Use unattended upgrades.
Stop using latest for packages installed by puppet. This way, all system packages get updated, not just some random ones. The unattended-upgrades config will email root. It is configured for openstack servers and jenkins slaves, but not template hosts so that it doesn't interfere with spin-up. Also, fix some bits in the gerrit module that were causing continuous restarts on gerrit-dev. Install emacs. Change-Id: I51c9083ccd3669f284fce4b50c36a37a0cac92d8
This commit is contained in:
parent
88c4a035ba
commit
ae0f98e0cd
@ -17,8 +17,12 @@ class openstack_base {
|
||||
$packages = ["puppet",
|
||||
"git",
|
||||
"python-setuptools",
|
||||
"python-virtualenv"]
|
||||
package { $packages: ensure => "latest" }
|
||||
"python-virtualenv",
|
||||
"python-software-properties",
|
||||
"bzr",
|
||||
"byobu",
|
||||
"emacs23-nox"]
|
||||
package { $packages: ensure => "present" }
|
||||
|
||||
realize (
|
||||
User::Virtual::Localuser["mordred"],
|
||||
@ -34,6 +38,7 @@ class openstack_template ($iptables_public_tcp_ports) {
|
||||
include openstack_base
|
||||
include ssh
|
||||
include snmpd
|
||||
include apt::unattended-upgrades
|
||||
|
||||
class { 'iptables':
|
||||
public_tcp_ports => $iptables_public_tcp_ports,
|
||||
@ -50,11 +55,6 @@ class openstack_template ($iptables_public_tcp_ports) {
|
||||
hasrestart => true,
|
||||
require => Package['ntp'],
|
||||
}
|
||||
|
||||
$packages = ["python-software-properties",
|
||||
"bzr",
|
||||
"byobu"]
|
||||
package { $packages: ensure => "latest" }
|
||||
}
|
||||
|
||||
# A server that we expect to run for some time
|
||||
|
@ -21,6 +21,7 @@ class openstack_cron {
|
||||
class openstack_jenkins_slave {
|
||||
include openstack_cron
|
||||
include tmpreaper
|
||||
include apt::unattended-upgrades
|
||||
class { 'openstack_server':
|
||||
iptables_public_tcp_ports => []
|
||||
}
|
||||
@ -458,7 +459,7 @@ node /^oneiric.*\.slave\.openstack\.org$/ {
|
||||
include openstack_jenkins_slave
|
||||
|
||||
package { "tox":
|
||||
ensure => latest,
|
||||
ensure => latest, # okay to use latest for pip
|
||||
provider => pip,
|
||||
require => Package[python-pip],
|
||||
}
|
||||
|
6
modules/apt/files/10periodic
Normal file
6
modules/apt/files/10periodic
Normal file
@ -0,0 +1,6 @@
|
||||
APT::Periodic::Enable "1";
|
||||
APT::Periodic::Update-Package-Lists "1";
|
||||
APT::Periodic::Download-Upgradeable-Packages "1";
|
||||
APT::Periodic::AutocleanInterval "5";
|
||||
APT::Periodic::Unattended-Upgrade "1";
|
||||
APT::Periodic::RandomSleep "1800";
|
30
modules/apt/files/50unattended-upgrades
Normal file
30
modules/apt/files/50unattended-upgrades
Normal file
@ -0,0 +1,30 @@
|
||||
// Automatically upgrade packages from these (origin, archive) pairs
|
||||
Unattended-Upgrade::Allowed-Origins {
|
||||
// ${distro_id} and ${distro_codename} will be automatically expanded
|
||||
"${distro_id} stable";
|
||||
"${distro_id} ${distro_codename}-security";
|
||||
"${distro_id} ${distro_codename}-updates";
|
||||
// "${distro_id} ${distro_codename}-proposed-updates";
|
||||
};
|
||||
|
||||
// List of packages to not update
|
||||
Unattended-Upgrade::Package-Blacklist {
|
||||
// "vim";
|
||||
// "libc6";
|
||||
// "libc6-dev";
|
||||
// "libc6-i686";
|
||||
};
|
||||
|
||||
// Send email to this address for problems or packages upgrades
|
||||
// If empty or unset then no email is sent, make sure that you
|
||||
// have a working mail setup on your system. The package 'mailx'
|
||||
// must be installed or anything that provides /usr/bin/mail.
|
||||
Unattended-Upgrade::Mail "root@localhost";
|
||||
|
||||
// Do automatic removal of new unused dependencies after the upgrade
|
||||
// (equivalent to apt-get autoremove)
|
||||
//Unattended-Upgrade::Remove-Unused-Dependencies "false";
|
||||
|
||||
// Automatically reboot *WITHOUT CONFIRMATION* if a
|
||||
// the file /var/run/reboot-required is found after the upgrade
|
||||
//Unattended-Upgrade::Automatic-Reboot "false";
|
24
modules/apt/manifests/unattended-upgrades.pp
Normal file
24
modules/apt/manifests/unattended-upgrades.pp
Normal file
@ -0,0 +1,24 @@
|
||||
class apt::unattended-upgrades($email='') {
|
||||
package { 'unattended-upgrades':
|
||||
ensure => present;
|
||||
}
|
||||
|
||||
file { '/etc/apt/apt.conf.d/10periodic':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => 444,
|
||||
ensure => 'present',
|
||||
source => "puppet:///modules/apt/10periodic",
|
||||
replace => 'true',
|
||||
}
|
||||
|
||||
file { '/etc/apt/apt.conf.d/50unattended-upgrades':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => 444,
|
||||
ensure => 'present',
|
||||
source => "puppet:///modules/apt/50unattended-upgrades",
|
||||
replace => 'true',
|
||||
}
|
||||
|
||||
}
|
@ -2,15 +2,15 @@
|
||||
class devstack_host {
|
||||
|
||||
package { "linux-headers-virtual":
|
||||
ensure => "latest",
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
package { "mysql-server":
|
||||
ensure => "latest",
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
package { "rabbitmq-server":
|
||||
ensure => "latest",
|
||||
ensure => present,
|
||||
require => File['rabbitmq-env.conf'],
|
||||
}
|
||||
|
||||
|
@ -116,16 +116,16 @@ class gerrit($virtual_hostname='',
|
||||
"apache2"]
|
||||
|
||||
package { $packages:
|
||||
ensure => "latest",
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
package { "python-pip":
|
||||
ensure => latest,
|
||||
ensure => present,
|
||||
require => Package[python-dev]
|
||||
}
|
||||
|
||||
package { "github2":
|
||||
ensure => latest,
|
||||
ensure => latest, # okay to use latest for pip
|
||||
provider => pip,
|
||||
require => Package[python-pip]
|
||||
}
|
||||
@ -310,6 +310,16 @@ class gerrit($virtual_hostname='',
|
||||
require => File["/home/gerrit2/review_site/etc"]
|
||||
}
|
||||
|
||||
file { '/home/gerrit2/review_site/etc/gerrit.config.puppet':
|
||||
owner => 'gerrit2',
|
||||
group => 'gerrit2',
|
||||
mode => 644,
|
||||
ensure => 'present',
|
||||
content => template('gerrit/gerrit.config.erb'),
|
||||
replace => 'true',
|
||||
require => File["/home/gerrit2/review_site/etc"]
|
||||
}
|
||||
|
||||
file { '/home/gerrit2/review_site/hooks/change-merged':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
@ -507,10 +517,9 @@ class gerrit($virtual_hostname='',
|
||||
require => Exec["download:$war"],
|
||||
ensure => present,
|
||||
replace => 'true',
|
||||
# user, group, and mode have to be set this way to avoid retriggering gerrit-init on every run
|
||||
# user, and mode have to be set this way to avoid retriggering gerrit-init on every run
|
||||
# because gerrit init sets them this way
|
||||
owner => 'gerrit2',
|
||||
group => 'gerrit2',
|
||||
mode => 644,
|
||||
}
|
||||
|
||||
|
@ -32,7 +32,7 @@ class jenkins_jobs($site, $projects) {
|
||||
}
|
||||
|
||||
package { "python-jenkins":
|
||||
ensure => latest,
|
||||
ensure => latest, # okay to use latest for pip
|
||||
provider => pip,
|
||||
require => Package[python-pip],
|
||||
}
|
||||
|
@ -76,11 +76,11 @@ class jenkins_slave($ssh_key, $sudo = false, $bare = false, $user = true) {
|
||||
}
|
||||
|
||||
package { $packages:
|
||||
ensure => "latest",
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
package { "git-review":
|
||||
ensure => latest,
|
||||
ensure => latest, # okay to use latest for pip
|
||||
provider => pip,
|
||||
require => Package[python-pip],
|
||||
}
|
||||
|
@ -11,7 +11,7 @@ class lodgeit {
|
||||
"drizzle",
|
||||
"python-mysqldb" ]
|
||||
|
||||
package { $packages: ensure => latest }
|
||||
package { $packages: ensure => present }
|
||||
|
||||
package { 'SQLAlchemy':
|
||||
provider => pip,
|
||||
|
@ -3,7 +3,7 @@
|
||||
class logrotate {
|
||||
|
||||
package { "logrotate":
|
||||
ensure => latest,
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
file { "/etc/logrotate.d":
|
||||
|
@ -36,7 +36,7 @@ class meetbot {
|
||||
}
|
||||
|
||||
package { ['supybot', 'nginx', 'python-twisted']:
|
||||
ensure => latest
|
||||
ensure => present
|
||||
}
|
||||
|
||||
service { "nginx":
|
||||
|
@ -11,7 +11,7 @@ class pypimirror ( $base_url,
|
||||
}
|
||||
|
||||
package { 'pip':
|
||||
ensure => latest,
|
||||
ensure => latest, # okay to use latest for pip
|
||||
provider => 'pip',
|
||||
require => Package['python-pip'],
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
class ssh {
|
||||
package { openssh-server: ensure => latest }
|
||||
package { openssh-server: ensure => present }
|
||||
service { ssh:
|
||||
ensure => running,
|
||||
hasrestart => true,
|
||||
|
Loading…
Reference in New Issue
Block a user