d1ca8dbaa7
This commit adds the ability to enable automatic package upgrades via openstack-ansible-security. To enable, add the following variable to your /etc/openstack_deploy/user_variables.yml file: unattended_upgrades_enabled: true To have the unattended upgrades system send e-mail notifications when packages need updating or errors are encountered, add the following to user_variables.yml: unattended_upgrades_notifications: true As many organisations do not subscribe to auto updates, this functionality will remain disabled by default. Note that the first iteration of this change does not allow deep customisation of unatteded-upgrades. This means that as it stands only trusty-security (or $distro-security) updates will be applied. Closes-Bug: #1568075 Change-Id: I22ba1a02acfbe2befb601af6a4099d53d988d856
616 B
616 B
Exception
Operating system patching policies vary from organization to organization and are typically established based on business requirements and risk tolerance.
If desired, automatic updates (using the
unattended-upgrades package) can be enabled via
openstack-ansible-security by setting the following variable to
true:
unattended_upgrades: trueNote that this will only apply updates made available to the distro-security (eg. trusty-security) repositories.
Deployers are urged to fully understand the impact of enabling automatic update before making the change.