Unattended Upgrades

Folgender State installiert das benötigte Paket und verteilt die Konfigurationsdatei. Je nach Distribution und Version muss eine unterschiedliche Konfiguration verwendet werden.

Die Konfigurationsdatei wird von Jinja »bearbeitet«, sodass Sie einzelne Zeilen oder Werte per Pillar setzen können.

/srv/salt/unattended-upgrades/init.sls

{% set src_conf = "50unattended-upgrades." + grains['os']|lower %}
unattended-upgrades:
  pkg.installed: []

/etc/apt/apt.conf.d/50unattended-upgrades:
  file.managed:
    - source: salt://unattended-upgrades/{{ src_conf }}
    - template: jinja

unattended-upgrades.service:
  service.running:
    - enable: True
    - watch:
      - file: /etc/apt/apt.conf.d/50unattended-upgrades

Nachfolgend ein Ausschnitt aus der Konfigurationsdatei, das zeigt, wie Sie über Pillars einzelne Zeilen aktivieren oder deaktivieren, Zeilen 7–12.

Unattended-Upgrade::Origins-Pattern {
        // Codename based matching:
        // This will follow the migration of a release through different
        // archives (e.g. from testing to stable and later oldstable).
        // Software will be the latest available for the named release,
        // but the Debian release itself will not be automatically upgraded.
        {% if salt.pillar.get('unattended_upgrades:updates',False) -%}
        "origin=Debian,codename=${distro_codename}-updates";
        {%- endif %}
        {% if salt.pillar.get('unattended_upgrades:proposed_updates',False) -%}
        "origin=Debian,codename=${distro_codename}-proposed-updates";
        {%- endif %}
        "origin=Debian,codename=${distro_codename},label=Debian";
        "origin=Debian,codename=${distro_codename},label=Debian-Security";
        "origin=Debian,codename=${distro_codename}-security,label=Debian-Security";

        // Archive or Suite based matching:
        // Note that this will silently match a different release after
        // migration to the specified archive (e.g. testing becomes the
        // new stable).
//      "o=Debian,a=stable";
//      "o=Debian,a=stable-updates";
//      "o=Debian,a=proposed-updates";
//      "o=Debian Backports,a=${distro_codename}-backports,l=Debian Backports";
};

PreviousWartungstunnel NextSalt & Etcd

Last updated 1 year ago

{% set src_conf = "50unattended-upgrades." + grains['os']|lower %} unattended-upgrades: pkg.installed: [] /etc/apt/apt.conf.d/50unattended-upgrades: file.managed: - source: salt://unattended-upgrades/{{ src_conf }} - template: jinja unattended-upgrades.service: service.running: - enable: True - watch: - file: /etc/apt/apt.conf.d/50unattended-upgrades

Unattended-Upgrade::Origins-Pattern { // Codename based matching: // This will follow the migration of a release through different // archives (e.g. from testing to stable and later oldstable). // Software will be the latest available for the named release, // but the Debian release itself will not be automatically upgraded. {% if salt.pillar.get('unattended_upgrades:updates',False) -%} "origin=Debian,codename=${distro_codename}-updates"; {%- endif %} {% if salt.pillar.get('unattended_upgrades:proposed_updates',False) -%} "origin=Debian,codename=${distro_codename}-proposed-updates"; {%- endif %} "origin=Debian,codename=${distro_codename},label=Debian"; "origin=Debian,codename=${distro_codename},label=Debian-Security"; "origin=Debian,codename=${distro_codename}-security,label=Debian-Security"; // Archive or Suite based matching: // Note that this will silently match a different release after // migration to the specified archive (e.g. testing becomes the // new stable). // "o=Debian,a=stable"; // "o=Debian,a=stable-updates"; // "o=Debian,a=proposed-updates"; // "o=Debian Backports,a=${distro_codename}-backports,l=Debian Backports"; };