General discussion about Chef

[chef] apt_package_hold or preventing version critical packages from being upgraded


Chronological Thread 
  • From: Holger Amann < >
  • To: " " < >
  • Subject: [chef] apt_package_hold or preventing version critical packages from being upgraded
  • Date: Thu, 6 Dec 2012 17:35:53 +0100
Hey there,

in case someone is interested.. 

We have a lot of packages which are version critical like Postgres or Erlang, and package upgrades/security fixes with apt-get upgrade/dist-upgrade would lead to service restarts or incompatibilites to other parts in case a never version is available, what needs to be avoided in production.. On debian based systems this can be circumvented by doing a

echo 'packagename hold' | dpkg --set-selections

which will set a package on hold and exclude it from upgrading when doing a apt-get upgrade/dist-upgrade

e.g.

:~ # echo 'esl-erlang hold' | dpkg --set-selections
:~ # dpkg --get-selections |grep esl-erlang                                                                          
esl-erlang hold
:~ # apt-cache policy esl-erlang           
esl-erlang:
 Installed: 1:15.b.2-1~debian~squeeze
 Candidate: 1:15.b.3-1~debian~squeeze
 Version table:
    1:15.b.3-1~debian~squeeze 0
       500 http://binaries.erlang-solutions.com/debian/ squeeze/contrib amd64 Packages
*** 1:15.b.2-1~debian~squeeze 0
       500 http://binaries.erlang-solutions.com/debian/ squeeze/contrib amd64 Packages
       100 /var/lib/dpkg/status
    1:15.b.1-1~debian~squeeze 0
       500 http://binaries.erlang-solutions.com/debian/ squeeze/contrib amd64 Packages
:~ # apt-get dist-upgrade                  
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
The following packages have been kept back:
 esl-erlang
The following packages will be upgraded:
 base-files debian-archive-keyring dpkg dpkg-dev libc-bin libc-dev-bin libc6 libc6-dev libdpkg-perl libexpat1 linux-libc-dev locales
12 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
Need to get 17.6 MB of archives.
After this operation, 20.5 kB of additional disk space will be used.
Do you want to continue [Y/n]?

qed..

Because it seam's like I am the only one on earth which needs such a feature (because it's not already chef and no one cares..), I wrote a resource 'apt_package_hold' [1] to do this with chef, like

apt_package_hold "esl-erlang" do
 version node[:erlang][:version]
 action [:install, :hold]
end

Of course that only works for debian based systems, don't know if there is a similar mechanism on other platforms.

Greets
Holger Amann
Sauspiel GmbH, Berlin

[1]  https://github.com/sauspiel/chef_cookbooks/blob/master/apt/libraries/apt_package_hold.rb

Archive powered by MHonArc 2.6.16.

§