search

sous-chefs / apt

Development repository for the apt cookbook
https://supermarket.chef.io/cookbooks/apt
Apache License 2.0
202 stars 266 forks source link

origins_patterns not applied for unattended_upgrades #235

Closed EugenMayer closed 6 years ago

EugenMayer commented 6 years ago

Cookbook version

6.1.4

Chef-client version

13

Platform Details

debian stretch

Scenario:

configure unattended upgrades

Steps to Reproduce:

use this attributes

default['apt']['unattended_upgrades']['origins_patterns'] = [
    'o=Debian,a=stable',
    'o=Debian,a=stable-updates',
    'origin=Debian,codename=${distro_codename},label=Debian-Security',
]
default['apt']['unattended_upgrades']['allowed_origins'] =  []
default['apt']['unattended_upgrades']['auto_fix_interrupted_dpkg'] = true

Expected Result:

/etc/apt/apt.conf.d/50unattended-upgrades includes origins_patterns

Actual Result:

cat /etc/apt/apt.conf.d/50unattended-upgrades | grep Origins-Pattern

that one seems ok https://github.com/chef-cookbooks/apt/blob/master/templates/50unattended-upgrades.erb#L10

just checked my node attributes and that also looks like expected ( chef-zero )

image

EugenMayer commented 6 years ago

related commit https://github.com/chef-cookbooks/apt/pull/197

EugenMayer commented 6 years ago

i have a kontextwork-base cookbook where i pre-configure this for all servers which always include the base - they usually include a different specific host cookbook like docker-host. Those attributes are never overriden, i verified that, still, if a host does get applied kontextwork-base as a base, the attributes are somehow not properly applied for unnattended upgrades

if i apply kontextwork-base only, which i did with kitchen tests, the result is like expected.

Does this make any sense?

In the kontextwork-base i set those use node attributes like usually

image

EugenMayer commented 6 years ago

I know also added a kitchen test for the *-host variant, where base is a subcookbook. And in that scenario its working just fine.

So its either something special with knife-zero / chef zero or something with convergence

EugenMayer commented 6 years ago

To ensure, it is not chef-client related, i upgraded to the same version kitchen converge does install

chef-client --version
Chef: 13.8.5
EugenMayer commented 6 years ago

Giving it a longer fight, i even tried 


node.override['apt']['unattended_upgrades']['origins_patterns'] = [
    'o=Debian,a=stable',
    'o=Debian,a=stable-updates',
    'origin=Debian,codename=${distro_codename},label=Debian-Security'
]

in the main -host cookbook - still no changes.

Interestingly though the attribtue

default['apt']['unattended_upgrades']['allowed_origins'] =  []

does get propagates from the base, since its empty in the configuration

// Automatically upgrade packages from these (origin:archive) pairs
Unattended-Upgrade::Allowed-Origins {
}

but origins_patterns seems to never get applied.

EugenMayer commented 6 years ago

It seems like in the end it was simpler then i though . the reason it did not work with knife-zero is

those 2 did not work or do no longer work as intended

chef exec berks install
chef exec berks vendor cookbooks

it did not properly update my local cookbooks, so an older version of base has been used all the time. I used those commands for a long time now and they always worked, so there seem to be a change in chefdk causing this.

Nevertheless this issue is closed