Setting up automatic updates using Ansible
unattended-upgrades is a valuable tool that ensures your system automatically receives updates in response to security vulnerabilities, such as CVE exploits. It’s particularly useful for critical applications such as NGINX, where staying ahead of potential threats is crucial. When a security update is issued for NGINX, unattended-upgrades
takes care of the update process, providing peace of mind that your server remains secure without manual intervention.
To install the unattended-upgrades
package, you can edit the existing file roles/nginx_install/tasks/main.yml
and add the following:
- name: Install unattended-upgrades   apt:     name: unattended-upgrades     state: present
Rerun the playbook to install the package:
root@ansible:~/nginx_install# ansible-playbook -i inventory.ini nginx_install.yml […] TASK [nginx_install : Install unattended-upgrades] ok: [testvm.lxd...