Manage apt.conf.d/20auto-upgrades

This file has been seen on a few servers with the Unattended-Upgrades flag set to 0 disabling daily unattended upgrades. Most of our servers have this set to 1 and are fine, but let's go ahead and manage this file directly to ensure it is always 1 and auto upgrades are enabled. Note that previously we had been setting this via apt.conf.d/10periodic which seems to come from the update-notifier-common package on older systems and is now no longer used. Since that file's prefix is smaller than 20auto-upgrades the 20auto-ugprades file installed by unattended-upgrades overrides this value. A future update would be to coalesce both 10periodic and 20auto-upgrades together into one config file. Change-Id: Ic0bdaaf881780072fda7e60ff89b60b3a07b5804
2022-01-24 10:15:06 -08:00 · 2022-01-24 10:15:06 -08:00 · b88bc56c55
commit b88bc56c55
parent 8935a97801
3 changed files with 16 additions and 0 deletions
--- a/playbooks/roles/base/server/files/20auto-upgrades
+++ b/playbooks/roles/base/server/files/20auto-upgrades
@ -0,0 +1,2 @@
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Unattended-Upgrade "1";
--- a/playbooks/roles/base/server/tasks/Debian.yaml
+++ b/playbooks/roles/base/server/tasks/Debian.yaml
@ -56,6 +56,7 @@
    src: debian_limits.conf
    dest: /etc/security/limits.d/60-nofile-limit.conf

+# TODO combine 10periodic and 20auto-upgrades
 - name: Install apt-daily 10periodic file for unattended-upgrades
  copy:
     mode: 0444
@ -64,6 +65,14 @@
     owner: root
     group: root

+- name: Install 20auto-upgrades file for unattended-upgrades
+  copy:
+     mode: 0444
+     src: 20auto-upgrades
+     dest: /etc/apt/apt.conf.d/20auto-upgrades
+     owner: root
+     group: root
+
 - name: Install 50unattended-upgrades file for unattended-upgrades
  copy:
     mode: 0444
--- a/testinfra/test_base.py
+++ b/testinfra/test_base.py
@ -97,6 +97,11 @@ def test_unattended_upgrades(host):
        assert cfg_file.contains('^APT::Periodic::Unattended-Upgrade "1"')
        assert cfg_file.contains('^APT::Periodic::RandomSleep "1800"')

+        cfg_file = host.file("/etc/apt/apt.conf.d/20auto-upgrades")
+        assert cfg_file.exists
+        assert cfg_file.contains('^APT::Periodic::Update-Package-Lists "1"')
+        assert cfg_file.contains('^APT::Periodic::Unattended-Upgrade "1"')
+
        cfg_file = host.file("/etc/apt/apt.conf.d/50unattended-upgrades")
        assert cfg_file.contains('^Unattended-Upgrade::Mail "root"')