unattended_upgrades
Version information
This version is compatible with:
- Puppet Enterprise 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
- Puppet >= 3.8.7 < 5.0.0
- ,
Start using this module
Add this module to your Puppetfile:
mod 'puppet-unattended_upgrades', '2.2.0'
Learn more about managing modules with a PuppetfileDocumentation
Unattended Upgrades module for Puppet
Table of Contents
- Overview
- Module Description - What the module does and why it is useful
- Setup - The basics of getting started with splunk
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
- License
Overview
The unattended_upgrades module allows for the installation and configuration of automatic security (and other) updates through apt.
This functionality used to be part of the puppetlabs-apt module but was split off into its own module.
Module Description
The unattended_upgrades module automates the configuration of apt package updates.
Setup
What unattended_upgrades affects
- Package/configuration for unattended_upgrades
Beginning with unattended_upgrades
All you need to do is include the apt module, include apt
, and this module,
include unattended_upgrades
for it to work.
This module relies on the apt module and will not work without it.
Usage
Using unattended_upgrades simply consists of including the module and if needed altering some of the default settings.
Reference
Classes
unattended_upgrades
: Main class, installs the necessary packages and writes the configuration.
Parameters
unattended_upgrades
-
age
({}
): A hash of settings with two possible keys:min
(2
): Minimum age of a cache package file. File younger thanmin
will not be deleted.max
(0
): Maximum allowed age of a cache package file. File older thanmax
will be deleted.
Any of these keys can be specified and will be merged into the defaults:
class { 'unattended_upgrades': age => { 'max' => 10 }, }
-
auto
({}
): A hash of settings with these possible keys:clean
(0
): Remove packages that can no longer be downloaded from cache every X days (0
= disabled).fix_interrupted_dpkg
(true
): Try to fix package installation state.reboot
(false
): Reboot system after package update installation.reboot_time
(now
): If automatic reboot is enabled and needed, reboot at the specific time (instead of immediately).remove
(true
): Remove unneeded dependencies after update installation.
Any of these keys can be specified and will be merged into the defaults:
class { 'unattended_upgrades': auto => { 'reboot' => true }, }
-
backup
({}
): A hash with two possible keys:archive_internal
(0
): Backup after n-days if archive contents changed.level
(3
): Backup level.
Any of these keys can be specified and will be merged into the defaults:
class { 'unattended_upgrades': backup => { 'level' => 5 }, }
-
blacklist
([]
): A list of packages to not automatically upgrade. -
dl_limit
(undef
): Use a bandwidth limit for downloading, specified in kb/sec. -
enable
(1
): Enable the automatic installation of updates. -
install_on_shutdown
(false
): Install updates on shutdown instead of in the background. -
legacy_origin
(true
for Debian (squeeze), Ubuntu (precise, trusty, utopic, vivid, wily, xenial, yakkety, and default),false
for Debian (wheezy and default)): Use the legacyUnattended-Upgrade::Allowed-Origins
setting or the modernUnattended-Upgrade::Origins-Pattern
. -
mail
: A hash to configure email behaviour with two possible keys:only_on_error
(true
): Only send mail when something went wrongto
(undef
): Email address to send email too
If the default for
to
is kept you will not receive any mail at all. You'll likely want to set this parameter.Any of these keys can be specified and will be merged into the defaults:
class { 'unattended_upgrades': mail => { 'to' => 'admin@domain.tld', }, }
-
minimal_steps
(true
): Split the upgrade process into sections to allow shutdown during upgrade. -
origins
: The repositories from which to automatically upgrade included packages. -
package_ensure
(installed
): The ensure state for the 'unattended-upgrades' package. -
random_sleep
(undef
): Maximum amount of time (in seconds) that the apt cron job can sleep before the execution. The exact amount of time will be random but upto the value specified. The purpose is to avoid that servers/mirrors get hammered at exactly the same time when a lot of machines are switched on, e.g. 9:00 in the morning. Note: If this is left unset, the default value in the apt cron job applies, which is 1800 seconds. -
size
(0
): Maximum size of the cache in MB. -
update
(1
): Do "apt-get update" automatically every n-days. -
upgrade
(1
): Run the "unattended-upgrade" security upgrade script every n-days. -
upgradeable_packages
({}
): A hash with two possible keys:download_only
(0
): Do "apt-get upgrade --download-only" every n-days.debdelta
(1
): Use debdelta-upgrade to download updates if available.
Any of these keys can be specified and will be merged into the defaults:
class { 'unattended_upgrades': upgradeable_packages => { 'debdelta' => 1, }, }
-
verbose
(0
): Send report mail to root. -
options
({}
): A hash of settings with these possible keys:force_confdef
(true
) : Use the default option for new config files if one is available, don't prompt. If no default can be found, you will be prompted unless one of the confold or confnew options is also givenforce_confold
(true
): Always use the old config files, don't promptforce_connew
(false
): Always use the new config files, don't promptforce_conmiss
(false
): Always install missing config files
Limitations
This module should work across all versions of Debian, Ubuntu, and Linux Mint.
License
The original code for this module comes from Evolving Web and was licensed under the MIT license. Code added since the fork of that module into puppetlabs-apt is covered under the Apache License version 2 as is any code added since it was split off into this separate unattended_upgrades module.
The LICENSE contains both licenses.
Change Log
All notable changes to this project will be documented in this file. This project adheres to Semantic Versioning.
2017-01-12 - Release 2.2.0
This is the last release with Puppet 3 support!
- Fix several markdown issues
- Fix order of options to prevent swapping
- Add missing badges
- Add missing ToC
- Fix several rubocop issues
- Include the release pocket on Ubuntu Xenial and Yakkety.
- Bump min version_requirement for Puppet
- Modulesync with latest Vox Pupuli defaults
2016-10-05 - Release 2.1.0
- Modulesync with latest Vox Pupuli defaults
- Add support for Linux Mint
- Improve parameter validation and testing
- Add support for Ubuntu 16.04 and 16.10
- Ubuntu: Issue EOL warning for unsupported release
2016-05-26 - Release 2.0.0
- Drop Ruby1.8 Support
- Modulesync to latest Vox Pupuli defaults
- Improve spec tests
- Update documentation
- Add parameter to control reboot time
- Update default parameters for legacy_origin option
- Add options support
2016-01-11 - Release 1.1.1
Changed
- CHANGELOG: Fixed comparison URL's for the releases
- CHANGELOG: Fixed changed header for 1.1.1
- Fix a facts lookup issue that caused us to break on Ubuntu
2016-01-08 - Release 1.1.0
Added
- Support Raspbian
- Support for Debian Jessie and Ubuntu Wiley
- Documentation for
clean
parameter - Clarification for
sleep
Fixed
- code is now
strict_variables
safe - Fix bug that prevented us from working on Ubuntu
Maintenance
- linter clean
- rubocop clean
- integrate in modulesync
2015-04-23 - Release 1.0.3
Changed
- Tested on Puppet 4.
- Remove inclusion of
apt
class.
2015-04-22 - Release 1.0.2
Changed
- Resolve some Travis related packaging issues.
2015-04-22 - Release 1.0.1
Changed
- Resolve some Travis related packaging issues.
2015-04-22 - Release 1.0.0
Added
- Full configuration of unattended-upgrades and all possible options for
APT::Periodic
. - Test suite covering the current behaviour.
- README with full documentation.
- Boilerplate such as Gemfile, Travis configuration, LICENSE and so on.
Dependencies
- puppetlabs/stdlib (>= 4.6.0 < 5.0.0)
- puppetlabs/apt (>= 2.2.0 < 3.0.0)
Copyright (c) 2011 Evolving Web Inc. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Copyright 2014 Puppet Labs, 2015 Puppet Community Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.