A chef cookbook for the unattended-upgrades package
Switch branches/tags
Nothing to show
Pull request Compare This branch is even with phillip:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.



Installs and runs unattended_upgrades.



Currently tested on Ubuntu 12.04 ONLY.


Do apt-get update automatically every n-days (0=disable):

node[:unattended_upgrades][:update_package_list_interval] = 1

Do apt-get upgrade --download-only every n-days (0=disable):

node[:unattended_upgrades][:download_upgradeable_package_interval] = 1

Run the unattended-upgrade security upgrade script every n-days (0=disabled):

node[:unattended_upgrades][:unattended_upgrade_interval] = 1

Do apt-get autoclean every n-days (0=disable):

node[:unattended_upgrades][:autoclean_interval] = 7

Automatically upgrade packages from these (origin:archive) pairs:

node[:unattended_upgrades][:allowed_origins] = [ '${distro_id}:${distro_codename}-security' ]

Be sure to use single quotes so you don't expand ${distro_id} and ${distro_codename} with Ruby!

Possible values for :allowed_origins include:

  [ '${distro_id}:${distro_codename}-security',
    '${distro_id}:${distro_codename}-backports' ]

List of packages to not update:

node[:unattended_upgrades][:package_blacklist] = []

This option allows you to control if on a unclean dpkg exit, unattended-upgrades will automatically run dpkg --force-confold --configure -a. The default is true, to ensure updates keep getting installed.

node[:unattended_upgrades][:auto_fix_interrupted_dpkg] = true

Split the upgrade into the smallest possible chunks so that they can be interrupted with SIGUSR1. This makes the upgrade a bit slower but it has the benefit that shutdown while a upgrade is running is possible (with a small delay).

node[:unattended_upgrades][:minimal_steps] = false

Install all unattended-upgrades when the machine is shutting down instead of doing it in the background while the machine is running. This will (obviously) make shutdown slower.

node[:unattended_upgrades][:install_on_shutdown] = false

Send email to this address for problems or packages upgrades. If empty or unset then no email is sent, make sure that you have a working mail setup on your system. A package that provides mailx must be installed.

node[:unattended_upgrades][:mail] = nil

Set this value to true to get emails only on errors. Default is to always send a mail if :mail is set.

node[:unattended_upgrades][:mail_only_on_error] = false

Do automatic removal of new unused dependencies after the upgrade (equivalent to apt-get autoremove).

node[:unattended_upgrades][:remove_unused_dependencies] = true

Automatically reboot WITHOUT CONFIRMATION if a the file /var/run/reboot-required is found after the upgrade.

node[:unattended_upgrades][:automatic_reboot] = false

Use apt bandwidth limit feature (in kb/sec).

node[:unattended_upgrades][:download_limit] = nil

Documentation from /etc/cron.daily/apt and /etc/apt/apt.conf.d/50unattended-upgrades.


  • Add cookbook unattended_upgrades to your runlist. This will install and run unattended_upgrades on your machine.