apt-get update and apt-get upgrade in Chef
The Opscode "apt" cookbook's default recipe will run apt-get update to ensure that the package cache is updated. We recommend putting that early in your node's run list so later on packages can be installed with the correct versions.
We generally don't recommend that users use "apt-get upgrade" in a recipe, for a couple reasons.
-
apt-getmay upgrade a package that has conflicting configuration or other issues that cannot be resolved without running the command again, or running other apt/dpkg commands manually. - Automated upgrades of all packages on the system can have unintended side effects on the running system (the edge cases are many and possibly thorny, so I can't cover them all).
Instead, use the "upgrade" action for packages that should always update to the latest version.
package "nginx" do
action :upgrade
end
If you're reusing a cookbook that defines the cookbook, you can write a recipe that modifies the action of the existing resource, like this:
resources("package[nginx]").action(:upgrade)
The #resources method in a recipe will look up in the Resource Collection the specified resource (package nginx). Then sending the #action method with the argument :upgrade will tell Chef that the action should be to upgrade.
Edit Update: Do be careful when choosing packages that would be upgraded automatically in this way. An upstream change in a package can cause detrimental effects on the system. This is especially true if such a package does a restart of services it manages during the post installation scripts. Know your infrastructure, and if in doubt run your own package repository that has the critical packages you need for the application stack.
Related videos on Youtube
05 : 19
07 : 01
06 : 20
04 : 02
01 : 02
02 : 17
07 : 39
Marius Butuc
Ruby & Rails aficionado keen on big data, cloud computing, usable web & photography.
Updated on July 09, 2022Comments
-
Marius Butuc 11 months
If
package "nginx"in Chef gets translated intoapt-get install nginxon an Ubuntu node, what can be written in a Chef recipe that would translate into:apt-get -y update apt-get -y upgradeCouldn't figure out from the
aptcookbook.-
favoretti over 10 yearsWould this github.com/patdeegan/chef-unattended-upgrades help?
-
Marius Butuc over 10 yearsI think so, but I'm interested if there is any lighter solution.
-
-
wkhatch over 9 yearseverybody says this, yet I cannot get the repository list to update when I include the apt cookbook and call it's default recipe. Worse yet, if another recipe incorporated into one of mine is dependent on apt, then there seems to be no possible way short of manually updating by logging into the node. I wish there was a definitive explanation somewhere as to how to get the apt-get repository to update in situations where you're forced to use the apt cookbook.
-
jorfus over 7 yearsIt appears that apt will only update every 24 hours. This temp file controls the process. /var/lib/apt/periodic/update-success-stamp
