openstack-ansible-security/doc/source/developer-notes/V-38481.rst

Exception

Operating system patching policies vary from organization to organization and are typically established based on business requirements and risk tolerance.

If desired, automatic updates (using the unattended-upgrades package) can be enabled via openstack-ansible-security by setting the following variable to true:

unattended_upgrades: true

Note that this will only apply updates made available to the distro-security (eg. trusty-security) repositories.

Deployers are urged to fully understand the impact of enabling automatic update before making the change.