... | ... | @@ -39,14 +39,20 @@ is configured via puppet. |
|
|
Unattended-upgrades writes logs to `/var/log/unattended-upgrades/` but
|
|
|
also `/var/log/dpkg.log`.
|
|
|
|
|
|
The default configuration file for unattended-upgrades is at `/etc/apt/apt.conf.d/50unattended-upgrades`.
|
|
|
The default configuration file for unattended-upgrades is at
|
|
|
`/etc/apt/apt.conf.d/50unattended-upgrades`.
|
|
|
|
|
|
Pending upgrades are still noticed by Nagios which warns loudly about them in its
|
|
|
usual channels.
|
|
|
|
|
|
If a package origin isn't picked by unattended upgrades it will need to be upgraded
|
|
|
by hand or its origin added to `modules/profile/manifests/unattended_upgrades.pp` in
|
|
|
puppet.
|
|
|
Note that unattended-upgrades is configured to upgrade packages
|
|
|
regardless of their origin (`Unattended-Upgrade::Origins-Pattern {
|
|
|
"origin=*" }`). If a new `sources.list` entry is added, it
|
|
|
*will* be picked up and applied by unattended-upgrades unless it has a
|
|
|
special policy (like Debian's backports). It is *strongly* recommended
|
|
|
that new `sources.list` entries be paired with a "pin" (see
|
|
|
[apt_preferences(5)](https://manpages.debian.org/apt_preferences.5)). See also [tpo/tpa/team#40771](https://gitlab.torproject.org/tpo/tpa/team/-/issues/40771) for a
|
|
|
discussion and rationale of that change.
|
|
|
|
|
|
### Manual upgrades with Cumin
|
|
|
|
... | ... | |