Closed shawly closed 1 year ago
Thanks @shawly for reporting this bug.
Could you please provide the Ansible configuration or the original configuration file that throws this error?
Is there any need for me to provide it? The issue is that unattended updates changed the pattern, that doesn't relate to any special configuration.
I can't recreate the error on Ubuntu 22.04 at the moment. Either the config or the steps to reproduce the error would be very helpful to me here.
This is currently the config I used to produce the error:
- name: Configure unattended upgrades
hosts: all
strategy: free
pre_tasks:
- name: Set debian origin patterns
ansible.builtin.set_fact:
unattended_origins_patterns:
- "origin=Debian,codename=${distro_codename},label=Debian-Security"
- "o=Debian,codename=${distro_codename},label=Debian"
- "o=Debian,codename=${distro_codename},a=proposed-updates"
- "Docker:${distro_codename}"
when: ansible_distribution == "Debian" and ansible_distribution_major_version > "7"
- name: Set ubuntu origin patterns
ansible.builtin.set_fact:
unattended_origins_patterns:
- "origin=Ubuntu,archive=${distro_codename}-security"
- "o=Ubuntu,a=${distro_codename}"
- "o=Ubuntu,a=${distro_codename}-updates"
- "o=Ubuntu,a=${distro_codename}-proposed-updates"
- "Docker:${distro_codename}"
when: ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "22"
- name: Set ubuntu jammy origin patterns
ansible.builtin.set_fact:
unattended_origins_patterns:
- "${distro_id}:${distro_codename}"
- "${distro_id}:${distro_codename}-security"
- "${distro_id}:${distro_codename}-updates"
- "${distro_id}:${distro_codename}-proposed"
- "${distro_id}ESMApps:${distro_codename}-apps-security"
- "${distro_id}ESM:${distro_codename}-infra-security"
- "Docker:${distro_codename}"
when: ansible_distribution == "Ubuntu" and ansible_distribution_major_version >= "22"
roles:
- role: hifis.unattended_upgrades
unattended_automatic_reboot: true
unattended_automatic_reboot_time: "02:00"
tags:
- unattended_upgrades
- system
As a workaround I added these post_tasks:
post_tasks:
- name: Ubuntu Jammy fix for unattended upgrades patterns
become: true
ansible.builtin.replace:
path: /etc/apt/apt.conf.d/50unattended-upgrades
regexp: '(\s+)Unattended-Upgrade::Origins-Pattern(\s+.*)?$'
replace: '\1Unattended-Upgrade::Allowed-Origins\2'
when: ansible_distribution_major_version >= "22"
On Ubuntu 20.04 unattended upgrades uses v2.3 and on 22.04 it has been updated to v2.8.
Maybe the reason this happens is because I just use Docker:${distro_codename}
which worked with v2.3 but not with v2.8?
With Ubuntu Jammy I get the following error after running the Ansible role:
With the default unattended-upgrades configuration it works fine. I compared the original and the newly generated configuration and it seems that
Unattended-Upgrade::Origins-Pattern
changed toUnattended-Upgrade::Allowed-Origins
with Jammy. The Ubuntu documentation also was updated https://help.ubuntu.com/community/AutomaticSecurityUpdatesWhen I change
Origins-Pattern
toAllowed-Origins
it works again. So I guess there should be a check for the distro codename.