From df3ba6469ce308d88bd3fe964ae4ed7b7676c541 Mon Sep 17 00:00:00 2001 From: Philip Cohoe Date: Wed, 28 Aug 2013 19:46:00 +0000 Subject: [PATCH] Added class for managing unattended-upgrades --- manifests/unattended-upgrades.pp | 58 +++++++++++++++++++++++++++++ templates/10periodic.erb | 12 ++++++ templates/50unattended-upgrades.erb | 53 ++++++++++++++++++++++++++ tests/unattended-upgrades.pp | 1 + 4 files changed, 124 insertions(+) create mode 100644 manifests/unattended-upgrades.pp create mode 100644 templates/10periodic.erb create mode 100644 templates/50unattended-upgrades.erb create mode 100644 tests/unattended-upgrades.pp diff --git a/manifests/unattended-upgrades.pp b/manifests/unattended-upgrades.pp new file mode 100644 index 0000000..772ab04 --- /dev/null +++ b/manifests/unattended-upgrades.pp @@ -0,0 +1,58 @@ +# unattended-upgrades.pp + +# This class manages the unattended-upgrades package and related configuration +# files for ubuntu + +# origins are the repositories to automatically upgrade included packages +# blacklist is a list of packages to not automatically upgrade +# update is how often to run "apt-get update" in days +# download is how often to run "apt-get upgrade --download-only" in days +# upgrade is how often to upgrade packages included in the origins list in days +# autoclean is how often to run "apt-get autoclean" in days + +# information on the other options can be found in the 50unattended-upgrades +# file and in /etc/cron.daily/apt + +class apt::unattended-upgrades ( + $origins = ['${distro_id}:${distro_codename}-security'], + $blacklist = [], + $update = "1", + $download = "1", + $upgrade = "1", + $autoclean = "7", + $auto_fix = "true", + $minimal_steps = "false", + $install_on_shutdown = "false", + $mail_to = "NONE", + $mail_only_on_error = "false", + $remove_unused = "true", + $auto_reboot = "false", + $dl_limit = "NONE", + $enable = "1", + $backup_interval = "0", + $backup_level = "3", + $max_age = "0", + $min_age = "0", + $max_size = "0", + $download_delta = "0", + $verbose = "0", +) { + + package { 'unattended-upgrades': + ensure => present, + } + + File { + ensure => file, + owner => 'root', + group => 'root', + mode => '0644', + } + + file { + '/etc/apt/apt.conf.d/50unattended-upgrades': + content => template('apt/50unattended-upgrades.erb'); + '/etc/apt/apt.conf.d/10periodic': + content => template('apt/10periodic.erb'); + } +} diff --git a/templates/10periodic.erb b/templates/10periodic.erb new file mode 100644 index 0000000..5737c9a --- /dev/null +++ b/templates/10periodic.erb @@ -0,0 +1,12 @@ +APT::Periodic::Enable "<%= @enable %>"; +APT::Periodic::BackUpArchiveInterval "<%= @backup_interval %>"; +APT::Periodic::BackUpLevel "<%= @backup_level %>"; +APT::Periodic::MaxAge "<%= @max_age %>"; +APT::Periodic::MinAge "<%= @min_age %>"; +APT::Periodic::MaxSize "<%= @max_size %>"; +APT::Periodic::Update-Package-Lists "<%= @update %>"; +APT::Periodic::Download-Upgradeable-Packages "<%= @download %>"; +APT::Periodic::Download-Upgradeable-Packages-Debdelta "<%= @download_delta %>"; +APT::Periodic::Unattended-Upgrade "<%= @upgrade %>"; +APT::Periodic::AutocleanInterval "<%= @autoclean %>"; +APT::Periodic::Verbose "<%= @verbose %>"; diff --git a/templates/50unattended-upgrades.erb b/templates/50unattended-upgrades.erb new file mode 100644 index 0000000..b026fe9 --- /dev/null +++ b/templates/50unattended-upgrades.erb @@ -0,0 +1,53 @@ +// Automatically upgrade packages from these (origin:archive) pairs +Unattended-Upgrade::Allowed-Origins { +<% @origins.each do |origin| -%> + "<%= origin %>"; +<% end -%> +}; + +// List of packages to not update +Unattended-Upgrade::Package-Blacklist { +<% @blacklist.each do |package| -%> + "<%= package %>"; +<% end -%> +}; + +// This option allows you to control if on a unclean dpkg exit +// unattended-upgrades will automatically run +// dpkg --force-confold --configure -a +// The default is true, to ensure updates keep getting installed +Unattended-Upgrade::AutoFixInterruptedDpkg "<%= @auto_fix %>"; + +// Split the upgrade into the smallest possible chunks so that +// they can be interrupted with SIGUSR1. This makes the upgrade +// a bit slower but it has the benefit that shutdown while a upgrade +// is running is possible (with a small delay) +Unattended-Upgrade::MinimalSteps "<%= @minimal_steps %>"; + +// Install all unattended-upgrades when the machine is shuting down +// instead of doing it in the background while the machine is running +// This will (obviously) make shutdown slower +Unattended-Upgrade::InstallOnShutdown "<%= @install_on_shutdown %>"; + +// Send email to this address for problems or packages upgrades +// If empty or unset then no email is sent, make sure that you +// have a working mail setup on your system. A package that provides +// 'mailx' must be installed. +<% if @mail_to != "NONE" %> Unattended-Upgrade::Mail "<%= @mail_to %>"; <% end %> + +// Set this value to "true" to get emails only on errors. Default +// is to always send a mail if Unattended-Upgrade::Mail is set +<% if @mail_to != "NONE" %> Unattended-Upgrade::MailOnlyOnError "<%= @mail_only_on_error %>"; <% end %> + +// Do automatic removal of new unused dependencies after the upgrade +// (equivalent to apt-get autoremove) +Unattended-Upgrade::Remove-Unused-Dependencies "<%= @remove_unused %>"; + +// Automatically reboot *WITHOUT CONFIRMATION* if a +// the file /var/run/reboot-required is found after the upgrade +Unattended-Upgrade::Automatic-Reboot "<%= @auto_reboot %>"; + + +// Use apt bandwidth limit feature, this example limits the download +// speed to 70kb/sec +<% if @dl_limit != "NONE" %> Acquire::http::Dl-Limit "<%= @dl_limit %>"; <% end %> diff --git a/tests/unattended-upgrades.pp b/tests/unattended-upgrades.pp new file mode 100644 index 0000000..7f65ab4 --- /dev/null +++ b/tests/unattended-upgrades.pp @@ -0,0 +1 @@ +include apt::unattended-upgrades -- 2.32.3