Disable systemd timers that auto-upgrade

83a0319e · Kevin Falcone · 584125b9 · 83a0319e
Commit 83a0319e authored Oct 14, 2016 by Kevin Falcone
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 2 deletions

playbooks/roles/security/tasks/security-ubuntu.yml
+8 -2

No files found.
--- a/playbooks/roles/security/tasks/security-ubuntu.yml
+++ b/playbooks/roles/security/tasks/security-ubuntu.yml
@@ -22,6 +22,13 @@
    mode: "0644"
  when: SECURITY_UNATTENDED_UPGRADES
+- name: Disable unattended-upgrades if Xenial (16.04)
+  command: "{{ item }}"
+  when: ansible_distribution_release == 'xenial' and not SECURITY_UNATTENDED_UPGRADES
+  with_items:
+    - "systemctl disable apt-daily.service"
+    - "systemctl disable apt-daily.timer"
 - name: Disable unattended-upgrades
  file:
    path: "/etc/apt/apt.conf.d/10periodic"
@@ -85,4 +92,4 @@
    name: libc6
    state: latest
    update_cache: yes
  when: "'vulnerable' in test_ghost_vuln.stdout"
\ No newline at end of file