Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/394200 )
Change subject: wip: toolforge: follow attended upgrade process ...................................................................... wip: toolforge: follow attended upgrade process relies on changeset 392421 Bug: T181647 Change-Id: Id9e95a58860a0ef786324d62020347bf01a36111 --- M hieradata/labs.yaml M hieradata/labs/tools/common.yaml M modules/apt/manifests/unattendedupgrades.pp M modules/profile/manifests/base/labs.pp 4 files changed, 25 insertions(+), 6 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/00/394200/1 diff --git a/hieradata/labs.yaml b/hieradata/labs.yaml index 9cbccbf..f5582bf 100644 --- a/hieradata/labs.yaml +++ b/hieradata/labs.yaml @@ -17,6 +17,8 @@ recursor: 'labs-recursor0.wikimedia.org' recursor_secondary: 'labs-recursor1.wikimedia.org' +profile::base::labs::unattended_distro: true +profile::base::labs::unattended_wmf: true profile::openstack::main::version: 'liberty' profile::openstack::base::region: "%{::site}" profile::openstack::main::nova_controller: 'labcontrol1001.wikimedia.org' diff --git a/hieradata/labs/tools/common.yaml b/hieradata/labs/tools/common.yaml index c62e87a..6e5eb3f 100644 --- a/hieradata/labs/tools/common.yaml +++ b/hieradata/labs/tools/common.yaml @@ -1,3 +1,6 @@ +profile::base::labs::unattended_distro: false +profile::base::labs::unattended_wmf: false + "profile::base::core_dump_pattern": core classes: - role::aptly::client diff --git a/modules/apt/manifests/unattendedupgrades.pp b/modules/apt/manifests/unattendedupgrades.pp index c02745c..41fafe4 100644 --- a/modules/apt/manifests/unattendedupgrades.pp +++ b/modules/apt/manifests/unattendedupgrades.pp @@ -1,13 +1,17 @@ -class apt::unattendedupgrades($ensure=present) { +class apt::unattendedupgrades( + $unattended_distro=true, + $unattended_wmf=true, + ) { + # package installation should enable security upgrades by default package { 'unattended-upgrades': - ensure => $ensure, + ensure => 'present', } # dpkg tries to determine the most conservative default action in case of # conffile conflict. This tells dpkg to use that action without asking apt::conf { 'dpkg-force-confdef': - ensure => present, + ensure => 'present', priority => '00', key => 'Dpkg::Options::', value => '--force-confdef', @@ -16,20 +20,21 @@ # In case of conffile conflicts, tell dpkg to keep the old conffile without # asking apt::conf { 'dpkg-force-confold': - ensure => present, + ensure => 'present', priority => '00', key => 'Dpkg::Options::', value => '--force-confold', } apt::conf { 'auto-upgrades': - ensure => $ensure, + ensure => $unattended_distro, priority => '20', key => 'APT::Periodic::Unattended-Upgrade', value => '1', } apt::conf { 'unattended-upgrades-wikimedia': + ensure => $unattended_wmf, priority => '51', # Key with trailing '::' to append to potentially existing entry key => 'Unattended-Upgrade::Origins-Pattern::', diff --git a/modules/profile/manifests/base/labs.pp b/modules/profile/manifests/base/labs.pp index 23816b3..c028c3f 100644 --- a/modules/profile/manifests/base/labs.pp +++ b/modules/profile/manifests/base/labs.pp @@ -1,4 +1,13 @@ -class profile::base::labs { +class profile::base::labs( + $unattended_distro = hiera('profile::base::labs::unattended_distro'), + $unattended_wmf = hiera('profile::base::labs::unattended_wmf), + ) { + + class {'::apt::unattendedupgrades': + unattended_distro => $unattended_distro, + unattended_wmf => $unattended_wmf, + } + include ::apt::unattendedupgrades include ::apt::noupgrade -- To view, visit https://gerrit.wikimedia.org/r/394200 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Id9e95a58860a0ef786324d62020347bf01a36111 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush <r...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits