Use unattended upgrades.

Stop using latest for packages installed by puppet.  This way,
all system packages get updated, not just some random ones.

The unattended-upgrades config will email root.  It is configured
for openstack servers and jenkins slaves, but not template hosts
so that it doesn't interfere with spin-up.

Also, fix some bits in the gerrit module that were causing
continuous restarts on gerrit-dev.

Install emacs.

Change-Id: I51c9083ccd3669f284fce4b50c36a37a0cac92d8
This commit is contained in:
James E. Blair 2012-06-05 22:59:46 +00:00
parent 88c4a035ba
commit ae0f98e0cd
14 changed files with 95 additions and 25 deletions

View File

@ -17,8 +17,12 @@ class openstack_base {
$packages = ["puppet",
"git",
"python-setuptools",
"python-virtualenv"]
package { $packages: ensure => "latest" }
"python-virtualenv",
"python-software-properties",
"bzr",
"byobu",
"emacs23-nox"]
package { $packages: ensure => "present" }
realize (
User::Virtual::Localuser["mordred"],
@ -34,6 +38,7 @@ class openstack_template ($iptables_public_tcp_ports) {
include openstack_base
include ssh
include snmpd
include apt::unattended-upgrades
class { 'iptables':
public_tcp_ports => $iptables_public_tcp_ports,
@ -50,11 +55,6 @@ class openstack_template ($iptables_public_tcp_ports) {
hasrestart => true,
require => Package['ntp'],
}
$packages = ["python-software-properties",
"bzr",
"byobu"]
package { $packages: ensure => "latest" }
}
# A server that we expect to run for some time

View File

@ -21,6 +21,7 @@ class openstack_cron {
class openstack_jenkins_slave {
include openstack_cron
include tmpreaper
include apt::unattended-upgrades
class { 'openstack_server':
iptables_public_tcp_ports => []
}
@ -458,7 +459,7 @@ node /^oneiric.*\.slave\.openstack\.org$/ {
include openstack_jenkins_slave
package { "tox":
ensure => latest,
ensure => latest, # okay to use latest for pip
provider => pip,
require => Package[python-pip],
}

View File

@ -0,0 +1,6 @@
APT::Periodic::Enable "1";
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "5";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::RandomSleep "1800";

View File

@ -0,0 +1,30 @@
// Automatically upgrade packages from these (origin, archive) pairs
Unattended-Upgrade::Allowed-Origins {
// ${distro_id} and ${distro_codename} will be automatically expanded
"${distro_id} stable";
"${distro_id} ${distro_codename}-security";
"${distro_id} ${distro_codename}-updates";
// "${distro_id} ${distro_codename}-proposed-updates";
};
// List of packages to not update
Unattended-Upgrade::Package-Blacklist {
// "vim";
// "libc6";
// "libc6-dev";
// "libc6-i686";
};
// Send email to this address for problems or packages upgrades
// If empty or unset then no email is sent, make sure that you
// have a working mail setup on your system. The package 'mailx'
// must be installed or anything that provides /usr/bin/mail.
Unattended-Upgrade::Mail "root@localhost";
// Do automatic removal of new unused dependencies after the upgrade
// (equivalent to apt-get autoremove)
//Unattended-Upgrade::Remove-Unused-Dependencies "false";
// Automatically reboot *WITHOUT CONFIRMATION* if a
// the file /var/run/reboot-required is found after the upgrade
//Unattended-Upgrade::Automatic-Reboot "false";

View File

@ -0,0 +1,24 @@
class apt::unattended-upgrades($email='') {
package { 'unattended-upgrades':
ensure => present;
}
file { '/etc/apt/apt.conf.d/10periodic':
owner => 'root',
group => 'root',
mode => 444,
ensure => 'present',
source => "puppet:///modules/apt/10periodic",
replace => 'true',
}
file { '/etc/apt/apt.conf.d/50unattended-upgrades':
owner => 'root',
group => 'root',
mode => 444,
ensure => 'present',
source => "puppet:///modules/apt/50unattended-upgrades",
replace => 'true',
}
}

View File

@ -2,15 +2,15 @@
class devstack_host {
package { "linux-headers-virtual":
ensure => "latest",
ensure => present,
}
package { "mysql-server":
ensure => "latest",
ensure => present,
}
package { "rabbitmq-server":
ensure => "latest",
ensure => present,
require => File['rabbitmq-env.conf'],
}

View File

@ -116,16 +116,16 @@ class gerrit($virtual_hostname='',
"apache2"]
package { $packages:
ensure => "latest",
ensure => present,
}
package { "python-pip":
ensure => latest,
ensure => present,
require => Package[python-dev]
}
package { "github2":
ensure => latest,
ensure => latest, # okay to use latest for pip
provider => pip,
require => Package[python-pip]
}
@ -310,6 +310,16 @@ class gerrit($virtual_hostname='',
require => File["/home/gerrit2/review_site/etc"]
}
file { '/home/gerrit2/review_site/etc/gerrit.config.puppet':
owner => 'gerrit2',
group => 'gerrit2',
mode => 644,
ensure => 'present',
content => template('gerrit/gerrit.config.erb'),
replace => 'true',
require => File["/home/gerrit2/review_site/etc"]
}
file { '/home/gerrit2/review_site/hooks/change-merged':
owner => 'root',
group => 'root',
@ -507,10 +517,9 @@ class gerrit($virtual_hostname='',
require => Exec["download:$war"],
ensure => present,
replace => 'true',
# user, group, and mode have to be set this way to avoid retriggering gerrit-init on every run
# user, and mode have to be set this way to avoid retriggering gerrit-init on every run
# because gerrit init sets them this way
owner => 'gerrit2',
group => 'gerrit2',
mode => 644,
}

View File

@ -32,7 +32,7 @@ class jenkins_jobs($site, $projects) {
}
package { "python-jenkins":
ensure => latest,
ensure => latest, # okay to use latest for pip
provider => pip,
require => Package[python-pip],
}

View File

@ -76,11 +76,11 @@ class jenkins_slave($ssh_key, $sudo = false, $bare = false, $user = true) {
}
package { $packages:
ensure => "latest",
ensure => present,
}
package { "git-review":
ensure => latest,
ensure => latest, # okay to use latest for pip
provider => pip,
require => Package[python-pip],
}

View File

@ -11,7 +11,7 @@ class lodgeit {
"drizzle",
"python-mysqldb" ]
package { $packages: ensure => latest }
package { $packages: ensure => present }
package { 'SQLAlchemy':
provider => pip,

View File

@ -3,7 +3,7 @@
class logrotate {
package { "logrotate":
ensure => latest,
ensure => present,
}
file { "/etc/logrotate.d":

View File

@ -36,7 +36,7 @@ class meetbot {
}
package { ['supybot', 'nginx', 'python-twisted']:
ensure => latest
ensure => present
}
service { "nginx":

View File

@ -11,7 +11,7 @@ class pypimirror ( $base_url,
}
package { 'pip':
ensure => latest,
ensure => latest, # okay to use latest for pip
provider => 'pip',
require => Package['python-pip'],
}

View File

@ -1,5 +1,5 @@
class ssh {
package { openssh-server: ensure => latest }
package { openssh-server: ensure => present }
service { ssh:
ensure => running,
hasrestart => true,