From 0a20dc708587ac216694ef9b3e0632035038cb6e Mon Sep 17 00:00:00 2001
From: Grant Slater <openstreetmap@firefishy.com>
Date: Thu, 31 Dec 2015 08:19:30 +0000
Subject: [PATCH] Add unattended upgrades support

Bring unattended-upgrades support into chef. Many of the servers already
have unattended-upgrades installed and partially configured.

By default enable, specifically disable on DB role machines.

Also enable removal of unused dependencies, which is primarily used
for removing unused kernel packages.
---
 cookbooks/apt/attributes/default.rb          |  3 +++
 cookbooks/apt/recipes/default.rb             | 22 ++++++++++++++++++++
 cookbooks/apt/templates/default/apt.conf.erb |  5 +++++
 roles/db.rb                                  |  5 +++++
 4 files changed, 35 insertions(+)
 create mode 100644 cookbooks/apt/templates/default/apt.conf.erb

diff --git a/cookbooks/apt/attributes/default.rb b/cookbooks/apt/attributes/default.rb
index f15361411..f75ed9e34 100644
--- a/cookbooks/apt/attributes/default.rb
+++ b/cookbooks/apt/attributes/default.rb
@@ -1 +1,4 @@
 default_unless[:apt][:sources] = []
+
+default[:apt][:unattended_upgrades][:enable] = true
+default[:apt][:unattended_upgrades][:remove_unused_dependencies] = true
diff --git a/cookbooks/apt/recipes/default.rb b/cookbooks/apt/recipes/default.rb
index 7467ef16b..2fcc6fa78 100644
--- a/cookbooks/apt/recipes/default.rb
+++ b/cookbooks/apt/recipes/default.rb
@@ -109,3 +109,25 @@ apt_source "postgresql" do
   url "http://apt.postgresql.org/pub/repos/apt"
   key "ACCC4CF8"
 end
+
+package "unattended-upgrades"
+
+auto_upgrades = if node[:apt][:unattended_upgrades][:enable]
+                  IO.read("/usr/share/unattended-upgrades/20auto-upgrades")
+                else
+                  IO.read("/usr/share/unattended-upgrades/20auto-upgrades-disabled")
+                end
+
+file "/etc/apt/apt.conf.d/20auto-upgrades" do
+  user "root"
+  group "root"
+  mode 0644
+  content auto_upgrades
+end
+
+template "/etc/apt/apt.conf.d/60chef" do
+  source "apt.conf.erb"
+  owner "root"
+  group "root"
+  mode 0644
+end
diff --git a/cookbooks/apt/templates/default/apt.conf.erb b/cookbooks/apt/templates/default/apt.conf.erb
new file mode 100644
index 000000000..b0552bbc1
--- /dev/null
+++ b/cookbooks/apt/templates/default/apt.conf.erb
@@ -0,0 +1,5 @@
+// DO NOT EDIT - This file is being maintained by Chef
+
+// Do automatic removal of new unused dependencies after the upgrade
+// (equivalent to apt-get autoremove)
+Unattended-Upgrade::Remove-Unused-Dependencies "<%= node[:apt][:unattended_upgrades][:remove_unused_dependencies] ? 'true' : 'false' %>";
diff --git a/roles/db.rb b/roles/db.rb
index 6fcb9bd67..670b745fd 100644
--- a/roles/db.rb
+++ b/roles/db.rb
@@ -10,6 +10,11 @@ default_attributes(
       }
     }
   },
+  :apt => {
+    :unattended_upgrades => {
+      :enable => false
+    }
+  },
   :munin => {
     :plugins => {
       :postgres_connections_openstreetmap => {
-- 
2.43.2