--- /dev/null
+# Class: apt::unattended_upgrades
+#
+# This class manages the unattended-upgrades package and related configuration
+# files for ubuntu
+#
+# origins are the repositories to automatically upgrade included packages
+# blacklist is a list of packages to not automatically upgrade
+# update is how often to run "apt-get update" in days
+# download is how often to run "apt-get upgrade --download-only" in days
+# upgrade is how often to upgrade packages included in the origins list in days
+# autoclean is how often to run "apt-get autoclean" in days
+#
+# information on the other options can be found in the 50unattended-upgrades
+# file and in /etc/cron.daily/apt
+#
+class apt::unattended_upgrades (
+ $origins = ['${distro_id}:${distro_codename}-security'],
+ $blacklist = [],
+ $update = "1",
+ $download = "1",
+ $upgrade = "1",
+ $autoclean = "7",
+ $auto_fix = true,
+ $minimal_steps = false,
+ $install_on_shutdown = false,
+ $mail_to = "NONE",
+ $mail_only_on_error = false,
+ $remove_unused = true,
+ $auto_reboot = false,
+ $dl_limit = "NONE",
+ $enable = "1",
+ $backup_interval = "0",
+ $backup_level = "3",
+ $max_age = "0",
+ $min_age = "0",
+ $max_size = "0",
+ $download_delta = "0",
+ $verbose = "0",
+) {
+
+ validate_bool(
+ $auto_fix,
+ $minimal_steps,
+ $install_on_shutdown,
+ $mail_only_on_error,
+ $remove_unused,
+ $auto_reboot
+ )
+
+ package { 'unattended-upgrades':
+ ensure => present,
+ }
+
+ File {
+ ensure => file,
+ owner => 'root',
+ group => 'root',
+ mode => '0644',
+ require => Package['unattended-upgrades'],
+ }
+
+ file {
+ '/etc/apt/apt.conf.d/50unattended-upgrades':
+ content => template('apt/50unattended-upgrades.erb');
+ '/etc/apt/apt.conf.d/10periodic':
+ content => template('apt/10periodic.erb');
+ }
+}
--- /dev/null
+require 'spec_helper'
+describe 'apt::unattended_upgrades', :type => :class do
+ let(:file_unattended) { '/etc/apt/apt.conf.d/50unattended-upgrades' }
+ let(:file_periodic) { '/etc/apt/apt.conf.d/10periodic' }
+
+ it { should contain_package("unattended-upgrades") }
+
+ it {
+ should create_file("/etc/apt/apt.conf.d/50unattended-upgrades").with({
+ "owner" => "root",
+ "group" => "root",
+ "mode" => "0644",
+ "require" => "Package[unattended-upgrades]",
+ })
+ }
+
+ it {
+ should create_file("/etc/apt/apt.conf.d/10periodic").with({
+ "owner" => "root",
+ "group" => "root",
+ "mode" => "0644",
+ "require" => "Package[unattended-upgrades]",
+ })
+ }
+
+ describe "origins" do
+ describe "with param defaults" do
+ let(:params) {{ }}
+ it { should contain_file(file_unattended).with_content(/^Unattended-Upgrade::Allowed-Origins \{\n\t"\${distro_id}:\${distro_codename}-security";\n\};$/) }
+ end
+
+ describe "with origins => ['ubuntu:precise-security']" do
+ let :params do
+ { :origins => ['ubuntu:precise-security'] }
+ end
+ it { should contain_file(file_unattended).with_content(/^Unattended-Upgrade::Allowed-Origins \{\n\t"ubuntu:precise-security";\n\};$/) }
+ end
+ end
+
+ describe "blacklist" do
+ describe "with param defaults" do
+ let(:params) {{ }}
+ it { should contain_file(file_unattended).with_content(/^Unattended-Upgrade::Package-Blacklist \{\n\};$/) }
+ end
+
+ describe "with blacklist => []" do
+ let :params do
+ { :blacklist => ['libc6', 'libc6-dev'] }
+ end
+ it { should contain_file(file_unattended).with_content(/^Unattended-Upgrade::Package-Blacklist \{\n\t"libc6";\n\t"libc6-dev";\n\};$/) }
+ end
+ end
+
+ describe "with update => 2" do
+ let :params do
+ { :update => "2" }
+ end
+ it { should contain_file(file_periodic).with_content(/^APT::Periodic::Update-Package-Lists "2";$/) }
+ end
+
+ describe "with download => 2" do
+ let :params do
+ { :download => "2" }
+ end
+ it { should contain_file(file_periodic).with_content(/^APT::Periodic::Download-Upgradeable-Packages "2";$/) }
+ end
+
+ describe "with upgrade => 2" do
+ let :params do
+ { :upgrade => "2" }
+ end
+ it { should contain_file(file_periodic).with_content(/^APT::Periodic::Unattended-Upgrade "2";$/) }
+ end
+
+ describe "with autoclean => 2" do
+ let :params do
+ { :autoclean => "2" }
+ end
+ it { should contain_file(file_periodic).with_content(/^APT::Periodic::AutocleanInterval "2";$/) }
+ end
+
+ describe "with auto_fix => false" do
+ let :params do
+ { :auto_fix => false }
+ end
+ it { should contain_file(file_unattended).with_content(/^Unattended-Upgrade::AutoFixInterruptedDpkg "false";$/) }
+ end
+
+ describe "with minimal_steps => true" do
+ let :params do
+ { :minimal_steps => true }
+ end
+ it { should contain_file(file_unattended).with_content(/^Unattended-Upgrade::MinimalSteps "true";$/) }
+ end
+
+ describe "with install_on_shutdown => true" do
+ let :params do
+ { :install_on_shutdown => true }
+ end
+ it { should contain_file(file_unattended).with_content(/^Unattended-Upgrade::InstallOnShutdown "true";$/) }
+ end
+
+ describe "mail_to" do
+ describe "param defaults" do
+ let(:params) {{ }}
+ it { should_not contain_file(file_unattended).with_content(/^Unattended-Upgrade::Mail /) }
+ it { should_not contain_file(file_unattended).with_content(/^Unattended-Upgrade::MailOnlyOnError /) }
+ end
+
+ describe "with mail_to => user@website, mail_only_on_error => true" do
+ let :params do
+ { :mail_to => "user@website",
+ :mail_only_on_error => true }
+ end
+ it { should contain_file(file_unattended).with_content(/^Unattended-Upgrade::Mail "user@website";$/) }
+ it { should contain_file(file_unattended).with_content(/^Unattended-Upgrade::MailOnlyOnError "true";$/) }
+ end
+ end
+
+ describe "with remove_unused => false" do
+ let :params do
+ { :remove_unused => false }
+ end
+ it { should contain_file(file_unattended).with_content(/^Unattended-Upgrade::Remove-Unused-Dependencies "false";$/) }
+ end
+
+ describe "with auto_reboot => true" do
+ let :params do
+ { :auto_reboot => true }
+ end
+ it { should contain_file(file_unattended).with_content(/^Unattended-Upgrade::Automatic-Reboot "true";$/) }
+ end
+
+ describe "dl_limit" do
+ describe "param defaults" do
+ let(:params) {{ }}
+ it { should_not contain_file(file_unattended).with_content(/^Acquire::http::Dl-Limit /) }
+ end
+
+ describe "with dl_limit => 70" do
+ let :params do
+ { :dl_limit => "70" }
+ end
+ it { should contain_file(file_unattended).with_content(/^Acquire::http::Dl-Limit "70";$/) }
+ end
+ end
+
+ describe "with enable => 0" do
+ let :params do
+ { :enable => "0" }
+ end
+ it { should contain_file(file_periodic).with_content(/^APT::Periodic::Enable "0";$/) }
+ end
+
+ describe "with backup_interval => 1" do
+ let :params do
+ { :backup_interval => "1" }
+ end
+ it { should contain_file(file_periodic).with_content(/^APT::Periodic::BackUpArchiveInterval "1";$/) }
+ end
+
+ describe "with backup_level => 0" do
+ let :params do
+ { :backup_level => "0" }
+ end
+ it { should contain_file(file_periodic).with_content(/^APT::Periodic::BackUpLevel "0";$/) }
+ end
+
+ describe "with max_age => 1" do
+ let :params do
+ { :max_age => "1" }
+ end
+ it { should contain_file(file_periodic).with_content(/^APT::Periodic::MaxAge "1";$/) }
+ end
+
+ describe "with min_age => 1" do
+ let :params do
+ { :min_age => "1" }
+ end
+ it { should contain_file(file_periodic).with_content(/^APT::Periodic::MinAge "1";$/) }
+ end
+
+ describe "with max_size => 1" do
+ let :params do
+ { :max_size => "1" }
+ end
+ it { should contain_file(file_periodic).with_content(/^APT::Periodic::MaxSize "1";$/) }
+ end
+
+ describe "with download_delta => 2" do
+ let :params do
+ { :download_delta => "2" }
+ end
+ it { should contain_file(file_periodic).with_content(/^APT::Periodic::Download-Upgradeable-Packages-Debdelta "2";$/) }
+ end
+
+ describe "with verbose => 2" do
+ let :params do
+ { :verbose => "2" }
+ end
+ it { should contain_file(file_periodic).with_content(/^APT::Periodic::Verbose "2";$/) }
+ end
+
+end
--- /dev/null
+// Automatically upgrade packages from these (origin:archive) pairs
+Unattended-Upgrade::Allowed-Origins {
+<% @origins.each do |origin| -%>
+ "<%= origin %>";
+<% end -%>
+};
+
+// List of packages to not update
+Unattended-Upgrade::Package-Blacklist {
+<% @blacklist.each do |package| -%>
+ "<%= package %>";
+<% end -%>
+};
+
+// This option allows you to control if on a unclean dpkg exit
+// unattended-upgrades will automatically run
+// dpkg --force-confold --configure -a
+// The default is true, to ensure updates keep getting installed
+Unattended-Upgrade::AutoFixInterruptedDpkg "<%= @auto_fix %>";
+
+// Split the upgrade into the smallest possible chunks so that
+// they can be interrupted with SIGUSR1. This makes the upgrade
+// a bit slower but it has the benefit that shutdown while a upgrade
+// is running is possible (with a small delay)
+Unattended-Upgrade::MinimalSteps "<%= @minimal_steps %>";
+
+// Install all unattended-upgrades when the machine is shuting down
+// instead of doing it in the background while the machine is running
+// This will (obviously) make shutdown slower
+Unattended-Upgrade::InstallOnShutdown "<%= @install_on_shutdown %>";
+
+// Send email to this address for problems or packages upgrades
+// If empty or unset then no email is sent, make sure that you
+// have a working mail setup on your system. A package that provides
+// 'mailx' must be installed.
+<% if @mail_to != "NONE" %>Unattended-Upgrade::Mail "<%= @mail_to %>";<% end %>
+
+// Set this value to "true" to get emails only on errors. Default
+// is to always send a mail if Unattended-Upgrade::Mail is set
+<% if @mail_to != "NONE" %>Unattended-Upgrade::MailOnlyOnError "<%= @mail_only_on_error %>";<% end %>
+
+// Do automatic removal of new unused dependencies after the upgrade
+// (equivalent to apt-get autoremove)
+Unattended-Upgrade::Remove-Unused-Dependencies "<%= @remove_unused %>";
+
+// Automatically reboot *WITHOUT CONFIRMATION* if a
+// the file /var/run/reboot-required is found after the upgrade
+Unattended-Upgrade::Automatic-Reboot "<%= @auto_reboot %>";
+
+
+// Use apt bandwidth limit feature, this example limits the download
+// speed to 70kb/sec
+<% if @dl_limit != "NONE" %>Acquire::http::Dl-Limit "<%= @dl_limit %>";<% end %>