Unattended Upgrades
{% set src_conf = "50unattended-upgrades." + grains['os']|lower %}
unattended-upgrades:
pkg.installed: []
/etc/apt/apt.conf.d/50unattended-upgrades:
file.managed:
- source: salt://unattended-upgrades/{{ src_conf }}
- template: jinja
unattended-upgrades.service:
service.running:
- enable: True
- watch:
- file: /etc/apt/apt.conf.d/50unattended-upgradesUnattended-Upgrade::Origins-Pattern {
// Codename based matching:
// This will follow the migration of a release through different
// archives (e.g. from testing to stable and later oldstable).
// Software will be the latest available for the named release,
// but the Debian release itself will not be automatically upgraded.
{% if salt.pillar.get('unattended_upgrades:updates',False) -%}
"origin=Debian,codename=${distro_codename}-updates";
{%- endif %}
{% if salt.pillar.get('unattended_upgrades:proposed_updates',False) -%}
"origin=Debian,codename=${distro_codename}-proposed-updates";
{%- endif %}
"origin=Debian,codename=${distro_codename},label=Debian";
"origin=Debian,codename=${distro_codename},label=Debian-Security";
"origin=Debian,codename=${distro_codename}-security,label=Debian-Security";
// Archive or Suite based matching:
// Note that this will silently match a different release after
// migration to the specified archive (e.g. testing becomes the
// new stable).
// "o=Debian,a=stable";
// "o=Debian,a=stable-updates";
// "o=Debian,a=proposed-updates";
// "o=Debian Backports,a=${distro_codename}-backports,l=Debian Backports";
};
Last updated