aboutsummaryrefslogtreecommitdiffstats
path: root/fdio.infra.ansible/roles/kernel/tasks/ubuntu_noble.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'fdio.infra.ansible/roles/kernel/tasks/ubuntu_noble.yaml')
-rw-r--r--fdio.infra.ansible/roles/kernel/tasks/ubuntu_noble.yaml62
1 files changed, 62 insertions, 0 deletions
diff --git a/fdio.infra.ansible/roles/kernel/tasks/ubuntu_noble.yaml b/fdio.infra.ansible/roles/kernel/tasks/ubuntu_noble.yaml
new file mode 100644
index 0000000000..1702ecc07d
--- /dev/null
+++ b/fdio.infra.ansible/roles/kernel/tasks/ubuntu_noble.yaml
@@ -0,0 +1,62 @@
+---
+# file: tasks/ubuntu_noble.yaml
+
+- name: "Get Available Kernel Versions"
+ ansible.builtin.command: "apt-cache showpkg linux-headers-*"
+ changed_when: false
+ register: apt_kernel_list
+ tags:
+ - kernel-inst
+
+- name: "Get installed packages with APT"
+ ansible.builtin.command: "dpkg -l"
+ changed_when: false
+ register: apt_packages_list
+ tags:
+ - kernel-inst
+
+- name: "Set target APT kernel version"
+ ansible.builtin.set_fact:
+ _kernel: "{{ apt_kernel_list | deb_kernel(
+ kernel_version, ansible_kernel) }}"
+ tags:
+ - kernel-inst
+
+- name: "Disable APT auto upgrade"
+ ansible.builtin.lineinfile:
+ path: "/etc/apt/apt.conf.d/20auto-upgrades"
+ state: "present"
+ regexp: "APT::Periodic::Unattended-Upgrade \"[0-9]\";"
+ line: "APT::Periodic::Unattended-Upgrade \"0\";"
+ create: true
+ mode: 0644
+ tags:
+ - kernel-inst
+
+- name: "Ensure Packages Versions"
+ ansible.builtin.apt:
+ name: "{{ apt_kernel_list | deb_kernel_pkg(
+ kernel_version, ansible_kernel, ansible_distribution,
+ ansible_architecture, item) }}"
+ loop: "{{ kernel_packages }}"
+ tags:
+ - kernel-inst
+
+- name: "Ensure Any Other Kernel Packages Are Removed"
+ ansible.builtin.apt:
+ name: "{{ apt_packages_list | deb_installed_kernel(
+ apt_kernel_list, kernel_version, ansible_kernel) }}"
+ state: "absent"
+ purge: true
+ notify:
+ - "Reboot Server"
+ tags:
+ - kernel-inst
+
+- name: "Ensure Any Microcode Is Absent"
+ ansible.builtin.apt:
+ name: "{{ absent_packages }}"
+ state: "absent"
+ purge: true
+ tags:
+ - kernel-inst