added release-specific config files for unattended upgrades

4 files changed, 113 insertions, 50 deletions

diff --git a/files/50unattended-upgrades b/files/50unattended-upgrades
index 46fc0dc..fbc95c0 100644
--- a/files/50unattended-upgrades
+++ b/files/50unattended-upgrades
@@ -1,58 +1,10 @@
-// this file is managed by puppet !
-//
-//See https://wiki.ubuntu.com/AutomaticUpdates for more details about this feature.
-
 // allowed (origin, archive) pairs
 Unattended-Upgrade::Allowed-Origins {
 	"Debian stable";
-	"Debian-Security stable";
 //	"Debian testing";
 };
 
-APT::Periodic::Update-Package-Lists "1";
-APT::Periodic::Unattended-Upgrade "1";
-Unattended-Upgrade::Mail "root";
-Unattended-Upgrade::MailOnlyOnError "true";
-
-APT::UnattendedUpgrades::LogDir "/var/log/";
-APT::UnattendedUpgrades::LogFile "unattended_upgrades.log";
-
+// never update the packages in this list
 Unattended-Upgrade::Package-Blacklist {
-	// we don't want the kernel to be updated so nagios still can give a warning if there is
-	// a manual update (and reboot) left
-
-        "linux-image-*";
-
-	// unfortunately there seems to be a bug in unattended-upgrades <= 0.62 that wildcards aren't recognized:
-	//2009-12-11 13:41:43,267 INFO Initial blacklisted packages: linux-image-*
-	//2009-12-11 13:41:43,267 INFO Starting unattended upgrades script
-	//2009-12-11 13:41:43,267 INFO Allowed origins are: ["['Debian', 'stable']", "['Debian-Security', 'stable']"]
-	//2009-12-11 13:41:45,233 INFO Packages that are upgraded: linux-image-2.6.26-2-amd64
-	//2009-12-11 13:41:45,233 INFO Writing dpkg log to '/var/log/unattended-upgrades-dpkg_2009-12-11_13:41:45.233713.log'
-	//2009-12-11 13:42:11,988 INFO All upgrades installed
-
-        // lenny
-	"linux-image-2.6.26-1-686";
-	"linux-image-2.6.26-1-amd64";
-        "linux-image-2.6.26-1-xen-686";
-        "linux-image-2.6.26-1-xen-amd64";
-	"linux-image-2.6.26-1-vserver-686";
-	"linux-image-2.6.26-1-vserver-amd64";
-
-	"linux-image-2.6.26-2-686";
-	"linux-image-2.6.26-2-amd64";
-        "linux-image-2.6.26-2-xen-686";
-        "linux-image-2.6.26-2-xen-amd64";
-	"linux-image-2.6.26-2-vserver-686";
-	"linux-image-2.6.26-2-vserver-amd64";
-
-	// squeeze
-	"linux-image-2.6.32-5-686";
-	"linux-image-2.6.32-5-amd64";
-	"linux-image-2.6.32-5-xen-686";
-	"linux-image-2.6.32-5-xen-amd64";
-	"linux-image-2.6.32-5-vserver-686";
-	"linux-image-2.6.32-5-vserver-amd64";
-
+//	"vim";
 };
-
diff --git a/files/lenny/50unattended-upgrades b/files/lenny/50unattended-upgrades
new file mode 100644
index 0000000..fbc95c0
--- /dev/null
+++ b/files/lenny/50unattended-upgrades
@@ -0,0 +1,10 @@
+// allowed (origin, archive) pairs
+Unattended-Upgrade::Allowed-Origins {
+	"Debian stable";
+//	"Debian testing";
+};
+
+// never update the packages in this list
+Unattended-Upgrade::Package-Blacklist {
+//	"vim";
+};
diff --git a/files/squeeze/50unattended-upgrades b/files/squeeze/50unattended-upgrades
new file mode 100644
index 0000000..7b3c829
--- /dev/null
+++ b/files/squeeze/50unattended-upgrades
@@ -0,0 +1,34 @@
+// Automatically upgrade packages from these (origin, archive) pairs
+Unattended-Upgrade::Allowed-Origins {
+	"${distro_id} stable";
+	"${distro_id} ${distro_codename}-security";
+//	"${distro_id} ${distro_codename}-updates";
+//	"${distro_id} ${distro_codename}-proposed-updates";
+};
+
+// List of packages to not update
+Unattended-Upgrade::Package-Blacklist {
+//	"vim";
+//	"libc6";
+//	"libc6-dev";
+//	"libc6-i686";
+};
+
+// Send email to this address for problems or packages upgrades
+// If empty or unset then no email is sent, make sure that you
+// have a working mail setup on your system. The package 'mailx'
+// must be installed or anything that provides /usr/bin/mail.
+//Unattended-Upgrade::Mail "root@localhost";
+
+// Do automatic removal of new unused dependencies after the upgrade
+// (equivalent to apt-get autoremove)
+//Unattended-Upgrade::Remove-Unused-Dependencies "false";
+
+// Automatically reboot *WITHOUT CONFIRMATION* if a 
+// the file /var/run/reboot-required is found after the upgrade 
+//Unattended-Upgrade::Automatic-Reboot "false";
+
+
+// Use apt bandwidth limit feature, this example limits the download
+// speed to 70kb/sec
+//Acquire::http::Dl-Limit "70";
\ No newline at end of file
diff --git a/files/wheezy/50unattended-upgrades b/files/wheezy/50unattended-upgrades
new file mode 100644
index 0000000..c45f851
--- /dev/null
+++ b/files/wheezy/50unattended-upgrades
@@ -0,0 +1,67 @@
+// Automatically upgrade packages from these origin patterns
+Unattended-Upgrade::Origins-Pattern {
+        // Codename based matching:
+        // This will follow the migration of a release through different
+        // archives (e.g. from testing to stable and later oldstable).
+//      "o=Debian,n=squeeze";
+//      "o=Debian,n=squeeze-updates";
+//      "o=Debian,n=squeeze-proposed-updates";
+//      "o=Debian,n=squeeze,l=Debian-Security";
+
+        // Archive or Suite based matching:
+        // Note that this will silently match a different release after
+        // migration to the specified archive (e.g. testing becomes the
+        // new stable).
+//      "o=Debian,a=stable";
+//      "o=Debian,a=stable-updates";
+//      "o=Debian,a=proposed-updates";
+        "origin=Debian,archive=stable,label=Debian-Security";
+};
+
+// List of packages to not update
+Unattended-Upgrade::Package-Blacklist {
+//	"vim";
+//	"libc6";
+//	"libc6-dev";
+//	"libc6-i686";
+};
+
+// This option allows you to control if on a unclean dpkg exit
+// unattended-upgrades will automatically run 
+//   dpkg --force-confold --configure -a
+// The default is true, to ensure updates keep getting installed
+//Unattended-Upgrade::AutoFixInterruptedDpkg "false";
+
+// Split the upgrade into the smallest possible chunks so that
+// they can be interrupted with SIGUSR1. This makes the upgrade
+// a bit slower but it has the benefit that shutdown while a upgrade
+// is running is possible (with a small delay)
+//Unattended-Upgrade::MinimalSteps "true";
+
+// Install all unattended-upgrades when the machine is shuting down
+// instead of doing it in the background while the machine is running
+// This will (obviously) make shutdown slower
+//Unattended-Upgrade::InstallOnShutdown "true";
+
+// Send email to this address for problems or packages upgrades
+// If empty or unset then no email is sent, make sure that you
+// have a working mail setup on your system. A package that provides
+// 'mailx' must be installed. E.g. "user@example.com"
+//Unattended-Upgrade::Mail "root"
+
+// Set this value to "true" to get emails only on errors. Default
+// is to always send a mail if Unattended-Upgrade::Mail is set
+//Unattended-Upgrade::MailOnlyOnError "true";
+
+// Do automatic removal of new unused dependencies after the upgrade
+// (equivalent to apt-get autoremove)
+//Unattended-Upgrade::Remove-Unused-Dependencies "false";
+
+// Automatically reboot *WITHOUT CONFIRMATION* if a 
+// the file /var/run/reboot-required is found after the upgrade 
+//Unattended-Upgrade::Automatic-Reboot "false";
+
+
+// Use apt bandwidth limit feature, this example limits the download
+// speed to 70kb/sec
+//Acquire::http::Dl-Limit "70";