vars/Debian.yml b/automation/playbooks/roles/hifis.unattended_upgrades/vars/Debian.yml new file mode 100644 index 0000000..5390b45 --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/vars/Debian.yml @@ -0,0 +1,9 @@ +--- +# From https://metadata.ftp-master.debian.org/changelogs//main/u/unattended-upgrades/unattended-upgrades_2.8_changelog +# Allow both ${distro_codename} or ${distro_codename}-security on Debian +# as security update codenames. The latter will be used starting with +# Bullseye, but to help backporting and testing the configuration file keeps +# working on Buster and older releases. (Closes: #933138) +__unattended_origins_patterns: + - 'origin=Debian,codename=${distro_codename},label=Debian-Security' + - 'origin=Debian,codename=${distro_codename}-security,label=Debian-Security' diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/vars/Ubuntu.yml b/automation/playbooks/roles/hifis.unattended_upgrades/vars/Ubuntu.yml new file mode 100644 index 0000000..85a6bf3 --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/vars/Ubuntu.yml @@ -0,0 +1,3 @@ +--- +__unattended_origins_patterns: + - 'origin=Ubuntu,archive=${distro_codename}-security,label=Ubuntu' diff --git a/automation/playbooks/roles/hifis.unattended_upgrades/vars/main.yml b/automation/playbooks/roles/hifis.unattended_upgrades/vars/main.yml new file mode 100644 index 0000000..d7b8e0d --- /dev/null +++ b/automation/playbooks/roles/hifis.unattended_upgrades/vars/main.yml @@ -0,0 +1,36 @@ +--- +# List of unattended-upgrades options that need to be erased before set by this role +# See https://github.com/hifis-net/ansible-role-unattended-upgrades/issues/94 +__clear_options: + - "Acquire::http::Dl-Limit" + - "APT::Periodic::Update-Package-Lists" + - "APT::Periodic::Unattended-Upgrade" + - "Unattended-Upgrade" + - "Unattended-Upgrade::Allow-downgrade" + - "Unattended-Upgrade::Allowed-Origins" + - "Unattended-Upgrade::Allow-APT-Mark-Fallback" + - "Unattended-Upgrade::AutoFixInterruptedDpkg" + - "Unattended-Upgrade::Automatic-Reboot" + - "Unattended-Upgrade::Automatic-Reboot-Time" + - "Unattended-Upgrade::Automatic-Reboot-WithUsers" + - "Unattended-Upgrade::Debug" + - "Unattended-Upgrade::DevRelease" + - "Unattended-Upgrade::InstallOnShutdown" + - "Unattended-Upgrade::Keep-Debs-After-Install" + - "Unattended-Upgrade::Mail" + - "Unattended-Upgrade::MailReport" + - "Unattended-Upgrade::MinimalSteps" + - "Unattended-Upgrade::OnlyOnACPower" + - "Unattended-Upgrade::Origins-Pattern" + - "Unattended-Upgrade::Package-Blacklist" + - "Unattended-Upgrade::Package-Whitelist" + - "Unattended-Upgrade::Package-Whitelist-Strict" + - "Unattended-Upgrade::Remove-New-Unused-Dependencies" + - "Unattended-Upgrade::Remove-Unused-Dependencies" + - "Unattended-Upgrade::Remove-Unused-Kernel-Packages" + - "Unattended-Upgrade::Sender" + - "Unattended-Upgrade::Skip-Updates-On-Metered-Connections" + - "Unattended-Upgrade::SyslogEnable" + - "Unattended-Upgrade::SyslogFacility" + - "Unattended-Upgrade::Update-Days" + - "Unattended-Upgrade::Verbose"