diff --git a/manifests/openstack.pp b/manifests/openstack.pp
index e78d1fb9cd..76aae483ff 100644
--- a/manifests/openstack.pp
+++ b/manifests/openstack.pp
@@ -17,8 +17,12 @@ class openstack_base {
$packages = ["puppet",
"git",
"python-setuptools",
- "python-virtualenv"]
- package { $packages: ensure => "latest" }
+ "python-virtualenv",
+ "python-software-properties",
+ "bzr",
+ "byobu",
+ "emacs23-nox"]
+ package { $packages: ensure => "present" }
realize (
User::Virtual::Localuser["mordred"],
@@ -34,7 +38,8 @@ class openstack_template ($iptables_public_tcp_ports) {
include openstack_base
include ssh
include snmpd
-
+ include apt::unattended-upgrades
+
class { 'iptables':
public_tcp_ports => $iptables_public_tcp_ports,
}
@@ -50,11 +55,6 @@ class openstack_template ($iptables_public_tcp_ports) {
hasrestart => true,
require => Package['ntp'],
}
-
- $packages = ["python-software-properties",
- "bzr",
- "byobu"]
- package { $packages: ensure => "latest" }
}
# A server that we expect to run for some time
diff --git a/manifests/site.pp b/manifests/site.pp
index 3d6512cee2..f12490ccab 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -21,6 +21,7 @@ class openstack_cron {
class openstack_jenkins_slave {
include openstack_cron
include tmpreaper
+ include apt::unattended-upgrades
class { 'openstack_server':
iptables_public_tcp_ports => []
}
@@ -458,7 +459,7 @@ node /^oneiric.*\.slave\.openstack\.org$/ {
include openstack_jenkins_slave
package { "tox":
- ensure => latest,
+ ensure => latest, # okay to use latest for pip
provider => pip,
require => Package[python-pip],
}
diff --git a/modules/apt/files/10periodic b/modules/apt/files/10periodic
new file mode 100644
index 0000000000..83f51c6213
--- /dev/null
+++ b/modules/apt/files/10periodic
@@ -0,0 +1,6 @@
+APT::Periodic::Enable "1";
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Download-Upgradeable-Packages "1";
+APT::Periodic::AutocleanInterval "5";
+APT::Periodic::Unattended-Upgrade "1";
+APT::Periodic::RandomSleep "1800";
diff --git a/modules/apt/files/50unattended-upgrades b/modules/apt/files/50unattended-upgrades
new file mode 100644
index 0000000000..486f4fbe23
--- /dev/null
+++ b/modules/apt/files/50unattended-upgrades
@@ -0,0 +1,30 @@
+// Automatically upgrade packages from these (origin, archive) pairs
+Unattended-Upgrade::Allowed-Origins {
+ // ${distro_id} and ${distro_codename} will be automatically expanded
+ "${distro_id} stable";
+ "${distro_id} ${distro_codename}-security";
+ "${distro_id} ${distro_codename}-updates";
+// "${distro_id} ${distro_codename}-proposed-updates";
+};
+
+// List of packages to not update
+Unattended-Upgrade::Package-Blacklist {
+// "vim";
+// "libc6";
+// "libc6-dev";
+// "libc6-i686";
+};
+
+// Send email to this address for problems or packages upgrades
+// If empty or unset then no email is sent, make sure that you
+// have a working mail setup on your system. The package 'mailx'
+// must be installed or anything that provides /usr/bin/mail.
+Unattended-Upgrade::Mail "root@localhost";
+
+// Do automatic removal of new unused dependencies after the upgrade
+// (equivalent to apt-get autoremove)
+//Unattended-Upgrade::Remove-Unused-Dependencies "false";
+
+// Automatically reboot *WITHOUT CONFIRMATION* if a
+// the file /var/run/reboot-required is found after the upgrade
+//Unattended-Upgrade::Automatic-Reboot "false";
diff --git a/modules/apt/manifests/unattended-upgrades.pp b/modules/apt/manifests/unattended-upgrades.pp
new file mode 100644
index 0000000000..e183433891
--- /dev/null
+++ b/modules/apt/manifests/unattended-upgrades.pp
@@ -0,0 +1,24 @@
+class apt::unattended-upgrades($email='') {
+ package { 'unattended-upgrades':
+ ensure => present;
+ }
+
+ file { '/etc/apt/apt.conf.d/10periodic':
+ owner => 'root',
+ group => 'root',
+ mode => 444,
+ ensure => 'present',
+ source => "puppet:///modules/apt/10periodic",
+ replace => 'true',
+ }
+
+ file { '/etc/apt/apt.conf.d/50unattended-upgrades':
+ owner => 'root',
+ group => 'root',
+ mode => 444,
+ ensure => 'present',
+ source => "puppet:///modules/apt/50unattended-upgrades",
+ replace => 'true',
+ }
+
+}
diff --git a/modules/devstack_host/manifests/init.pp b/modules/devstack_host/manifests/init.pp
index 5bebf09cef..35ef897e61 100644
--- a/modules/devstack_host/manifests/init.pp
+++ b/modules/devstack_host/manifests/init.pp
@@ -2,15 +2,15 @@
class devstack_host {
package { "linux-headers-virtual":
- ensure => "latest",
+ ensure => present,
}
package { "mysql-server":
- ensure => "latest",
+ ensure => present,
}
package { "rabbitmq-server":
- ensure => "latest",
+ ensure => present,
require => File['rabbitmq-env.conf'],
}
diff --git a/modules/gerrit/manifests/init.pp b/modules/gerrit/manifests/init.pp
index 244d55d775..bbddd3920e 100644
--- a/modules/gerrit/manifests/init.pp
+++ b/modules/gerrit/manifests/init.pp
@@ -116,16 +116,16 @@ class gerrit($virtual_hostname='',
"apache2"]
package { $packages:
- ensure => "latest",
+ ensure => present,
}
package { "python-pip":
- ensure => latest,
+ ensure => present,
require => Package[python-dev]
}
package { "github2":
- ensure => latest,
+ ensure => latest, # okay to use latest for pip
provider => pip,
require => Package[python-pip]
}
@@ -310,6 +310,16 @@ class gerrit($virtual_hostname='',
require => File["/home/gerrit2/review_site/etc"]
}
+ file { '/home/gerrit2/review_site/etc/gerrit.config.puppet':
+ owner => 'gerrit2',
+ group => 'gerrit2',
+ mode => 644,
+ ensure => 'present',
+ content => template('gerrit/gerrit.config.erb'),
+ replace => 'true',
+ require => File["/home/gerrit2/review_site/etc"]
+ }
+
file { '/home/gerrit2/review_site/hooks/change-merged':
owner => 'root',
group => 'root',
@@ -507,10 +517,9 @@ class gerrit($virtual_hostname='',
require => Exec["download:$war"],
ensure => present,
replace => 'true',
- # user, group, and mode have to be set this way to avoid retriggering gerrit-init on every run
+ # user, and mode have to be set this way to avoid retriggering gerrit-init on every run
# because gerrit init sets them this way
owner => 'gerrit2',
- group => 'gerrit2',
mode => 644,
}
diff --git a/modules/jenkins_jobs/manifests/init.pp b/modules/jenkins_jobs/manifests/init.pp
index 5b09940ff4..dac6b3c2d2 100644
--- a/modules/jenkins_jobs/manifests/init.pp
+++ b/modules/jenkins_jobs/manifests/init.pp
@@ -32,7 +32,7 @@ class jenkins_jobs($site, $projects) {
}
package { "python-jenkins":
- ensure => latest,
+ ensure => latest, # okay to use latest for pip
provider => pip,
require => Package[python-pip],
}
diff --git a/modules/jenkins_slave/manifests/init.pp b/modules/jenkins_slave/manifests/init.pp
index d1823968e5..02145855c0 100644
--- a/modules/jenkins_slave/manifests/init.pp
+++ b/modules/jenkins_slave/manifests/init.pp
@@ -76,11 +76,11 @@ class jenkins_slave($ssh_key, $sudo = false, $bare = false, $user = true) {
}
package { $packages:
- ensure => "latest",
+ ensure => present,
}
package { "git-review":
- ensure => latest,
+ ensure => latest, # okay to use latest for pip
provider => pip,
require => Package[python-pip],
}
diff --git a/modules/lodgeit/manifests/init.pp b/modules/lodgeit/manifests/init.pp
index e77eed223a..f53bccad0c 100644
--- a/modules/lodgeit/manifests/init.pp
+++ b/modules/lodgeit/manifests/init.pp
@@ -11,7 +11,7 @@ class lodgeit {
"drizzle",
"python-mysqldb" ]
- package { $packages: ensure => latest }
+ package { $packages: ensure => present }
package { 'SQLAlchemy':
provider => pip,
diff --git a/modules/logrotate/manifests/init.pp b/modules/logrotate/manifests/init.pp
index ec29bc85da..662074c200 100644
--- a/modules/logrotate/manifests/init.pp
+++ b/modules/logrotate/manifests/init.pp
@@ -3,7 +3,7 @@
class logrotate {
package { "logrotate":
- ensure => latest,
+ ensure => present,
}
file { "/etc/logrotate.d":
diff --git a/modules/meetbot/manifests/init.pp b/modules/meetbot/manifests/init.pp
index 156f9c0047..e0440c4086 100644
--- a/modules/meetbot/manifests/init.pp
+++ b/modules/meetbot/manifests/init.pp
@@ -36,7 +36,7 @@ class meetbot {
}
package { ['supybot', 'nginx', 'python-twisted']:
- ensure => latest
+ ensure => present
}
service { "nginx":
diff --git a/modules/pypimirror/manifests/init.pp b/modules/pypimirror/manifests/init.pp
index f0f26da038..4997b73fc5 100644
--- a/modules/pypimirror/manifests/init.pp
+++ b/modules/pypimirror/manifests/init.pp
@@ -11,7 +11,7 @@ class pypimirror ( $base_url,
}
package { 'pip':
- ensure => latest,
+ ensure => latest, # okay to use latest for pip
provider => 'pip',
require => Package['python-pip'],
}
diff --git a/modules/ssh/manifests/init.pp b/modules/ssh/manifests/init.pp
index 1e6cbe74e5..b3f17bd8c9 100644
--- a/modules/ssh/manifests/init.pp
+++ b/modules/ssh/manifests/init.pp
@@ -1,5 +1,5 @@
class ssh {
- package { openssh-server: ensure => latest }
+ package { openssh-server: ensure => present }
service { ssh:
ensure => running,
hasrestart => true,