playbook: debian{9,10}: Explain the need for latest update for distro kernel

Explain that we need updates from distribution kernel for security and for nxd-fuse.ko; Remove stable-proposed-updates as we no longer need it. Stable-proposed-updates was needed once in c02d3ea1 (playbook: Use proposed updates for debian9 to get an even newer kernel) to install 4.9.185 when it was present only in there and not in stable. Those days are over and all my general kernel fixes that are not localized in FUSE module[1,2,3] are now shipped by standard distribution kernels back to 3.16.x on Debian 8 and 4.4.x on Ubuntu 16.04 LTS. Suggested by @tomo: nexedi/slapos.package!133 (comment 120609) [1] git.kernel.org/linus/10dce8af3422 [2] git.kernel.org/linus/c5bf68fe0c86 [3] git.kernel.org/linus/438ab720c675

playbook: debian{9,10}: Explain the need for latest update for distro kernel
Explain that we need updates from distribution kernel for security and for nxd-fuse.ko; Remove stable-proposed-updates as we no longer need it. Stable-proposed-updates was needed once in c02d3ea1 (playbook: Use proposed updates for debian9 to get an even newer kernel) to install 4.9.185 when it was present only in there and not in stable. Those days are over and all my general kernel fixes that are not localized in FUSE module[1,2,3] are now shipped by standard distribution kernels back to 3.16.x on Debian 8 and 4.4.x on Ubuntu 16.04 LTS. Suggested by @tomo: nexedi/slapos.package!133 (comment 120609) [1] git.kernel.org/linus/10dce8af3422 [2] git.kernel.org/linus/c5bf68fe0c86 [3] git.kernel.org/linus/438ab720c675
743072f8 · Kirill Smelkov · 78b65524 · 743072f8
Commit 743072f8 authored Nov 10, 2020 by Kirill Smelkov
Show whitespace changes
Inline Side-by-side

Showing with 9 additions and 6 deletions

playbook/roles/vifib-kernel/tasks/main.yml playbook/roles/vifib-kernel/tasks/main.yml +9 -6

No files found.
--- a/playbook/roles/vifib-kernel/tasks/main.yml
+++ b/playbook/roles/vifib-kernel/tasks/main.yml
 ---

-  - name: Install Debian stable-proposed-updates repository
-    apt_repository: repo='deb http://deb.debian.org/debian/ oldstable-proposed-updates main' state=present update_cache=yes
-    when: ansible_distribution == "Debian" and ansible_distribution_major_version == "9"
-
-  - name: Debian 9/10 - Install distribution kernel with its latest stable updates
-    apt: name=linux-image-amd64  state=latest default_release=oldstable-proposed-updates update_cache=no
+  # Debian 9/10: install latest kernel stable updates provided by the distribution.
+  # - good for security
+  # - needed to keep in sync, with nxd-fuse-dkms which through dkms installs
+  #   latest linux-headers-amd64. If those headers won't match installed
+  #   kernel, nxd-fuse will be skipped to compile, fail to load and FUSE won't
+  #   be working at all:
+  #   https://lab.nexedi.com/nexedi/slapos.package/merge_requests/132#note_120438
+  - name: Debian 9/10 - Install latest stable updates for distribution kernel
+    apt: name=linux-image-amd64  state=latest update_cache=yes
    when: ansible_distribution == "Debian" and
          (ansible_distribution_major_version == "9" or ansible_distribution_major_version == "10")
    notify: [ 'Mark to reboot' ]