| 1 | --- |
| 2 | - name: Add LTTng-CI PPA |
| 3 | # This provides gdb with no babeltrace; however, it's only made |
| 4 | # available for certain releases |
| 5 | when: ansible_distribution == 'Ubuntu' and ansible_distribution_version in ['22'] |
| 6 | block: |
| 7 | - name: LTTng-CI PPA | apt key |
| 8 | ansible.builtin.copy: |
| 9 | src: efficios_ubuntu_ci.gpg |
| 10 | dest: /etc/apt/trusted.gpg.d/efficios_ubuntu_ci.gpg |
| 11 | owner: root |
| 12 | group: root |
| 13 | mode: '0644' |
| 14 | |
| 15 | - name: LTTng-CI PPA | apt source |
| 16 | ansible.builtin.apt_repository: |
| 17 | repo: "deb [signed-by=/etc/apt/trusted.gpg.d/efficios_ubuntu_ci.gpg] http://ppa.launchpad.net/efficios/ci/ubuntu {{ ansible_distribution_release }} main" |
| 18 | state: present |
| 19 | filename: efficios-ubuntu-ci |
| 20 | |
| 21 | - name: Update apt cache. |
| 22 | apt: update_cache=yes cache_valid_time=86400 |
| 23 | |
| 24 | - name: Ensure common packages are installed. |
| 25 | apt: "name={{ common_packages }} state=present" |
| 26 | |
| 27 | - name: Install unattended upgrades |
| 28 | apt: |
| 29 | name: 'unattended-upgrades' |
| 30 | state: "{{(unattended_upgrades|bool)|ternary('present', 'absent')}}" |
| 31 | |
| 32 | - name: Enable extra repos for unattended upgrades |
| 33 | template: |
| 34 | dest: /etc/apt/apt.conf.d/51unattended_upgrades_extra_repos.conf |
| 35 | src: unattended_upgrades_extra_repos.conf.j2 |
| 36 | vars: |
| 37 | repos_base: |
| 38 | - "${distro_id}:${distro_codename}-updates" |
| 39 | - "${distro_id}:${distro_codename}-backports" |
| 40 | repos_Ubuntu: |
| 41 | - "LP-PPA-efficios-ci:${distro_codename}" |
| 42 | repose_Debian: [] |
| 43 | repos: "{{repos_base|union(lookup('vars', 'repos_' + ansible_distribution, default=[]))}}" |
| 44 | |
| 45 | - name: Enable unattended upgrades |
| 46 | block: |
| 47 | - copy: |
| 48 | dest: /etc/apt/apt.conf.d/20auto-upgrades |
| 49 | content: "APT::Periodic::Update-Package-Lists \"1\";\nAPT::Periodic::Unattended-Upgrade \"1\";\n" |
| 50 | when: unattended_upgrades | bool |
| 51 | - file: |
| 52 | path: /etc/apt/apt.conf.d/20auto-upgrades |
| 53 | state: "{{(unattended_upgrades|bool)|ternary('file', 'absent')}}" |
| 54 | owner: root |
| 55 | group: root |
| 56 | mode: '0644' |
| 57 | - name: Install microcode for physical hosts |
| 58 | when: ansible_virtualization_role == 'host' |
| 59 | block: |
| 60 | - name: Install AMD microcode |
| 61 | when: "'AuthenticAMD' in ansible_processor" |
| 62 | ansible.builtin.apt: |
| 63 | name: amd64-microcode |
| 64 | register: amd64_microcode |
| 65 | - name: Install Intel microcode |
| 66 | when: "'GenuineIntel' in ansible_processor" |
| 67 | ansible.builtin.apt: |
| 68 | name: intel-microcode |
| 69 | register: intel_microcode |
| 70 | - name: Update initramfs |
| 71 | when: amd64_microcode.changed or intel_microcode.changed |
| 72 | ansible.builtin.command: |
| 73 | argv: ['update-initramfs', '-u', '-k', 'all'] |
| 74 | - name: Set reboot required |
| 75 | when: amd64_microcode.changed or intel_microcode.changed |
| 76 | ansible.builtin.copy: |
| 77 | dest: /var/run/reboot-required |
| 78 | content: '*** System restart required ***' |
| 79 | owner: root |
| 80 | group: root |
| 81 | mode: '0644' |
| 82 | - name: Install prometheus node exporter for physical hosts |
| 83 | when: "'hosts' in group_names" |
| 84 | ansible.builtin.apt: |
| 85 | name: |
| 86 | - prometheus-node-exporter |
| 87 | - prometheus-node-exporter-collectors |
| 88 | |
| 89 | - name: Work-around for git hanging during checkouts |
| 90 | # @see https://support.efficios.com/issues/1532 |
| 91 | when: ansible_distribution_release == 'bookworm' |
| 92 | block: |
| 93 | - name: Add bookworm-backports pref |
| 94 | ansible.builtin.copy: |
| 95 | dest: /etc/apt/preferences.d/bookworm-backports.pref |
| 96 | content: "Package: curl libcurl3* libcurl4*\nPin: release n=bookworm-backports\nPin-Priority: 600\n" |
| 97 | - name: Enable bookworm backports |
| 98 | ansible.builtin.apt_repository: |
| 99 | repo: 'deb http://deb.debian.org/debian bookworm-backports main' |
| 100 | - ansible.builtin.apt: |
| 101 | upgrade: 'yes' |
| 102 | - name: Use HTTP/1.1 with git HTTP operations |
| 103 | community.general.git_config: |
| 104 | file: '/etc/gitconfig' |
| 105 | name: 'http.version' |
| 106 | value: 'HTTP/1.1' |