From 677ec22a049e1999a3abc5c19bc91952adedc73d Mon Sep 17 00:00:00 2001 From: Anders Ingemann Date: Sat, 10 Aug 2013 18:44:04 +0200 Subject: [PATCH] Implemented unattended upgrades plugin --- plugins/unattended_upgrades/__init__.py | 12 ++++++ .../unattended_upgrades/manifest-schema.json | 29 +++++++++++++ plugins/unattended_upgrades/tasks.py | 41 +++++++++++++++++++ 3 files changed, 82 insertions(+) create mode 100644 plugins/unattended_upgrades/__init__.py create mode 100644 plugins/unattended_upgrades/manifest-schema.json create mode 100644 plugins/unattended_upgrades/tasks.py diff --git a/plugins/unattended_upgrades/__init__.py b/plugins/unattended_upgrades/__init__.py new file mode 100644 index 0000000..aa1d239 --- /dev/null +++ b/plugins/unattended_upgrades/__init__.py @@ -0,0 +1,12 @@ + + +def tasks(tasklist, manifest): + import tasks + tasklist.add(tasks.AddUnattendedUpgradesPackage()) + tasklist.add(tasks.EnablePeriodicUpgrades()) + + +def validate_manifest(data, schema_validate): + from os import path + schema_path = path.normpath(path.join(path.dirname(__file__), 'manifest-schema.json')) + schema_validate(data, schema_path) diff --git a/plugins/unattended_upgrades/manifest-schema.json b/plugins/unattended_upgrades/manifest-schema.json new file mode 100644 index 0000000..3e45a7b --- /dev/null +++ b/plugins/unattended_upgrades/manifest-schema.json @@ -0,0 +1,29 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Unattended upgrades plugin manifest", + "type": "object", + "properties": { + "plugins": { + "type": "object", + "properties": { + "unattended_upgrades": { + "type": "object", + "properties": { + "update_interval": { + "type": "integer" + }, + "download_interval": { + "type": "integer" + }, + "upgrade_interval": { + "type": "integer" + } + }, + "required": ["update_interval", "download_interval", "upgrade_interval"] + } + }, + "required": ["unattended_upgrades"] + } + }, + "required": ["plugins"] +} diff --git a/plugins/unattended_upgrades/tasks.py b/plugins/unattended_upgrades/tasks.py new file mode 100644 index 0000000..b8b11de --- /dev/null +++ b/plugins/unattended_upgrades/tasks.py @@ -0,0 +1,41 @@ +from base import Task +from common import phases +from providers.ec2.tasks.packages import ImagePackages +from common.tasks.host import CheckPackages + + +class AddUnattendedUpgradesPackage(Task): + description = 'Adding ``unattended-upgrades\'\' to the image packages' + phase = phases.preparation + after = [ImagePackages] + before = [CheckPackages] + + def run(self, info): + info.img_packages[0].add('unattended-upgrades') + + +class EnablePeriodicUpgrades(Task): + description = 'Writing the periodic upgrades apt config file' + phase = phases.system_modification + + def run(self, info): + import os.path + periodic_path = os.path.join(info.root, 'etc/apt/apt.conf.d/02periodic') + update_interval = info.manifest.plugins['unattended_upgrades']['update_interval'] + download_interval = info.manifest.plugins['unattended_upgrades']['download_interval'] + upgrade_interval = info.manifest.plugins['unattended_upgrades']['upgrade_interval'] + with open(periodic_path, 'w') as periodic: + periodic.write(('// Enable the update/upgrade script (0=disable)\n' + 'APT::Periodic::Enable "1";\n\n' + '// Do "apt-get update" automatically every n-days (0=disable)\n' + 'APT::Periodic::Update-Package-Lists "{update_interval}";\n\n' + '// Do "apt-get upgrade --download-only" every n-days (0=disable)\n' + 'APT::Periodic::Download-Upgradeable-Packages "{download_interval}";\n\n' + '// Run the "unattended-upgrade" security upgrade script\n' + '// every n-days (0=disabled)\n' + '// Requires the package "unattended-upgrades" and will write\n' + '// a log in /var/log/unattended-upgrades\n' + 'APT::Periodic::Unattended-Upgrade "{upgrade_interval}";\n' + .format(update_interval=update_interval, + download_interval=download_interval, + upgrade_interval=upgrade_interval)))