summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorroot <root@localhost>2018-09-16 22:21:28 +0200
committerMike Gabriel <mike.gabriel@das-netzwerkteam.de>2018-09-16 22:26:55 +0200
commitb9c90f087cb54a0b8be222dbdcd88c8a73ef4f57 (patch)
tree51f19339b7cb1da0633bca404ff31f87584351fd
parentbb00f4ab450131094096b7ae74cf3edcdaa224db (diff)
downloadpuppet.DEV-b9c90f087cb54a0b8be222dbdcd88c8a73ef4f57.tar.gz
puppet.DEV-b9c90f087cb54a0b8be222dbdcd88c8a73ef4f57.tar.bz2
puppet.DEV-b9c90f087cb54a0b8be222dbdcd88c8a73ef4f57.zip
Add voxpopulis's unattended_upgrade module.
-rw-r--r--code/environments/production/modules/unattended_upgrades/CHANGELOG.md222
-rw-r--r--code/environments/production/modules/unattended_upgrades/CONTRIBUTING.md97
-rw-r--r--code/environments/production/modules/unattended_upgrades/Gemfile78
-rw-r--r--code/environments/production/modules/unattended_upgrades/LICENSE35
-rw-r--r--code/environments/production/modules/unattended_upgrades/README.md175
-rw-r--r--code/environments/production/modules/unattended_upgrades/Rakefile92
-rw-r--r--code/environments/production/modules/unattended_upgrades/checksums.json49
-rw-r--r--code/environments/production/modules/unattended_upgrades/manifests/init.pp77
-rw-r--r--code/environments/production/modules/unattended_upgrades/manifests/params.pp150
-rw-r--r--code/environments/production/modules/unattended_upgrades/manifests/params.pp.testing147
-rw-r--r--code/environments/production/modules/unattended_upgrades/metadata.json55
-rw-r--r--code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/archlinux-2-x64.yml13
-rw-r--r--code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-511-x64.yml15
-rw-r--r--code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-6-x64.yml15
-rw-r--r--code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-66-x64-pe.yml17
-rw-r--r--code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-66-x64.yml15
-rw-r--r--code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-7-x64.yml15
-rw-r--r--code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-72-x64.yml15
-rw-r--r--code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/debian-78-x64.yml15
-rw-r--r--code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/debian-82-x64.yml15
-rw-r--r--code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/amazonlinux-2016091.yml31
-rw-r--r--code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/image_templates.yaml34
-rw-r--r--code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/rhel-73-x64.yml29
-rw-r--r--code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/sles-12sp2-x64.yml29
-rw-r--r--code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/ubuntu-1604-x64.yml29
-rw-r--r--code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/windows-2016-base-x64.yml29
-rw-r--r--code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/fedora-24-x64.yml15
-rw-r--r--code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/fedora-25-x64.yml16
-rw-r--r--code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/fedora-26-x64.yml16
-rw-r--r--code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/fedora-27-x64.yml18
-rw-r--r--code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ubuntu-server-1204-x64.yml15
-rw-r--r--code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml15
-rw-r--r--code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ubuntu-server-1604-x64.yml15
-rw-r--r--code/environments/production/modules/unattended_upgrades/spec/classes/coverage_spec.rb4
-rw-r--r--code/environments/production/modules/unattended_upgrades/spec/classes/debian_spec.rb146
-rw-r--r--code/environments/production/modules/unattended_upgrades/spec/classes/other_debians_spec.rb128
-rw-r--r--code/environments/production/modules/unattended_upgrades/spec/classes/ubuntu_spec.rb131
-rw-r--r--code/environments/production/modules/unattended_upgrades/spec/classes/unattended_upgrades_spec.rb436
-rw-r--r--code/environments/production/modules/unattended_upgrades/spec/default_facts.yml14
-rw-r--r--code/environments/production/modules/unattended_upgrades/spec/spec_helper.rb35
-rw-r--r--code/environments/production/modules/unattended_upgrades/templates/options.erb11
-rw-r--r--code/environments/production/modules/unattended_upgrades/templates/periodic.erb62
-rw-r--r--code/environments/production/modules/unattended_upgrades/templates/unattended-upgrades.erb78
-rw-r--r--code/environments/production/modules/unattended_upgrades/types/age.pp6
-rw-r--r--code/environments/production/modules/unattended_upgrades/types/auto.pp9
-rw-r--r--code/environments/production/modules/unattended_upgrades/types/backup.pp6
-rw-r--r--code/environments/production/modules/unattended_upgrades/types/mail.pp6
-rw-r--r--code/environments/production/modules/unattended_upgrades/types/options.pp8
-rw-r--r--code/environments/production/modules/unattended_upgrades/types/upgradeable_packages.pp6
49 files changed, 2689 insertions, 0 deletions
diff --git a/code/environments/production/modules/unattended_upgrades/CHANGELOG.md b/code/environments/production/modules/unattended_upgrades/CHANGELOG.md
new file mode 100644
index 0000000..7a8377a
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/CHANGELOG.md
@@ -0,0 +1,222 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+Each new release typically also includes the latest modulesync defaults.
+These should not affect the functionality of the module.
+
+## [v3.2.0](https://github.com/voxpupuli/puppet-unattended_upgrades/tree/v3.2.0) (2018-06-12)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-unattended_upgrades/compare/v3.1.0...v3.2.0)
+
+**Implemented enhancements:**
+
+- Allow configuration of Unattended-Upgrade::Sender parameter [\#119](https://github.com/voxpupuli/puppet-unattended_upgrades/issues/119)
+- Optional argument for specifing the Unattended-Upgrade::Sender config flag [\#120](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/120) ([LarsErikP](https://github.com/LarsErikP))
+
+**Closed issues:**
+
+- \(Confirm\) Ubuntu 18.04 support [\#124](https://github.com/voxpupuli/puppet-unattended_upgrades/issues/124)
+- Typo - README.md - Reference/options "force\_connew" [\#109](https://github.com/voxpupuli/puppet-unattended_upgrades/issues/109)
+
+**Merged pull requests:**
+
+- Add Ubuntu 18.04 LTS "bionic" to the list of supported OSes \(fixes \#124\) [\#125](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/125) ([mpdude](https://github.com/mpdude))
+- Remove docker nodesets [\#123](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/123) ([bastelfreak](https://github.com/bastelfreak))
+- drop EOL OSs; fix puppet version range [\#121](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/121) ([bastelfreak](https://github.com/bastelfreak))
+- Fix typo [\#117](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/117) ([6uhrmittag](https://github.com/6uhrmittag))
+
+## [v3.1.0](https://github.com/voxpupuli/puppet-unattended_upgrades/tree/v3.1.0) (2017-12-09)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-unattended_upgrades/compare/v3.0.1...v3.1.0)
+
+**Closed issues:**
+
+- Duplicate declaration due to contain ::apt [\#110](https://github.com/voxpupuli/puppet-unattended_upgrades/issues/110)
+
+**Merged pull requests:**
+
+- release 3.1.0 [\#116](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/116) ([bastelfreak](https://github.com/bastelfreak))
+- Add Ubuntu artful [\#115](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/115) ([danielhoherd](https://github.com/danielhoherd))
+
+## [v3.0.1](https://github.com/voxpupuli/puppet-unattended_upgrades/tree/v3.0.1) (2017-10-28)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-unattended_upgrades/compare/v3.0.0...v3.0.1)
+
+**Closed issues:**
+
+- Allowed-Origins contains ${distro\_id}:${distro\_codename} [\#107](https://github.com/voxpupuli/puppet-unattended_upgrades/issues/107)
+
+**Merged pull requests:**
+
+- Don't `contain` `apt` but `include` instead [\#111](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/111) ([alexjfisher](https://github.com/alexjfisher))
+
+## [v3.0.0](https://github.com/voxpupuli/puppet-unattended_upgrades/tree/v3.0.0) (2017-07-07)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-unattended_upgrades/compare/v2.2.0...v3.0.0)
+
+**Breaking changes:**
+
+- Use Data Types instead of validate\_\* functions [\#90](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/90) ([raphink](https://github.com/raphink))
+
+**Implemented enhancements:**
+
+- Add Debian 9 - Stretch Support [\#102](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/102) ([petems](https://github.com/petems))
+- Ubuntu: Add 17.04 Zesty Zapus. [\#89](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/89) ([raoulbhatia](https://github.com/raoulbhatia))
+
+**Fixed bugs:**
+
+- Error when configuring unattended-upgrades [\#92](https://github.com/voxpupuli/puppet-unattended_upgrades/issues/92)
+- Adds ::apt containment to main class [\#103](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/103) ([petems](https://github.com/petems))
+
+**Closed issues:**
+
+- Not setting up a daily cron [\#87](https://github.com/voxpupuli/puppet-unattended_upgrades/issues/87)
+
+**Merged pull requests:**
+
+- Update Debian upstream names [\#101](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/101) ([petems](https://github.com/petems))
+- Refactor specs [\#100](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/100) ([petems](https://github.com/petems))
+- Add tags to metadata.json [\#98](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/98) ([petems](https://github.com/petems))
+- Allow newer apt modules to satisfy dependency [\#91](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/91) ([cpick](https://github.com/cpick))
+- cleanup README - typos, remove splunk and fix ToC [\#83](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/83) ([pono](https://github.com/pono))
+- Modulesync 0.18.0 [\#82](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/82) ([bastelfreak](https://github.com/bastelfreak))
+
+## [v2.2.0](https://github.com/voxpupuli/puppet-unattended_upgrades/tree/v2.2.0) (2017-01-12)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-unattended_upgrades/compare/v2.1.0...v2.2.0)
+
+**Merged pull requests:**
+
+- Bump min version\_requirement for Puppet [\#79](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/79) ([juniorsysadmin](https://github.com/juniorsysadmin))
+- Include the release pocket on Ubuntu Xenial and Yakkety. [\#75](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/75) ([MichaelGooden](https://github.com/MichaelGooden))
+- Add missing badges [\#73](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/73) ([dhoppe](https://github.com/dhoppe))
+- Fix order of options to prevent swapping of lines [\#72](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/72) ([leonkoens](https://github.com/leonkoens))
+
+## [v2.1.0](https://github.com/voxpupuli/puppet-unattended_upgrades/tree/v2.1.0) (2016-10-05)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-unattended_upgrades/compare/v2.0.0...v2.1.0)
+
+**Implemented enhancements:**
+
+- \[WIP\] Ubuntu updates [\#62](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/62) ([raoulbhatia](https://github.com/raoulbhatia))
+
+**Closed issues:**
+
+- Puppet 4 compatibility? [\#63](https://github.com/voxpupuli/puppet-unattended_upgrades/issues/63)
+- Version on Puppet Forge seems to be missing reboot\_time parameter in template [\#59](https://github.com/voxpupuli/puppet-unattended_upgrades/issues/59)
+
+**Merged pull requests:**
+
+- Remove 'pe' requirement from metadata [\#66](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/66) ([alexjfisher](https://github.com/alexjfisher))
+- Modulesync 0.9.1 [\#65](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/65) ([bastelfreak](https://github.com/bastelfreak))
+- Make parameter validation more strict [\#64](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/64) ([pkkm](https://github.com/pkkm))
+- LinuxMint: Add support for Linux Mint [\#61](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/61) ([raoulbhatia](https://github.com/raoulbhatia))
+
+## [v2.0.0](https://github.com/voxpupuli/puppet-unattended_upgrades/tree/v2.0.0) (2016-05-26)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-unattended_upgrades/compare/v1.1.1...v2.0.0)
+
+**Implemented enhancements:**
+
+- Dependency cycle error if sources are managed exclusively by puppet [\#28](https://github.com/voxpupuli/puppet-unattended_upgrades/issues/28)
+
+**Closed issues:**
+
+- Documentation: random\_sleep [\#54](https://github.com/voxpupuli/puppet-unattended_upgrades/issues/54)
+- wrong documentation: legacy\_origin [\#50](https://github.com/voxpupuli/puppet-unattended_upgrades/issues/50)
+- unattended\_upgrades module not loading - breaks on Apt::Update dependency [\#48](https://github.com/voxpupuli/puppet-unattended_upgrades/issues/48)
+
+**Merged pull requests:**
+
+- update default parameters for legacy\_origin option [\#58](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/58) ([GhostLyrics](https://github.com/GhostLyrics))
+- Update from voxpupuli modulesync\_config [\#57](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/57) ([jyaworski](https://github.com/jyaworski))
+- Add parameter to control reboot time [\#56](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/56) ([mpdude](https://github.com/mpdude))
+- Small fix for random\_sleep documentation. The value is set to undef i… [\#55](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/55) ([spoofedpacket](https://github.com/spoofedpacket))
+- add options support [\#52](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/52) ([b4ldr](https://github.com/b4ldr))
+- Default `notify\_update` to false [\#51](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/51) ([daenney](https://github.com/daenney))
+
+## [v1.1.1](https://github.com/voxpupuli/puppet-unattended_upgrades/tree/v1.1.1) (2016-01-11)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-unattended_upgrades/compare/v1.1.0...v1.1.1)
+
+**Merged pull requests:**
+
+- Fix typo [\#46](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/46) ([mcanevet](https://github.com/mcanevet))
+
+## [v1.1.0](https://github.com/voxpupuli/puppet-unattended_upgrades/tree/v1.1.0) (2016-01-09)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-unattended_upgrades/compare/1.0.3...v1.1.0)
+
+**Fixed bugs:**
+
+- content variable seems like it's required for the init file [\#18](https://github.com/voxpupuli/puppet-unattended_upgrades/issues/18)
+
+**Closed issues:**
+
+- New release? [\#38](https://github.com/voxpupuli/puppet-unattended_upgrades/issues/38)
+- cannot set "install\_on\_shutdown" and "remove" [\#36](https://github.com/voxpupuli/puppet-unattended_upgrades/issues/36)
+- No way to define different keys for "auto" in different hiera sources [\#35](https://github.com/voxpupuli/puppet-unattended_upgrades/issues/35)
+- Clarify random\_sleep documentation [\#34](https://github.com/voxpupuli/puppet-unattended_upgrades/issues/34)
+- clean key of auto hash not documented [\#24](https://github.com/voxpupuli/puppet-unattended_upgrades/issues/24)
+- Not working on Ubuntu [\#22](https://github.com/voxpupuli/puppet-unattended_upgrades/issues/22)
+- potential dependency cycle for users [\#16](https://github.com/voxpupuli/puppet-unattended_upgrades/issues/16)
+- Unattended-Upgrade::Allowed-Origins variables don't work [\#15](https://github.com/voxpupuli/puppet-unattended_upgrades/issues/15)
+- unattended\_upgrades doesn't work with puppet \< 3.5.0 \(I think...\) [\#13](https://github.com/voxpupuli/puppet-unattended_upgrades/issues/13)
+
+**Merged pull requests:**
+
+- Doc and implementation fixes [\#44](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/44) ([daenney](https://github.com/daenney))
+- Remediate rubocop offenses [\#43](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/43) ([rnelson0](https://github.com/rnelson0))
+- cleanup\(params\) make linter happy [\#42](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/42) ([igalic](https://github.com/igalic))
+- feat\(msync\) move secure line into .sync.yml [\#40](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/40) ([igalic](https://github.com/igalic))
+- Rename reference to puppet-community [\#39](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/39) ([rnelson0](https://github.com/rnelson0))
+- Include variable 'RandomSleep'. [\#33](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/33) ([fbarbeira](https://github.com/fbarbeira))
+- Add optional notify\_update parameter [\#31](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/31) ([clauded](https://github.com/clauded))
+- Small fix typo [\#27](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/27) ([fbarbeira](https://github.com/fbarbeira))
+- Enhancements by merging Debian defaults, puppetlabs-apt and own research [\#26](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/26) ([raoulbhatia](https://github.com/raoulbhatia))
+- Document auto -\> clean [\#25](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/25) ([zeha](https://github.com/zeha))
+- Support for Raspbian [\#19](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/19) ([lbdr](https://github.com/lbdr))
+- Check for strict\_variables setting before using defined\(\), fixes compatibility with Puppet \< 3.5.0 [\#17](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/17) ([apeeters](https://github.com/apeeters))
+- unattended-upgrades are broken on Ubuntu by default due to origins typo [\#14](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/14) ([cpick](https://github.com/cpick))
+
+## [1.0.3](https://github.com/voxpupuli/puppet-unattended_upgrades/tree/1.0.3) (2015-04-23)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-unattended_upgrades/compare/1.0.2...1.0.3)
+
+**Closed issues:**
+
+- Duplicate declaration of Class\[Apt\] [\#12](https://github.com/voxpupuli/puppet-unattended_upgrades/issues/12)
+
+**Merged pull requests:**
+
+- Gemfile: Upgrade to rspec-puppet 2.1.0 [\#11](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/11) ([daenney](https://github.com/daenney))
+
+## [1.0.2](https://github.com/voxpupuli/puppet-unattended_upgrades/tree/1.0.2) (2015-04-22)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-unattended_upgrades/compare/1.0.1...1.0.2)
+
+## [1.0.1](https://github.com/voxpupuli/puppet-unattended_upgrades/tree/1.0.1) (2015-04-22)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-unattended_upgrades/compare/1.0.0...1.0.1)
+
+## [1.0.0](https://github.com/voxpupuli/puppet-unattended_upgrades/tree/1.0.0) (2015-04-22)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-unattended_upgrades/compare/886245f2cb7614a8c749d34e6f08ee17b92c970f...1.0.0)
+
+**Closed issues:**
+
+- Add a contributing.md [\#6](https://github.com/voxpupuli/puppet-unattended_upgrades/issues/6)
+
+**Merged pull requests:**
+
+- Prepare 1.0.1 release: [\#10](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/10) ([daenney](https://github.com/daenney))
+- Setup deploy [\#9](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/9) ([daenney](https://github.com/daenney))
+- Rake travis changelog [\#8](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/8) ([daenney](https://github.com/daenney))
+- Add metadata.json [\#7](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/7) ([underscorgan](https://github.com/underscorgan))
+- travis: Test only latest Ruby and Puppet. [\#5](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/5) ([daenney](https://github.com/daenney))
+- Test updates [\#4](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/4) ([underscorgan](https://github.com/underscorgan))
+- Test fixes [\#1](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/1) ([underscorgan](https://github.com/underscorgan))
+
+
+
+\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
diff --git a/code/environments/production/modules/unattended_upgrades/CONTRIBUTING.md b/code/environments/production/modules/unattended_upgrades/CONTRIBUTING.md
new file mode 100644
index 0000000..8cac3bd
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/CONTRIBUTING.md
@@ -0,0 +1,97 @@
+This module has grown over time based on a range of contributions from
+people using it. If you follow these contributing guidelines your patch
+will likely make it into a release a little quicker.
+
+
+## Contributing
+
+Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms. [Contributor Code of Conduct](https://voxpupuli.org/coc/).
+
+1. Fork the repo.
+
+1. Create a separate branch for your change.
+
+1. Run the tests. We only take pull requests with passing tests, and
+ documentation.
+
+1. Add a test for your change. Only refactoring and documentation
+ changes require no new tests. If you are adding functionality
+ or fixing a bug, please add a test.
+
+1. Squash your commits down into logical components. Make sure to rebase
+ against the current master.
+
+1. Push the branch to your fork and submit a pull request.
+
+Please be prepared to repeat some of these steps as our contributors review
+your code.
+
+## Dependencies
+
+The testing and development tools have a bunch of dependencies,
+all managed by [bundler](http://bundler.io/) according to the
+[Puppet support matrix](http://docs.puppetlabs.com/guides/platforms.html#ruby-versions).
+
+By default the tests use a baseline version of Puppet.
+
+If you have Ruby 2.x or want a specific version of Puppet,
+you must set an environment variable such as:
+
+ export PUPPET_VERSION="~> 4.2.0"
+
+Install the dependencies like so...
+
+ bundle install
+
+## Syntax and style
+
+The test suite will run [Puppet Lint](http://puppet-lint.com/) and
+[Puppet Syntax](https://github.com/gds-operations/puppet-syntax) to
+check various syntax and style things. You can run these locally with:
+
+ bundle exec rake lint
+ bundle exec rake validate
+
+## Running the unit tests
+
+The unit test suite covers most of the code, as mentioned above please
+add tests if you're adding new functionality. If you've not used
+[rspec-puppet](http://rspec-puppet.com/) before then feel free to ask
+about how best to test your new feature.
+
+To run your all the unit tests
+
+ bundle exec rake spec SPEC_OPTS='--format documentation'
+
+To run a specific spec test set the `SPEC` variable:
+
+ bundle exec rake spec SPEC=spec/foo_spec.rb
+
+To run the linter, the syntax checker and the unit tests:
+
+ bundle exec rake test
+
+
+## Integration tests
+
+The unit tests just check the code runs, not that it does exactly what
+we want on a real machine. For that we're using
+[beaker](https://github.com/puppetlabs/beaker).
+
+This fires up a new virtual machine (using vagrant) and runs a series of
+simple tests against it after applying the module. You can run this
+with:
+
+ bundle exec rake acceptance
+
+This will run the tests on an Ubuntu 12.04 virtual machine. You can also
+run the integration tests against Centos 6.5 with.
+
+ BEAKER_set=centos-64-x64 bundle exec rake acceptances
+
+If you don't want to have to recreate the virtual machine every time you
+can use `BEAKER_DESTROY=no` and `BEAKER_PROVISION=no`. On the first run you will
+at least need `BEAKER_PROVISION` set to yes (the default). The Vagrantfile
+for the created virtual machines will be in `.vagrant/beaker_vagrant_fies`.
+
+# vim: syntax=markdown
diff --git a/code/environments/production/modules/unattended_upgrades/Gemfile b/code/environments/production/modules/unattended_upgrades/Gemfile
new file mode 100644
index 0000000..1527b39
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/Gemfile
@@ -0,0 +1,78 @@
+source ENV['GEM_SOURCE'] || "https://rubygems.org"
+
+def location_for(place, fake_version = nil)
+ if place =~ /^(git[:@][^#]*)#(.*)/
+ [fake_version, { :git => $1, :branch => $2, :require => false }].compact
+ elsif place =~ /^file:\/\/(.*)/
+ ['>= 0', { :path => File.expand_path($1), :require => false }]
+ else
+ [place, { :require => false }]
+ end
+end
+
+group :test do
+ gem 'puppetlabs_spec_helper', '~> 2.6.0', :require => false
+ gem 'rspec-puppet', '~> 2.5', :require => false
+ gem 'rspec-puppet-facts', :require => false
+ gem 'rspec-puppet-utils', :require => false
+ gem 'puppet-lint-leading_zero-check', :require => false
+ gem 'puppet-lint-trailing_comma-check', :require => false
+ gem 'puppet-lint-version_comparison-check', :require => false
+ gem 'puppet-lint-classes_and_types_beginning_with_digits-check', :require => false
+ gem 'puppet-lint-unquoted_string-check', :require => false
+ gem 'puppet-lint-variable_contains_upcase', :require => false
+ gem 'metadata-json-lint', :require => false
+ gem 'redcarpet', :require => false
+ gem 'rubocop', '~> 0.49.1', :require => false if RUBY_VERSION >= '2.3.0'
+ gem 'rubocop-rspec', '~> 1.15.0', :require => false if RUBY_VERSION >= '2.3.0'
+ gem 'mocha', '~> 1.4.0', :require => false
+ gem 'coveralls', :require => false
+ gem 'simplecov-console', :require => false
+ gem 'rack', '~> 1.0', :require => false if RUBY_VERSION < '2.2.2'
+ gem 'parallel_tests', :require => false
+end
+
+group :development do
+ gem 'travis', :require => false
+ gem 'travis-lint', :require => false
+ gem 'guard-rake', :require => false
+ gem 'overcommit', '>= 0.39.1', :require => false
+end
+
+group :system_tests do
+ gem 'winrm', :require => false
+ if beaker_version = ENV['BEAKER_VERSION']
+ gem 'beaker', *location_for(beaker_version)
+ else
+ gem 'beaker', '>= 3.9.0', :require => false
+ end
+ if beaker_rspec_version = ENV['BEAKER_RSPEC_VERSION']
+ gem 'beaker-rspec', *location_for(beaker_rspec_version)
+ else
+ gem 'beaker-rspec', :require => false
+ end
+ gem 'serverspec', :require => false
+ gem 'beaker-hostgenerator', '>= 1.1.10', :require => false
+ gem 'beaker-puppet_install_helper', :require => false
+ gem 'beaker-module_install_helper', :require => false
+end
+
+group :release do
+ gem 'github_changelog_generator', :require => false, :git => 'https://github.com/skywinder/github-changelog-generator' if RUBY_VERSION >= '2.2.2'
+ gem 'puppet-blacksmith', :require => false
+ gem 'voxpupuli-release', :require => false, :git => 'https://github.com/voxpupuli/voxpupuli-release-gem'
+ gem 'puppet-strings', '~> 1.0', :require => false
+end
+
+
+
+if facterversion = ENV['FACTER_GEM_VERSION']
+ gem 'facter', facterversion.to_s, :require => false, :groups => [:test]
+else
+ gem 'facter', :require => false, :groups => [:test]
+end
+
+ENV['PUPPET_VERSION'].nil? ? puppetversion = '~> 5.0' : puppetversion = ENV['PUPPET_VERSION'].to_s
+gem 'puppet', puppetversion, :require => false, :groups => [:test]
+
+# vim: syntax=ruby
diff --git a/code/environments/production/modules/unattended_upgrades/LICENSE b/code/environments/production/modules/unattended_upgrades/LICENSE
new file mode 100644
index 0000000..1807ab9
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/LICENSE
@@ -0,0 +1,35 @@
+Copyright (c) 2011 Evolving Web Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
+
+Copyright 2014 Puppet Labs, 2015 Puppet Community
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
diff --git a/code/environments/production/modules/unattended_upgrades/README.md b/code/environments/production/modules/unattended_upgrades/README.md
new file mode 100644
index 0000000..48d3e65
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/README.md
@@ -0,0 +1,175 @@
+# Unattended Upgrades module for Puppet
+
+[![Build Status](https://travis-ci.org/voxpupuli/puppet-unattended_upgrades.png?branch=master)](https://travis-ci.org/voxpupuli/puppet-unattended_upgrades)
+[![Puppet Forge](https://img.shields.io/puppetforge/v/puppet/unattended_upgrades.svg)](https://forge.puppetlabs.com/puppet/unattended_upgrades)
+[![Puppet Forge - downloads](https://img.shields.io/puppetforge/dt/puppet/unattended_upgrades.svg)](https://forge.puppetlabs.com/puppet/unattended_upgrades)
+[![Puppet Forge - endorsement](https://img.shields.io/puppetforge/e/puppet/unattended_upgrades.svg)](https://forge.puppetlabs.com/puppet/unattended_upgrades)
+[![Puppet Forge - scores](https://img.shields.io/puppetforge/f/puppet/unattended_upgrades.svg)](https://forge.puppetlabs.com/puppet/unattended_upgrades)
+
+#### Table of Contents
+
+1. [Overview](#overview)
+1. [Module Description](#module-description)
+1. [Setup](#setup)
+1. [Usage](#usage)
+1. [Reference](#reference)
+ * [Classes](#classes)
+ * [Parameters](#parameters)
+1. [Limitations - OS compatibility, etc.](#limitations)
+1. [License](#license)
+
+## Overview
+
+The unattended\_upgrades module allows for the installation and configuration
+of automatic security (and other) updates through apt.
+
+This functionality used to be part of the puppetlabs-apt module but was split
+off into its own module.
+
+## Module Description
+
+The unattended\_upgrades module automates the configuration of apt package updates.
+
+## Setup
+
+### What unattended\_upgrades affects
+
+* Package/configuration for unattended\_upgrades
+
+### Beginning with unattended\_upgrades
+
+All you need to do is include the apt module, `include apt`, and this module,
+`include unattended_upgrades` for it to work.
+
+This module relies on the [apt](https://forge.puppetlabs.com/puppetlabs/apt)
+module and will not work without it.
+
+## Usage
+
+Using unattended\_upgrades simply consists of including the module and if needed
+altering some of the default settings.
+
+## Reference
+
+### Classes
+
+* `unattended_upgrades`: Main class, installs the necessary packages and writes
+ the configuration.
+
+### Parameters
+
+#### unattended\_upgrades
+
+* `age` (`{}`): A hash of settings with two possible keys:
+ * `min` (`2`): Minimum age of a cache package file. File younger than `min` will
+ not be deleted.
+ * `max` (`0`): Maximum allowed age of a cache package file. File older than `max`
+ will be deleted.
+
+ Any of these keys can be specified and will be merged into the defaults:
+
+ ```puppet
+ class { 'unattended_upgrades':
+ age => { 'max' => 10 },
+ }
+ ```
+
+* `auto` (`{}`): A hash of settings with these possible keys:
+ * `clean`(`0`): Remove packages that can no longer be downloaded from cache every
+ X days (`0` = disabled).
+ * `fix_interrupted_dpkg`(`true`): Try to fix package installation state.
+ * `reboot`(`false`): Reboot system after package update installation.
+ * `reboot_time`(`now`): If automatic reboot is enabled and needed, reboot at the
+ specific time (instead of immediately).
+ * `remove`(`true`): Remove unneeded dependencies after update installation.
+
+ Any of these keys can be specified and will be merged into the defaults:
+
+ ```puppet
+ class { 'unattended_upgrades':
+ auto => { 'reboot' => true },
+ }
+ ```
+
+* `backup` (`{}`): A hash with two possible keys:
+ * `archive_internal` (`0`): Backup after n-days if archive contents changed.
+ * `level` (`3`): Backup level.
+
+ Any of these keys can be specified and will be merged into the defaults:
+
+ ```puppet
+ class { 'unattended_upgrades':
+ backup => { 'level' => 5 },
+ }
+ ```
+
+* `blacklist`(`[]`): A list of packages to **not** automatically upgrade.
+* `dl_limit`(`undef`): Use a bandwidth limit for downloading, specified in kb/sec.
+* `enable` (`1`): Enable the automatic installation of updates.
+* `install_on_shutdown` (`false`): Install updates on shutdown instead of in the
+ background.
+* `legacy_origin` (`true` for Debian (squeeze), Ubuntu (precise, trusty, utopic,
+ vivid, wily, xenial, yakkety, zesty, artful, bionic and default), `false` for Debian (wheezy and default)):
+ Use the legacy `Unattended-Upgrade::Allowed-Origins` setting or the modern `Unattended-Upgrade::Origins-Pattern`.
+* `mail`: A hash to configure email behaviour with two possible keys:
+ * `only_on_error` (`true`): Only send mail when something went wrong
+ * `to` (`undef`): Email address to send email too
+
+ If the default for `to` is kept you will not receive any mail at all. You'll
+ likely want to set this parameter.
+
+ Any of these keys can be specified and will be merged into the defaults:
+
+ ```puppet
+ class { 'unattended_upgrades':
+ mail => { 'to' => 'admin@domain.tld', },
+ }
+ ```
+
+* `minimal_steps` (`true`): Split the upgrade process into sections to allow
+ shutdown during upgrade.
+* `origins`: The repositories from which to automatically upgrade included packages.
+* `package_ensure` (`installed`): The ensure state for the 'unattended-upgrades'
+ package.
+* `random_sleep` (`undef`): Maximum amount of time (in seconds) that the apt cron
+ job can sleep before the execution. The exact amount of time will be random but
+ up to the value specified. The purpose is to avoid that servers/mirrors get
+ hammered at exactly the same time when a lot of machines are switched on, e.g.
+ 9:00 in the morning. Note: If this is left unset, the default value in the apt
+ cron job applies, which is 1800 seconds.
+* `size` (`0`): Maximum size of the cache in MB.
+* `update` (`1`): Do "apt-get update" automatically every n-days.
+* `upgrade` (`1`): Run the "unattended-upgrade" security upgrade script every n-days.
+* `upgradeable_packages` (`{}`): A hash with two possible keys:
+ * `download_only` (`0`): Do "apt-get upgrade --download-only" every n-days.
+ * `debdelta` (`1`): Use debdelta-upgrade to download updates if available.
+
+ Any of these keys can be specified and will be merged into the defaults:
+
+ ```puppet
+ class { 'unattended_upgrades':
+ upgradeable_packages => { 'debdelta' => 1, },
+ }
+ ```
+
+* `verbose` (`0`): Send report mail to root.
+* `options` (`{}`): A hash of settings with these possible keys:
+ * `force_confdef` (`true`) : Use the default option for new config files if one
+ is available, don't prompt. If no default can be found, you will be prompted
+ unless one of the confold or confnew options is also given
+ * `force_confold` (`true`): Always use the old config files, don't prompt
+ * `force_confnew` (`false`): Always use the new config files, don't prompt
+ * `force_conmiss` (`false`): Always install missing config files
+
+## Limitations
+
+This module should work across all versions of Debian, Ubuntu, and Linux Mint.
+
+## License
+
+The original code for this module comes from Evolving Web and was licensed under
+the MIT license. Code added since the fork of that module into puppetlabs-apt is
+covered under the Apache License version 2 as is any code added since it was split
+off into this separate unattended\_upgrades module.
+
+The LICENSE contains both licenses.
diff --git a/code/environments/production/modules/unattended_upgrades/Rakefile b/code/environments/production/modules/unattended_upgrades/Rakefile
new file mode 100644
index 0000000..279580a
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/Rakefile
@@ -0,0 +1,92 @@
+require 'puppetlabs_spec_helper/rake_tasks'
+
+# load optional tasks for releases
+# only available if gem group releases is installed
+begin
+ require 'puppet_blacksmith/rake_tasks'
+ require 'voxpupuli/release/rake_tasks'
+ require 'puppet-strings/tasks'
+rescue LoadError
+end
+
+PuppetLint.configuration.log_format = '%{path}:%{line}:%{check}:%{KIND}:%{message}'
+PuppetLint.configuration.fail_on_warnings = true
+PuppetLint.configuration.send('relative')
+PuppetLint.configuration.send('disable_140chars')
+PuppetLint.configuration.send('disable_class_inherits_from_params_class')
+PuppetLint.configuration.send('disable_documentation')
+PuppetLint.configuration.send('disable_single_quote_string_with_variables')
+
+exclude_paths = %w(
+ pkg/**/*
+ vendor/**/*
+ .vendor/**/*
+ spec/**/*
+)
+PuppetLint.configuration.ignore_paths = exclude_paths
+PuppetSyntax.exclude_paths = exclude_paths
+
+desc 'Auto-correct puppet-lint offenses'
+task 'lint:auto_correct' do
+ PuppetLint.configuration.fix = true
+ Rake::Task[:lint].invoke
+end
+
+desc 'Run acceptance tests'
+RSpec::Core::RakeTask.new(:acceptance) do |t|
+ t.pattern = 'spec/acceptance'
+end
+
+desc 'Run tests metadata_lint, release_checks'
+task test: [
+ :metadata_lint,
+ :release_checks,
+]
+
+desc "Run main 'test' task and report merged results to coveralls"
+task test_with_coveralls: [:test] do
+ if Dir.exist?(File.expand_path('../lib', __FILE__))
+ require 'coveralls/rake/task'
+ Coveralls::RakeTask.new
+ Rake::Task['coveralls:push'].invoke
+ else
+ puts 'Skipping reporting to coveralls. Module has no lib dir'
+ end
+end
+
+desc "Print supported beaker sets"
+task 'beaker_sets', [:directory] do |t, args|
+ directory = args[:directory]
+
+ metadata = JSON.load(File.read('metadata.json'))
+
+ (metadata['operatingsystem_support'] || []).each do |os|
+ (os['operatingsystemrelease'] || []).each do |release|
+ if directory
+ beaker_set = "#{directory}/#{os['operatingsystem'].downcase}-#{release}"
+ else
+ beaker_set = "#{os['operatingsystem'].downcase}-#{release}-x64"
+ end
+
+ filename = "spec/acceptance/nodesets/#{beaker_set}.yml"
+
+ puts beaker_set if File.exists? filename
+ end
+ end
+end
+
+begin
+ require 'github_changelog_generator/task'
+ GitHubChangelogGenerator::RakeTask.new :changelog do |config|
+ version = (Blacksmith::Modulefile.new).version
+ config.future_release = "v#{version}" if version =~ /^\d+\.\d+.\d+$/
+ config.header = "# Changelog\n\nAll notable changes to this project will be documented in this file.\nEach new release typically also includes the latest modulesync defaults.\nThese should not affect the functionality of the module."
+ config.exclude_labels = %w{duplicate question invalid wontfix wont-fix modulesync skip-changelog}
+ config.user = 'voxpupuli'
+ metadata_json = File.join(File.dirname(__FILE__), 'metadata.json')
+ metadata = JSON.load(File.read(metadata_json))
+ config.project = metadata['name']
+ end
+rescue LoadError
+end
+# vim: syntax=ruby
diff --git a/code/environments/production/modules/unattended_upgrades/checksums.json b/code/environments/production/modules/unattended_upgrades/checksums.json
new file mode 100644
index 0000000..51c202a
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/checksums.json
@@ -0,0 +1,49 @@
+{
+ "CHANGELOG.md": "0c78eb1a6de83f1ef4f345f5a55ac1d3",
+ "CONTRIBUTING.md": "8df0e5be30b6bca932fb5e34c2264522",
+ "Gemfile": "e0ccc2d1aa1c92e49ffd9bf223e19e9e",
+ "LICENSE": "af8fc9990a9f7c14ace9fc6725030015",
+ "README.md": "5c8a680236d95ba64a82836197992ef8",
+ "Rakefile": "3c6f218e7e63e1a6e24251f365423e49",
+ "manifests/init.pp": "7878b90d3bca0cc7d974c4ff3a4ec7aa",
+ "manifests/params.pp": "16a749c1f9922ffe250665127300de27",
+ "metadata.json": "6969f35d506ba326f56874cbffb829c8",
+ "spec/acceptance/nodesets/archlinux-2-x64.yml": "daafcfcb4c8c8766856f52cec6ae5e86",
+ "spec/acceptance/nodesets/centos-511-x64.yml": "ca8258bc835dd985a1754689d124cd66",
+ "spec/acceptance/nodesets/centos-6-x64.yml": "58065782a8d40780d9728257a23504cd",
+ "spec/acceptance/nodesets/centos-66-x64-pe.yml": "e68e03dc562bf58f7c5bba54a1a34619",
+ "spec/acceptance/nodesets/centos-66-x64.yml": "7ffa6d9164a88668fcd51a1988c4dc03",
+ "spec/acceptance/nodesets/centos-7-x64.yml": "68d3556f670b8ac0a169a8270ff8c37a",
+ "spec/acceptance/nodesets/centos-72-x64.yml": "194841a65e8835ac9ee6620e60b58f80",
+ "spec/acceptance/nodesets/debian-78-x64.yml": "56af2760a64c13a0bccd59404435939c",
+ "spec/acceptance/nodesets/debian-82-x64.yml": "26f2f696e6073549fe0a844f9a46f85b",
+ "spec/acceptance/nodesets/ec2/amazonlinux-2016091.yml": "b3dc2d81918fcc6d56855c88ba5b7ce8",
+ "spec/acceptance/nodesets/ec2/image_templates.yaml": "516f9c4c3407993a100090ce9e1a643c",
+ "spec/acceptance/nodesets/ec2/rhel-73-x64.yml": "e74670a1cb8eea32afc879a5d786f9bd",
+ "spec/acceptance/nodesets/ec2/sles-12sp2-x64.yml": "2506efcc9fb420132edc37bf88d6e21d",
+ "spec/acceptance/nodesets/ec2/ubuntu-1604-x64.yml": "87efd97ff1b073c3448f429a8ffc5a7c",
+ "spec/acceptance/nodesets/ec2/windows-2016-base-x64.yml": "e9db4dd16c60c52b433694130c2583a0",
+ "spec/acceptance/nodesets/fedora-24-x64.yml": "431cd85b87a65a55af193a360aa52f26",
+ "spec/acceptance/nodesets/fedora-25-x64.yml": "807fbf45f95fc7bc2af8c689d34e4160",
+ "spec/acceptance/nodesets/fedora-26-x64.yml": "e7ee1e18590548ff098192c2127c6697",
+ "spec/acceptance/nodesets/fedora-27-x64.yml": "326a10c4eb327ccd85775dfa0f76e5c1",
+ "spec/acceptance/nodesets/ubuntu-server-1204-x64.yml": "0dd7639bf95bfb18169ebba9a2bac163",
+ "spec/acceptance/nodesets/ubuntu-server-1404-x64.yml": "7455367b784060b921360b29a56cd74c",
+ "spec/acceptance/nodesets/ubuntu-server-1604-x64.yml": "37673118cc3bf052755d65fb5dd90226",
+ "spec/classes/coverage_spec.rb": "166c74e93a4e70e9de79ae69f3c10e1d",
+ "spec/classes/debian_spec.rb": "2442460f6ac65b57dbed1f0b5cd5613a",
+ "spec/classes/other_debians_spec.rb": "0b3dc9c91f64539ceb567a7338665d21",
+ "spec/classes/ubuntu_spec.rb": "928636e6095d7fa33fdbcc82e07cfd69",
+ "spec/classes/unattended_upgrades_spec.rb": "415fb4fee7d0146845a1e76372099fdf",
+ "spec/default_facts.yml": "3da74b0aff340a4fbcca9cc4eba104c1",
+ "spec/spec_helper.rb": "72093296acb026b92861c5ba6d724836",
+ "templates/options.erb": "97aa1236f113cb60f9c5d27977b81184",
+ "templates/periodic.erb": "074b7624345880e6573eb29c42616846",
+ "templates/unattended-upgrades.erb": "d1d6539e2edb043dc655b4eb7b7b8357",
+ "types/age.pp": "3d47a787ed3ab14b44672b9f64e23218",
+ "types/auto.pp": "6d8360f54ff62b9adde435e317297e93",
+ "types/backup.pp": "a7953de96a5214ef66007c7ab3c4fc32",
+ "types/mail.pp": "ed5c5a20fcb64bf405d318ee5772a093",
+ "types/options.pp": "b1f9d825940157b76f4d4c2d75dd22ea",
+ "types/upgradeable_packages.pp": "d20aa65992ef1c6721ffb7530fe6189e"
+} \ No newline at end of file
diff --git a/code/environments/production/modules/unattended_upgrades/manifests/init.pp b/code/environments/production/modules/unattended_upgrades/manifests/init.pp
new file mode 100644
index 0000000..35915a6
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/manifests/init.pp
@@ -0,0 +1,77 @@
+class unattended_upgrades (
+ Unattended_upgrades::Age $age = {},
+ Unattended_upgrades::Auto $auto = { 'fix_interrupted_dpkg' => true, 'remove' => false, 'reboot' => true, 'reboot_time' => '02:00', },
+ Unattended_upgrades::Backup $backup = {},
+ Array $blacklist = [],
+ Optional[Integer[0]] $dl_limit = undef,
+ Integer[0, 1] $enable = 1,
+ Boolean $install_on_shutdown = false,
+ Boolean $legacy_origin = $::unattended_upgrades::params::legacy_origin,
+ Unattended_upgrades::Mail $mail = {},
+ Boolean $minimal_steps = true,
+ Array $origins = $::unattended_upgrades::params::origins,
+ String $package_ensure = installed,
+ Optional[Integer[0]] $random_sleep = undef,
+ Optional[String] $sender = undef,
+ Integer[0] $size = 0,
+ Integer[0] $update = 1,
+ Integer[0] $upgrade = 1,
+ Unattended_upgrades::Upgradeable_packages $upgradeable_packages = {},
+ Integer[0] $verbose = 0,
+ Boolean $notify_update = false,
+ Unattended_upgrades::Options $options = {},
+) inherits ::unattended_upgrades::params {
+
+ # apt::conf settings require the apt class to work
+ include apt
+
+ $_age = merge($::unattended_upgrades::default_age, $age)
+ assert_type(Unattended_upgrades::Age, $_age)
+
+ $_auto = merge($::unattended_upgrades::default_auto, $auto)
+ assert_type(Unattended_upgrades::Auto, $_auto)
+
+ $_backup = merge($::unattended_upgrades::default_backup, $backup)
+ assert_type(Unattended_upgrades::Backup, $_backup)
+
+ $_mail = merge($::unattended_upgrades::default_mail, $mail)
+ assert_type(Unattended_upgrades::Mail, $_mail)
+
+ $_upgradeable_packages = merge($::unattended_upgrades::default_upgradeable_packages, $upgradeable_packages)
+ assert_type(Unattended_upgrades::Upgradeable_packages, $_upgradeable_packages)
+
+ $_options = merge($unattended_upgrades::default_options, $options)
+ assert_type(Unattended_upgrades::Options, $_options)
+
+ package { 'unattended-upgrades':
+ ensure => $package_ensure,
+ }
+
+ apt::conf { 'unattended-upgrades':
+ priority => 50,
+ content => template("${module_name}/unattended-upgrades.erb"),
+ require => Package['unattended-upgrades'],
+ notify_update => $notify_update,
+ }
+
+ apt::conf { 'periodic':
+ priority => 10,
+ content => template("${module_name}/periodic.erb"),
+ require => Package['unattended-upgrades'],
+ notify_update => $notify_update,
+ }
+
+ apt::conf { 'auto-upgrades':
+ ensure => absent,
+ priority => 20,
+ require => Package['unattended-upgrades'],
+ notify_update => $notify_update,
+ }
+ apt::conf { 'options':
+ priority => 10,
+ content => template("${module_name}/options.erb"),
+ require => Package['unattended-upgrades'],
+ notify_update => $notify_update,
+ }
+
+}
diff --git a/code/environments/production/modules/unattended_upgrades/manifests/params.pp b/code/environments/production/modules/unattended_upgrades/manifests/params.pp
new file mode 100644
index 0000000..1457c28
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/manifests/params.pp
@@ -0,0 +1,150 @@
+#
+class unattended_upgrades::params {
+
+ if $::osfamily != 'Debian' {
+ fail('This module only works on Debian or derivatives like Ubuntu')
+ }
+
+ $default_auto = { 'fix_interrupted_dpkg' => true, 'remove' => true, 'reboot' => false, 'clean' => 0, 'reboot_time' => 'now', }
+ $default_mail = { 'only_on_error' => true, }
+ $default_backup = { 'archive_interval' => 0, 'level' => 3, }
+ $default_age = { 'min' => 2, 'max' => 0, }
+ $default_upgradeable_packages = { 'download_only' => 0, 'debdelta' => 1, }
+ $default_options = { 'force_confdef' => true,
+ 'force_confold' => true,
+ 'force_confnew' => false,
+ 'force_confmiss' => false, }
+ # prior to puppet 3.5.0, defined couldn't test if a variable was defined
+ # strict variables wasn't added until 3.5.0, so this should be fine.
+ if ! $::settings::strict_variables {
+ $xfacts = {
+ 'lsbdistid' => $::lsbdistid,
+ 'lsbdistcodename' => $::lsbdistcodename,
+ 'lsbmajdistrelease' => $::lsbmajdistrelease,
+ 'lsbdistrelease' => $::lsbdistrelease,
+ }
+ } else {
+ # Strict variables facts lookup compatibility
+ $xfacts = {
+ 'lsbdistid' => defined('$lsbdistid') ? {
+ true => $::lsbdistid,
+ default => undef,
+ },
+ 'lsbdistcodename' => defined('$lsbdistcodename') ? {
+ true => $::lsbdistcodename,
+ default => undef,
+ },
+ 'lsbmajdistrelease' => defined('$lsbmajdistrelease') ? {
+ true => $::lsbmajdistrelease,
+ default => undef,
+ },
+ 'lsbdistrelease' => defined('$lsbdistrelease') ? {
+ true => $::lsbdistrelease,
+ default => undef,
+ },
+ }
+ }
+
+ case $xfacts['lsbdistid'] {
+ 'debian', 'raspbian': {
+ case $xfacts['lsbdistcodename'] {
+ 'squeeze': {
+ $legacy_origin = true
+ $origins = ['${distro_id} ${distro_codename}-security', #lint:ignore:single_quote_string_with_variables
+ '${distro_id} ${distro_codename}-lts',] #lint:ignore:single_quote_string_with_variables
+ }
+ 'wheezy': {
+ $legacy_origin = false
+ $origins = [
+ 'origin=Debian,archive=oldoldstable,label=Debian-Security',
+ ]
+ }
+ 'jessie': {
+ $legacy_origin = false
+ $origins = [
+ 'origin=Debian,archive=oldstable,label=Debian-Security',
+ ]
+ }
+ 'stretch': {
+ $legacy_origin = false
+ $origins = [
+ 'origin=Debian,codename=${distro_codename}',
+ 'origin=Debian,codename=${distro_codename}-updates',
+ 'origin=Debian,archive=${distro_codename},label=Debian-Security',
+ 'origin=IT-Zukunft-Schule,archive=${distro_codename},label=IT-Zukunft-Schule',
+ ]
+ }
+ default: {
+ $legacy_origin = false
+ $origins = ['origin=Debian,codename=${distro_codename},label=Debian-Security',] #lint:ignore:single_quote_string_with_variables
+ }
+ }
+ }
+ 'ubuntu': {
+ case $xfacts['lsbdistcodename'] {
+ 'precise': {
+ $legacy_origin = true
+ $origins = [
+ '${distro_id}:${distro_codename}-security', #lint:ignore:single_quote_string_with_variables
+ ]
+
+ }
+ 'trusty', 'wily': {
+ $legacy_origin = true
+ $origins = [
+ '${distro_id}:${distro_codename}-security', #lint:ignore:single_quote_string_with_variables
+ ]
+ }
+ 'xenial', 'yakkety', 'zesty', 'artful', 'bionic': {
+ $legacy_origin = true
+ $origins = [
+ '${distro_id}:${distro_codename}', #lint:ignore:single_quote_string_with_variables
+ '${distro_id}:${distro_codename}-security', #lint:ignore:single_quote_string_with_variables
+ ]
+ }
+ default: {
+ warning("Ubuntu ${xfacts['lsbdistrelease']} \"${xfacts['lsbdistcodename']}\" has reached End of Life - please upgrade!")
+ $legacy_origin = true
+ $origins = [
+ '${distro_id}:${distro_codename}-security', #lint:ignore:single_quote_string_with_variables
+ ]
+ }
+ }
+ }
+ 'LinuxMint': {
+ case $xfacts['lsbmajdistrelease'] {
+ # Linux Mint 13 is based on Ubuntu 12.04
+ '13': {
+ $legacy_origin = true
+ $origins = [
+ 'Ubuntu:precise-security',
+ ]
+ }
+ # Linux Mint 17* is based on Ubuntu 14.04.
+ '17': {
+ $legacy_origin = true
+ $origins = [
+ 'Ubuntu:trusty-security',
+ ]
+ }
+ # Linux Mint 18* is based on Ubuntu 16.04
+ '18': {
+ $legacy_origin = true
+ $origins = [
+ 'Ubuntu:xenial-security',
+ ]
+ }
+ default: {
+ $legacy_origin = true
+ $origins = [
+ '${distro_id}:${distro_codename}-security', #lint:ignore:single_quote_string_with_variables
+ ]
+ }
+ }
+ }
+ default: {
+ $legacy_origin = undef
+ $origins = undef
+ }
+ }
+}
diff --git a/code/environments/production/modules/unattended_upgrades/manifests/params.pp.testing b/code/environments/production/modules/unattended_upgrades/manifests/params.pp.testing
new file mode 100644
index 0000000..2cef999
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/manifests/params.pp.testing
@@ -0,0 +1,147 @@
+#
+class unattended_upgrades::params {
+
+ if $::osfamily != 'Debian' {
+ fail('This module only works on Debian or derivatives like Ubuntu')
+ }
+
+ $default_auto = { 'fix_interrupted_dpkg' => true, 'remove' => true, 'reboot' => false, 'clean' => 0, 'reboot_time' => 'now', }
+ $default_mail = { 'only_on_error' => true, }
+ $default_backup = { 'archive_interval' => 0, 'level' => 3, }
+ $default_age = { 'min' => 2, 'max' => 0, }
+ $default_upgradeable_packages = { 'download_only' => 0, 'debdelta' => 1, }
+ $default_options = { 'force_confdef' => true,
+ 'force_confold' => true,
+ 'force_confnew' => false,
+ 'force_confmiss' => false, }
+ # prior to puppet 3.5.0, defined couldn't test if a variable was defined
+ # strict variables wasn't added until 3.5.0, so this should be fine.
+ if ! $::settings::strict_variables {
+ $xfacts = {
+ 'lsbdistid' => $::lsbdistid,
+ 'lsbdistcodename' => $::lsbdistcodename,
+ 'lsbmajdistrelease' => $::lsbmajdistrelease,
+ 'lsbdistrelease' => $::lsbdistrelease,
+ }
+ } else {
+ # Strict variables facts lookup compatibility
+ $xfacts = {
+ 'lsbdistid' => defined('$lsbdistid') ? {
+ true => $::lsbdistid,
+ default => undef,
+ },
+ 'lsbdistcodename' => defined('$lsbdistcodename') ? {
+ true => $::lsbdistcodename,
+ default => undef,
+ },
+ 'lsbmajdistrelease' => defined('$lsbmajdistrelease') ? {
+ true => $::lsbmajdistrelease,
+ default => undef,
+ },
+ 'lsbdistrelease' => defined('$lsbdistrelease') ? {
+ true => $::lsbdistrelease,
+ default => undef,
+ },
+ }
+ }
+
+ case $xfacts['lsbdistid'] {
+ 'debian', 'raspbian': {
+ case $xfacts['lsbdistcodename'] {
+ 'squeeze': {
+ $legacy_origin = true
+ $origins = ['${distro_id} ${distro_codename}-security', #lint:ignore:single_quote_string_with_variables
+ '${distro_id} ${distro_codename}-lts',] #lint:ignore:single_quote_string_with_variables
+ }
+ 'wheezy': {
+ $legacy_origin = false
+ $origins = [
+ 'origin=Debian,archive=oldoldstable,label=Debian-Security',
+ ]
+ }
+ 'jessie': {
+ $legacy_origin = false
+ $origins = [
+ 'origin=Debian,archive=oldstable,label=Debian-Security',
+ ]
+ }
+ 'stretch': {
+ $legacy_origin = false
+ $origins = [
+ 'origin=Debian,archive=${distro_codename},label=Debian-Security',
+ ]
+ }
+ default: {
+ $legacy_origin = false
+ $origins = ['origin=Debian,codename=${distro_codename},label=Debian-Security',] #lint:ignore:single_quote_string_with_variables
+ }
+ }
+ }
+ 'ubuntu': {
+ case $xfacts['lsbdistcodename'] {
+ 'precise': {
+ $legacy_origin = true
+ $origins = [
+ '${distro_id}:${distro_codename}-security', #lint:ignore:single_quote_string_with_variables
+ ]
+
+ }
+ 'trusty', 'wily': {
+ $legacy_origin = true
+ $origins = [
+ '${distro_id}:${distro_codename}-security', #lint:ignore:single_quote_string_with_variables
+ ]
+ }
+ 'xenial', 'yakkety', 'zesty', 'artful', 'bionic': {
+ $legacy_origin = true
+ $origins = [
+ '${distro_id}:${distro_codename}', #lint:ignore:single_quote_string_with_variables
+ '${distro_id}:${distro_codename}-security', #lint:ignore:single_quote_string_with_variables
+ ]
+ }
+ default: {
+ warning("Ubuntu ${xfacts['lsbdistrelease']} \"${xfacts['lsbdistcodename']}\" has reached End of Life - please upgrade!")
+ $legacy_origin = true
+ $origins = [
+ '${distro_id}:${distro_codename}-security', #lint:ignore:single_quote_string_with_variables
+ ]
+ }
+ }
+ }
+ 'LinuxMint': {
+ case $xfacts['lsbmajdistrelease'] {
+ # Linux Mint 13 is based on Ubuntu 12.04
+ '13': {
+ $legacy_origin = true
+ $origins = [
+ 'Ubuntu:precise-security',
+ ]
+ }
+ # Linux Mint 17* is based on Ubuntu 14.04.
+ '17': {
+ $legacy_origin = true
+ $origins = [
+ 'Ubuntu:trusty-security',
+ ]
+ }
+ # Linux Mint 18* is based on Ubuntu 16.04
+ '18': {
+ $legacy_origin = true
+ $origins = [
+ 'Ubuntu:xenial-security',
+ ]
+ }
+ default: {
+ $legacy_origin = true
+ $origins = [
+ '${distro_id}:${distro_codename}-security', #lint:ignore:single_quote_string_with_variables
+ ]
+ }
+ }
+ }
+ default: {
+ $legacy_origin = undef
+ $origins = undef
+ }
+ }
+}
diff --git a/code/environments/production/modules/unattended_upgrades/metadata.json b/code/environments/production/modules/unattended_upgrades/metadata.json
new file mode 100644
index 0000000..6357daf
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/metadata.json
@@ -0,0 +1,55 @@
+{
+ "name": "puppet-unattended_upgrades",
+ "version": "3.2.0",
+ "author": "Vox Pupuli",
+ "summary": "Provides an interface for managing Apt unattended_upgrades with Puppet",
+ "license": "Apache-2.0",
+ "source": "https://github.com/voxpupuli/puppet-unattended_upgrades.git",
+ "project_page": "https://github.com/voxpupuli/puppet-unattended_upgrades",
+ "issues_url": "https://github.com/voxpupuli/puppet-unattended_upgrades/issues",
+ "dependencies": [
+ {
+ "name": "puppetlabs/stdlib",
+ "version_requirement": ">= 4.13.1 < 5.0.0"
+ },
+ {
+ "name": "puppetlabs/apt",
+ "version_requirement": ">= 2.2.0 < 5.0.0"
+ }
+ ],
+ "data_provider": null,
+ "tags": [
+ "unattended-upgrades",
+ "unattended_upgrades",
+ "apt",
+ "patching",
+ "security",
+ "debian"
+ ],
+ "operatingsystem_support": [
+ {
+ "operatingsystem": "Debian",
+ "operatingsystemrelease": [
+ "8",
+ "9"
+ ]
+ },
+ {
+ "operatingsystem": "Ubuntu",
+ "operatingsystemrelease": [
+ "14.04",
+ "16.04",
+ "16.10",
+ "17.04",
+ "17.10",
+ "18.04"
+ ]
+ }
+ ],
+ "requirements": [
+ {
+ "name": "puppet",
+ "version_requirement": ">= 4.10.0 < 6.0.0"
+ }
+ ]
+}
diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/archlinux-2-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/archlinux-2-x64.yml
new file mode 100644
index 0000000..89b6300
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/archlinux-2-x64.yml
@@ -0,0 +1,13 @@
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+HOSTS:
+ archlinux-2-x64:
+ roles:
+ - master
+ platform: archlinux-2-x64
+ box: archlinux/archlinux
+ hypervisor: vagrant
+CONFIG:
+ type: foss
diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-511-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-511-x64.yml
new file mode 100644
index 0000000..089d646
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-511-x64.yml
@@ -0,0 +1,15 @@
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+HOSTS:
+ centos-511-x64:
+ roles:
+ - master
+ platform: el-5-x86_64
+ box: puppetlabs/centos-5.11-64-nocm
+ hypervisor: vagrant
+CONFIG:
+ type: foss
+...
+# vim: syntax=yaml
diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-6-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-6-x64.yml
new file mode 100644
index 0000000..16abc8f
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-6-x64.yml
@@ -0,0 +1,15 @@
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+HOSTS:
+ centos-6-x64:
+ roles:
+ - master
+ platform: el-6-x86_64
+ box: centos/6
+ hypervisor: vagrant
+CONFIG:
+ type: aio
+...
+# vim: syntax=yaml
diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-66-x64-pe.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-66-x64-pe.yml
new file mode 100644
index 0000000..1e7aea6
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-66-x64-pe.yml
@@ -0,0 +1,17 @@
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+HOSTS:
+ centos-66-x64:
+ roles:
+ - master
+ - database
+ - dashboard
+ platform: el-6-x86_64
+ box: puppetlabs/centos-6.6-64-puppet-enterprise
+ hypervisor: vagrant
+CONFIG:
+ type: pe
+...
+# vim: syntax=yaml
diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-66-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-66-x64.yml
new file mode 100644
index 0000000..42455e7
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-66-x64.yml
@@ -0,0 +1,15 @@
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+HOSTS:
+ centos-66-x64:
+ roles:
+ - master
+ platform: el-6-x86_64
+ box: puppetlabs/centos-6.6-64-nocm
+ hypervisor: vagrant
+CONFIG:
+ type: foss
+...
+# vim: syntax=yaml
diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-7-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-7-x64.yml
new file mode 100644
index 0000000..e05a3ae
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-7-x64.yml
@@ -0,0 +1,15 @@
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+HOSTS:
+ centos-7-x64:
+ roles:
+ - master
+ platform: el-7-x86_64
+ box: centos/7
+ hypervisor: vagrant
+CONFIG:
+ type: aio
+...
+# vim: syntax=yaml
diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-72-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-72-x64.yml
new file mode 100644
index 0000000..85af89d
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-72-x64.yml
@@ -0,0 +1,15 @@
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+HOSTS:
+ centos-72-x64:
+ roles:
+ - master
+ platform: el-7-x86_64
+ box: puppetlabs/centos-7.2-64-nocm
+ hypervisor: vagrant
+CONFIG:
+ type: foss
+...
+# vim: syntax=yaml
diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/debian-78-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/debian-78-x64.yml
new file mode 100644
index 0000000..6ef6de8
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/debian-78-x64.yml
@@ -0,0 +1,15 @@
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+HOSTS:
+ debian-78-x64:
+ roles:
+ - master
+ platform: debian-7-amd64
+ box: puppetlabs/debian-7.8-64-nocm
+ hypervisor: vagrant
+CONFIG:
+ type: foss
+...
+# vim: syntax=yaml
diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/debian-82-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/debian-82-x64.yml
new file mode 100644
index 0000000..9897a8f
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/debian-82-x64.yml
@@ -0,0 +1,15 @@
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+HOSTS:
+ debian-82-x64:
+ roles:
+ - master
+ platform: debian-8-amd64
+ box: puppetlabs/debian-8.2-64-nocm
+ hypervisor: vagrant
+CONFIG:
+ type: foss
+...
+# vim: syntax=yaml
diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/amazonlinux-2016091.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/amazonlinux-2016091.yml
new file mode 100644
index 0000000..19dd43e
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/amazonlinux-2016091.yml
@@ -0,0 +1,31 @@
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+#
+# Additional ~/.fog config file with AWS EC2 credentials
+# required.
+#
+# see: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md
+#
+# Amazon Linux is not a RHEL clone.
+#
+HOSTS:
+ amazonlinux-2016091-x64:
+ roles:
+ - master
+ platform: centos-6-x86_64
+ hypervisor: ec2
+ # refers to image_tempaltes.yaml AMI[vmname] entry:
+ vmname: amazonlinux-2016091-eu-central-1
+ # refers to image_tempaltes.yaml entry inside AMI[vmname][:image]:
+ snapshot: aio
+ # t2.micro is free tier eligible (https://aws.amazon.com/en/free/):
+ amisize: t2.micro
+ # required so that beaker sanitizes sshd_config and root authorized_keys:
+ user: ec2-user
+CONFIG:
+ type: aio
+ :ec2_yaml: spec/acceptance/nodesets/ec2/image_templates.yaml
+...
+# vim: syntax=yaml
diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/image_templates.yaml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/image_templates.yaml
new file mode 100644
index 0000000..e50593e
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/image_templates.yaml
@@ -0,0 +1,34 @@
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+#
+# see also: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md
+#
+# Hint: image IDs (ami-*) for the same image are different per location.
+#
+AMI:
+ # Amazon Linux AMI 2016.09.1 (HVM), SSD Volume Type
+ amazonlinux-2016091-eu-central-1:
+ :image:
+ :aio: ami-af0fc0c0
+ :region: eu-central-1
+ # Red Hat Enterprise Linux 7.3 (HVM), SSD Volume Type
+ rhel-73-eu-central-1:
+ :image:
+ :aio: ami-e4c63e8b
+ :region: eu-central-1
+ # SUSE Linux Enterprise Server 12 SP2 (HVM), SSD Volume Type
+ sles-12sp2-eu-central-1:
+ :image:
+ :aio: ami-c425e4ab
+ :region: eu-central-1
+ # Ubuntu Server 16.04 LTS (HVM), SSD Volume Type
+ ubuntu-1604-eu-central-1:
+ :image:
+ :aio: ami-fe408091
+ :region: eu-central-1
+ # Microsoft Windows Server 2016 Base
+ windows-2016-base-eu-central-1:
+ :image:
+ :aio: ami-88ec20e7
+ :region: eu-central-1
diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/rhel-73-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/rhel-73-x64.yml
new file mode 100644
index 0000000..7fac823
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/rhel-73-x64.yml
@@ -0,0 +1,29 @@
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+#
+# Additional ~/.fog config file with AWS EC2 credentials
+# required.
+#
+# see: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md
+#
+HOSTS:
+ rhel-73-x64:
+ roles:
+ - master
+ platform: el-7-x86_64
+ hypervisor: ec2
+ # refers to image_tempaltes.yaml AMI[vmname] entry:
+ vmname: rhel-73-eu-central-1
+ # refers to image_tempaltes.yaml entry inside AMI[vmname][:image]:
+ snapshot: aio
+ # t2.micro is free tier eligible (https://aws.amazon.com/en/free/):
+ amisize: t2.micro
+ # required so that beaker sanitizes sshd_config and root authorized_keys:
+ user: ec2-user
+CONFIG:
+ type: aio
+ :ec2_yaml: spec/acceptance/nodesets/ec2/image_templates.yaml
+...
+# vim: syntax=yaml
diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/sles-12sp2-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/sles-12sp2-x64.yml
new file mode 100644
index 0000000..8542154
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/sles-12sp2-x64.yml
@@ -0,0 +1,29 @@
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+#
+# Additional ~/.fog config file with AWS EC2 credentials
+# required.
+#
+# see: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md
+#
+HOSTS:
+ sles-12sp2-x64:
+ roles:
+ - master
+ platform: sles-12-x86_64
+ hypervisor: ec2
+ # refers to image_tempaltes.yaml AMI[vmname] entry:
+ vmname: sles-12sp2-eu-central-1
+ # refers to image_tempaltes.yaml entry inside AMI[vmname][:image]:
+ snapshot: aio
+ # t2.micro is free tier eligible (https://aws.amazon.com/en/free/):
+ amisize: t2.micro
+ # required so that beaker sanitizes sshd_config and root authorized_keys:
+ user: ec2-user
+CONFIG:
+ type: aio
+ :ec2_yaml: spec/acceptance/nodesets/ec2/image_templates.yaml
+...
+# vim: syntax=yaml
diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/ubuntu-1604-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/ubuntu-1604-x64.yml
new file mode 100644
index 0000000..9cf59d5
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/ubuntu-1604-x64.yml
@@ -0,0 +1,29 @@
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+#
+# Additional ~/.fog config file with AWS EC2 credentials
+# required.
+#
+# see: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md
+#
+HOSTS:
+ ubuntu-1604-x64:
+ roles:
+ - master
+ platform: ubuntu-16.04-amd64
+ hypervisor: ec2
+ # refers to image_tempaltes.yaml AMI[vmname] entry:
+ vmname: ubuntu-1604-eu-central-1
+ # refers to image_tempaltes.yaml entry inside AMI[vmname][:image]:
+ snapshot: aio
+ # t2.micro is free tier eligible (https://aws.amazon.com/en/free/):
+ amisize: t2.micro
+ # required so that beaker sanitizes sshd_config and root authorized_keys:
+ user: ubuntu
+CONFIG:
+ type: aio
+ :ec2_yaml: spec/acceptance/nodesets/ec2/image_templates.yaml
+...
+# vim: syntax=yaml
diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/windows-2016-base-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/windows-2016-base-x64.yml
new file mode 100644
index 0000000..0932e29
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/windows-2016-base-x64.yml
@@ -0,0 +1,29 @@
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+#
+# Additional ~/.fog config file with AWS EC2 credentials
+# required.
+#
+# see: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md
+#
+HOSTS:
+ windows-2016-base-x64:
+ roles:
+ - master
+ platform: windows-2016-64
+ hypervisor: ec2
+ # refers to image_tempaltes.yaml AMI[vmname] entry:
+ vmname: windows-2016-base-eu-central-1
+ # refers to image_tempaltes.yaml entry inside AMI[vmname][:image]:
+ snapshot: aio
+ # t2.micro is free tier eligible (https://aws.amazon.com/en/free/):
+ amisize: t2.micro
+ # required so that beaker sanitizes sshd_config and root authorized_keys:
+ user: ec2-user
+CONFIG:
+ type: aio
+ :ec2_yaml: spec/acceptance/nodesets/ec2/image_templates.yaml
+...
+# vim: syntax=yaml
diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/fedora-24-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/fedora-24-x64.yml
new file mode 100644
index 0000000..820b62d
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/fedora-24-x64.yml
@@ -0,0 +1,15 @@
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+HOSTS:
+ fedora-24-x64:
+ roles:
+ - master
+ platform: fedora-24-x86_64
+ box: fedora/24-cloud-base
+ hypervisor: vagrant
+CONFIG:
+ type: aio
+...
+# vim: syntax=yaml
diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/fedora-25-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/fedora-25-x64.yml
new file mode 100644
index 0000000..54dd330
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/fedora-25-x64.yml
@@ -0,0 +1,16 @@
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+#
+HOSTS:
+ fedora-25-x64:
+ roles:
+ - master
+ platform: fedora-25-x86_64
+ box: fedora/25-cloud-base
+ hypervisor: vagrant
+CONFIG:
+ type: aio
+...
+# vim: syntax=yaml
diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/fedora-26-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/fedora-26-x64.yml
new file mode 100644
index 0000000..598822b
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/fedora-26-x64.yml
@@ -0,0 +1,16 @@
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+#
+HOSTS:
+ fedora-26-x64:
+ roles:
+ - master
+ platform: fedora-26-x86_64
+ box: fedora/26-cloud-base
+ hypervisor: vagrant
+CONFIG:
+ type: aio
+...
+# vim: syntax=yaml
diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/fedora-27-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/fedora-27-x64.yml
new file mode 100644
index 0000000..c2b61eb
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/fedora-27-x64.yml
@@ -0,0 +1,18 @@
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+#
+# platform is fedora 26 because there is no puppet-agent
+# for fedora 27 as of 2017-11-17
+HOSTS:
+ fedora-27-x64:
+ roles:
+ - master
+ platform: fedora-26-x86_64
+ box: fedora/27-cloud-base
+ hypervisor: vagrant
+CONFIG:
+ type: aio
+...
+# vim: syntax=yaml
diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ubuntu-server-1204-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ubuntu-server-1204-x64.yml
new file mode 100644
index 0000000..29102c5
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ubuntu-server-1204-x64.yml
@@ -0,0 +1,15 @@
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+HOSTS:
+ ubuntu-server-1204-x64:
+ roles:
+ - master
+ platform: ubuntu-12.04-amd64
+ box: puppetlabs/ubuntu-12.04-64-nocm
+ hypervisor: vagrant
+CONFIG:
+ type: foss
+...
+# vim: syntax=yaml
diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml
new file mode 100644
index 0000000..054e658
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml
@@ -0,0 +1,15 @@
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+HOSTS:
+ ubuntu-server-1404-x64:
+ roles:
+ - master
+ platform: ubuntu-14.04-amd64
+ box: puppetlabs/ubuntu-14.04-64-nocm
+ hypervisor: vagrant
+CONFIG:
+ type: foss
+...
+# vim: syntax=yaml
diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ubuntu-server-1604-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ubuntu-server-1604-x64.yml
new file mode 100644
index 0000000..bc85e0e
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ubuntu-server-1604-x64.yml
@@ -0,0 +1,15 @@
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+HOSTS:
+ ubuntu-server-1604-x64:
+ roles:
+ - master
+ platform: ubuntu-16.04-amd64
+ box: puppetlabs/ubuntu-16.04-64-nocm
+ hypervisor: vagrant
+CONFIG:
+ type: foss
+...
+# vim: syntax=yaml
diff --git a/code/environments/production/modules/unattended_upgrades/spec/classes/coverage_spec.rb b/code/environments/production/modules/unattended_upgrades/spec/classes/coverage_spec.rb
new file mode 100644
index 0000000..de44654
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/spec/classes/coverage_spec.rb
@@ -0,0 +1,4 @@
+require 'rspec-puppet'
+
+at_exit { RSpec::Puppet::Coverage.report! }
+# vim: syntax=ruby
diff --git a/code/environments/production/modules/unattended_upgrades/spec/classes/debian_spec.rb b/code/environments/production/modules/unattended_upgrades/spec/classes/debian_spec.rb
new file mode 100644
index 0000000..c2d4ec2
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/spec/classes/debian_spec.rb
@@ -0,0 +1,146 @@
+require 'spec_helper'
+
+# rubocop:disable Style/RegexpLiteral
+describe 'unattended_upgrades' do
+ let(:file_unattended) { '/etc/apt/apt.conf.d/50unattended-upgrades' }
+ let(:file_periodic) { '/etc/apt/apt.conf.d/10periodic' }
+ let(:file_options) { '/etc/apt/apt.conf.d/10options' }
+
+ shared_examples 'Debian specs' do
+ let(:params) { {} }
+
+ it { is_expected.to compile.with_all_deps }
+
+ it do
+ is_expected.to create_file(file_periodic).with(
+ owner: 'root',
+ group: 'root',
+ mode: '0644'
+ ).with_content(
+ /APT::Periodic::Enable "1";/
+ ).with_content(
+ /APT::Periodic::BackupArchiveInterval "0";/
+ ).with_content(
+ /APT::Periodic::BackupLevel "3";/
+ ).with_content(
+ /APT::Periodic::MaxAge "0";/
+ ).with_content(
+ /APT::Periodic::MinAge "2";/
+ ).with_content(
+ /APT::Periodic::MaxSize "0";/
+ ).with_content(
+ /APT::Periodic::Update-Package-Lists "1";/
+ ).with_content(
+ /APT::Periodic::Download-Upgradeable-Packages "0";/
+ ).with_content(
+ /APT::Periodic::Download-Upgradeable-Packages-Debdelta "1";/
+ ).with_content(
+ /APT::Periodic::Unattended-Upgrade "1";/
+ ).with_content(
+ /APT::Periodic::AutocleanInterval "0";/
+ ).with_content(
+ /APT::Periodic::Verbose "0";/
+ )
+ end
+
+ it do
+ is_expected.to contain_apt__conf('auto-upgrades').with(
+ ensure: 'absent'
+ )
+ end
+ it do
+ is_expected.to create_file(file_options).with(
+ owner: 'root',
+ group: 'root',
+ mode: '0644'
+ ).with_content(
+ /^Dpkg::Options\s{/
+ ).with_content(
+ /^\s+\"--force-confdef\";/
+ ).with_content(
+ /^\s+\"--force-confold\";/
+ ).without_content(
+ /\"--force-confnew\";/
+ ).without_content(
+ /\"--force-confmiss\";/
+ )
+ end
+ end
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let(:facts) do
+ facts.merge(fqdn: 'unattended-upgrades.example.com',
+ path: '/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/opt/puppetlabs/bin:/root/bin')
+ end
+
+ if facts[:operatingsystem] == 'Debian'
+ it_behaves_like 'Debian specs'
+
+ case facts[:lsbdistcodename]
+ when 'squeeze'
+ context 'with defaults on Debian 6 Squeeze' do
+ it do
+ is_expected.to create_file(file_unattended).with(
+ owner: 'root',
+ group: 'root',
+ mode: '0644'
+ ).with_content(
+ # This section varies for different releases
+ /\Unattended-Upgrade::Allowed-Origins\ {\n
+ \t"\${distro_id}\ \${distro_codename}-security";\n
+ \t"\${distro_id}\ \${distro_codename}-lts";\n
+ };/x
+ )
+ end
+ end
+ when 'wheezy'
+ context 'with defaults on Debian 7 wheezy' do
+ it do
+ is_expected.to create_file(file_unattended).with(
+ owner: 'root',
+ group: 'root',
+ mode: '0644'
+ ).with_content(
+ # This section varies for different releases
+ /\Unattended-Upgrade::Origins-Pattern\ {\n
+ \t"origin=Debian,archive=oldoldstable,label=Debian-Security";\n
+ };/x
+ )
+ end
+ end
+ when 'jessie'
+ context 'with defaults on Debian 8 Jessie' do
+ it do
+ is_expected.to create_file(file_unattended).with(
+ owner: 'root',
+ group: 'root',
+ mode: '0644'
+ ).with_content(
+ # This section varies for different releases
+ /\Unattended-Upgrade::Origins-Pattern\ {\n
+ \t"origin=Debian,archive=oldstable,label=Debian-Security";\n
+ };/x
+ )
+ end
+ end
+ when 'stretch'
+ context 'with defaults on Debian 9 Stretch' do
+ it do
+ is_expected.to create_file(file_unattended).with(
+ owner: 'root',
+ group: 'root',
+ mode: '0644'
+ ).with_content(
+ # This section varies for different releases
+ /\Unattended-Upgrade::Origins-Pattern\ {\n
+ \t"origin=Debian,archive=stable,label=Debian-Security";\n
+ };/x
+ )
+ end
+ end
+ end
+ end
+ end
+ end
+end
diff --git a/code/environments/production/modules/unattended_upgrades/spec/classes/other_debians_spec.rb b/code/environments/production/modules/unattended_upgrades/spec/classes/other_debians_spec.rb
new file mode 100644
index 0000000..a4dcd2f
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/spec/classes/other_debians_spec.rb
@@ -0,0 +1,128 @@
+require 'spec_helper'
+describe 'unattended_upgrades' do
+ let(:file_unattended) { '/etc/apt/apt.conf.d/50unattended-upgrades' }
+ let(:file_periodic) { '/etc/apt/apt.conf.d/10periodic' }
+ let(:file_options) { '/etc/apt/apt.conf.d/10options' }
+
+ context 'with defaults on Raspbian' do
+ let(:facts) do
+ {
+ os: {
+ name: 'Raspbian',
+ family: 'Debian',
+ release: {
+ full: '8.0'
+ }
+ },
+ osfamily: 'Debian',
+ lsbdistid: 'Raspbian',
+ lsbdistcodename: 'jessie',
+ lsbrelease: '8.0'
+ }
+ end
+
+ it do
+ is_expected.to create_file(file_unattended).with(
+ owner: 'root',
+ group: 'root',
+ mode: '0644'
+ )
+ end
+ end
+
+ context 'with defaults on Linux Mint 13 Maya' do
+ let(:facts) do
+ {
+ os: {
+ name: 'LinuxMint',
+ family: 'Debian',
+ release: {
+ full: '13'
+ }
+ },
+ osfamily: 'Debian',
+ lsbdistid: 'LinuxMint',
+ lsbdistcodename: 'maya',
+ lsbdistrelease: '13',
+ lsbmajdistrelease: '13'
+ }
+ end
+
+ it do
+ is_expected.to create_file(file_unattended).with(
+ 'owner' => 'root',
+ 'group' => 'root',
+ 'mode' => '0644'
+ ).with_content(
+ # This is the only section that's different for Ubuntu compared to Debian
+ %r{\Unattended-Upgrade::Allowed-Origins\ {\n
+ \t"Ubuntu\:precise-security";\n
+ };}x
+ )
+ end
+ end
+
+ context 'with defaults on Linux Mint 17.3 Rosa' do
+ let(:facts) do
+ {
+ os: {
+ name: 'LinuxMint',
+ family: 'Debian',
+ release: {
+ full: '17.3'
+ }
+ },
+ osfamily: 'Debian',
+ lsbdistid: 'LinuxMint',
+ lsbdistcodename: 'rosa',
+ lsbdistrelease: '17.3',
+ lsbmajdistrelease: '17'
+ }
+ end
+
+ it do
+ is_expected.to create_file(file_unattended).with(
+ 'owner' => 'root',
+ 'group' => 'root',
+ 'mode' => '0644'
+ ).with_content(
+ # This is the only section that's different for Ubuntu compared to Debian
+ %r{\Unattended-Upgrade::Allowed-Origins\ {\n
+ \t"Ubuntu\:trusty-security";\n
+ };}x
+ )
+ end
+ end
+
+ context 'with defaults on Linux Mint 18 Sarah' do
+ let(:facts) do
+ {
+ os: {
+ name: 'LinuxMint',
+ family: 'Debian',
+ release: {
+ full: '18'
+ }
+ },
+ osfamily: 'Debian',
+ lsbdistid: 'LinuxMint',
+ lsbdistcodename: 'sarah',
+ lsbdistrelease: '18',
+ lsbmajdistrelease: '18'
+ }
+ end
+
+ it do
+ is_expected.to create_file(file_unattended).with(
+ 'owner' => 'root',
+ 'group' => 'root',
+ 'mode' => '0644'
+ ).with_content(
+ # This is the only section that's different for Ubuntu compared to Debian
+ %r{\Unattended-Upgrade::Allowed-Origins\ {\n
+ \t"Ubuntu\:xenial-security";\n
+ };}x
+ )
+ end
+ end
+end
diff --git a/code/environments/production/modules/unattended_upgrades/spec/classes/ubuntu_spec.rb b/code/environments/production/modules/unattended_upgrades/spec/classes/ubuntu_spec.rb
new file mode 100644
index 0000000..6d756bb
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/spec/classes/ubuntu_spec.rb
@@ -0,0 +1,131 @@
+require 'spec_helper'
+
+# rubocop:disable Style/RegexpLiteral
+describe 'unattended_upgrades' do
+ let(:file_unattended) { '/etc/apt/apt.conf.d/50unattended-upgrades' }
+ let(:file_periodic) { '/etc/apt/apt.conf.d/10periodic' }
+ let(:file_options) { '/etc/apt/apt.conf.d/10options' }
+
+ shared_examples 'Ubuntu specs' do
+ let(:params) { {} }
+
+ it { is_expected.to compile.with_all_deps }
+
+ it do
+ is_expected.to create_file(file_periodic).with(
+ owner: 'root',
+ group: 'root',
+ mode: '0644'
+ ).with_content(
+ /APT::Periodic::Enable "1";/
+ ).with_content(
+ /APT::Periodic::BackupArchiveInterval "0";/
+ ).with_content(
+ /APT::Periodic::BackupLevel "3";/
+ ).with_content(
+ /APT::Periodic::MaxAge "0";/
+ ).with_content(
+ /APT::Periodic::MinAge "2";/
+ ).with_content(
+ /APT::Periodic::MaxSize "0";/
+ ).with_content(
+ /APT::Periodic::Update-Package-Lists "1";/
+ ).with_content(
+ /APT::Periodic::Download-Upgradeable-Packages "0";/
+ ).with_content(
+ /APT::Periodic::Download-Upgradeable-Packages-Debdelta "1";/
+ ).with_content(
+ /APT::Periodic::Unattended-Upgrade "1";/
+ ).with_content(
+ /APT::Periodic::AutocleanInterval "0";/
+ ).with_content(
+ /APT::Periodic::Verbose "0";/
+ )
+ end
+
+ it do
+ is_expected.to contain_apt__conf('auto-upgrades').with(
+ ensure: 'absent'
+ )
+ end
+ it do
+ is_expected.to create_file(file_options).with(
+ owner: 'root',
+ group: 'root',
+ mode: '0644'
+ ).with_content(
+ /^Dpkg::Options\s{/
+ ).with_content(
+ /^\s+\"--force-confdef\";/
+ ).with_content(
+ /^\s+\"--force-confold\";/
+ ).without_content(
+ /\"--force-confnew\";/
+ ).without_content(
+ /\"--force-confmiss\";/
+ )
+ end
+ end
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let(:facts) do
+ facts.merge(fqdn: 'unattended-upgrades.example.com',
+ path: '/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/opt/puppetlabs/bin:/root/bin')
+ end
+
+ case facts[:operatingsystem]
+ when 'Ubuntu'
+ it_behaves_like 'Ubuntu specs'
+ case facts[:lsbdistcodename]
+ when 'precise'
+ context 'with defaults on Ubuntu 12.04 Precise' do
+ it do
+ is_expected.to create_file(file_unattended).with(
+ owner: 'root',
+ group: 'root',
+ mode: '0644'
+ ).with_content(
+ # This is the only section that's different for Ubuntu compared to Debian
+ /\Unattended-Upgrade::Allowed-Origins\ {\n
+ \t"\${distro_id}\:\${distro_codename}-security";\n
+ };/x
+ )
+ end
+ end
+ when 'trusty'
+ context 'with defaults on Ubuntu 14.04 Trusty' do
+ it do
+ is_expected.to create_file(file_unattended).with(
+ owner: 'root',
+ group: 'root',
+ mode: '0644'
+ ).with_content(
+ # This is the only section that's different for Ubuntu compared to Debian
+ /\Unattended-Upgrade::Allowed-Origins\ {\n
+ \t"\${distro_id}\:\${distro_codename}-security";\n
+ };/x
+ )
+ end
+ end
+ when 'xenial'
+ context 'with defaults on Ubuntu 16.04 Xenial' do
+ it do
+ is_expected.to create_file(file_unattended).with(
+ owner: 'root',
+ group: 'root',
+ mode: '0644'
+ ).with_content(
+ # This is the only section that's different for Ubuntu compared to Debian
+ /\Unattended-Upgrade::Allowed-Origins\ {\n
+ \t"\${distro_id}\:\${distro_codename}";\n
+ \t"\${distro_id}\:\${distro_codename}-security";\n
+ };/x
+ )
+ end
+ end
+ end
+ end
+ end
+ end
+end
diff --git a/code/environments/production/modules/unattended_upgrades/spec/classes/unattended_upgrades_spec.rb b/code/environments/production/modules/unattended_upgrades/spec/classes/unattended_upgrades_spec.rb
new file mode 100644
index 0000000..e79a680
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/spec/classes/unattended_upgrades_spec.rb
@@ -0,0 +1,436 @@
+require 'spec_helper'
+
+# rubocop:disable Style/RegexpLiteral
+describe 'unattended_upgrades' do
+ let(:file_unattended) { '/etc/apt/apt.conf.d/50unattended-upgrades' }
+ let(:file_periodic) { '/etc/apt/apt.conf.d/10periodic' }
+ let(:file_options) { '/etc/apt/apt.conf.d/10options' }
+
+ shared_examples 'basic specs' do
+ let(:params) { {} }
+
+ context 'baseline specs' do
+ it { is_expected.to compile.with_all_deps }
+
+ it do
+ is_expected.to contain_package('unattended-upgrades')
+ is_expected.to compile.with_all_deps
+ is_expected.to contain_class('unattended_upgrades::params')
+ is_expected.to contain_class('unattended_upgrades')
+ is_expected.to contain_class('apt')
+ end
+
+ it do
+ is_expected.to contain_apt__conf('unattended-upgrades').with(
+ require: 'Package[unattended-upgrades]',
+ notify_update: false
+ )
+ end
+
+ it do
+ is_expected.to contain_apt__conf('periodic').with(
+ require: 'Package[unattended-upgrades]',
+ notify_update: false
+ )
+ end
+
+ it do
+ is_expected.to contain_apt__conf('options').with(
+ require: 'Package[unattended-upgrades]',
+ notify_update: false
+ )
+ end
+
+ it { is_expected.to create_file(file_unattended).without_content(/Unattended-Upgrade::Sender/) }
+ end
+
+ context 'set all the things' do
+ let :params do
+ {
+ age: { 'min' => 1, 'max' => 20 },
+ size: 1000,
+ update: 5,
+ upgradeable_packages: {
+ 'download_only' => 5,
+ 'debdelta' => 5
+ },
+ upgrade: 5,
+ auto: {
+ 'clean' => 5,
+ 'fix_interrupted_dpkg' => false,
+ 'remove' => false,
+ 'reboot' => true,
+ 'reboot_time' => '03:00'
+ },
+ verbose: 1,
+ legacy_origin: true,
+ origins: %w[bananas],
+ blacklist: %w[foo bar],
+ minimal_steps: false,
+ install_on_shutdown: true,
+ mail: {
+ 'to' => 'root@localhost',
+ 'only_on_error' => true
+ },
+ sender: 'root@server.example.com',
+ dl_limit: 70,
+ random_sleep: 300,
+ notify_update: true,
+ options: {
+ 'force_confdef' => false,
+ 'force_confold' => false,
+ 'force_confnew' => true,
+ 'force_confmiss' => true
+ }
+ }
+ end
+
+ it { is_expected.to contain_package('unattended-upgrades') }
+
+ it do
+ is_expected.to contain_apt__conf('unattended-upgrades').with(
+ require: 'Package[unattended-upgrades]',
+ notify_update: true
+ )
+ end
+
+ it do
+ is_expected.to contain_apt__conf('periodic').with(
+ require: 'Package[unattended-upgrades]',
+ notify_update: true
+ )
+ end
+
+ it do
+ is_expected.to contain_apt__conf('options').with(
+ require: 'Package[unattended-upgrades]',
+ notify_update: true
+ )
+ end
+
+ it do
+ is_expected.to create_file(file_unattended).with(
+ owner: 'root',
+ group: 'root',
+ mode: '0644'
+ ).with_content(
+ /Unattended-Upgrade::Allowed-Origins {\n\t"bananas";\n};/
+ ).with_content(
+ /Unattended-Upgrade::Package-Blacklist {\n\t"foo";\n\t"bar";\n};/
+ ).with_content(
+ /Unattended-Upgrade::AutoFixInterruptedDpkg "false";/
+ ).with_content(
+ /Unattended-Upgrade::MinimalSteps "false";/
+ ).with_content(
+ /Unattended-Upgrade::InstallOnShutdown "true";/
+ ).with_content(
+ /Unattended-Upgrade::Remove-Unused-Dependencies "false";/
+ ).with_content(
+ /Unattended-Upgrade::Automatic-Reboot "true";/
+ ).with_content(
+ /Unattended-Upgrade::Automatic-Reboot-Time "03:00";/
+ ).with_content(
+ /Unattended-Upgrade::Mail "root@localhost";/
+ ).with_content(
+ /Unattended-Upgrade::Sender "root@server.example.com";/
+ ).with_content(
+ /Unattended-Upgrade::MailOnlyOnError "true";/
+ ).with_content(
+ /Acquire::http::Dl-Limit "70";/
+ )
+ end
+
+ it do
+ is_expected.to create_file(file_periodic).with(
+ owner: 'root',
+ group: 'root',
+ mode: '0644'
+ ).with_content(
+ /APT::Periodic::Enable "1";/
+ ).with_content(
+ /APT::Periodic::BackupArchiveInterval "0";/
+ ).with_content(
+ /APT::Periodic::BackupLevel "3";/
+ ).with_content(
+ /APT::Periodic::MaxAge "20";/
+ ).with_content(
+ /APT::Periodic::MinAge "1";/
+ ).with_content(
+ /APT::Periodic::MaxSize "1000";/
+ ).with_content(
+ /APT::Periodic::Update-Package-Lists "5";/
+ ).with_content(
+ /APT::Periodic::Download-Upgradeable-Packages "5";/
+ ).with_content(
+ /APT::Periodic::Download-Upgradeable-Packages-Debdelta "5";/
+ ).with_content(
+ /APT::Periodic::Unattended-Upgrade "5";/
+ ).with_content(
+ /APT::Periodic::AutocleanInterval "5";/
+ ).with_content(
+ /APT::Periodic::Verbose "1";/
+ ).with_content(
+ /APT::Periodic::RandomSleep "300";/
+ )
+ end
+
+ it do
+ is_expected.to create_file(file_options).with(
+ owner: 'root',
+ group: 'root',
+ mode: '0644'
+ ).with_content(
+ /^Dpkg::Options\s{/
+ ).without_content(
+ /"--force-confdef";/
+ ).without_content(
+ /"--force-confold";/
+ ).with_content(
+ /^\s+"--force-confnew";/
+ ).with_content(
+ /^\s+"--force-confmiss";/
+ )
+ end
+ it do
+ is_expected.to contain_apt__conf('auto-upgrades').with(
+ ensure: 'absent'
+ )
+ end
+ end
+
+ describe 'validation tests' do
+ context 'bad install_on_shutdown' do
+ let :params do
+ {
+ install_on_shutdown: 'foo'
+ }
+ end
+
+ it do
+ expect do
+ subject.call
+ end.to raise_error(Puppet::Error, /got String/)
+ end
+ end
+ context 'bad legacy_origin' do
+ let :params do
+ {
+ legacy_origin: 'foo'
+ }
+ end
+
+ it do
+ expect do
+ subject.call
+ end.to raise_error(Puppet::Error, /got String/)
+ end
+ end
+ context 'bad minimal_steps' do
+ let :params do
+ {
+ minimal_steps: 'foo'
+ }
+ end
+
+ it do
+ expect do
+ subject.call
+ end.to raise_error(Puppet::Error, /got String/)
+ end
+ end
+ context 'bad blacklist' do
+ let :params do
+ {
+ blacklist: 'foo'
+ }
+ end
+
+ it do
+ expect do
+ subject.call
+ end.to raise_error(Puppet::Error, /got String/)
+ end
+ end
+ context 'bad origins' do
+ let :params do
+ {
+ origins: 'foo'
+ }
+ end
+
+ it do
+ expect do
+ subject.call
+ end.to raise_error(Puppet::Error, /got String/)
+ end
+ end
+ context 'bad auto' do
+ let :params do
+ {
+ auto: 'foo'
+ }
+ end
+
+ it do
+ expect do
+ subject.call
+ end.to raise_error(Puppet::Error, /got String/)
+ end
+ end
+ context 'bad mail' do
+ let :params do
+ {
+ mail: 'foo'
+ }
+ end
+
+ it do
+ expect do
+ subject.call
+ end.to raise_error(Puppet::Error, /got String/)
+ end
+ end
+ context 'bad backup' do
+ let :params do
+ {
+ backup: 'foo'
+ }
+ end
+
+ it do
+ expect do
+ subject.call
+ end.to raise_error(Puppet::Error, /got String/)
+ end
+ end
+ context 'bad age' do
+ let :params do
+ {
+ age: 'foo'
+ }
+ end
+
+ it do
+ expect do
+ subject.call
+ end.to raise_error(Puppet::Error, /got String/)
+ end
+ end
+ context 'bad size' do
+ let :params do
+ {
+ size: 'foo'
+ }
+ end
+
+ it do
+ expect do
+ subject.call
+ end.to raise_error(Puppet::Error, /got String/)
+ end
+ end
+ context 'bad upgradeable_packages' do
+ let :params do
+ {
+ upgradeable_packages: 'foo'
+ }
+ end
+
+ it do
+ expect do
+ subject.call
+ end.to raise_error(Puppet::Error, /got String/)
+ end
+ end
+ context 'bad mail[\'only_on_error\']' do
+ let :params do
+ {
+ mail: { 'only_on_error' => 'foo' }
+ }
+ end
+
+ it do
+ expect do
+ subject.call
+ end.to raise_error(Puppet::Error, /got String/)
+ end
+ end
+ context 'bad options[\'force_confdef\']' do
+ let :params do
+ {
+ options: { 'force_confdef' => 'foo' }
+ }
+ end
+
+ it do
+ expect do
+ subject.call
+ end.to raise_error(Puppet::Error, /got String/)
+ end
+ end
+ context 'bad options[\'force_confold\']' do
+ let :params do
+ {
+ options: { 'force_confold' => 'foo' }
+ }
+ end
+
+ it do
+ expect do
+ subject.call
+ end.to raise_error(Puppet::Error, /got String/)
+ end
+ end
+ context 'bad options[\'force_confnew\']' do
+ let :params do
+ {
+ options: { 'force_confnew' => 'foo' }
+ }
+ end
+
+ it do
+ expect do
+ subject.call
+ end.to raise_error(Puppet::Error, /got String/)
+ end
+ end
+ context 'bad options[\'force_confmiss\']' do
+ let :params do
+ {
+ options: { 'force_confmiss' => 'foo' }
+ }
+ end
+
+ it do
+ expect do
+ subject.call
+ end.to raise_error(Puppet::Error, /got String/)
+ end
+ end
+ context 'bad options[\'invalid_key\']' do
+ let :params do
+ {
+ options: { 'invalid_key' => true }
+ }
+ end
+
+ it do
+ expect do
+ subject.call
+ end.to raise_error(Puppet::Error, /unrecognized key 'invalid_key'/)
+ end
+ end
+ end
+ end
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let(:facts) do
+ facts.merge(fqdn: 'unattended-upgrades.example.com',
+ path: '/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/opt/puppetlabs/bin:/root/bin')
+ end
+
+ it_behaves_like 'basic specs'
+ end
+ end
+end
diff --git a/code/environments/production/modules/unattended_upgrades/spec/default_facts.yml b/code/environments/production/modules/unattended_upgrades/spec/default_facts.yml
new file mode 100644
index 0000000..13c4165
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/spec/default_facts.yml
@@ -0,0 +1,14 @@
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+#
+# use default_module_facts.yaml for module specific
+# facts.
+#
+# Hint if using with rspec-puppet-facts ("on_supported_os.each"):
+# if a same named fact exists in facterdb it will be overridden.
+---
+concat_basedir: "/tmp"
+ipaddress: "172.16.254.254"
+is_pe: false
+macaddress: "AA:AA:AA:AA:AA:AA"
diff --git a/code/environments/production/modules/unattended_upgrades/spec/spec_helper.rb b/code/environments/production/modules/unattended_upgrades/spec/spec_helper.rb
new file mode 100644
index 0000000..ea74a52
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/spec/spec_helper.rb
@@ -0,0 +1,35 @@
+require 'puppetlabs_spec_helper/module_spec_helper'
+require 'rspec-puppet-facts'
+include RspecPuppetFacts
+
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+
+if Dir.exist?(File.expand_path('../../lib', __FILE__))
+ require 'coveralls'
+ require 'simplecov'
+ require 'simplecov-console'
+ SimpleCov.formatters = [
+ SimpleCov::Formatter::HTMLFormatter,
+ SimpleCov::Formatter::Console
+ ]
+ SimpleCov.start do
+ track_files 'lib/**/*.rb'
+ add_filter '/spec'
+ add_filter '/vendor'
+ add_filter '/.vendor'
+ end
+end
+
+RSpec.configure do |c|
+ default_facts = {
+ puppetversion: Puppet.version,
+ facterversion: Facter.version
+ }
+ default_facts.merge!(YAML.load(File.read(File.expand_path('../default_facts.yml', __FILE__)))) if File.exist?(File.expand_path('../default_facts.yml', __FILE__))
+ default_facts.merge!(YAML.load(File.read(File.expand_path('../default_module_facts.yml', __FILE__)))) if File.exist?(File.expand_path('../default_module_facts.yml', __FILE__))
+ c.default_facts = default_facts
+end
+
+# vim: syntax=ruby
diff --git a/code/environments/production/modules/unattended_upgrades/templates/options.erb b/code/environments/production/modules/unattended_upgrades/templates/options.erb
new file mode 100644
index 0000000..3c6e2d6
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/templates/options.erb
@@ -0,0 +1,11 @@
+Dpkg::Options {
+<%- @_options.sort_by{|key,value| key}.each do |config, value|
+ if %w(force_confdef force_confold force_confnew force_confmiss).include?(config) then
+ if value then -%>
+ "--<%= config.sub('_','-') -%>";
+ <%- end
+ else
+ scope.function_fail(["#{config} not a valid key for $unattended_upgrades::options"])
+ end
+end -%>
+}
diff --git a/code/environments/production/modules/unattended_upgrades/templates/periodic.erb b/code/environments/production/modules/unattended_upgrades/templates/periodic.erb
new file mode 100644
index 0000000..780821c
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/templates/periodic.erb
@@ -0,0 +1,62 @@
+APT::Periodic::Enable "<%= @enable %>";
+# - Enable the update/upgrade script (0=disable)
+#
+APT::Periodic::BackupArchiveInterval "<%= @_backup['archive_interval'] %>";
+# - Backup after n-days if archive contents changed.(0=disable)
+#
+APT::Periodic::BackupLevel "<%= @_backup['level'] %>";
+# - Backup level.(0=disable), 1 is invalid.
+#
+APT::Periodic::MaxAge "<%= @_age['max'] %>";
+# - Set maximum allowed age of a cache package file. If a cache
+# package file is older it is deleted (0=disable)
+#
+APT::Periodic::MinAge "<%= @_age['min'] %>";
+# - Set minimum age of a package file. If a file is younger it
+# will not be deleted (0=disable). Usefull to prevent races
+# and to keep backups of the packages for emergency.
+#
+APT::Periodic::MaxSize "<%= @size %>";
+# - Set maximum size of the cache in MB (0=disable). If the cache
+# is bigger, cached package files are deleted until the size
+# requirement is met (the biggest packages will be deleted
+# first).
+#
+APT::Periodic::Update-Package-Lists "<%= @update %>";
+# - Do "apt-get update" automatically every n-days (0=disable)
+#
+APT::Periodic::Download-Upgradeable-Packages "<%= @_upgradeable_packages['download_only'] %>";
+# - Do "apt-get upgrade --download-only" every n-days (0=disable)
+#
+APT::Periodic::Download-Upgradeable-Packages-Debdelta "<%= @_upgradeable_packages['debdelta'] %>";
+# - Use debdelta-upgrade to download updates if available (0=disable)
+#
+APT::Periodic::Unattended-Upgrade "<%= @upgrade %>";
+# - Run the "unattended-upgrade" security upgrade script
+# every n-days (0=disabled)
+# Requires the package "unattended-upgrades" and will write
+# a log in /var/log/unattended-upgrades
+#
+APT::Periodic::AutocleanInterval "<%= @_auto['clean'] %>";
+# - Do "apt-get autoclean" every n-days (0=disable)
+#
+APT::Periodic::Verbose "<%= @verbose %>";
+# - Send report mail to root
+# 0: no report (or null string)
+# 1: progress report (actually any string)
+# 2: + command outputs (remove -qq, remove 2>/dev/null, add -d)
+# 3: + trace on
+<%- unless @random_sleep.nil? -%>
+#
+APT::Periodic::RandomSleep "<%= @random_sleep %>";
+# - The apt cron job will delay its execution by a random
+# time span between zero and 'APT::Periodic::RandomSleep'
+# seconds.
+# This is done because otherwise everyone would access the
+# mirror servers at the same time and put them collectively
+# under very high strain.
+# You can set this to '0' if you are using a local mirror and
+# do not care about the load spikes.
+# Note that sleeping in the apt job will be delaying the
+# execution of all subsequent cron.daily jobs.
+<%- end -%>
diff --git a/code/environments/production/modules/unattended_upgrades/templates/unattended-upgrades.erb b/code/environments/production/modules/unattended_upgrades/templates/unattended-upgrades.erb
new file mode 100644
index 0000000..c31b2df
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/templates/unattended-upgrades.erb
@@ -0,0 +1,78 @@
+// Automatically upgrade packages from these (origin:archive) pairs
+//
+// Note that in Ubuntu security updates may pull in new dependencies
+// from non-security sources (e.g. chromium). By allowing the release
+// pocket these get automatically pulled in.
+<%- if @legacy_origin -%>
+Unattended-Upgrade::Allowed-Origins {
+<%- else -%>
+Unattended-Upgrade::Origins-Pattern {
+<%- end -%>
+<% @origins.each do |origin| -%>
+ "<%= origin %>";
+<% end -%>
+};
+
+// List of packages to not update (regexp are supported)
+Unattended-Upgrade::Package-Blacklist {
+<% @blacklist.each do |package| -%>
+ "<%= package %>";
+<% end -%>
+};
+
+// This option allows you to control if on a unclean dpkg exit
+// unattended-upgrades will automatically run
+// dpkg --force-confold --configure -a
+// The default is true, to ensure updates keep getting installed
+Unattended-Upgrade::AutoFixInterruptedDpkg "<%= @_auto['fix_interrupted_dpkg'].to_s %>";
+
+// Split the upgrade into the smallest possible chunks so that
+// they can be interrupted with SIGUSR1. This makes the upgrade
+// a bit slower but it has the benefit that shutdown while a upgrade
+// is running is possible (with a small delay)
+Unattended-Upgrade::MinimalSteps "<%= @minimal_steps.to_s %>";
+
+// Install all unattended-upgrades when the machine is shuting down
+// instead of doing it in the background while the machine is running
+// This will (obviously) make shutdown slower
+Unattended-Upgrade::InstallOnShutdown "<%= @install_on_shutdown.to_s %>";
+
+<%- unless @_mail['to'].nil? -%>
+// Send email to this address for problems or packages upgrades
+// If empty or unset then no email is sent, make sure that you
+// have a working mail setup on your system. A package that provides
+// 'mailx' must be installed. E.g. "user@example.com"
+
+Unattended-Upgrade::Mail "<%= @_mail['to'] %>";
+
+<%- if @_mail['only_on_error'] -%>
+// Set this value to "true" to get emails only on errors. Default
+// is to always send a mail if Unattended-Upgrade::Mail is set
+Unattended-Upgrade::MailOnlyOnError "<%= @_mail['only_on_error'].to_s %>";
+<%- end -%>
+<%- end -%>
+
+<%- if @sender -%>
+// Use the specified value in the "From" field of outgoing mails.
+// Defaults to "root"
+Unattended-Upgrade::Sender "<%= @sender %>";
+
+<%- end -%>
+// Do automatic removal of new unused dependencies after the upgrade
+// (equivalent to apt-get autoremove)
+Unattended-Upgrade::Remove-Unused-Dependencies "<%= @_auto['remove'].to_s %>";
+
+// Automatically reboot *WITHOUT CONFIRMATION*
+// if the file /var/run/reboot-required is found after the upgrade
+Unattended-Upgrade::Automatic-Reboot "<%= @_auto['reboot'].to_s %>";
+
+// If automatic reboot is enabled and needed, reboot at the specific
+// time instead of immediately
+// Default: "now"
+Unattended-Upgrade::Automatic-Reboot-Time "<%= @_auto['reboot_time'].to_s %>";
+
+<%- unless @dl_limit.nil? -%>
+// Use apt bandwidth limit feature, this example limits the download
+// speed to 70kb/sec
+Acquire::http::Dl-Limit "<%= @dl_limit %>";
+<%- end -%>
diff --git a/code/environments/production/modules/unattended_upgrades/types/age.pp b/code/environments/production/modules/unattended_upgrades/types/age.pp
new file mode 100644
index 0000000..d6cdc2f
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/types/age.pp
@@ -0,0 +1,6 @@
+type Unattended_upgrades::Age = Struct[
+ {
+ Optional['min'] => Integer[0],
+ Optional['max'] => Integer[0],
+ }
+]
diff --git a/code/environments/production/modules/unattended_upgrades/types/auto.pp b/code/environments/production/modules/unattended_upgrades/types/auto.pp
new file mode 100644
index 0000000..bc3a896
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/types/auto.pp
@@ -0,0 +1,9 @@
+type Unattended_upgrades::Auto = Struct[
+ {
+ Optional['clean'] => Integer[0],
+ Optional['fix_interrupted_dpkg'] => Boolean,
+ Optional['reboot'] => Boolean,
+ Optional['reboot_time'] => String,
+ Optional['remove'] => Boolean,
+ }
+]
diff --git a/code/environments/production/modules/unattended_upgrades/types/backup.pp b/code/environments/production/modules/unattended_upgrades/types/backup.pp
new file mode 100644
index 0000000..e0206cc
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/types/backup.pp
@@ -0,0 +1,6 @@
+type Unattended_upgrades::Backup = Struct[
+ {
+ Optional['archive_interval'] => Integer[0],
+ Optional['level'] => Integer[0],
+ }
+]
diff --git a/code/environments/production/modules/unattended_upgrades/types/mail.pp b/code/environments/production/modules/unattended_upgrades/types/mail.pp
new file mode 100644
index 0000000..329d515
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/types/mail.pp
@@ -0,0 +1,6 @@
+type Unattended_upgrades::Mail = Struct[
+ {
+ Optional['only_on_error'] => Boolean,
+ Optional['to'] => String,
+ }
+]
diff --git a/code/environments/production/modules/unattended_upgrades/types/options.pp b/code/environments/production/modules/unattended_upgrades/types/options.pp
new file mode 100644
index 0000000..a0e9150
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/types/options.pp
@@ -0,0 +1,8 @@
+type Unattended_upgrades::Options = Struct[
+ {
+ Optional['force_confdef'] => Boolean,
+ Optional['force_confold'] => Boolean,
+ Optional['force_confnew'] => Boolean,
+ Optional['force_confmiss'] => Boolean,
+ }
+]
diff --git a/code/environments/production/modules/unattended_upgrades/types/upgradeable_packages.pp b/code/environments/production/modules/unattended_upgrades/types/upgradeable_packages.pp
new file mode 100644
index 0000000..ce41a94
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/types/upgradeable_packages.pp
@@ -0,0 +1,6 @@
+type Unattended_upgrades::Upgradeable_packages = Struct[
+ {
+ Optional['download_only'] => Integer[0],
+ Optional['debdelta'] => Integer[0],
+ }
+]