when I login to a server (Ubuntu 12.04) I'm presented the following message:
12 packages can be updated.
10 updates are security updates.
Resolving it "by hand" is easy of course (apt-get update && apt-get upgrade), but due to the fact that the server is (partly) provisioned with Chef, I wonder whether there's a good way to include this programmatically into the recipes?
The "apt" cookbook doesn't seem to provide something related :(
Cheers.
Chef is an automation framework that allows you to manage system configurations and deploy software. Applications can be deployed to any node in your physical, virtual or cloud based infrastructure that the Chef client can be installed on.
It's generally a bad idea to automate package updates/upgrades as this can obviously break applications if not properly tested first.
One way to solve this is to have a cookbook lock or hold the repository at a specified version, and then thoroughly test it in development before pushing it out to production.
On Amazon Linux you can retrieve a unique url of the yum repository at it's current state. So you can run an update/upgrade on dev, find out the unique url and push that out to prod. That will prevent Chef from updating to any newer packages than you've tested.
I'm not as familiar with Ubuntu and apt-get, but it looks like you can do what I'm talking about with Pinning or Holding: https://help.ubuntu.com/community/PinningHowto
So in summary, you want to upgrade/update a dev machine, you test it, find out what the repo state is and freeze all packages to those versions. Then you freeze prod's repo to those states. Then you just have the cookbook run 'apt-get -y upgrade' as Draco mentioned.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With