opendev/system-config
Code Issues Proposed changes

Manage 10periodic and 20auto-upgrades together

Browse Source 
These two apt.conf.d config files are installed by different packages
but have overlap in the configuration they set. Unfortunately if the
wrong one sets the flag to disable periodic updates it wins based on apt
conf's priority rules.

To ensure that we continue to auto update and handle different packages
supplying different config files we manage the entirety of the periodic
config in both of these files at the same time using a common source
file.

Change-Id: I5e408fd7c343adb1de9ec564fe430a6f31ecc360
This commit is contained in:
Clark Boylan 2022-01-24 10:21:37 -08:00
parent b88bc56c55
commit 6d3a281a42
4 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
playbooks/roles/base/server/files/20auto-upgrades
View File

@ -1,2 +0,0 @@
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

0
playbooks/roles/base/server/files/10periodic → playbooks/roles/base/server/files/XYperiodic-updates
View File

10
playbooks/roles/base/server/tasks/Debian.yaml
View File

@ -56,11 +56,15 @@
src: debian_limits.conf src: debian_limits.conf
dest: /etc/security/limits.d/60-nofile-limit.conf dest: /etc/security/limits.d/60-nofile-limit.conf
# TODO combine 10periodic and 20auto-upgrades # The next two files share a source file. Different packages manage
# each of these and we do not want them to get out of sync with each
# other as that can impact the configuration that apt sees based on
# priority rules. We address this by making the two files have the same
# content.
- name: Install apt-daily 10periodic file for unattended-upgrades - name: Install apt-daily 10periodic file for unattended-upgrades
copy: copy:
mode: 0444 mode: 0444
src: 10periodic src: XYperiodic-updates
dest: /etc/apt/apt.conf.d/10periodic dest: /etc/apt/apt.conf.d/10periodic
owner: root owner: root
group: root group: root
@ -68,7 +72,7 @@
- name: Install 20auto-upgrades file for unattended-upgrades - name: Install 20auto-upgrades file for unattended-upgrades
copy: copy:
mode: 0444 mode: 0444
src: 20auto-upgrades src: XYperiodic-updates
dest: /etc/apt/apt.conf.d/20auto-upgrades dest: /etc/apt/apt.conf.d/20auto-upgrades
owner: root owner: root
group: root group: root

4
testinfra/test_base.py
View File

@ -99,8 +99,12 @@ def test_unattended_upgrades(host):
cfg_file = host.file("/etc/apt/apt.conf.d/20auto-upgrades") cfg_file = host.file("/etc/apt/apt.conf.d/20auto-upgrades")
assert cfg_file.exists assert cfg_file.exists
assert cfg_file.contains('^APT::Periodic::Enable "1"')
assert cfg_file.contains('^APT::Periodic::Update-Package-Lists "1"') assert cfg_file.contains('^APT::Periodic::Update-Package-Lists "1"')
assert cfg_file.contains('^APT::Periodic::Download-Upgradeable-Packages "1"')
assert cfg_file.contains('^APT::Periodic::AutocleanInterval "5"')
assert cfg_file.contains('^APT::Periodic::Unattended-Upgrade "1"') assert cfg_file.contains('^APT::Periodic::Unattended-Upgrade "1"')
assert cfg_file.contains('^APT::Periodic::RandomSleep "1800"')
cfg_file = host.file("/etc/apt/apt.conf.d/50unattended-upgrades") cfg_file = host.file("/etc/apt/apt.conf.d/50unattended-upgrades")
assert cfg_file.contains('^Unattended-Upgrade::Mail "root"') assert cfg_file.contains('^Unattended-Upgrade::Mail "root"')