Arturo Borrero Gonzalez has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/398259 )
Change subject: Revert "Revert "cloud: setup for attended upgrade process""
......................................................................
Revert "Revert "cloud: setup for attended upgrade process""
This reverts commit ea71c8fe2f97359599a6f87c04c2d000e05c474a.
There was a mistake in the variable names.
Change-Id: Ibccc1e3050412d9ac9bddbd14069a118c7808256
Signed-off-by: Arturo Borrero Gonzalez <aborr...@wikimedia.org>
---
M hieradata/labs.yaml
A hieradata/labs/project-proxy/common.yaml
M hieradata/labs/tools/common.yaml
M modules/apt/manifests/unattendedupgrades.pp
M modules/profile/manifests/base/labs.pp
5 files changed, 50 insertions(+), 7 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/59/398259/1
diff --git a/hieradata/labs.yaml b/hieradata/labs.yaml
index aa078d5..bf7c323 100644
--- a/hieradata/labs.yaml
+++ b/hieradata/labs.yaml
@@ -17,6 +17,8 @@
recursor: 'labs-recursor0.wikimedia.org'
recursor_secondary: 'labs-recursor1.wikimedia.org'
+profile::base::labs::unattended_wmf: 'present'
+profile::base::labs::unattended_distro: 'present'
profile::openstack::main::version: 'liberty'
profile::openstack::base::region: "%{::site}"
profile::openstack::main::nova_controller: 'labcontrol1001.wikimedia.org'
diff --git a/hieradata/labs/project-proxy/common.yaml
b/hieradata/labs/project-proxy/common.yaml
new file mode 100644
index 0000000..9a76d8a
--- /dev/null
+++ b/hieradata/labs/project-proxy/common.yaml
@@ -0,0 +1,2 @@
+profile::base::labs::unattended_wmf: 'absent'
+profile::base::labs::unattended_distro: 'absent'
diff --git a/hieradata/labs/tools/common.yaml b/hieradata/labs/tools/common.yaml
index c62e87a..3e03999 100644
--- a/hieradata/labs/tools/common.yaml
+++ b/hieradata/labs/tools/common.yaml
@@ -1,3 +1,6 @@
+profile::base::labs::unattended_wmf: 'absent'
+profile::base::labs::unattended_distro: 'absent'
+
"profile::base::core_dump_pattern": core
classes:
- role::aptly::client
diff --git a/modules/apt/manifests/unattendedupgrades.pp
b/modules/apt/manifests/unattendedupgrades.pp
index c02745c..414afcc 100644
--- a/modules/apt/manifests/unattendedupgrades.pp
+++ b/modules/apt/manifests/unattendedupgrades.pp
@@ -1,13 +1,26 @@
-class apt::unattendedupgrades($ensure=present) {
+# Manage unattended updates across cloud instances
+# Note: security updates can not be disabled (enabled by default)
+#
+# [*unattended_wmf*]
+# present/absent to enable/disable wmf packages
+#
+# [*unattended_distro*]
+# present/absent to enable/disable updates in stable packages
+
+class apt::unattendedupgrades(
+ $unattended_distro='present',
+ $unattended_wmf='present',
+ ) {
+
# package installation should enable security upgrades by default
package { 'unattended-upgrades':
- ensure => $ensure,
+ ensure => 'present',
}
# dpkg tries to determine the most conservative default action in case of
# conffile conflict. This tells dpkg to use that action without asking
apt::conf { 'dpkg-force-confdef':
- ensure => present,
+ ensure => 'present',
priority => '00',
key => 'Dpkg::Options::',
value => '--force-confdef',
@@ -16,20 +29,36 @@
# In case of conffile conflicts, tell dpkg to keep the old conffile without
# asking
apt::conf { 'dpkg-force-confold':
- ensure => present,
+ ensure => 'present',
priority => '00',
key => 'Dpkg::Options::',
value => '--force-confold',
}
apt::conf { 'auto-upgrades':
- ensure => $ensure,
+ ensure => 'present',
priority => '20',
key => 'APT::Periodic::Unattended-Upgrade',
value => '1',
}
+ # https://wiki.debian.org/StableUpdates
+ # https://www.debian.org/News/2011/20110215
+ apt::conf { 'unattended-upgrades-updates':
+ ensure => $unattended_distro,
+ priority => '52',
+ # Key with trailing '::' to append to potentially existing entry
+ key => 'Unattended-Upgrade::Origins-Pattern::',
+ # lint:ignore:single_quote_string_with_variables
+ value => 'origin=${distro_id},codename=${distro_codename}-updates',
+ # lint:endignore
+ }
+
+ # Unattended should update WMF packages
+ # https://apt.wikimedia.org/wikimedia/
+ # https://wikitech.wikimedia.org/wiki/APT_repository
apt::conf { 'unattended-upgrades-wikimedia':
+ ensure => $unattended_wmf,
priority => '51',
# Key with trailing '::' to append to potentially existing entry
key => 'Unattended-Upgrade::Origins-Pattern::',
diff --git a/modules/profile/manifests/base/labs.pp
b/modules/profile/manifests/base/labs.pp
index 23816b3..59c9b25 100644
--- a/modules/profile/manifests/base/labs.pp
+++ b/modules/profile/manifests/base/labs.pp
@@ -1,6 +1,13 @@
-class profile::base::labs {
- include ::apt::unattendedupgrades
+class profile::base::labs(
+ $unattended_wmf = hiera('profile::base::labs::unattended_wmf'),
+ $unattended_distro = hiera('profile::base::labs::unattended_distro'),
+ ) {
+
include ::apt::noupgrade
+ class {'::apt::unattendedupgrades':
+ unattended_wmf => $unattended_wmf,
+ unattended_distro => $unattended_distro,
+ }
# Labs instances /var is quite small, provide our own default
# to keep less records (T71604).
--
To view, visit https://gerrit.wikimedia.org/r/398259
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ibccc1e3050412d9ac9bddbd14069a118c7808256
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Arturo Borrero Gonzalez <aborr...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
