Add unattended upgrades support
authorGrant Slater <openstreetmap@firefishy.com>
Thu, 31 Dec 2015 08:19:30 +0000 (08:19 +0000)
committerTom Hughes <tom@compton.nu>
Thu, 31 Dec 2015 08:20:49 +0000 (08:20 +0000)
Bring unattended-upgrades support into chef. Many of the servers already
have unattended-upgrades installed and partially configured.

By default enable, specifically disable on DB role machines.

Also enable removal of unused dependencies, which is primarily used
for removing unused kernel packages.

cookbooks/apt/attributes/default.rb
cookbooks/apt/recipes/default.rb
cookbooks/apt/templates/default/apt.conf.erb [new file with mode: 0644]
roles/db.rb

index f15361411360fef0978c6203cfcf447e7145691e..f75ed9e34abe5f4a77f1591ceea00011136f4b61 100644 (file)
@@ -1 +1,4 @@
 default_unless[:apt][:sources] = []
+
+default[:apt][:unattended_upgrades][:enable] = true
+default[:apt][:unattended_upgrades][:remove_unused_dependencies] = true
index 7467ef16b845ad964030fda27218014a60227026..2fcc6fa7871b3559a4b5827c2c6c45d5c063a376 100644 (file)
@@ -109,3 +109,25 @@ apt_source "postgresql" do
   url "http://apt.postgresql.org/pub/repos/apt"
   key "ACCC4CF8"
 end
+
+package "unattended-upgrades"
+
+auto_upgrades = if node[:apt][:unattended_upgrades][:enable]
+                  IO.read("/usr/share/unattended-upgrades/20auto-upgrades")
+                else
+                  IO.read("/usr/share/unattended-upgrades/20auto-upgrades-disabled")
+                end
+
+file "/etc/apt/apt.conf.d/20auto-upgrades" do
+  user "root"
+  group "root"
+  mode 0644
+  content auto_upgrades
+end
+
+template "/etc/apt/apt.conf.d/60chef" do
+  source "apt.conf.erb"
+  owner "root"
+  group "root"
+  mode 0644
+end
diff --git a/cookbooks/apt/templates/default/apt.conf.erb b/cookbooks/apt/templates/default/apt.conf.erb
new file mode 100644 (file)
index 0000000..b0552bb
--- /dev/null
@@ -0,0 +1,5 @@
+// DO NOT EDIT - This file is being maintained by Chef
+
+// Do automatic removal of new unused dependencies after the upgrade
+// (equivalent to apt-get autoremove)
+Unattended-Upgrade::Remove-Unused-Dependencies "<%= node[:apt][:unattended_upgrades][:remove_unused_dependencies] ? 'true' : 'false' %>";
index 6fcb9bd676b4da0209be354c593fea660000b847..670b745fd78a264aefa9ed50ac8f7dbee8998275 100644 (file)
@@ -10,6 +10,11 @@ default_attributes(
       }
     }
   },
+  :apt => {
+    :unattended_upgrades => {
+      :enable => false
+    }
+  },
   :munin => {
     :plugins => {
       :postgres_connections_openstreetmap => {