Arturo Borrero Gonzalez has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/398079 )
Change subject: apt: unattended-upgrades: add targetted upgrades scripts ...................................................................... apt: unattended-upgrades: add targetted upgrades scripts These scripts are meant to be run by hand by the admins to easily upgrade packages just from the given source repo/channel. Is part of our new workflow for unattended/attended upgrades for servers. Related docs: https://wikitech.wikimedia.org/wiki/Portal:Cloud_VPS/Admin/Attended_package_upgrades Bug: T181647 Change-Id: I88ea78826c763e54f25cac22f2ea65ae301a7645 Signed-off-by: Arturo Borrero Gonzalez <aborr...@wikimedia.org> --- A modules/apt/files/apt-stretch-backports.sh A modules/apt/files/apt-stretch-security.sh A modules/apt/files/apt-stretch-updates.sh A modules/apt/files/apt-stretch-wikimedia.sh A modules/apt/files/apt-stretch.sh M modules/apt/manifests/unattendedupgrades.pp 6 files changed, 141 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/79/398079/1 diff --git a/modules/apt/files/apt-stretch-backports.sh b/modules/apt/files/apt-stretch-backports.sh new file mode 100644 index 0000000..ea72cf8 --- /dev/null +++ b/modules/apt/files/apt-stretch-backports.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +set -e + +LIST_FILE=$(mktemp) +echo "deb http://deb.debian.org/debian/ stretch-backports main contrib non-free" >> $LIST_FILE + +# no pin/pref file, since default for backports is usually good enough + +ARGS="-o Dir::Etc::SourceList=$LIST_FILE -o Dir::Etc::SourceParts=/dev/null" +ARGS2="-y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold'" +DEBIAN_FRONTEND=noninteractive apt-get update $ARGS +DEBIAN_FRONTEND=noninteractive apt-get upgrade $ARGS $ARGS2 $@ + +rm -rf $LIST_FILE +rm -rf $POLICY_FILE diff --git a/modules/apt/files/apt-stretch-security.sh b/modules/apt/files/apt-stretch-security.sh new file mode 100644 index 0000000..d5ff09f --- /dev/null +++ b/modules/apt/files/apt-stretch-security.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +set -e + +LIST_FILE=$(mktemp) +echo "deb http://security.debian.org/ stretch/updates main contrib non-free" >> $LIST_FILE +echo "deb http://deb.debian.org/debian/ stretch main contrib non-free" >> $LIST_FILE + +POLICY_FILE=$(mktemp) +cat << EOF >> $POLICY_FILE +Package: * +Pin: release l=Debian-Security +Pin-Priority: 990 + +Package: * +Pin: release l=Debian +Pin-Priority: 99 +EOF + +ARGS="-o Dir::Etc::SourceList=$LIST_FILE -o Dir::Etc::Preferences=$POLICY_FILE -o Dir::Etc::SourceParts=/dev/null" +ARGS2="-y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold'" +DEBIAN_FRONTEND=noninteractive apt-get update $ARGS +DEBIAN_FRONTEND=noninteractive apt-get upgrade $ARGS $ARGS2 $@ + +rm -rf $LIST_FILE +rm -rf $POLICY_FILE diff --git a/modules/apt/files/apt-stretch-updates.sh b/modules/apt/files/apt-stretch-updates.sh new file mode 100644 index 0000000..2508c7e --- /dev/null +++ b/modules/apt/files/apt-stretch-updates.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +set -e + +LIST_FILE=$(mktemp) +echo "deb http://deb.debian.org/debian/ stretch-updates main contrib non-free" >> $LIST_FILE + +POLICY_FILE=$(mktemp) +cat << EOF >> $POLICY_FILE +Package: * +Pin: release l=Debian +Pin-Priority: 500 +EOF + +ARGS="-o Dir::Etc::SourceList=$LIST_FILE -o Dir::Etc::Preferences=$POLICY_FILE -o Dir::Etc::SourceParts=/dev/null" +ARGS2="-y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold'" +DEBIAN_FRONTEND=noninteractive apt-get update $ARGS +DEBIAN_FRONTEND=noninteractive apt-get upgrade $ARGS $ARGS2 $@ + +rm -rf $LIST_FILE +rm -rf $POLICY_FILE diff --git a/modules/apt/files/apt-stretch-wikimedia.sh b/modules/apt/files/apt-stretch-wikimedia.sh new file mode 100644 index 0000000..a456c65 --- /dev/null +++ b/modules/apt/files/apt-stretch-wikimedia.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +set -e + +LIST_FILE=$(mktemp) +echo "deb http://apt.wikimedia.org/wikimedia stretch-wikimedia main contrib non-free" >> $LIST_FILE + +POLICY_FILE=$(mktemp) +cat << EOF >> $POLICY_FILE +Package: * +Pin: release l=Wikimedia +Pin-Priority: 1001 +EOF + +ARGS="-o Dir::Etc::SourceList=$LIST_FILE -o Dir::Etc::Preferences=$POLICY_FILE -o Dir::Etc::SourceParts=/dev/null" +ARGS2="-y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold'" +DEBIAN_FRONTEND=noninteractive apt-get update $ARGS +DEBIAN_FRONTEND=noninteractive apt-get upgrade $ARGS $ARGS2 $@ + +rm -rf $LIST_FILE +rm -rf $POLICY_FILE diff --git a/modules/apt/files/apt-stretch.sh b/modules/apt/files/apt-stretch.sh new file mode 100644 index 0000000..1b4d957 --- /dev/null +++ b/modules/apt/files/apt-stretch.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +set -e + +LIST_FILE=$(mktemp) +echo "deb http://deb.debian.org/debian/ stretch main contrib non-free" >> $LIST_FILE + +POLICY_FILE=$(mktemp) +cat << EOF >> $POLICY_FILE +Package: * +Pin: release l=Debian +Pin-Priority: 500 +EOF + +ARGS="-o Dir::Etc::SourceList=$LIST_FILE -o Dir::Etc::Preferences=$POLICY_FILE -o Dir::Etc::SourceParts=/dev/null" +ARGS2="-y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold'" +DEBIAN_FRONTEND=noninteractive apt-get update $ARGS +DEBIAN_FRONTEND=noninteractive apt-get upgrade $ARGS $ARGS2 $@ + +rm -rf $LIST_FILE +rm -rf $POLICY_FILE diff --git a/modules/apt/manifests/unattendedupgrades.pp b/modules/apt/manifests/unattendedupgrades.pp index 41138d2..8de7783 100644 --- a/modules/apt/manifests/unattendedupgrades.pp +++ b/modules/apt/manifests/unattendedupgrades.pp @@ -62,4 +62,40 @@ source => 'puppet:///modules/apt/report-pending-upgrades.sh', require => Package['apt-show-versions'], } + + file { '/usr/local/sbin/apt-stretch': + ensure => present, + owner => 'root', + group => 'root', + mode => '0755', + source => 'puppet:///modules/apt/apt-stretch.sh', + } + file { '/usr/local/sbin/apt-stretch-backports': + ensure => present, + owner => 'root', + group => 'root', + mode => '0755', + source => 'puppet:///modules/apt/apt-stretch-backports.sh', + } + file { '/usr/local/sbin/apt-stretch-security': + ensure => present, + owner => 'root', + group => 'root', + mode => '0755', + source => 'puppet:///modules/apt/apt-stretch-security.sh', + } + file { '/usr/local/sbin/apt-stretch-updates': + ensure => present, + owner => 'root', + group => 'root', + mode => '0755', + source => 'puppet:///modules/apt/apt-stretch-udpates.sh', + } + file { '/usr/local/sbin/apt-stretch-wikimedia': + ensure => present, + owner => 'root', + group => 'root', + mode => '0755', + source => 'puppet:///modules/apt/apt-stretch-wikimedia.sh', + } } -- To view, visit https://gerrit.wikimedia.org/r/398079 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I88ea78826c763e54f25cac22f2ea65ae301a7645 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Arturo Borrero Gonzalez <aborr...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits