From 78334e81573a4a1163cee00d3f9f1c664f599fa5 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Fri, 26 Aug 2022 12:30:18 +0100 Subject: [PATCH] :coffin: Remove apt-update cronjob and standardise apt cleanup syntax --- ...epository-mirror-external-cran.mustache.yaml | 17 +++++++---------- ...epository-mirror-external-pypi.mustache.yaml | 17 +++++++---------- ...epository-mirror-internal-cran.mustache.yaml | 16 +++++++++------- ...epository-mirror-internal-pypi.mustache.yaml | 16 +++++++++------- .../cloud-init-repository-proxy.mustache.yaml | 17 +++++++++++------ ...cloud-init-update-server-linux.mustache.yaml | 17 +++++++++++------ .../cloud_init/cloud-init-cocalc.mustache.yaml | 6 ------ .../cloud_init/cloud-init-codimd.mustache.yaml | 6 ------ .../cloud_init/cloud-init-gitlab.mustache.yaml | 6 ------ .../cloud-init-guacamole.mustache.yaml | 16 ++++++---------- .../cloud-init-postgres.mustache.yaml | 17 +++++++++++------ .../cloud_init/cloud-init-srd.mustache.yaml | 6 ------ 12 files changed, 71 insertions(+), 86 deletions(-) diff --git a/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-external-cran.mustache.yaml b/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-external-cran.mustache.yaml index 3c0e4437c3..82741aa32e 100644 --- a/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-external-cran.mustache.yaml +++ b/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-external-cran.mustache.yaml @@ -36,12 +36,6 @@ write_files: content: | Acquire::http::Proxy "http://{{monitoring.updateServers.linux.ip}}:8000"; - - path: "/etc/cron.d/apt-update" - permissions: "0644" - content: | - # Run every day at 01:45 - 45 1 * * * root apt update - - path: "/etc/cron.d/push-to-internal-mirrors" permissions: "0644" content: | @@ -167,12 +161,15 @@ ntp: runcmd: # Suppress apt prompts and warning messages - - export DEBIAN_FRONTEND=noninteractive + - DEBIAN_FRONTEND=noninteractive + - export DEBIAN_FRONTEND - # Upgrade installation then clean up - - echo ">=== Upgrade and clean up apt-get packages... ===<" - - apt-get -y upgrade + # Clean up installation + - echo ">=== Cleaning up apt-get packages... ===<" + - apt update + - apt-get -y autoremove - apt-get clean + - apt --fix-broken install # Set up and partition data disk - echo ">=== Setting up local disk... ===<" diff --git a/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-external-pypi.mustache.yaml b/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-external-pypi.mustache.yaml index 2dc66fd2bb..2329bed40c 100644 --- a/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-external-pypi.mustache.yaml +++ b/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-external-pypi.mustache.yaml @@ -90,12 +90,6 @@ write_files: macos freebsd - - path: "/etc/cron.d/apt-update" - permissions: "0644" - content: | - # Run every day at 01:45 - 45 1 * * * root apt update - - path: "/etc/cron.d/push-to-internal-mirrors" permissions: "0644" content: | @@ -243,12 +237,15 @@ ntp: runcmd: # Suppress apt prompts and warning messages - - export DEBIAN_FRONTEND=noninteractive + - DEBIAN_FRONTEND=noninteractive + - export DEBIAN_FRONTEND - # Upgrade installation then clean up - - echo ">=== Upgrade and clean up apt-get packages... ===<" - - apt-get -y upgrade + # Clean up installation + - echo ">=== Cleaning up apt-get packages... ===<" + - apt update + - apt-get -y autoremove - apt-get clean + - apt --fix-broken install # Set up and partition data disk - echo ">=== Setting up local disk... ===<" diff --git a/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-internal-cran.mustache.yaml b/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-internal-cran.mustache.yaml index f65faa9fa6..1354464477 100644 --- a/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-internal-cran.mustache.yaml +++ b/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-internal-cran.mustache.yaml @@ -33,12 +33,6 @@ write_files: content: | Acquire::http::Proxy "http://{{monitoring.updateServers.linux.ip}}:8000"; - - path: "/etc/cron.d/apt-update" - permissions: "0644" - content: | - # Run every day at 01:45 - 45 1 * * * root apt update - - path: /var/local/cran-mirror-apache.conf permissions: "0644" content: | @@ -78,7 +72,15 @@ ntp: runcmd: # Suppress apt prompts and warning messages - - export DEBIAN_FRONTEND=noninteractive + - DEBIAN_FRONTEND=noninteractive + - export DEBIAN_FRONTEND + + # Clean up installation + - echo ">=== Cleaning up apt-get packages... ===<" + - apt update + - apt-get -y autoremove + - apt-get clean + - apt --fix-broken install # Show authorised SSH keys - echo ">=== Authorised SSH keys... ===<" diff --git a/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-internal-pypi.mustache.yaml b/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-internal-pypi.mustache.yaml index e150143f72..f8e9654858 100644 --- a/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-internal-pypi.mustache.yaml +++ b/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-internal-pypi.mustache.yaml @@ -33,12 +33,6 @@ write_files: content: | Acquire::http::Proxy "http://{{monitoring.updateServers.linux.ip}}:8000"; - - path: "/etc/cron.d/apt-update" - permissions: "0644" - content: | - # Run every day at 01:45 - 45 1 * * * root apt update - - path: "/etc/systemd/system/pypiserver.service" content: | [Unit] @@ -175,7 +169,15 @@ ntp: runcmd: # Suppress apt prompts and warning messages - - export DEBIAN_FRONTEND=noninteractive + - DEBIAN_FRONTEND=noninteractive + - export DEBIAN_FRONTEND + + # Clean up installation + - echo ">=== Cleaning up apt-get packages... ===<" + - apt update + - apt-get -y autoremove + - apt-get clean + - apt --fix-broken install # Show authorised SSH keys - echo ">=== Authorised SSH keys... ===<" diff --git a/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-proxy.mustache.yaml b/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-proxy.mustache.yaml index 2bd978ef92..4eb004578e 100644 --- a/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-proxy.mustache.yaml +++ b/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-proxy.mustache.yaml @@ -6,12 +6,6 @@ write_files: content: | Acquire::http::Proxy "http://{{monitoring.updateServers.linux.ip}}:8000"; - - path: "/etc/cron.d/apt-update" - permissions: "0644" - content: | - # Run every day at 01:45 - 45 1 * * * root apt update - - path: "/etc/nexus/docker-compose.yaml" permissions: "0400" content: | @@ -75,6 +69,17 @@ users: sudo: false # This user will not have sudo privileges runcmd: + # Suppress apt prompts and warning messages + - DEBIAN_FRONTEND=noninteractive + - export DEBIAN_FRONTEND + + # Clean up installation + - echo ">=== Cleaning up apt-get packages... ===<" + - apt update + - apt-get -y autoremove + - apt-get clean + - apt --fix-broken install + # Ensure that Docker is running and enabled at startup - echo ">=== Configuring Docker... ===<" - systemctl enable docker diff --git a/deployment/safe_haven_management_environment/cloud_init/cloud-init-update-server-linux.mustache.yaml b/deployment/safe_haven_management_environment/cloud_init/cloud-init-update-server-linux.mustache.yaml index af3d6bf37b..5a292520b6 100644 --- a/deployment/safe_haven_management_environment/cloud_init/cloud-init-update-server-linux.mustache.yaml +++ b/deployment/safe_haven_management_environment/cloud_init/cloud-init-update-server-linux.mustache.yaml @@ -1,12 +1,6 @@ #cloud-config write_files: - - path: "/etc/cron.d/apt-update" - permissions: "0644" - content: | - # Run every day at 01:45 - 45 1 * * * root apt update - - path: "/etc/squid-deb-proxy/mirror-dstdomain.acl.d/20-data-safe-haven" content: | # Additional mirror domains that are allowed by this cache @@ -38,6 +32,17 @@ package_update: true package_upgrade: true runcmd: + # Suppress apt prompts and warning messages + - DEBIAN_FRONTEND=noninteractive + - export DEBIAN_FRONTEND + + # Clean up installation + - echo ">=== Cleaning up apt-get packages... ===<" + - apt update + - apt-get -y autoremove + - apt-get clean + - apt --fix-broken install + # Remove the unnecessary squid service and prevent it from running - service squid stop - systemctl disable -f squid diff --git a/deployment/secure_research_environment/cloud_init/cloud-init-cocalc.mustache.yaml b/deployment/secure_research_environment/cloud_init/cloud-init-cocalc.mustache.yaml index 842cfd360c..21de5af84a 100644 --- a/deployment/secure_research_environment/cloud_init/cloud-init-cocalc.mustache.yaml +++ b/deployment/secure_research_environment/cloud_init/cloud-init-cocalc.mustache.yaml @@ -12,12 +12,6 @@ write_files: content: | {{audit.rules}} - - path: "/etc/cron.d/apt-update" - permissions: "0644" - content: | - # Run every day at 01:45 - 45 1 * * * root apt update - - path: "/etc/pip.conf" permissions: "0444" content: | diff --git a/deployment/secure_research_environment/cloud_init/cloud-init-codimd.mustache.yaml b/deployment/secure_research_environment/cloud_init/cloud-init-codimd.mustache.yaml index 5d0fc59ca7..bc533216f7 100644 --- a/deployment/secure_research_environment/cloud_init/cloud-init-codimd.mustache.yaml +++ b/deployment/secure_research_environment/cloud_init/cloud-init-codimd.mustache.yaml @@ -12,12 +12,6 @@ write_files: content: | {{audit.rules}} - - path: "/etc/cron.d/apt-update" - permissions: "0644" - content: | - # Run every day at 01:45 - 45 1 * * * root apt update - - path: "/opt/codimd/docker-compose.yml" permissions: "0400" content: | diff --git a/deployment/secure_research_environment/cloud_init/cloud-init-gitlab.mustache.yaml b/deployment/secure_research_environment/cloud_init/cloud-init-gitlab.mustache.yaml index 005a2f45c6..b3f19a654d 100644 --- a/deployment/secure_research_environment/cloud_init/cloud-init-gitlab.mustache.yaml +++ b/deployment/secure_research_environment/cloud_init/cloud-init-gitlab.mustache.yaml @@ -12,12 +12,6 @@ write_files: content: | {{audit.rules}} - - path: "/etc/cron.d/apt-update" - permissions: "0644" - content: | - # Run every day at 01:45 - 45 1 * * * root apt update - - path: "/etc/gitlab/gitlab.rb" permissions: "0600" content: | diff --git a/deployment/secure_research_environment/cloud_init/cloud-init-guacamole.mustache.yaml b/deployment/secure_research_environment/cloud_init/cloud-init-guacamole.mustache.yaml index c876a1c264..cf2870a832 100644 --- a/deployment/secure_research_environment/cloud_init/cloud-init-guacamole.mustache.yaml +++ b/deployment/secure_research_environment/cloud_init/cloud-init-guacamole.mustache.yaml @@ -11,12 +11,6 @@ write_files: content: | {{audit.rules}} - - path: "/etc/cron.d/apt-update" - permissions: "0644" - content: | - # Run every day at 01:45 - 45 1 * * * root apt update - - path: "/etc/cron.d/ldap-db-sync" permissions: "0644" content: | @@ -100,20 +94,22 @@ runcmd: - DEBIAN_FRONTEND=noninteractive - export DEBIAN_FRONTEND - # Install pg-ldap-sync - - echo ">=== Installing pg-ldap-sync... ===<" - - gem install pg-ldap-sync - # Clean up installation - echo ">=== Cleaning up apt-get packages... ===<" + - apt update - apt-get -y autoremove - apt-get clean + - apt --fix-broken install # Ensure that auditd is running and enabled at startup - echo ">=== Enabling auditd services... ===<" - systemctl start auditd - systemctl enable auditd + # Install pg-ldap-sync + - echo ">=== Installing pg-ldap-sync... ===<" + - gem install pg-ldap-sync + # Ensure that Docker is running and enabled at startup - echo ">=== Configuring Docker... ===<" - systemctl enable docker diff --git a/deployment/secure_research_environment/cloud_init/cloud-init-postgres.mustache.yaml b/deployment/secure_research_environment/cloud_init/cloud-init-postgres.mustache.yaml index 9921a23c3f..daef603995 100644 --- a/deployment/secure_research_environment/cloud_init/cloud-init-postgres.mustache.yaml +++ b/deployment/secure_research_environment/cloud_init/cloud-init-postgres.mustache.yaml @@ -42,12 +42,6 @@ write_files: content: | {{audit.rules}} - - path: "/etc/cron.d/apt-update" - permissions: "0644" - content: | - # Run every day at 01:45 - 45 1 * * * root apt update - - path: "/etc/cron.d/ldap-db-sync" permissions: "0644" content: | @@ -199,6 +193,17 @@ manage_etc_hosts: true prefer_fqdn_over_hostname: true runcmd: + # Suppress apt prompts and warning messages + - DEBIAN_FRONTEND=noninteractive + - export DEBIAN_FRONTEND + + # Clean up installation + - echo ">=== Cleaning up apt-get packages... ===<" + - apt update + - apt-get -y autoremove + - apt-get clean + - apt --fix-broken install + # Ensure that auditd is running and enabled at startup - echo ">=== Enabling auditd services... ===<" - systemctl start auditd diff --git a/deployment/secure_research_environment/cloud_init/cloud-init-srd.mustache.yaml b/deployment/secure_research_environment/cloud_init/cloud-init-srd.mustache.yaml index 89b89096c9..e4c431afca 100644 --- a/deployment/secure_research_environment/cloud_init/cloud-init-srd.mustache.yaml +++ b/deployment/secure_research_environment/cloud_init/cloud-init-srd.mustache.yaml @@ -60,12 +60,6 @@ write_files: OnAccessExcludeUname clamav OnAccessExcludeRootUID yes - - path: "/etc/cron.d/apt-update" - permissions: "0644" - content: | - # Run every day at 01:45 - 45 1 * * * root apt update - - path: "/etc/cron.d/clamav-update" permissions: "0644" content: |