kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity

Update apt to 7.3.0

Browse Source 
It now includes unattended-upgrades support
This commit is contained in:
Greg Karékinian 2020-06-19 16:21:35 +02:00
parent 1b84009958
commit e7edb5a464
13 changed files with 108 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Berksfile
View File

@ -31,7 +31,7 @@ cookbook 'nginx', '= 9.0.0'
cookbook 'build-essential', '~> 8.2.1'
cookbook 'mysql', '~> 8.5.1'
# cookbook 'postgresql', '= 7.1.8'
cookbook 'apt', '~> 7.0.0'
cookbook 'apt', '~> 7.3.0'
cookbook 'git', '= 6.0.0'
cookbook 'hostsfile', '= 2.4.5'
cookbook 'ohai', '~> 5.2.5'

4
Berksfile.lock
View File

@ -3,7 +3,7 @@ DEPENDENCIES
application (~> 5.2.0)
application_git (= 1.1.0)
application_javascript (~> 1.0.0)
apt (~> 7.0.0)
apt (~> 7.3.0)
ark (= 3.1.0)
build-essential (~> 8.2.1)
chef-sugar (= 3.3.0)
@ -66,7 +66,7 @@ GRAPH
poise (~> 2.0)
poise-javascript (~> 1.0)
poise-service (~> 1.0)
apt (7.0.0)
apt (7.3.0)
ark (3.1.0)
build-essential (>= 0.0.0)
seven_zip (>= 0.0.0)

30
cookbooks/apt/CHANGELOG.md
View File

@ -2,6 +2,34 @@
This file is used to list changes made in each version of the apt cookbook.
## 7.3.0 (2020-05-01)
- Cookstyle fixes - [@tas50](https://github.com/tas50)
- Remove unnecessary Foodcritic comments - [@tas50](https://github.com/tas50)
- Simplify the metadata.rb to resolve cookstyle warnings - [@tas50](https://github.com/tas50)
- Prevent helper collisions in Chef Infra Client 16 - [@tas50](https://github.com/tas50)
## 7.2.0 (2019-08-05)
- Allow you to specify dpkg options just for unattended upgrades - [@majormoses](https://github.com/majormoses)
- Adding documentation and tests for setting dpkg options unattended upgrades - [@majormoses](https://github.com/majormoses)
- Test on Chef 15 + Chef Workstation - [@tas50](https://github.com/tas50)
- Remove tests of the resources now built into Chef - [@tas50](https://github.com/tas50)
- Remove respond_to from the metadata - [@tas50](https://github.com/tas50)
- Remove the recipe description from the metadata as these aren't used - [@tas50](https://github.com/tas50)
- Replace Chef 12 testing with 13.3 - [@tas50](https://github.com/tas50)
- Remove Ubuntu 14.04 / Debian 8 testing and add Debian 10 testing - [@tas50](https://github.com/tas50)
## 7.1.1 (2018-10-11)
- Allow to customize sender email for unattended-upgrades
## 7.1.0 (2018-09-05)
- Add the installation of dirmngr and gnupg to the apt default cookbook to support secure repositories
- Added support for the unattended-upgrade SyslogEnable configuration feature
- Added support for the unattended-upgrade SyslogFacility configuration feature
## 7.0.0 (2018-04-06)
### Breaking Change
@ -16,7 +44,7 @@ This file is used to list changes made in each version of the apt cookbook.
## 6.1.3 (2017-07-19)
- Fixed typo in readme
- Fixed config namespace in the 10dpkg-options file
- Fixed config namespace in the 10dpkg-options file
## 6.1.2 (2017-06-20)

6
cookbooks/apt/README.md
View File

@ -83,7 +83,7 @@ For example, to prevent caching and directly connect to the repository at `downl
"cacher_server": {
"cache_bypass": {
"download.oracle.com": "http",
"nginx.org": "https"
"nginx.org": "https"
}
}
}
@ -129,11 +129,15 @@ To pull just security updates, set `origins_patterns` to something like `["origi
- `['apt']['unattended_upgrades']['minimal_steps']` - Split the upgrade into the smallest possible chunks. This makes the upgrade a bit slower but it has the benefit that shutdown while a upgrade is running is possible (with a small delay). Defaults to false.
- `['apt']['unattended_upgrades']['install_on_shutdown']` - Install upgrades when the machine is shuting down instead of doing it in the background while the machine is running. This will (obviously) make shutdown slower. Defaults to false.
- `['apt']['unattended_upgrades']['mail']` - Send email to this address for problems or packages upgrades. Defaults to no email.
- `['apt']['unattended_upgrades']['sender']` - Send email from this address for problems or packages upgrades. Defaults to 'root'.
- `['apt']['unattended_upgrades']['mail_only_on_error']` - If set, email will only be set on upgrade errors. Otherwise, an email will be sent after each upgrade. Defaults to true.
- `['apt']['unattended_upgrades']['remove_unused_dependencies']` Do automatic removal of new unused dependencies after the upgrade. Defaults to false.
- `['apt']['unattended_upgrades']['automatic_reboot']` - Automatically reboots _without confirmation_ if a restart is required after the upgrade. Defaults to false.
- `['apt']['unattended_upgrades']['dl_limit']` - Limits the bandwidth used by apt to download packages. Value given as an integer in kb/sec. Defaults to nil (no limit).
- `['apt']['unattended_upgrades']['random_sleep']` - Wait a random number of seconds up to this value before running daily periodic apt actions. System default is 1800 seconds (30 minutes).
- `['apt']['unattended_upgrades']['syslog_enable']` - Enable logging to syslog. Defaults to false.
- `['apt']['unattended_upgrades']['syslog_facility']` - Specify syslog facility. Defaults to 'daemon'.
- `['apt']['unattended_upgrades']['dpkg_options']` An array of dpkg options to be used specifically only for unattended upgrades. Defaults to `[]` which will prevent it from being rendered from the template in the resulting file.
### Configuration for APT

7
cookbooks/apt/attributes/default.rb
View File

@ -2,7 +2,7 @@
# Cookbook:: apt
# Attributes:: default
#
# Copyright:: 2009-2017, Chef Software, Inc.
# Copyright:: 2009-2019, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -41,12 +41,17 @@ default['apt']['unattended_upgrades']['auto_fix_interrupted_dpkg'] = false
default['apt']['unattended_upgrades']['minimal_steps'] = false
default['apt']['unattended_upgrades']['install_on_shutdown'] = false
default['apt']['unattended_upgrades']['mail'] = nil
default['apt']['unattended_upgrades']['sender'] = nil
default['apt']['unattended_upgrades']['mail_only_on_error'] = true
default['apt']['unattended_upgrades']['remove_unused_dependencies'] = false
default['apt']['unattended_upgrades']['automatic_reboot'] = false
default['apt']['unattended_upgrades']['automatic_reboot_time'] = 'now'
default['apt']['unattended_upgrades']['dl_limit'] = nil
default['apt']['unattended_upgrades']['random_sleep'] = nil
default['apt']['unattended_upgrades']['syslog_enable'] = false
default['apt']['unattended_upgrades']['syslog_facility'] = 'daemon'
default['apt']['unattended_upgrades']['dpkg_options'] = []
default['apt']['confd']['force_confask'] = false
default['apt']['confd']['force_confdef'] = false

12
cookbooks/apt/libraries/helpers.rb
View File

@ -2,7 +2,7 @@
# Cookbook:: apt
# Library:: helpers
#
# Copyright:: 2013-2017, Chef Software, Inc.
# Copyright:: 2013-2019, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -24,13 +24,13 @@ module Apt
#
# @return [Boolean]
def apt_installed?
!which('apt-get').nil?
!apt_which('apt-get').nil?
end
# Finds a command in $PATH
#
# @return [String, nil]
def which(cmd)
def apt_which(cmd)
ENV['PATH'] = '' if ENV['PATH'].nil?
paths = (ENV['PATH'].split(::File::PATH_SEPARATOR) + %w(/bin /usr/bin /sbin /usr/sbin))
@ -44,6 +44,6 @@ module Apt
end
end
Chef::Recipe.send(:include, ::Apt::Helpers)
Chef::Resource.send(:include, ::Apt::Helpers)
Chef::Provider.send(:include, ::Apt::Helpers)
Chef::Recipe.include ::Apt::Helpers
Chef::Resource.include ::Apt::Helpers
Chef::Provider.include ::Apt::Helpers

2
cookbooks/apt/metadata.json
View File

File diff suppressed because one or more lines are too long

13
cookbooks/apt/metadata.rb Normal file
View File

@ -0,0 +1,13 @@
name 'apt'
maintainer 'Chef Software, Inc.'
maintainer_email 'cookbooks@chef.io'
license 'Apache-2.0'
description 'Configures apt and apt caching.'
version '7.3.0'
supports 'ubuntu'
supports 'debian'
source_url 'https://github.com/chef-cookbooks/apt'
issues_url 'https://github.com/chef-cookbooks/apt/issues'
chef_version '>= 13.3'

4
cookbooks/apt/recipes/cacher-client.rb
View File

@ -2,7 +2,7 @@
# Cookbook:: apt
# Recipe:: cacher-client
#
# Copyright:: 2011-2017, Chef Software, Inc.
# Copyright:: 2011-2019, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -49,4 +49,4 @@ else
t.run_action(:create) if node['apt']['compiletime']
end
include_recipe 'apt::default'
include_recipe 'apt::default' # rubocop: disable ChefModernize/IncludingAptDefaultRecipe

2
cookbooks/apt/recipes/cacher-ng.rb
View File

@ -2,7 +2,7 @@
# Cookbook:: apt
# Recipe:: cacher-ng
#
# Copyright:: 2008-2017, Chef Software, Inc.
# Copyright:: 2008-2019, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the 'License');
# you may not use this file except in compliance with the License.

9
cookbooks/apt/recipes/default.rb
View File

@ -2,8 +2,8 @@
# Cookbook:: apt
# Recipe:: default
#
# Copyright:: 2008-2017, Chef Software, Inc.
# Copyright:: 2009-2017, Bryan McLellan <btm@loftninjas.org>
# Copyright:: 2008-2019, Chef Software, Inc.
# Copyright:: 2009-2019, Bryan McLellan <btm@loftninjas.org>
#
# Licensed under the Apache License, Version 2.0 (the 'License');
# you may not use this file except in compliance with the License.
@ -42,8 +42,7 @@ apt_update 'periodic' do
end
# For other recipes to call to force an update
execute 'apt-get update' do
command 'apt-get update'
execute 'apt-get update' do # rubocop: disable ChefModernize/ExecuteAptUpdate
ignore_failure true
action :nothing
notifies :touch, 'file[/var/lib/apt/periodic/update-success-stamp]', :immediately
@ -93,6 +92,6 @@ template '/etc/apt/apt.conf.d/10recommends' do
only_if { apt_installed? }
end
package 'apt-transport-https' do
package %w(apt-transport-https gnupg dirmngr) do
only_if { apt_installed? }
end

2
cookbooks/apt/recipes/unattended-upgrades.rb
View File

@ -2,7 +2,7 @@
# Cookbook:: apt
# Recipe:: unattended-upgrades
#
# Copyright:: 2014-2017, Chef Software, Inc.
# Copyright:: 2014-2019, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the 'License');
# you may not use this file except in compliance with the License.

45
cookbooks/apt/templates/50unattended-upgrades.erb
View File

@ -25,7 +25,7 @@ Unattended-Upgrade::Package-Blacklist {
};
// This option allows you to control if on a unclean dpkg exit
// unattended-upgrades will automatically run
// unattended-upgrades will automatically run
// dpkg --force-confold --configure -a
// The default is true, to ensure updates keep getting installed
Unattended-Upgrade::AutoFixInterruptedDpkg "<%= node['apt']['unattended_upgrades']['auto_fix_interrupted_dpkg'] ? 'true' : 'false' %>";
@ -41,14 +41,20 @@ Unattended-Upgrade::MinimalSteps "<%= node['apt']['unattended_upgrades']['minima
// This will (obviously) make shutdown slower
Unattended-Upgrade::InstallOnShutdown "<%= node['apt']['unattended_upgrades']['install_on_shutdown'] ? 'true' : 'false' %>";
<% if node['apt']['unattended_upgrades']['mail'] -%>
// Send email to this address for problems or packages upgrades
// If empty or unset then no email is sent, make sure that you
// have a working mail setup on your system. A package that provides
// 'mailx' must be installed.
<% if node['apt']['unattended_upgrades']['mail'] -%>
Unattended-Upgrade::Mail "<%= node['apt']['unattended_upgrades']['mail'] %>";
<% end -%>
<% if node['apt']['unattended_upgrades']['sender'] -%>
// This option allows to customize the email address used in the
// 'From' header. unattended-upgrades will use "root" if unset.
Unattended-Upgrade::Sender "<%= node['apt']['unattended_upgrades']['sender'] %>";
<% end -%>
// Set this value to "true" to get emails only on errors. Default
// is to always send a mail if Unattended-Upgrade::Mail is set
Unattended-Upgrade::MailOnlyOnError "<%= node['apt']['unattended_upgrades']['mail_only_on_error'] ? 'true' : 'false' %>";
@ -57,19 +63,42 @@ Unattended-Upgrade::MailOnlyOnError "<%= node['apt']['unattended_upgrades']['mai
// (equivalent to apt-get autoremove)
Unattended-Upgrade::Remove-Unused-Dependencies "<%= node['apt']['unattended_upgrades']['remove_unused_dependencies'] ? 'true' : 'false' %>";
// Automatically reboot *WITHOUT CONFIRMATION* if a
// the file /var/run/reboot-required is found after the upgrade
// Automatically reboot *WITHOUT CONFIRMATION* if a
// the file /var/run/reboot-required is found after the upgrade
Unattended-Upgrade::Automatic-Reboot "<%= node['apt']['unattended_upgrades']['automatic_reboot'] ? 'true' : 'false' %>";
// If automatic reboot is enabled and needed, reboot at the specific
// time instead of immediately
// Default: "now"
<% if node['apt']['unattended_upgrades']['automatic_reboot'] -%>
// If automatic reboot is enabled and needed, reboot at the specific
// time instead of immediately. Default is "now"
Unattended-Upgrade::Automatic-Reboot-Time "<%= node['apt']['unattended_upgrades']['automatic_reboot_time'] %>";
<% end %>
<% if node['apt']['unattended_upgrades']['dl_limit'] -%>
// Use apt bandwidth limit feature, this example limits the download
// speed to 70kb/sec
<% if node['apt']['unattended_upgrades']['dl_limit'] -%>
// Acquire::http::Dl-Limit "70";
Acquire::http::Dl-Limit "<%= node['apt']['unattended_upgrades']['dl_limit'] %>";
<% end -%>
// Enable logging to syslog. Default is False
Unattended-Upgrade::SyslogEnable "<%= node['apt']['unattended_upgrades']['syslog_enable'] ? 'true' : 'false' %>";
// Specify syslog facility. Default is daemon
Unattended-Upgrade::SyslogFacility "<%= node['apt']['unattended_upgrades']['syslog_facility'] %>";
// specify any dpkg options you want to run
// for example if you wanted to upgrade and use
// the installed version of config files when
// resolving conflicts during an upgrade you
// typically need:
// Dpkg::Options {
// "--force-confdef";
// "--force-confold";
//};
<% unless node['apt']['unattended_upgrades']['dpkg_options'].empty? -%>
Dpkg::Options {
<% node['apt']['unattended_upgrades']['dpkg_options'].each do |option|%>
"<%= option %>";
<% end -%>
};
<% end -%>