From 52a4bae1709ac05a31e2fa5cd1aba4347fa8e8e9 Mon Sep 17 00:00:00 2001
From: Clark Boylan <clark.boylan@gmail.com>
Date: Tue, 26 Feb 2019 14:17:23 -0800
Subject: [PATCH] Apply package updates before we reboot in launch-node

When launching a new server we should make sure that all available
package updates are installed before we reboot the server. This way we
get available security updates applied to things like our kernel.

This change adds a new playbook that runs the unattended-upgrade command
on debuntu servers. Will need to add support for other platforms in a
followup change.

Change-Id: Idc88dc33afdd209c388452493e6a7f5731fa0974
---
 launch/launch-node.py                | 1 +
 playbooks/apply-package-updates.yaml | 8 ++++++++
 2 files changed, 9 insertions(+)
 create mode 100644 playbooks/apply-package-updates.yaml

diff --git a/launch/launch-node.py b/launch/launch-node.py
index 305b66ef96..f146b62e17 100755
--- a/launch/launch-node.py
+++ b/launch/launch-node.py
@@ -182,6 +182,7 @@ def bootstrap_server(server, key, name, volume_device, keep,
         for playbook in [
                 'set-hostnames.yaml',
                 'base.yaml',
+                'apply-package-updates.yaml',
         ]:
             run(ansible_cmd + [
                 os.path.join(SCRIPT_DIR, '..', 'playbooks', playbook)],
diff --git a/playbooks/apply-package-updates.yaml b/playbooks/apply-package-updates.yaml
new file mode 100644
index 0000000000..2092e0a2be
--- /dev/null
+++ b/playbooks/apply-package-updates.yaml
@@ -0,0 +1,8 @@
+- hosts: "{{ target }}"
+  user: root
+  tasks:
+    - name: Run unattended-upgrade on debuntu
+      shell: |
+        unattended-upgrade -d
+      when: ansible_facts['os_family'] == "Debian"
+  # TODO add equivalent for other platforms