10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
# File 'modules/apt/manifests/unattendedupgrades.pp', line 10
class apt::unattendedupgrades(
$unattended_distro='present',
$unattended_wmf='present',
) {
# package installation should enable security upgrades by default
package { 'unattended-upgrades':
ensure => 'present',
}
# disable this cron job which is not useful and can produce cronspam
file { '/etc/cron.daily/apt-show-versions':
ensure => 'absent',
}
package { 'python3-apt':
ensure => 'present',
}
# dpkg tries to determine the most conservative default action in case of
# conffile conflict. This tells dpkg to use that action without asking
apt::conf { 'dpkg-force-confdef':
ensure => 'present',
priority => '00',
key => 'Dpkg::Options::',
value => '--force-confdef',
}
# In case of conffile conflicts, tell dpkg to keep the old conffile without
# asking
apt::conf { 'dpkg-force-confold':
ensure => 'present',
priority => '00',
key => 'Dpkg::Options::',
value => '--force-confold',
}
apt::conf { 'auto-upgrades':
ensure => 'present',
priority => '20',
key => 'APT::Periodic::Unattended-Upgrade',
value => '1',
}
# https://wiki.debian.org/StableUpdates
# https://www.debian.org/News/2011/20110215
apt::conf { 'unattended-upgrades-updates':
ensure => $unattended_distro,
priority => '52',
# Key with trailing '::' to append to potentially existing entry
key => 'Unattended-Upgrade::Origins-Pattern::',
# lint:ignore:single_quote_string_with_variables
value => 'origin=${distro_id},codename=${distro_codename}-updates',
# lint:endignore
}
# Unattended should update WMF packages
# https://apt.wikimedia.org/wikimedia/
# https://wikitech.wikimedia.org/wiki/APT_repository
apt::conf { 'unattended-upgrades-wikimedia':
ensure => $unattended_wmf,
priority => '51',
# Key with trailing '::' to append to potentially existing entry
key => 'Unattended-Upgrade::Origins-Pattern::',
# lint:ignore:single_quote_string_with_variables
value => 'origin=Wikimedia,codename=${distro_codename}-wikimedia',
# lint:endignore
}
# Clean up the apt cache to avoid filling the disk periodically T127374
apt::conf { 'apt-autoclean':
ensure => present,
priority => '52',
key => 'APT::Periodic::AutocleanInterval:',
value => 7,
}
file { '/usr/local/sbin/report-pending-upgrades':
ensure => absent,
}
file { '/usr/local/sbin/apt-upgrade':
ensure => present,
owner => 'root',
group => 'root',
mode => '0755',
source => 'puppet:///modules/apt/apt-upgrade.py',
require => Package['python3-apt'],
}
}
|