Automated updates for Ubuntu 22.04 LTS (in packer etc)

For a long time I have seen that Ubuntu APT has declared it has not got a stable CLI interface and with 22.04LTS that has become a thing. If you try to a automate apt -y upgrade after an update your command will never complete as it will pop up a dialog window asking you which services you want to restart. Not very friendly for automation.
Now I don’t know if this the right way to do it, but it works for me in my homelab. What we do is leverage unattended-upgrade and change the settings before and after we run this command. By default unattended-upgrade is set only to apply security updates, something you want right. However, when you are creating a template usually you want all the other updates and patches that go with the default setup of your distro. So this is how I do it under packer with a shell script:

sudo apt -y update
sudo sed -i '/${distro_codename}/s/\/\//  /g' /etc/apt/apt.conf.d/50unattended-upgrades
sudo unattended-upgrade -d
sudo sed -i '/${distro_codename}-updates/s/"${distro_/\/\/"${distro_/' /etc/apt/apt.conf.d/50unattended-upgrades
sudo sed -i '/${distro_codename}-proposed/s/"${distro_/\/\/"${distro_/' /etc/apt/apt.conf.d/50unattended-upgrades
sudo sed -i '/${distro_codename}-backports/s/"${distro_/\/\/"${distro_/' /etc/apt/apt.conf.d/50unattended-upgrades

We use sed to uncomment all the options, run unattended-upgrade and then revert the change. This is because we don’t want to have images built from this template to be automatically upgrading everything. If you really want that, just remove the sed lines after the upgrade command.


No reserved memory for ESX VMs

$spec = New-Object VMware.Vim.VirtualMachineConfigSpec
$spec.memoryReservationLockedToMax = $false
$spec.memoryAllocation = New-Object VMware.Vim.ResourceAllocationInfo
$spec.memoryAllocation.Reservation = 0
Get-VM | Get-View -Property Config.MemoryAllocation | %{$_.ReconfigVM_Task($spec)}

Decrypt an OPNsense config file

If you have an encrypted OPNsense configuration file then you can use the following to decrypt it. Note no password has been defined, add yours as required:
cat config.xml.aes | grep -Ev 'config.xml|:' | base64 -d | openssl enc -d -aes-256-cbc -out config.xml -pass pass: -salt -md sha512 -pbkdf2 -iter 100000