cfbs add upgrade-all-packages
Linux distributions have package management systems which provide software updates. Often these updates are important security patches which mitigate exploitation of known vulnerabilities. Upgrading all packages on a regular basis is an excellent way to keep your systems safe and secure.
This module makes sure that all software from the default repository is updated on a daily basis.
The module also handles removing CFEngine cached data about installed packages and updateable packages as this is only refreshed once a day by default.
# cf-agent -KI
info: Executing 'no timeout' ... 'apt upgrade --yes && apt autoremove --yes'
notice: Q: "...apt upgrade --y": WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
Q: "...apt upgrade --y": Reading package lists...
Q: "...apt upgrade --y": Building dependency tree...
Q: "...apt upgrade --y": Reading state information...
Q: "...apt upgrade --y": Calculating upgrade...
Q: "...apt upgrade --y": The following packages will be upgraded:
Q: "...apt upgrade --y": tzdata
Q: "...apt upgrade --y": 1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Q: "...apt upgrade --y": Need to get 284 kB of archives.
Q: "...apt upgrade --y": After this operation, 0 B of additional disk space will be used.
Q: "...apt upgrade --y": Get:1 http://deb.debian.org/debian bullseye-updates/main amd64 tzdata all 2021a-1+deb11u2 [284 kB]
Q: "...apt upgrade --y": apt-listchanges: Reading changelogs...
Q: "...apt upgrade --y": Preconfiguring packages ...
Q: "...apt upgrade --y": Fetched 284 kB in 0s (1378 kB/s)
(Reading database ... 25621 files and directories currently installed.)
Q: "...apt upgrade --y": Preparing to unpack .../tzdata_2021a-1+deb11u2_all.deb ...
Q: "...apt upgrade --y": Unpacking tzdata (2021a-1+deb11u2) over (2021a-1+deb11u1) ...
Q: "...apt upgrade --y": Setting up tzdata (2021a-1+deb11u2) ...
Q: "...apt upgrade --y": Current default time zone: 'Etc/UTC'
Q: "...apt upgrade --y": Local time is now: Wed Dec 15 19:46:01 UTC 2021.
Q: "...apt upgrade --y": Universal Time is now: Wed Dec 15 19:46:01 UTC 2021.
Q: "...apt upgrade --y": Run 'dpkg-reconfigure tzdata' if you wish to change it.
Q: "...apt upgrade --y": WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
Q: "...apt upgrade --y": Reading package lists...
Q: "...apt upgrade --y": Building dependency tree...
Q: "...apt upgrade --y": Reading state information...
Q: "...apt upgrade --y": 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
info: Last 27 quoted lines were generated by promiser 'apt upgrade --yes && apt autoremove --yes'
info: Completed execution of 'apt upgrade --yes && apt autoremove --yes'
info: Deleted file '/var/cfengine/state/packages_updates_apt_get.lmdb'
info: Deleted file '/var/cfengine/state/packages_installed_apt_get.lmdb'
If a server must not receive updates, they can be
marked as such by defining the hardening_packages_upgrade_skip class in either
augments or CMDB.