diff --git a/admin-guide/configuration/basic/puppet_agent.md b/admin-guide/configuration/basic/puppet_agent.md index f892f99c..db809664 100644 --- a/admin-guide/configuration/basic/puppet_agent.md +++ b/admin-guide/configuration/basic/puppet_agent.md @@ -11,8 +11,9 @@ Allowed parameters are - 'halfhourly': every 30 minutes - 'daily': once a day (default) - 'weekly': every Monday +- 'boot_only': only shortly after bootup -The actual automatic Puppet Agent run is always on the same random time. Check `systemctl list-timers pli-puppet-run.timer` for the exact time on a specific node. +The actual automatic Puppet Agent run is always on the same random time (except for `boot_only`). Check `systemctl list-timers pli-puppet-run.timer` for the exact time on a specific node. For `daily` and `weekly` the time window is configured in Hiera with `puppet_client::exec_time`, the default is: ``` diff --git a/admin-guide/configuration/software/package_updates.md b/admin-guide/configuration/software/package_updates.md index b1723c82..7a4c865d 100644 --- a/admin-guide/configuration/software/package_updates.md +++ b/admin-guide/configuration/software/package_updates.md @@ -4,11 +4,19 @@ The automatic updates are controlled in Hiera (excluding RHEL7): | Hiera key | default | comments | |-------------------------------------|------------|-------------------------------------------------------------------------------| -| `base::automatic_updates::interval` | `weekly` | valid are `daily`, `weekly` and `never` which disables the automatic updates | +| `base::automatic_updates::interval` | `weekly` | valid are `daily`, `weekly`, `boot_only` and `never` which disables the automatic updates | | `base::automatic_updates::type` | `security` | `security` installs only security updates whereas `all` installs all updates | | `base::automatic_updates::exclude` | `[]` | list of packages not to update, wildcards like "*" are allowed | | `base::automatic_updates::kernel` | `false` | define if new kernel packages also should be installed automatically | +For system-wide installed Flatpak packages there is a separate key for automatically updating them: + +| Hiera key | default | comments | +|------------------------------|------------|-------------------------------------------------------------------------------| +| `flatpak::updates::interval` | `weekly` | valid are `daily`, `weekly`, `boot_only` and `never` which disables the automatic updates | + + + Note that the updates run on midnight, for `weekly` from Sunday to Monday. There is no automatic reboot, e.g. for kernel updates. --- diff --git a/engineering-guide/puppet/profiles/dnf_automatic.rst b/engineering-guide/puppet/profiles/dnf_automatic.rst deleted file mode 100644 index 61c33abd..00000000 --- a/engineering-guide/puppet/profiles/dnf_automatic.rst +++ /dev/null @@ -1,38 +0,0 @@ -``profile::dnf_automatic`` -========================== - -This profile configures automatic package updates using ``dnf-automatic`` - -It is used by ``role::base`` and there configured with the ``base::automatic_updates::*`` hiera keys. - -Parameters ----------- - -=============================== ======== ================================================ -**Name** **Type** **Default** -------------------------------- -------- ------------------------------------------------ -interval Enum -type Enum -exclude Array -incldue_kernel Boolean -=============================== ======== ================================================ - - -``interval`` -~~~~~~~~~~~~ -How often should the automatic updates be installed. Valid options are ``never``, ``daily`` and ``weekly``. ``never`` disables it altogether. - - -``type`` -~~~~~~~~ -What type of package updates should be installed automatically, either ``security`` for only security updates or ``all`` for all updates. - - -``exclude`` -~~~~~~~~~~~ -List of packages which shall not be updated automatically. Wildcards like * are allowed. The kernel is excluded by default. - -``incldue_kernel`` -~~~~~~~~~~~~~~~~~~ -Marks if also the kernel package should be automatically updated. Note that the necessary reboot to run the new kernel needs to be done manually. -