Skip to content

Latest commit

 

History

History
105 lines (78 loc) · 3.74 KB

README.md

File metadata and controls

105 lines (78 loc) · 3.74 KB
Raw

andschwa-unattended_upgrades

Table of Contents

  1. Overview
  2. Module Description
  3. Setup - The basics of getting started with andschwa-unattended_upgrades
  4. Usage - Configuration options and additional functionality
  5. Limitations - OS compatibility, etc.
  6. Development - Guide for contributing to the module

Overview

This module installs the 'unattended-upgrades' package, installs the configuration files using templates, and ensures the service is running.

Note that this module is a bit superfluous if you're using puppetlabs/apt, as it can fully configure unattended upgrades. I realized this only after I wrote this package, and personally switched to it in the interest of simplicity. However, as this does not require the apt module as a dependency, it may still be useful to some.

Module Description

This module is intended for Ubuntu and Debian systems, where the 'unattended-upgrades' package is available. Alternatives include scheduling updates with cron by hand (and in fact, 'unattended-upgrades' utilizes cron), and using cron-apt (more detail here).

Setup

What andschwa-unattended_upgrades affects

  • Packages
    • unattended-upgrades
  • Services
    • unattended-upgrades
  • Files
    • /etc/apt/apt.conf.d/20auto-upgrades
    • /etc/apt/apt.conf.d/50unattended-upgrades

Beginning with andschwa-unattended_upgrades

The simplest use of this module is:

include unattended_upgrades

Usage

This module has one class, unattended_upgrades, with the following parameters:

$period        = 1,              # Update period (in days)
$repos         = [ 'security' ], # Repos to upgrade
$blacklist     = [],             # Packages to not update
$email         = '',             # Email for update status
$autofix       = true,           # Ensure updates keep getting installed
$minimal_steps = true,           # Allows for shutdown during an upgrade
$on_shutdown   = false,          # Install only on shutdown
$on_error      = false,          # Email only on errors, else always
$autoremove    = false,          # Automatically remove unused dependencies
$auto_reboot   = false,          # Automatically reboot if needed

Logs are at the usual /var/log/unattended-upgrades, and emails will be automatically sent if an email is given.

The $minimal_steps option will split the upgrade into the smallest possible chunks, which allows them to be safely interruped (with SIGUSR1). There is a small performance penalty, but it lets you shutdown the machine while an upgrade is in progess.

The $autofix option determines if unattended-upgrades will, upon an unclean dpkg exit, automatically run dpkg --force-confold --configure -a. It defaults to true so that updates will continue being automatically installed.

The $autoremove option will clean unused dependencies, further configuration is available via the periodic configurations in /etc/apt/apt.conf.d/.

Limitations

This module only works on systems using apt package management: Ubuntu and Debian (and their derivatives).

Development

Fork on GitHub, make a Pull Request.

Run unattended_upgrades manually

# disable auto-update of unattended_upgrades
class { 'unattended_upgrades':
  period => 0,
  email  => $params::tech_mail,
}

$ sudo unattended-upgrade --debug --dry-run