opendev/system-config
Code Issues Proposed changes
a0c1de2b6b
system-config/playbooks/roles/base-server/tasks/Debian.yaml
Ian Wienand d232403e79 base-server: disable install of suggests and recommends packages 
The options to disable installing suggests and recommended packages
has been in diskimage-builder based images for a long time [1].
However we have no setting for it in our base-server role, meaning
that when launching nodes from cloud-provider images we can be out of
sync on this option.

I6d69ac0bd2ade95fede33c5f82e7df218da9458b is an example where packages
pulled in by suggestions can fail (arguably a packaging issue, but
anyway...)

By enabling this here, we make our control plane servers homogenous
with our diskimage-builder based testing nodes, which is better for
general sanity.  Overall it gives us more control over what's
installed.

[1] https://opendev.org/openstack/diskimage-builder/src/branch/master/diskimage_builder/elements/dpkg/pre-install.d/00-disable-apt-recommends

As I6d69ac0bd2ade95fede33c5f82e7df218da9458b showed, installing
suggested or recommended packages might result in

Change-Id: Id6dcc158944a46fc0ae03b6f1ff372dacd67c2e6
2019-07-31 16:21:08 +10:00

70 lines
1.6 KiB
YAML
Raw Blame History

- name: Disable install of additional recommends and suggests packages
copy:
mode: 0444
src: 95disable-recommends
dest: /etc/apt/apt.conf.d/
owner: root
group: root
# NOTE(ianw) There are ordering issues with this. Hopefully when
# we're bionic only we can just remove ntp
- name: Install NTP
when: ansible_distribution_version is version('18.04', '<')
block:
- name: Install ntp
package:
name: ntp
state: present
- name: Ensure NTP service is running
service:
name: ntp
enabled: yes
state: started
- name: Ensure systemd-timesyncd is running
service:
name: systemd-timesyncd
enabled: yes
state: started
when: ansible_distribution_version is version('18.04', '>=')
- name: Remove packages that make no sense for our servers
package:
name:
- apport
- whoopsie
- popularity-contest
- lxd
- lxd-client
state: absent
- name: Configure file limits
copy:
mode: 0644
src: debian_limits.conf
dest: /etc/security/limits.d/60-nofile-limit.conf
- name: Custom rsyslog config to disable /dev/xconsole noise
copy:
mode: 0644
src: rsyslog.d_50-default.conf
dest: /etc/rsyslog.d/50-default.conf
notify: Restart rsyslog
- name: Install apt-daily 10periodic file for unattended-upgrades
copy:
mode: 0444
src: 10periodic
dest: /etc/apt/apt.conf.d/10periodic
owner: root
group: root
- name: Install 50unattended-upgrades file for unattended-upgrades
copy:
mode: 0444
src: 50unattended-upgrades
dest: /etc/apt/apt.conf.d/50unattended-upgrades
owner: root
group: root
View Git Blame Copy Permalink