From b88bc56c553a3b98e75f6fd4d492c38d7ba3974f Mon Sep 17 00:00:00 2001 From: Clark Boylan Date: Mon, 24 Jan 2022 10:15:06 -0800 Subject: [PATCH] Manage apt.conf.d/20auto-upgrades This file has been seen on a few servers with the Unattended-Upgrades flag set to 0 disabling daily unattended upgrades. Most of our servers have this set to 1 and are fine, but let's go ahead and manage this file directly to ensure it is always 1 and auto upgrades are enabled. Note that previously we had been setting this via apt.conf.d/10periodic which seems to come from the update-notifier-common package on older systems and is now no longer used. Since that file's prefix is smaller than 20auto-upgrades the 20auto-ugprades file installed by unattended-upgrades overrides this value. A future update would be to coalesce both 10periodic and 20auto-upgrades together into one config file. Change-Id: Ic0bdaaf881780072fda7e60ff89b60b3a07b5804 --- playbooks/roles/base/server/files/20auto-upgrades | 2 ++ playbooks/roles/base/server/tasks/Debian.yaml | 9 +++++++++ testinfra/test_base.py | 5 +++++ 3 files changed, 16 insertions(+) create mode 100644 playbooks/roles/base/server/files/20auto-upgrades diff --git a/playbooks/roles/base/server/files/20auto-upgrades b/playbooks/roles/base/server/files/20auto-upgrades new file mode 100644 index 0000000000..8d6d7c82fe --- /dev/null +++ b/playbooks/roles/base/server/files/20auto-upgrades @@ -0,0 +1,2 @@ +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Unattended-Upgrade "1"; diff --git a/playbooks/roles/base/server/tasks/Debian.yaml b/playbooks/roles/base/server/tasks/Debian.yaml index c93fd00a20..0f94c18afc 100644 --- a/playbooks/roles/base/server/tasks/Debian.yaml +++ b/playbooks/roles/base/server/tasks/Debian.yaml @@ -56,6 +56,7 @@ src: debian_limits.conf dest: /etc/security/limits.d/60-nofile-limit.conf +# TODO combine 10periodic and 20auto-upgrades - name: Install apt-daily 10periodic file for unattended-upgrades copy: mode: 0444 @@ -64,6 +65,14 @@ owner: root group: root +- name: Install 20auto-upgrades file for unattended-upgrades + copy: + mode: 0444 + src: 20auto-upgrades + dest: /etc/apt/apt.conf.d/20auto-upgrades + owner: root + group: root + - name: Install 50unattended-upgrades file for unattended-upgrades copy: mode: 0444 diff --git a/testinfra/test_base.py b/testinfra/test_base.py index 4fde49cb7a..e7b9c566c3 100644 --- a/testinfra/test_base.py +++ b/testinfra/test_base.py @@ -97,6 +97,11 @@ def test_unattended_upgrades(host): assert cfg_file.contains('^APT::Periodic::Unattended-Upgrade "1"') assert cfg_file.contains('^APT::Periodic::RandomSleep "1800"') + cfg_file = host.file("/etc/apt/apt.conf.d/20auto-upgrades") + assert cfg_file.exists + assert cfg_file.contains('^APT::Periodic::Update-Package-Lists "1"') + assert cfg_file.contains('^APT::Periodic::Unattended-Upgrade "1"') + cfg_file = host.file("/etc/apt/apt.conf.d/50unattended-upgrades") assert cfg_file.contains('^Unattended-Upgrade::Mail "root"')