I am trying to run apt-get dist-upgrade via chef cookbook. I am aware that running apt-get upgrade in cookbook is not generally recommended (https://stackoverflow.com/questions/15080876/apt-get-update-and-apt-get-upgrade-in-chef#15093460), but we control our ubuntu mirrors and any packages will get into that mirror only after thorough testing, so running dist-upgrade is fine.
What I have currently in my cookbook is
execute "apt update" do
command "apt-get -y update"
end
execute "apt dist-upgrade" do
command 'DEBIAN_FRONTEND=noninteractive apt-get -fuy -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" dist-upgrade'
end
execute "apt autoremove" do
command "apt-get -y autoremove"
end
which looks more like a shell script rather than a chef cookbook. Adding apt cookbook will run apt-get update but I didn't find a better way of doing things for apt dist-upgrade.
Even this https://supermarket.chef.io/cookbooks/apt-upgrade-once cookbook does in the same fashion.
How can this be done in a better manner via chef cookbook?
I am looking for answers via cookbooks only not by cron/unattendedupgrades (As I am aware doing things via cron/unattendedupgrades).
Update:
apt update can be better run by
apt_update 'update' do
action :update
end
Best Answer
This is not an idempotent action so what you have is the best you can do, maybe with some more guards or something to only run once a day or whatnot.