Puppet Class: unattended_upgrades

Defined in:
manifests/init.pp

Summary

Installs and configures unattended-upgrades.

Overview

This class installs and configures the unattended-upgrades package.

Parameters:

  • age (Unattended_upgrades::Age) (defaults to: {})

    See ‘Unattended_upgrades::Age` for details.

  • auto (Unattended_upgrades::Auto) (defaults to: {})

    See ‘Unattended_upgrades::Auto` for details.

  • backup (Unattended_upgrades::Backup) (defaults to: {})

    See ‘Unattended_upgrades::Backup` for details.

  • blacklist (Array[String[1]]) (defaults to: [])

    Array of packages to blacklist from automatic upgrades.

  • whitelist (Array[String[1]]) (defaults to: [])

    Array of packages to whitelist for automatic upgrades.

  • dl_limit (Optional[Integer[0]]) (defaults to: undef)

    Limit the download speed in KB/s.

  • enable (Integer[0, 1]) (defaults to: 1)

    Enable unattended-upgrades.

  • install_on_shutdown (Boolean) (defaults to: false)

    Install upgrades on shutdown.

  • mail (Unattended_upgrades::Mail) (defaults to: {})

    See ‘Unattended_upgrades::Mail` for details.

  • minimal_steps (Boolean) (defaults to: true)

    Split the upgrade process into minimal steps.

  • origins (Array[Unattended_upgrades::Origin]) (defaults to: [ 'origin=Debian,codename=${distro_codename},label=Debian', #lint:ignore:single_quote_string_with_variables 'origin=Debian,codename=${distro_codename}-security,label=Debian-Security', #lint:ignore:single_quote_string_with_variables ])

    Array of origins to allow automatic upgrades from.

  • package_ensure (String[1]) (defaults to: installed)

    Ensure for the unattended-upgrades package.

  • extra_origins (Array[Unattended_upgrades::Origin]) (defaults to: [])

    Array of extra origins to allow automatic upgrades from.

  • random_sleep (Optional[Integer[0]]) (defaults to: undef)

    Maximum random sleep in seconds. This parameter is deprecated and will be removed in a future release.

  • sender (Optional[String]) (defaults to: undef)

    Email sender address.

  • size (Integer[0]) (defaults to: 0)

    Maximum size of the download in MB.

  • update (Variant[Integer[0], Enum['always'], Pattern[/^\d+[smh]$/]]) (defaults to: 1)

    Run ‘apt-get update` automatically. Accepts an integer (number of days), the string ’always’, or a time interval with suffixes (‘s’ for seconds, ‘m’ for minutes, ‘h’ for hours).

  • upgrade (Variant[Integer[0], Enum['always'], Pattern[/^\d+[smh]$/]]) (defaults to: 1)

    Run ‘apt-get upgrade` automatically. Accepts an integer (number of days), the string ’always’, or a time interval with suffixes (‘s’ for seconds, ‘m’ for minutes, ‘h’ for hours).

  • upgradeable_packages (Unattended_upgrades::Upgradeable_packages) (defaults to: {})

    See ‘Unattended_upgrades::Upgradeable_packages` for details.

  • verbose (Integer[0]) (defaults to: 0)

    Enable verbose logging.

  • notify_update (Boolean) (defaults to: false)

    Notify on package updates.

  • days (Array[String[1]]) (defaults to: [])

    Days of the week to run unattended-upgrades.

  • remove_unused_kernel (Optional[Boolean]) (defaults to: undef)

    Remove unused kernel packages.

  • remove_new_unused_deps (Optional[Boolean]) (defaults to: undef)

    Remove new unused dependencies.

  • syslog_enable (Optional[Boolean]) (defaults to: undef)

    Enable syslog logging.

  • syslog_facility (Optional[String]) (defaults to: undef)

    Syslog facility to use.

  • only_on_ac_power (Optional[Boolean]) (defaults to: undef)

    Download and install upgrades only when on AC power.

  • skip_updates_on_metered_connection (Optional[Boolean]) (defaults to: undef)

    Skip updates on metered connections.

  • whitelist_strict (Optional[Boolean]) (defaults to: undef)

    Whether to apply the whitelist strictly.

  • allow_downgrade (Optional[Boolean]) (defaults to: undef)

    Allow downgrades.

  • dpkg_options (Array[String[1]]) (defaults to: [])

    Array of dpkg options.

  • service_ensure (Enum['running', 'stopped']) (defaults to: 'running')

    Specifies whether the service should be running.

  • service_enable (Boolean) (defaults to: true)

    Specifies whether the service should be enabled at boot.



76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
 
# File 'manifests/init.pp', line 76

class unattended_upgrades (
  Unattended_upgrades::Age                  $age                    = {},
  Unattended_upgrades::Auto                 $auto                   = {},
  Unattended_upgrades::Backup               $backup                 = {},
  Array[String[1]]                          $blacklist              = [],
  Array[String[1]]                          $whitelist              = [],
  Optional[Integer[0]]                      $dl_limit               = undef,
  Integer[0, 1]                             $enable                 = 1,
  Boolean                                   $install_on_shutdown    = false,
  Unattended_upgrades::Mail                 $mail                   = {},
  Boolean                                   $minimal_steps          = true,
  Array[Unattended_upgrades::Origin]        $origins                = [
    'origin=Debian,codename=${distro_codename},label=Debian', #lint:ignore:single_quote_string_with_variables
    'origin=Debian,codename=${distro_codename}-security,label=Debian-Security', #lint:ignore:single_quote_string_with_variables
  ],
  String[1]                                 $package_ensure         = installed,
  Array[Unattended_upgrades::Origin]        $extra_origins          = [],
  Optional[Integer[0]]                      $random_sleep           = undef,
  Optional[String]                          $sender                 = undef,
  Integer[0]                                $size                   = 0,
  Variant[Integer[0], Enum['always'], Pattern[/^\d+[smh]$/]]       $update                 = 1,
  Variant[Integer[0], Enum['always'], Pattern[/^\d+[smh]$/]]       $upgrade                = 1,
  Unattended_upgrades::Upgradeable_packages $upgradeable_packages   = {},
  Integer[0]                                $verbose                = 0,
  Boolean                                   $notify_update          = false,
  Array[String[1]]                          $days                   = [],
  Optional[Boolean]                         $remove_unused_kernel   = undef,
  Optional[Boolean]                         $remove_new_unused_deps = undef,
  Optional[Boolean]                         $syslog_enable          = undef,
  Optional[String]                          $syslog_facility        = undef,
  Optional[Boolean]                         $only_on_ac_power       = undef,
  Optional[Boolean]                         $skip_updates_on_metered_connection = undef,
  Optional[Boolean]                         $whitelist_strict       = undef,
  Optional[Boolean]                         $allow_downgrade        = undef,
  Array[String[1]]                          $dpkg_options           = [],
  Enum['running', 'stopped']                $service_ensure         = 'running',
  Boolean                                   $service_enable         = true,
) {
  # apt::conf settings require the apt class to work
  include apt

  $_age = {
    'min' => 2,
    'max' => 0,
  } + $age
  assert_type(Unattended_upgrades::Age, $_age)

  $_auto = {
    'fix_interrupted_dpkg' => true,
    'remove' => true,
    'reboot' => false,
    'reboot_withusers' => true,
    'clean' => 0,
    'reboot_time' => 'now',
  } + $auto
  assert_type(Unattended_upgrades::Auto, $_auto)

  $_backup = {
    'archive_interval' => 0,
    'level' => 3,
  } + $backup
  assert_type(Unattended_upgrades::Backup, $_backup)

  $_mail = {
    'only_on_error' => true,
  } + $mail
  assert_type(Unattended_upgrades::Mail, $_mail)

  $_upgradeable_packages = {
    'download_only' => 0,
    'debdelta' => 1,
  } + $upgradeable_packages
  assert_type(Unattended_upgrades::Upgradeable_packages, $_upgradeable_packages)

  package { 'unattended-upgrades':
    ensure => $package_ensure,
  }

  apt::conf { 'unattended-upgrades':
    priority      => 50,
    content       => template("${module_name}/unattended-upgrades.erb"),
    require       => Package['unattended-upgrades'],
    notify_update => $notify_update,
  }

  apt::conf { 'periodic':
    priority      => 10,
    content       => template("${module_name}/periodic.erb"),
    require       => Package['unattended-upgrades'],
    notify_update => $notify_update,
  }

  apt::conf { 'auto-upgrades':
    ensure        => absent,
    priority      => 20,
    require       => Package['unattended-upgrades'],
    notify_update => $notify_update,
  }

  # Emit a warning if the deprecated parameter `random_sleep` is used
  if $random_sleep != undef {
    warning('The parameter `random_sleep` is deprecated and will be removed in a future release.')
  }

  service { 'unattended-upgrades':
    ensure  => $service_ensure,
    enable  => $service_enable,
    require => Package['unattended-upgrades'],
  }
}