From 92e35992ca6e3e4054ac928fe4c266ba967503dc Mon Sep 17 00:00:00 2001 From: nadir Date: Thu, 8 Nov 2012 10:07:38 +0100 Subject: added $apt_disable_update to disable "apt-get update" during puppetruns --- manifests/dist_upgrade.pp | 2 +- manifests/init.pp | 5 +++++ manifests/upgrade_package.pp | 13 ++++++++----- 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/manifests/dist_upgrade.pp b/manifests/dist_upgrade.pp index 9e26769..347ccc7 100644 --- a/manifests/dist_upgrade.pp +++ b/manifests/dist_upgrade.pp @@ -1,6 +1,6 @@ class apt::dist_upgrade { - include apt::update + if $apt::disable_update = false { include apt::update } exec { 'apt_dist-upgrade': command => "/usr/bin/apt-get -q -y -o 'DPkg::Options::=--force-confold' dist-upgrade", diff --git a/manifests/init.pp b/manifests/init.pp index 2ae691f..794347f 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -40,6 +40,11 @@ class apt { '' => 'http://archive.ubuntu.com/ubuntu', default => "${apt_ubuntu_url}", } + $disable_update = $apt_disable_update ? { + '' => false, + default => $apt_disable_update + } + case $operatingsystem { 'debian': { $repos = $apt_repos ? { diff --git a/manifests/upgrade_package.pp b/manifests/upgrade_package.pp index 9202624..2ce6932 100644 --- a/manifests/upgrade_package.pp +++ b/manifests/upgrade_package.pp @@ -1,6 +1,8 @@ define apt::upgrade_package ($version = "") { - include apt::update + if $apt::disable_update == false { + include apt::update + } $version_suffix = $version ? { '' => '', @@ -24,10 +26,11 @@ define apt::upgrade_package ($version = "") { exec { "apt-get -q -y -o 'DPkg::Options::=--force-confold' install ${name}${version_suffix}": onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ], - require => [ - Exec['apt_updated'], - Package['apt-show-versions', 'dctrl-tools'], - ], + require => $apt::disable_update ? { + true => Package['apt-show-versions', 'dctrl-tools'], + default => [ Exec['apt_updated'], + Package['apt-show-versions', 'dctrl-tools'] ], + } } } -- cgit v1.2.3 From 9ab1f33798e2195755584f53a1d0374be9f6ee39 Mon Sep 17 00:00:00 2001 From: nadir Date: Thu, 8 Nov 2012 10:16:09 +0100 Subject: updated README to explain $apt_disable_update --- README | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README b/README index be80c62..1d43284 100644 --- a/README +++ b/README @@ -155,6 +155,15 @@ $apt_repos If this variable is set the default repositories list ("main contrib non-free") is overriden. +$apt_disable_update +------------------- + +Disable "apt-get update" which is normally triggered by apt::upgrade_package +and apt::dist_upgrade. +Note that nodes can be updated once a day by using + APT::Periodic::Update-Package-Lists "1"; +in i.e. /etc/apt/apt.conf.d/80_apt_update_daily. + Classes ======= -- cgit v1.2.3 From e890284b7ac93c485463aec24c248c145631c3aa Mon Sep 17 00:00:00 2001 From: nadir Date: Mon, 12 Nov 2012 23:27:04 +0100 Subject: added release-specific config files for unattended upgrades --- files/50unattended-upgrades | 52 ++-------------------------- files/lenny/50unattended-upgrades | 10 ++++++ files/squeeze/50unattended-upgrades | 34 +++++++++++++++++++ files/wheezy/50unattended-upgrades | 67 +++++++++++++++++++++++++++++++++++++ 4 files changed, 113 insertions(+), 50 deletions(-) create mode 100644 files/lenny/50unattended-upgrades create mode 100644 files/squeeze/50unattended-upgrades create mode 100644 files/wheezy/50unattended-upgrades diff --git a/files/50unattended-upgrades b/files/50unattended-upgrades index 46fc0dc..fbc95c0 100644 --- a/files/50unattended-upgrades +++ b/files/50unattended-upgrades @@ -1,58 +1,10 @@ -// this file is managed by puppet ! -// -//See https://wiki.ubuntu.com/AutomaticUpdates for more details about this feature. - // allowed (origin, archive) pairs Unattended-Upgrade::Allowed-Origins { "Debian stable"; - "Debian-Security stable"; // "Debian testing"; }; -APT::Periodic::Update-Package-Lists "1"; -APT::Periodic::Unattended-Upgrade "1"; -Unattended-Upgrade::Mail "root"; -Unattended-Upgrade::MailOnlyOnError "true"; - -APT::UnattendedUpgrades::LogDir "/var/log/"; -APT::UnattendedUpgrades::LogFile "unattended_upgrades.log"; - +// never update the packages in this list Unattended-Upgrade::Package-Blacklist { - // we don't want the kernel to be updated so nagios still can give a warning if there is - // a manual update (and reboot) left - - "linux-image-*"; - - // unfortunately there seems to be a bug in unattended-upgrades <= 0.62 that wildcards aren't recognized: - //2009-12-11 13:41:43,267 INFO Initial blacklisted packages: linux-image-* - //2009-12-11 13:41:43,267 INFO Starting unattended upgrades script - //2009-12-11 13:41:43,267 INFO Allowed origins are: ["['Debian', 'stable']", "['Debian-Security', 'stable']"] - //2009-12-11 13:41:45,233 INFO Packages that are upgraded: linux-image-2.6.26-2-amd64 - //2009-12-11 13:41:45,233 INFO Writing dpkg log to '/var/log/unattended-upgrades-dpkg_2009-12-11_13:41:45.233713.log' - //2009-12-11 13:42:11,988 INFO All upgrades installed - - // lenny - "linux-image-2.6.26-1-686"; - "linux-image-2.6.26-1-amd64"; - "linux-image-2.6.26-1-xen-686"; - "linux-image-2.6.26-1-xen-amd64"; - "linux-image-2.6.26-1-vserver-686"; - "linux-image-2.6.26-1-vserver-amd64"; - - "linux-image-2.6.26-2-686"; - "linux-image-2.6.26-2-amd64"; - "linux-image-2.6.26-2-xen-686"; - "linux-image-2.6.26-2-xen-amd64"; - "linux-image-2.6.26-2-vserver-686"; - "linux-image-2.6.26-2-vserver-amd64"; - - // squeeze - "linux-image-2.6.32-5-686"; - "linux-image-2.6.32-5-amd64"; - "linux-image-2.6.32-5-xen-686"; - "linux-image-2.6.32-5-xen-amd64"; - "linux-image-2.6.32-5-vserver-686"; - "linux-image-2.6.32-5-vserver-amd64"; - +// "vim"; }; - diff --git a/files/lenny/50unattended-upgrades b/files/lenny/50unattended-upgrades new file mode 100644 index 0000000..fbc95c0 --- /dev/null +++ b/files/lenny/50unattended-upgrades @@ -0,0 +1,10 @@ +// allowed (origin, archive) pairs +Unattended-Upgrade::Allowed-Origins { + "Debian stable"; +// "Debian testing"; +}; + +// never update the packages in this list +Unattended-Upgrade::Package-Blacklist { +// "vim"; +}; diff --git a/files/squeeze/50unattended-upgrades b/files/squeeze/50unattended-upgrades new file mode 100644 index 0000000..7b3c829 --- /dev/null +++ b/files/squeeze/50unattended-upgrades @@ -0,0 +1,34 @@ +// Automatically upgrade packages from these (origin, archive) pairs +Unattended-Upgrade::Allowed-Origins { + "${distro_id} stable"; + "${distro_id} ${distro_codename}-security"; +// "${distro_id} ${distro_codename}-updates"; +// "${distro_id} ${distro_codename}-proposed-updates"; +}; + +// List of packages to not update +Unattended-Upgrade::Package-Blacklist { +// "vim"; +// "libc6"; +// "libc6-dev"; +// "libc6-i686"; +}; + +// Send email to this address for problems or packages upgrades +// If empty or unset then no email is sent, make sure that you +// have a working mail setup on your system. The package 'mailx' +// must be installed or anything that provides /usr/bin/mail. +//Unattended-Upgrade::Mail "root@localhost"; + +// Do automatic removal of new unused dependencies after the upgrade +// (equivalent to apt-get autoremove) +//Unattended-Upgrade::Remove-Unused-Dependencies "false"; + +// Automatically reboot *WITHOUT CONFIRMATION* if a +// the file /var/run/reboot-required is found after the upgrade +//Unattended-Upgrade::Automatic-Reboot "false"; + + +// Use apt bandwidth limit feature, this example limits the download +// speed to 70kb/sec +//Acquire::http::Dl-Limit "70"; \ No newline at end of file diff --git a/files/wheezy/50unattended-upgrades b/files/wheezy/50unattended-upgrades new file mode 100644 index 0000000..c45f851 --- /dev/null +++ b/files/wheezy/50unattended-upgrades @@ -0,0 +1,67 @@ +// Automatically upgrade packages from these origin patterns +Unattended-Upgrade::Origins-Pattern { + // Codename based matching: + // This will follow the migration of a release through different + // archives (e.g. from testing to stable and later oldstable). +// "o=Debian,n=squeeze"; +// "o=Debian,n=squeeze-updates"; +// "o=Debian,n=squeeze-proposed-updates"; +// "o=Debian,n=squeeze,l=Debian-Security"; + + // Archive or Suite based matching: + // Note that this will silently match a different release after + // migration to the specified archive (e.g. testing becomes the + // new stable). +// "o=Debian,a=stable"; +// "o=Debian,a=stable-updates"; +// "o=Debian,a=proposed-updates"; + "origin=Debian,archive=stable,label=Debian-Security"; +}; + +// List of packages to not update +Unattended-Upgrade::Package-Blacklist { +// "vim"; +// "libc6"; +// "libc6-dev"; +// "libc6-i686"; +}; + +// This option allows you to control if on a unclean dpkg exit +// unattended-upgrades will automatically run +// dpkg --force-confold --configure -a +// The default is true, to ensure updates keep getting installed +//Unattended-Upgrade::AutoFixInterruptedDpkg "false"; + +// Split the upgrade into the smallest possible chunks so that +// they can be interrupted with SIGUSR1. This makes the upgrade +// a bit slower but it has the benefit that shutdown while a upgrade +// is running is possible (with a small delay) +//Unattended-Upgrade::MinimalSteps "true"; + +// Install all unattended-upgrades when the machine is shuting down +// instead of doing it in the background while the machine is running +// This will (obviously) make shutdown slower +//Unattended-Upgrade::InstallOnShutdown "true"; + +// Send email to this address for problems or packages upgrades +// If empty or unset then no email is sent, make sure that you +// have a working mail setup on your system. A package that provides +// 'mailx' must be installed. E.g. "user@example.com" +//Unattended-Upgrade::Mail "root" + +// Set this value to "true" to get emails only on errors. Default +// is to always send a mail if Unattended-Upgrade::Mail is set +//Unattended-Upgrade::MailOnlyOnError "true"; + +// Do automatic removal of new unused dependencies after the upgrade +// (equivalent to apt-get autoremove) +//Unattended-Upgrade::Remove-Unused-Dependencies "false"; + +// Automatically reboot *WITHOUT CONFIRMATION* if a +// the file /var/run/reboot-required is found after the upgrade +//Unattended-Upgrade::Automatic-Reboot "false"; + + +// Use apt bandwidth limit feature, this example limits the download +// speed to 70kb/sec +//Acquire::http::Dl-Limit "70"; -- cgit v1.2.3 From 8627ee32402c72c9011a8ceefcccd568b2a4364e Mon Sep 17 00:00:00 2001 From: nadir Date: Tue, 13 Nov 2012 12:03:14 +0100 Subject: added release-specific ubuntu config for unattended upgrades --- files/precise/50unattended-upgrades | 55 +++++++++++++++++++++++++++++++++++++ files/quantal/50unattended-upgrades | 55 +++++++++++++++++++++++++++++++++++++ 2 files changed, 110 insertions(+) create mode 100644 files/precise/50unattended-upgrades create mode 100644 files/quantal/50unattended-upgrades diff --git a/files/precise/50unattended-upgrades b/files/precise/50unattended-upgrades new file mode 100644 index 0000000..7d7769c --- /dev/null +++ b/files/precise/50unattended-upgrades @@ -0,0 +1,55 @@ +// Automatically upgrade packages from these (origin:archive) pairs +Unattended-Upgrade::Allowed-Origins { + "${distro_id}:${distro_codename}-security"; +// "${distro_id}:${distro_codename}-updates"; +// "${distro_id}:${distro_codename}-proposed"; +// "${distro_id}:${distro_codename}-backports"; +}; + +// List of packages to not update +Unattended-Upgrade::Package-Blacklist { +// "vim"; +// "libc6"; +// "libc6-dev"; +// "libc6-i686"; +}; + +// This option allows you to control if on a unclean dpkg exit +// unattended-upgrades will automatically run +// dpkg --force-confold --configure -a +// The default is true, to ensure updates keep getting installed +//Unattended-Upgrade::AutoFixInterruptedDpkg "false"; + +// Split the upgrade into the smallest possible chunks so that +// they can be interrupted with SIGUSR1. This makes the upgrade +// a bit slower but it has the benefit that shutdown while a upgrade +// is running is possible (with a small delay) +//Unattended-Upgrade::MinimalSteps "true"; + +// Install all unattended-upgrades when the machine is shuting down +// instead of doing it in the background while the machine is running +// This will (obviously) make shutdown slower +//Unattended-Upgrade::InstallOnShutdown "true"; + +// Send email to this address for problems or packages upgrades +// If empty or unset then no email is sent, make sure that you +// have a working mail setup on your system. A package that provides +// 'mailx' must be installed. +//Unattended-Upgrade::Mail "root@localhost"; + +// Set this value to "true" to get emails only on errors. Default +// is to always send a mail if Unattended-Upgrade::Mail is set +//Unattended-Upgrade::MailOnlyOnError "true"; + +// Do automatic removal of new unused dependencies after the upgrade +// (equivalent to apt-get autoremove) +//Unattended-Upgrade::Remove-Unused-Dependencies "false"; + +// Automatically reboot *WITHOUT CONFIRMATION* if a +// the file /var/run/reboot-required is found after the upgrade +//Unattended-Upgrade::Automatic-Reboot "false"; + + +// Use apt bandwidth limit feature, this example limits the download +// speed to 70kb/sec +//Acquire::http::Dl-Limit "70"; diff --git a/files/quantal/50unattended-upgrades b/files/quantal/50unattended-upgrades new file mode 100644 index 0000000..81374c7 --- /dev/null +++ b/files/quantal/50unattended-upgrades @@ -0,0 +1,55 @@ +// Automatically upgrade packages from these (origin:archive) pairs +Unattended-Upgrade::Allowed-Origins { + "${distro_id}:${distro_codename}-security"; +// "${distro_id}:${distro_codename}-updates"; +// "${distro_id}:${distro_codename}-proposed"; +// "${distro_id}:${distro_codename}-backports"; +}; + +// List of packages to not update +Unattended-Upgrade::Package-Blacklist { +// "vim"; +// "libc6"; +// "libc6-dev"; +// "libc6-i686"; +}; + +// This option allows you to control if on a unclean dpkg exit +// unattended-upgrades will automatically run +// dpkg --force-confold --configure -a +// The default is true, to ensure updates keep getting installed +//Unattended-Upgrade::AutoFixInterruptedDpkg "false"; + +// Split the upgrade into the smallest possible chunks so that +// they can be interrupted with SIGUSR1. This makes the upgrade +// a bit slower but it has the benefit that shutdown while a upgrade +// is running is possible (with a small delay) +//Unattended-Upgrade::MinimalSteps "true"; + +// Install all unattended-upgrades when the machine is shuting down +// instead of doing it in the background while the machine is running +// This will (obviously) make shutdown slower +//Unattended-Upgrade::InstallOnShutdown "true"; + +// Send email to this address for problems or packages upgrades +// If empty or unset then no email is sent, make sure that you +// have a working mail setup on your system. A package that provides +// 'mailx' must be installed. E.g. "user@example.com" +//Unattended-Upgrade::Mail "root"; + +// Set this value to "true" to get emails only on errors. Default +// is to always send a mail if Unattended-Upgrade::Mail is set +//Unattended-Upgrade::MailOnlyOnError "true"; + +// Do automatic removal of new unused dependencies after the upgrade +// (equivalent to apt-get autoremove) +//Unattended-Upgrade::Remove-Unused-Dependencies "false"; + +// Automatically reboot *WITHOUT CONFIRMATION* if a +// the file /var/run/reboot-required is found after the upgrade +//Unattended-Upgrade::Automatic-Reboot "false"; + + +// Use apt bandwidth limit feature, this example limits the download +// speed to 70kb/sec +//Acquire::http::Dl-Limit "70"; -- cgit v1.2.3 From 92d2d7be5f99920c67245d02c1ce76288967db62 Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 20 Jan 2013 17:32:02 +0100 Subject: added custom fact apt_running --- lib/facter/apt_running.rb | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 lib/facter/apt_running.rb diff --git a/lib/facter/apt_running.rb b/lib/facter/apt_running.rb new file mode 100644 index 0000000..e8f2156 --- /dev/null +++ b/lib/facter/apt_running.rb @@ -0,0 +1,7 @@ +Facter.add("apt_running") do + setcode do + #Facter::Util::Resolution.exec('/usr/bin/dpkg -s mysql-server >/dev/null 2>&1 && echo true || echo false') + Facter::Util::Resolution.exec('pgrep apt-get >/dev/null 2>&1 && echo true || echo false') + end +end + -- cgit v1.2.3 From 08b066db441375d1613d131767cb1c5bdd3bb60b Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 22 Jan 2013 21:28:52 +0100 Subject: added Ubuntu/preferences_quantal.erb --- templates/Ubuntu/preferences_quantal.erb | 1 + 1 file changed, 1 insertion(+) create mode 120000 templates/Ubuntu/preferences_quantal.erb diff --git a/templates/Ubuntu/preferences_quantal.erb b/templates/Ubuntu/preferences_quantal.erb new file mode 120000 index 0000000..3debe4f --- /dev/null +++ b/templates/Ubuntu/preferences_quantal.erb @@ -0,0 +1 @@ +preferences_maverick.erb \ No newline at end of file -- cgit v1.2.3 From f16a0727dce187d07389388da8b816f7b520205d Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 1 Feb 2013 11:01:23 +0100 Subject: Install unattended-upgrades after Exec[refresh_apt] Before, including apt::unattended_upgrades on a host without the unattended-upgrades package would fail on the first run, because the module tries to install the package before apt is finally configured. This commit does: - introduce the option $refresh_apt for apt::apt_conf (Defaults to true). Can be used to not trigger Exec['refresh_apt'] - install the unattended-upgrades package after a final Exec['refresh_apt']. To not run into a loop, it calls Apt_conf['50unattended-upgrades'] with the option refresh_apt => false, which is also not needed for the configuration --- manifests/apt_conf.pp | 11 +++++++++-- manifests/unattended_upgrades.pp | 19 ++++++++++++------- 2 files changed, 21 insertions(+), 9 deletions(-) diff --git a/manifests/apt_conf.pp b/manifests/apt_conf.pp index d78fb9b..f446c69 100644 --- a/manifests/apt_conf.pp +++ b/manifests/apt_conf.pp @@ -1,7 +1,8 @@ define apt::apt_conf( $ensure = 'present', $source = '', - $content = undef ) + $content = undef, + $refresh_apt = true ) { if $source == '' and $content == undef { @@ -22,7 +23,6 @@ define apt::apt_conf( owner => root, group => 0, mode => '0644', - notify => Exec['refresh_apt'], } if $source { @@ -35,4 +35,11 @@ define apt::apt_conf( content => $content, } } + + if $refresh_apt { + File["/etc/apt/apt.conf.d/${name}"] { + notify => Exec['refresh_apt'], + } + } + } diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp index c538831..b9d19c3 100644 --- a/manifests/unattended_upgrades.pp +++ b/manifests/unattended_upgrades.pp @@ -2,16 +2,21 @@ class apt::unattended_upgrades { package { 'unattended-upgrades': ensure => present, - require => undef, + require => Exec[refresh_apt] } apt_conf { '50unattended-upgrades': - source => [ - "puppet:///modules/site_apt/${::lsbdistcodename}/50unattended-upgrades", - 'puppet:///modules/site_apt/50unattended-upgrades', - "puppet:///modules/apt/${::lsbdistcodename}/50unattended-upgrades", - 'puppet:///modules/apt/50unattended-upgrades' ], - require => Package['unattended-upgrades'], + source => [ + "puppet:///modules/site_apt/${::lsbdistcodename}/50unattended-upgrades", + 'puppet:///modules/site_apt/50unattended-upgrades', + "puppet:///modules/apt/${::lsbdistcodename}/50unattended-upgrades", + 'puppet:///modules/apt/50unattended-upgrades' ], + require => Package['unattended-upgrades'], + refresh_apt => false + } + + Apt_conf['50unattended-upgrades'] { + notify => undef } if $apt::custom_preferences != false { -- cgit v1.2.3 From a7e2e6638e143cdda2fd83ed8295e3127097c003 Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 3 Mar 2013 09:49:36 +0100 Subject: removed old unneccessary unattended-upgrades release specific files --- files/precise/50unattended-upgrades | 55 ------------------------------ files/quantal/50unattended-upgrades | 55 ------------------------------ files/wheezy/50unattended-upgrades | 67 ------------------------------------- 3 files changed, 177 deletions(-) delete mode 100644 files/precise/50unattended-upgrades delete mode 100644 files/quantal/50unattended-upgrades delete mode 100644 files/wheezy/50unattended-upgrades diff --git a/files/precise/50unattended-upgrades b/files/precise/50unattended-upgrades deleted file mode 100644 index 7d7769c..0000000 --- a/files/precise/50unattended-upgrades +++ /dev/null @@ -1,55 +0,0 @@ -// Automatically upgrade packages from these (origin:archive) pairs -Unattended-Upgrade::Allowed-Origins { - "${distro_id}:${distro_codename}-security"; -// "${distro_id}:${distro_codename}-updates"; -// "${distro_id}:${distro_codename}-proposed"; -// "${distro_id}:${distro_codename}-backports"; -}; - -// List of packages to not update -Unattended-Upgrade::Package-Blacklist { -// "vim"; -// "libc6"; -// "libc6-dev"; -// "libc6-i686"; -}; - -// This option allows you to control if on a unclean dpkg exit -// unattended-upgrades will automatically run -// dpkg --force-confold --configure -a -// The default is true, to ensure updates keep getting installed -//Unattended-Upgrade::AutoFixInterruptedDpkg "false"; - -// Split the upgrade into the smallest possible chunks so that -// they can be interrupted with SIGUSR1. This makes the upgrade -// a bit slower but it has the benefit that shutdown while a upgrade -// is running is possible (with a small delay) -//Unattended-Upgrade::MinimalSteps "true"; - -// Install all unattended-upgrades when the machine is shuting down -// instead of doing it in the background while the machine is running -// This will (obviously) make shutdown slower -//Unattended-Upgrade::InstallOnShutdown "true"; - -// Send email to this address for problems or packages upgrades -// If empty or unset then no email is sent, make sure that you -// have a working mail setup on your system. A package that provides -// 'mailx' must be installed. -//Unattended-Upgrade::Mail "root@localhost"; - -// Set this value to "true" to get emails only on errors. Default -// is to always send a mail if Unattended-Upgrade::Mail is set -//Unattended-Upgrade::MailOnlyOnError "true"; - -// Do automatic removal of new unused dependencies after the upgrade -// (equivalent to apt-get autoremove) -//Unattended-Upgrade::Remove-Unused-Dependencies "false"; - -// Automatically reboot *WITHOUT CONFIRMATION* if a -// the file /var/run/reboot-required is found after the upgrade -//Unattended-Upgrade::Automatic-Reboot "false"; - - -// Use apt bandwidth limit feature, this example limits the download -// speed to 70kb/sec -//Acquire::http::Dl-Limit "70"; diff --git a/files/quantal/50unattended-upgrades b/files/quantal/50unattended-upgrades deleted file mode 100644 index 81374c7..0000000 --- a/files/quantal/50unattended-upgrades +++ /dev/null @@ -1,55 +0,0 @@ -// Automatically upgrade packages from these (origin:archive) pairs -Unattended-Upgrade::Allowed-Origins { - "${distro_id}:${distro_codename}-security"; -// "${distro_id}:${distro_codename}-updates"; -// "${distro_id}:${distro_codename}-proposed"; -// "${distro_id}:${distro_codename}-backports"; -}; - -// List of packages to not update -Unattended-Upgrade::Package-Blacklist { -// "vim"; -// "libc6"; -// "libc6-dev"; -// "libc6-i686"; -}; - -// This option allows you to control if on a unclean dpkg exit -// unattended-upgrades will automatically run -// dpkg --force-confold --configure -a -// The default is true, to ensure updates keep getting installed -//Unattended-Upgrade::AutoFixInterruptedDpkg "false"; - -// Split the upgrade into the smallest possible chunks so that -// they can be interrupted with SIGUSR1. This makes the upgrade -// a bit slower but it has the benefit that shutdown while a upgrade -// is running is possible (with a small delay) -//Unattended-Upgrade::MinimalSteps "true"; - -// Install all unattended-upgrades when the machine is shuting down -// instead of doing it in the background while the machine is running -// This will (obviously) make shutdown slower -//Unattended-Upgrade::InstallOnShutdown "true"; - -// Send email to this address for problems or packages upgrades -// If empty or unset then no email is sent, make sure that you -// have a working mail setup on your system. A package that provides -// 'mailx' must be installed. E.g. "user@example.com" -//Unattended-Upgrade::Mail "root"; - -// Set this value to "true" to get emails only on errors. Default -// is to always send a mail if Unattended-Upgrade::Mail is set -//Unattended-Upgrade::MailOnlyOnError "true"; - -// Do automatic removal of new unused dependencies after the upgrade -// (equivalent to apt-get autoremove) -//Unattended-Upgrade::Remove-Unused-Dependencies "false"; - -// Automatically reboot *WITHOUT CONFIRMATION* if a -// the file /var/run/reboot-required is found after the upgrade -//Unattended-Upgrade::Automatic-Reboot "false"; - - -// Use apt bandwidth limit feature, this example limits the download -// speed to 70kb/sec -//Acquire::http::Dl-Limit "70"; diff --git a/files/wheezy/50unattended-upgrades b/files/wheezy/50unattended-upgrades deleted file mode 100644 index c45f851..0000000 --- a/files/wheezy/50unattended-upgrades +++ /dev/null @@ -1,67 +0,0 @@ -// Automatically upgrade packages from these origin patterns -Unattended-Upgrade::Origins-Pattern { - // Codename based matching: - // This will follow the migration of a release through different - // archives (e.g. from testing to stable and later oldstable). -// "o=Debian,n=squeeze"; -// "o=Debian,n=squeeze-updates"; -// "o=Debian,n=squeeze-proposed-updates"; -// "o=Debian,n=squeeze,l=Debian-Security"; - - // Archive or Suite based matching: - // Note that this will silently match a different release after - // migration to the specified archive (e.g. testing becomes the - // new stable). -// "o=Debian,a=stable"; -// "o=Debian,a=stable-updates"; -// "o=Debian,a=proposed-updates"; - "origin=Debian,archive=stable,label=Debian-Security"; -}; - -// List of packages to not update -Unattended-Upgrade::Package-Blacklist { -// "vim"; -// "libc6"; -// "libc6-dev"; -// "libc6-i686"; -}; - -// This option allows you to control if on a unclean dpkg exit -// unattended-upgrades will automatically run -// dpkg --force-confold --configure -a -// The default is true, to ensure updates keep getting installed -//Unattended-Upgrade::AutoFixInterruptedDpkg "false"; - -// Split the upgrade into the smallest possible chunks so that -// they can be interrupted with SIGUSR1. This makes the upgrade -// a bit slower but it has the benefit that shutdown while a upgrade -// is running is possible (with a small delay) -//Unattended-Upgrade::MinimalSteps "true"; - -// Install all unattended-upgrades when the machine is shuting down -// instead of doing it in the background while the machine is running -// This will (obviously) make shutdown slower -//Unattended-Upgrade::InstallOnShutdown "true"; - -// Send email to this address for problems or packages upgrades -// If empty or unset then no email is sent, make sure that you -// have a working mail setup on your system. A package that provides -// 'mailx' must be installed. E.g. "user@example.com" -//Unattended-Upgrade::Mail "root" - -// Set this value to "true" to get emails only on errors. Default -// is to always send a mail if Unattended-Upgrade::Mail is set -//Unattended-Upgrade::MailOnlyOnError "true"; - -// Do automatic removal of new unused dependencies after the upgrade -// (equivalent to apt-get autoremove) -//Unattended-Upgrade::Remove-Unused-Dependencies "false"; - -// Automatically reboot *WITHOUT CONFIRMATION* if a -// the file /var/run/reboot-required is found after the upgrade -//Unattended-Upgrade::Automatic-Reboot "false"; - - -// Use apt bandwidth limit feature, this example limits the download -// speed to 70kb/sec -//Acquire::http::Dl-Limit "70"; -- cgit v1.2.3 From c8a28eb80ec87e65d5cacb2d109d4c0bcbbc76db Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 14 Mar 2013 20:01:35 +0100 Subject: apt keys: always deploy before Exec[refresh_apt], also with $custom_preferences --- manifests/init.pp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/manifests/init.pp b/manifests/init.pp index 020c1cc..0f60efb 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -128,7 +128,11 @@ class apt( } if $custom_preferences != false { Exec['custom_keys'] { - before => File['apt_config'], + before => [ Exec[refresh_apt], File['apt_config'] ] + } + } else { + Exec['custom_keys'] { + before => Exec[refresh_apt] } } } -- cgit v1.2.3 From 7e8113b3fcf6f251ca9d5e2f39f43fd024058c97 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 14 Mar 2013 22:19:33 +0100 Subject: deploy /etc/apt/preferences before File['apt_config'] --- manifests/preferences.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/manifests/preferences.pp b/manifests/preferences.pp index 9ed24c1..5cfaff2 100644 --- a/manifests/preferences.pp +++ b/manifests/preferences.pp @@ -14,7 +14,8 @@ class apt::preferences { # only update together content => $pref_contents, require => File['/etc/apt/sources.list'], - owner => root, group => 0, mode => '0644'; + owner => root, group => 0, mode => '0644', + before => File['apt_config']; } } -- cgit v1.2.3 From 6bf7a6ab5d6e63f75c94f49aa0f12959e954efa8 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 15 Mar 2013 20:28:25 +0100 Subject: Revert "deploy /etc/apt/preferences before File['apt_config']" This reverts commit 7e8113b3fcf6f251ca9d5e2f39f43fd024058c97. see https://leap.se/code/issues/1990 for the miserious details. --- manifests/preferences.pp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/manifests/preferences.pp b/manifests/preferences.pp index 5cfaff2..9ed24c1 100644 --- a/manifests/preferences.pp +++ b/manifests/preferences.pp @@ -14,8 +14,7 @@ class apt::preferences { # only update together content => $pref_contents, require => File['/etc/apt/sources.list'], - owner => root, group => 0, mode => '0644', - before => File['apt_config']; + owner => root, group => 0, mode => '0644'; } } -- cgit v1.2.3 From 07c8041b75b1a8b7c1986885690423792576d8cd Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 14 Apr 2013 13:44:42 +0200 Subject: fix default unattended-upgrades config file --- files/50unattended-upgrades | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/files/50unattended-upgrades b/files/50unattended-upgrades index ebf9f49..329c95c 100644 --- a/files/50unattended-upgrades +++ b/files/50unattended-upgrades @@ -2,14 +2,14 @@ Unattended-Upgrade::Origins-Pattern { // Debian - "o=${distro_id},n=${distro_codename}"; - "o=${distro_id},n=${distro_codename}-updates"; - "o=${distro_id},n=${distro_codename},l=Debian-security"; - "o=${distro_id} Backports,n=${distro_codename}-backports"; + "${distro_id} ${distro_codename}"; + "${distro_id} ${distro_codename}-updates"; + "${distro_id} ${distro_codename}-security"; + "${distro_id} Backports:${distro_codename}-backports"; // Ubuntu specific - "o=${distro_id},a=${distro_codename}-security"; - "o=${distro_id},a=${distro_codename}-backports"; - "o=${distro_id},a=${distro_codename}-proposed"; + "${distro_id} ${distro_codename}-security"; + "${distro_id} ${distro_codename}-backports"; + "${distro_id} ${distro_codename}-proposed"; }; APT::Periodic::Update-Package-Lists "1"; -- cgit v1.2.3 From 355372f31cc93ea975c89dc2977d942ee048fe9d Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 14 Apr 2013 14:54:10 +0200 Subject: using distribution sprecific files again --- files/50unattended-upgrades | 20 -------------------- files/Debian/50unattended-upgrades | 14 ++++++++++++++ files/Debian/50unattended-upgrades.lenny | 13 +++++++++++++ files/Debian/50unattended-upgrades.squeeze | 13 +++++++++++++ files/Debian/50unattended-upgrades.wheezy | 14 ++++++++++++++ files/Ubuntu/50unattended-upgrades | 16 ++++++++++++++++ files/lenny/50unattended-upgrades | 13 ------------- files/squeeze/50unattended-upgrades | 14 -------------- manifests/unattended_upgrades.pp | 8 ++++---- 9 files changed, 74 insertions(+), 51 deletions(-) delete mode 100644 files/50unattended-upgrades create mode 100644 files/Debian/50unattended-upgrades create mode 100644 files/Debian/50unattended-upgrades.lenny create mode 100644 files/Debian/50unattended-upgrades.squeeze create mode 100644 files/Debian/50unattended-upgrades.wheezy create mode 100644 files/Ubuntu/50unattended-upgrades delete mode 100644 files/lenny/50unattended-upgrades delete mode 100644 files/squeeze/50unattended-upgrades diff --git a/files/50unattended-upgrades b/files/50unattended-upgrades deleted file mode 100644 index 329c95c..0000000 --- a/files/50unattended-upgrades +++ /dev/null @@ -1,20 +0,0 @@ -// this file is managed by puppet ! - -Unattended-Upgrade::Origins-Pattern { - // Debian - "${distro_id} ${distro_codename}"; - "${distro_id} ${distro_codename}-updates"; - "${distro_id} ${distro_codename}-security"; - "${distro_id} Backports:${distro_codename}-backports"; - // Ubuntu specific - "${distro_id} ${distro_codename}-security"; - "${distro_id} ${distro_codename}-backports"; - "${distro_id} ${distro_codename}-proposed"; -}; - -APT::Periodic::Update-Package-Lists "1"; -APT::Periodic::Download-Upgradeable-Packages "1"; -APT::Periodic::Unattended-Upgrade "1"; - -Unattended-Upgrade::Mail "root"; -Unattended-Upgrade::MailOnlyOnError "true"; diff --git a/files/Debian/50unattended-upgrades b/files/Debian/50unattended-upgrades new file mode 100644 index 0000000..0901ad3 --- /dev/null +++ b/files/Debian/50unattended-upgrades @@ -0,0 +1,14 @@ +// this file is managed by puppet ! + +Unattended-Upgrade::Allowed-Origins { + "${distro_id}:stable"; + "${distro_id}:${distro_codename}-security"; + "${distro_id}:${distro_codename}-updates"; + "${distro_id} Backports:${distro_codename}-backports"; +}; + +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Download-Upgradeable-Packages "1"; +APT::Periodic::Unattended-Upgrade "1"; + +Unattended-Upgrade::Mail "root"; diff --git a/files/Debian/50unattended-upgrades.lenny b/files/Debian/50unattended-upgrades.lenny new file mode 100644 index 0000000..d55bb29 --- /dev/null +++ b/files/Debian/50unattended-upgrades.lenny @@ -0,0 +1,13 @@ +// this file is managed by puppet ! + +Unattended-Upgrade::Allowed-Origins { + "Debian oldstable"; + "Debian-Security oldstable"; +}; + +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Download-Upgradeable-Packages "1"; +APT::Periodic::Unattended-Upgrade "1"; + +Unattended-Upgrade::Mail "root"; + diff --git a/files/Debian/50unattended-upgrades.squeeze b/files/Debian/50unattended-upgrades.squeeze new file mode 100644 index 0000000..38da1f4 --- /dev/null +++ b/files/Debian/50unattended-upgrades.squeeze @@ -0,0 +1,13 @@ +// this file is managed by puppet ! + +Unattended-Upgrade::Allowed-Origins { + "${distro_id} stable"; + "${distro_id} ${distro_codename}-security"; + "${distro_id} ${distro_codename}-backports"; +}; + +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Download-Upgradeable-Packages "1"; +APT::Periodic::Unattended-Upgrade "1"; + +Unattended-Upgrade::Mail "root"; diff --git a/files/Debian/50unattended-upgrades.wheezy b/files/Debian/50unattended-upgrades.wheezy new file mode 100644 index 0000000..4463406 --- /dev/null +++ b/files/Debian/50unattended-upgrades.wheezy @@ -0,0 +1,14 @@ +// this file is managed by puppet ! + +Unattended-Upgrade::Allowed-Origins { + "${distro_id}:testing"; + "${distro_id}:${distro_codename}-security"; + "${distro_id}:${distro_codename}-updates"; + "${distro_id} Backports:${distro_codename}-backports"; +}; + +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Download-Upgradeable-Packages "1"; +APT::Periodic::Unattended-Upgrade "1"; + +Unattended-Upgrade::Mail "root"; diff --git a/files/Ubuntu/50unattended-upgrades b/files/Ubuntu/50unattended-upgrades new file mode 100644 index 0000000..25c7758 --- /dev/null +++ b/files/Ubuntu/50unattended-upgrades @@ -0,0 +1,16 @@ +// this file is managed by puppet ! + +Unattended-Upgrade::Allowed-Origins { + "${distro_id}:${distro_codename}-security"; + "${distro_id}:${distro_codename}-updates"; + "${distro_id}:${distro_codename}-backports"; + //"${distro_id}:${distro_codename}-proposed"; +}; + + +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Download-Upgradeable-Packages "1"; +APT::Periodic::Unattended-Upgrade "1"; + +Unattended-Upgrade::Mail "root"; +Unattended-Upgrade::MailOnlyOnError "true"; diff --git a/files/lenny/50unattended-upgrades b/files/lenny/50unattended-upgrades deleted file mode 100644 index d55bb29..0000000 --- a/files/lenny/50unattended-upgrades +++ /dev/null @@ -1,13 +0,0 @@ -// this file is managed by puppet ! - -Unattended-Upgrade::Allowed-Origins { - "Debian oldstable"; - "Debian-Security oldstable"; -}; - -APT::Periodic::Update-Package-Lists "1"; -APT::Periodic::Download-Upgradeable-Packages "1"; -APT::Periodic::Unattended-Upgrade "1"; - -Unattended-Upgrade::Mail "root"; - diff --git a/files/squeeze/50unattended-upgrades b/files/squeeze/50unattended-upgrades deleted file mode 100644 index 0901ad3..0000000 --- a/files/squeeze/50unattended-upgrades +++ /dev/null @@ -1,14 +0,0 @@ -// this file is managed by puppet ! - -Unattended-Upgrade::Allowed-Origins { - "${distro_id}:stable"; - "${distro_id}:${distro_codename}-security"; - "${distro_id}:${distro_codename}-updates"; - "${distro_id} Backports:${distro_codename}-backports"; -}; - -APT::Periodic::Update-Package-Lists "1"; -APT::Periodic::Download-Upgradeable-Packages "1"; -APT::Periodic::Unattended-Upgrade "1"; - -Unattended-Upgrade::Mail "root"; diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp index c538831..f74fc81 100644 --- a/manifests/unattended_upgrades.pp +++ b/manifests/unattended_upgrades.pp @@ -7,10 +7,10 @@ class apt::unattended_upgrades { apt_conf { '50unattended-upgrades': source => [ - "puppet:///modules/site_apt/${::lsbdistcodename}/50unattended-upgrades", - 'puppet:///modules/site_apt/50unattended-upgrades', - "puppet:///modules/apt/${::lsbdistcodename}/50unattended-upgrades", - 'puppet:///modules/apt/50unattended-upgrades' ], + "puppet:///modules/site_apt/${::lsbdistid}/50unattended-upgrades.${::lsbdistcodename}", + "puppet:///modules/site_apt/${::lsbdistid}/50unattended-upgrades", + "puppet:///modules/apt/${::lsbdistid}/50unattended-upgrades.${::lsbdistcodename}", + "puppet:///modules/apt/${::lsbdistid}/50unattended-upgrades" ], require => Package['unattended-upgrades'], } -- cgit v1.2.3 From 3813bdcce1b77f9acaa7934178b609b9fe950bed Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 14 Apr 2013 15:06:30 +0200 Subject: fix unattended-upgrades dependency cycle --- manifests/unattended_upgrades.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp index a038cab..2f6c2a5 100644 --- a/manifests/unattended_upgrades.pp +++ b/manifests/unattended_upgrades.pp @@ -2,7 +2,7 @@ class apt::unattended_upgrades { package { 'unattended-upgrades': ensure => present, - require => Exec[refresh_apt] + require => undef } apt_conf { '50unattended-upgrades': -- cgit v1.2.3 From 3804178236e8e3988df4fd08e317028db08cf1bc Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 30 Apr 2013 08:36:10 +0200 Subject: There is no security support for lenny anymore --- templates/Debian/sources.list.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Debian/sources.list.erb b/templates/Debian/sources.list.erb index 49cf38c..2aac837 100644 --- a/templates/Debian/sources.list.erb +++ b/templates/Debian/sources.list.erb @@ -10,7 +10,7 @@ deb-src <%= debian_url %> <%= codename %> <%= lrepos %> <% end -%> # security -<% if ((release=scope.lookupvar('apt::release')) == "unstable" || release == "experimental") -%> +<% if ((release=scope.lookupvar('apt::release')) == "unstable" || release == "experimental" || codename == "lenny" ) -%> # There is no security support for <%= release %> <% else -%> deb <%= security_url=scope.lookupvar('apt::security_url') %> <%= codename %>/updates <%= lrepos %> -- cgit v1.2.3