From 6d3a281a42b5cb4c85cc2181729c03b4439eb5c1 Mon Sep 17 00:00:00 2001 From: Clark Boylan Date: Mon, 24 Jan 2022 10:21:37 -0800 Subject: [PATCH] Manage 10periodic and 20auto-upgrades together These two apt.conf.d config files are installed by different packages but have overlap in the configuration they set. Unfortunately if the wrong one sets the flag to disable periodic updates it wins based on apt conf's priority rules. To ensure that we continue to auto update and handle different packages supplying different config files we manage the entirety of the periodic config in both of these files at the same time using a common source file. Change-Id: I5e408fd7c343adb1de9ec564fe430a6f31ecc360 --- playbooks/roles/base/server/files/20auto-upgrades | 2 -- .../server/files/{10periodic => XYperiodic-updates} | 0 playbooks/roles/base/server/tasks/Debian.yaml | 10 +++++++--- testinfra/test_base.py | 4 ++++ 4 files changed, 11 insertions(+), 5 deletions(-) delete mode 100644 playbooks/roles/base/server/files/20auto-upgrades rename playbooks/roles/base/server/files/{10periodic => XYperiodic-updates} (100%) diff --git a/playbooks/roles/base/server/files/20auto-upgrades b/playbooks/roles/base/server/files/20auto-upgrades deleted file mode 100644 index 8d6d7c82fe..0000000000 --- a/playbooks/roles/base/server/files/20auto-upgrades +++ /dev/null @@ -1,2 +0,0 @@ -APT::Periodic::Update-Package-Lists "1"; -APT::Periodic::Unattended-Upgrade "1"; diff --git a/playbooks/roles/base/server/files/10periodic b/playbooks/roles/base/server/files/XYperiodic-updates similarity index 100% rename from playbooks/roles/base/server/files/10periodic rename to playbooks/roles/base/server/files/XYperiodic-updates diff --git a/playbooks/roles/base/server/tasks/Debian.yaml b/playbooks/roles/base/server/tasks/Debian.yaml index 0f94c18afc..59daf6f653 100644 --- a/playbooks/roles/base/server/tasks/Debian.yaml +++ b/playbooks/roles/base/server/tasks/Debian.yaml @@ -56,11 +56,15 @@ src: debian_limits.conf dest: /etc/security/limits.d/60-nofile-limit.conf -# TODO combine 10periodic and 20auto-upgrades +# The next two files share a source file. Different packages manage +# each of these and we do not want them to get out of sync with each +# other as that can impact the configuration that apt sees based on +# priority rules. We address this by making the two files have the same +# content. - name: Install apt-daily 10periodic file for unattended-upgrades copy: mode: 0444 - src: 10periodic + src: XYperiodic-updates dest: /etc/apt/apt.conf.d/10periodic owner: root group: root @@ -68,7 +72,7 @@ - name: Install 20auto-upgrades file for unattended-upgrades copy: mode: 0444 - src: 20auto-upgrades + src: XYperiodic-updates dest: /etc/apt/apt.conf.d/20auto-upgrades owner: root group: root diff --git a/testinfra/test_base.py b/testinfra/test_base.py index e7b9c566c3..2d84be10e3 100644 --- a/testinfra/test_base.py +++ b/testinfra/test_base.py @@ -99,8 +99,12 @@ def test_unattended_upgrades(host): cfg_file = host.file("/etc/apt/apt.conf.d/20auto-upgrades") assert cfg_file.exists + assert cfg_file.contains('^APT::Periodic::Enable "1"') assert cfg_file.contains('^APT::Periodic::Update-Package-Lists "1"') + assert cfg_file.contains('^APT::Periodic::Download-Upgradeable-Packages "1"') + assert cfg_file.contains('^APT::Periodic::AutocleanInterval "5"') assert cfg_file.contains('^APT::Periodic::Unattended-Upgrade "1"') + assert cfg_file.contains('^APT::Periodic::RandomSleep "1800"') cfg_file = host.file("/etc/apt/apt.conf.d/50unattended-upgrades") assert cfg_file.contains('^Unattended-Upgrade::Mail "root"')