From e890284b7ac93c485463aec24c248c145631c3aa Mon Sep 17 00:00:00 2001 From: nadir Date: Mon, 12 Nov 2012 23:27:04 +0100 Subject: added release-specific config files for unattended upgrades --- files/50unattended-upgrades | 52 ++-------------------------- files/lenny/50unattended-upgrades | 10 ++++++ files/squeeze/50unattended-upgrades | 34 +++++++++++++++++++ files/wheezy/50unattended-upgrades | 67 +++++++++++++++++++++++++++++++++++++ 4 files changed, 113 insertions(+), 50 deletions(-) create mode 100644 files/lenny/50unattended-upgrades create mode 100644 files/squeeze/50unattended-upgrades create mode 100644 files/wheezy/50unattended-upgrades diff --git a/files/50unattended-upgrades b/files/50unattended-upgrades index 46fc0dc..fbc95c0 100644 --- a/files/50unattended-upgrades +++ b/files/50unattended-upgrades @@ -1,58 +1,10 @@ -// this file is managed by puppet ! -// -//See https://wiki.ubuntu.com/AutomaticUpdates for more details about this feature. - // allowed (origin, archive) pairs Unattended-Upgrade::Allowed-Origins { "Debian stable"; - "Debian-Security stable"; // "Debian testing"; }; -APT::Periodic::Update-Package-Lists "1"; -APT::Periodic::Unattended-Upgrade "1"; -Unattended-Upgrade::Mail "root"; -Unattended-Upgrade::MailOnlyOnError "true"; - -APT::UnattendedUpgrades::LogDir "/var/log/"; -APT::UnattendedUpgrades::LogFile "unattended_upgrades.log"; - +// never update the packages in this list Unattended-Upgrade::Package-Blacklist { - // we don't want the kernel to be updated so nagios still can give a warning if there is - // a manual update (and reboot) left - - "linux-image-*"; - - // unfortunately there seems to be a bug in unattended-upgrades <= 0.62 that wildcards aren't recognized: - //2009-12-11 13:41:43,267 INFO Initial blacklisted packages: linux-image-* - //2009-12-11 13:41:43,267 INFO Starting unattended upgrades script - //2009-12-11 13:41:43,267 INFO Allowed origins are: ["['Debian', 'stable']", "['Debian-Security', 'stable']"] - //2009-12-11 13:41:45,233 INFO Packages that are upgraded: linux-image-2.6.26-2-amd64 - //2009-12-11 13:41:45,233 INFO Writing dpkg log to '/var/log/unattended-upgrades-dpkg_2009-12-11_13:41:45.233713.log' - //2009-12-11 13:42:11,988 INFO All upgrades installed - - // lenny - "linux-image-2.6.26-1-686"; - "linux-image-2.6.26-1-amd64"; - "linux-image-2.6.26-1-xen-686"; - "linux-image-2.6.26-1-xen-amd64"; - "linux-image-2.6.26-1-vserver-686"; - "linux-image-2.6.26-1-vserver-amd64"; - - "linux-image-2.6.26-2-686"; - "linux-image-2.6.26-2-amd64"; - "linux-image-2.6.26-2-xen-686"; - "linux-image-2.6.26-2-xen-amd64"; - "linux-image-2.6.26-2-vserver-686"; - "linux-image-2.6.26-2-vserver-amd64"; - - // squeeze - "linux-image-2.6.32-5-686"; - "linux-image-2.6.32-5-amd64"; - "linux-image-2.6.32-5-xen-686"; - "linux-image-2.6.32-5-xen-amd64"; - "linux-image-2.6.32-5-vserver-686"; - "linux-image-2.6.32-5-vserver-amd64"; - +// "vim"; }; - diff --git a/files/lenny/50unattended-upgrades b/files/lenny/50unattended-upgrades new file mode 100644 index 0000000..fbc95c0 --- /dev/null +++ b/files/lenny/50unattended-upgrades @@ -0,0 +1,10 @@ +// allowed (origin, archive) pairs +Unattended-Upgrade::Allowed-Origins { + "Debian stable"; +// "Debian testing"; +}; + +// never update the packages in this list +Unattended-Upgrade::Package-Blacklist { +// "vim"; +}; diff --git a/files/squeeze/50unattended-upgrades b/files/squeeze/50unattended-upgrades new file mode 100644 index 0000000..7b3c829 --- /dev/null +++ b/files/squeeze/50unattended-upgrades @@ -0,0 +1,34 @@ +// Automatically upgrade packages from these (origin, archive) pairs +Unattended-Upgrade::Allowed-Origins { + "${distro_id} stable"; + "${distro_id} ${distro_codename}-security"; +// "${distro_id} ${distro_codename}-updates"; +// "${distro_id} ${distro_codename}-proposed-updates"; +}; + +// List of packages to not update +Unattended-Upgrade::Package-Blacklist { +// "vim"; +// "libc6"; +// "libc6-dev"; +// "libc6-i686"; +}; + +// Send email to this address for problems or packages upgrades +// If empty or unset then no email is sent, make sure that you +// have a working mail setup on your system. The package 'mailx' +// must be installed or anything that provides /usr/bin/mail. +//Unattended-Upgrade::Mail "root@localhost"; + +// Do automatic removal of new unused dependencies after the upgrade +// (equivalent to apt-get autoremove) +//Unattended-Upgrade::Remove-Unused-Dependencies "false"; + +// Automatically reboot *WITHOUT CONFIRMATION* if a +// the file /var/run/reboot-required is found after the upgrade +//Unattended-Upgrade::Automatic-Reboot "false"; + + +// Use apt bandwidth limit feature, this example limits the download +// speed to 70kb/sec +//Acquire::http::Dl-Limit "70"; \ No newline at end of file diff --git a/files/wheezy/50unattended-upgrades b/files/wheezy/50unattended-upgrades new file mode 100644 index 0000000..c45f851 --- /dev/null +++ b/files/wheezy/50unattended-upgrades @@ -0,0 +1,67 @@ +// Automatically upgrade packages from these origin patterns +Unattended-Upgrade::Origins-Pattern { + // Codename based matching: + // This will follow the migration of a release through different + // archives (e.g. from testing to stable and later oldstable). +// "o=Debian,n=squeeze"; +// "o=Debian,n=squeeze-updates"; +// "o=Debian,n=squeeze-proposed-updates"; +// "o=Debian,n=squeeze,l=Debian-Security"; + + // Archive or Suite based matching: + // Note that this will silently match a different release after + // migration to the specified archive (e.g. testing becomes the + // new stable). +// "o=Debian,a=stable"; +// "o=Debian,a=stable-updates"; +// "o=Debian,a=proposed-updates"; + "origin=Debian,archive=stable,label=Debian-Security"; +}; + +// List of packages to not update +Unattended-Upgrade::Package-Blacklist { +// "vim"; +// "libc6"; +// "libc6-dev"; +// "libc6-i686"; +}; + +// This option allows you to control if on a unclean dpkg exit +// unattended-upgrades will automatically run +// dpkg --force-confold --configure -a +// The default is true, to ensure updates keep getting installed +//Unattended-Upgrade::AutoFixInterruptedDpkg "false"; + +// Split the upgrade into the smallest possible chunks so that +// they can be interrupted with SIGUSR1. This makes the upgrade +// a bit slower but it has the benefit that shutdown while a upgrade +// is running is possible (with a small delay) +//Unattended-Upgrade::MinimalSteps "true"; + +// Install all unattended-upgrades when the machine is shuting down +// instead of doing it in the background while the machine is running +// This will (obviously) make shutdown slower +//Unattended-Upgrade::InstallOnShutdown "true"; + +// Send email to this address for problems or packages upgrades +// If empty or unset then no email is sent, make sure that you +// have a working mail setup on your system. A package that provides +// 'mailx' must be installed. E.g. "user@example.com" +//Unattended-Upgrade::Mail "root" + +// Set this value to "true" to get emails only on errors. Default +// is to always send a mail if Unattended-Upgrade::Mail is set +//Unattended-Upgrade::MailOnlyOnError "true"; + +// Do automatic removal of new unused dependencies after the upgrade +// (equivalent to apt-get autoremove) +//Unattended-Upgrade::Remove-Unused-Dependencies "false"; + +// Automatically reboot *WITHOUT CONFIRMATION* if a +// the file /var/run/reboot-required is found after the upgrade +//Unattended-Upgrade::Automatic-Reboot "false"; + + +// Use apt bandwidth limit feature, this example limits the download +// speed to 70kb/sec +//Acquire::http::Dl-Limit "70"; -- cgit v1.2.3