bundles/apt: handle unattended-upgrades ourselves
This commit is contained in:
parent
b1992447f0
commit
366374b4e5
GPG key ID:
12E3D2136B818350
10 changed files with 64 additions and 78 deletions
|
|
@ -1,3 +0,0 @@
|
|||
APT::Periodic::Update-Package-Lists "1";
|
||||
APT::Periodic::Unattended-Upgrade "1";
|
||||
APT::Periodic::AutocleanInterval "7";
|
||||
|
|
@ -1,31 +0,0 @@
|
|||
Unattended-Upgrade::Origins-Pattern {
|
||||
"origin=Debian,codename=${os_release},label=Debian";
|
||||
"origin=Debian,codename=${os_release},label=Debian-Security";
|
||||
|
||||
% if node_has_backports:
|
||||
"a=${os_release}-backports,n=${os_release}-backports";
|
||||
% endif
|
||||
|
||||
// External packages
|
||||
% for item in sorted(data.get('origins', set())):
|
||||
"${item}";
|
||||
% endfor
|
||||
};
|
||||
|
||||
Unattended-Upgrade::AutoFixInterruptedDpkg "true";
|
||||
Unattended-Upgrade::MinimalSteps "false";
|
||||
|
||||
% if data.get('mail', None):
|
||||
Unattended-Upgrade::Mail "${data['mail']}";
|
||||
Unattended-Upgrade::MailOnlyOnError "false";
|
||||
% endif
|
||||
|
||||
Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
|
||||
Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
|
||||
Unattended-Upgrade::Remove-Unused-Dependencies "true";
|
||||
|
||||
% if data.get('reboot', True):
|
||||
Unattended-Upgrade::Automatic-Reboot "true";
|
||||
% else:
|
||||
Unattended-Upgrade::Automatic-Reboot "false";
|
||||
% endif
|
||||
52
bundles/apt/files/upgrade-and-reboot
Normal file
52
bundles/apt/files/upgrade-and-reboot
Normal file
|
|
@ -0,0 +1,52 @@
|
|||
#!/bin/bash
|
||||
|
||||
# With systemd, we can force logging to the journal. This is better than
|
||||
# spamming the world with cron mails. You can then view these logs using
|
||||
# "journalctl -rat upgrade-and-reboot".
|
||||
if [[ "$1" != '-w' ]]
|
||||
then
|
||||
if which systemd-cat >/dev/null 2>&1
|
||||
then
|
||||
if [[ "$1" != "is-logging" ]]
|
||||
then
|
||||
exec systemd-cat -t upgrade-and-reboot "$0" is-logging "$@"
|
||||
else
|
||||
shift
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
logins=$(ps h -C sshd -o euser | awk '$1 != "root" && $1 != "sshd"')
|
||||
if [[ -n "$logins" ]]
|
||||
then
|
||||
echo "Will abort now, there are active SSH logins: $logins"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
softlockdir=/var/lib/bundlewrap/soft-${node.name}
|
||||
mkdir -p "$softlockdir"
|
||||
printf '{"comment": "UPDATE", "date": %s, "expiry": %s, "id": "UNATTENDED", "items": ["*"], "user": "root@localhost"}\n' \
|
||||
$(date +%s) \
|
||||
$(date -d 'now + 30 mins' +%s) \
|
||||
>"$softlockdir"/UNATTENDED
|
||||
trap 'rm -f "$softlockdir"/UNATTENDED' EXIT
|
||||
|
||||
apt-get update
|
||||
|
||||
DEBIAN_FRONTEND=noninteractive apt-get -y -q -o Dpkg::Options::=--force-confold -o Dpkg::Options::=--force-confdef dist-upgrade
|
||||
|
||||
ret=$?
|
||||
if (( $ret != 0 ))
|
||||
then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
apt-get autoclean
|
||||
apt-get autoremove
|
||||
|
||||
if [[ -f /var/run/reboot-required ]]
|
||||
then
|
||||
date | mail -s "SYSREBOOTNOW $(cat /etc/node.name)" ${data['mail']}
|
||||
systemctl reboot
|
||||
fi
|
||||
Loading…
Add table
Add a link
Reference in a new issue