From 8100c063b8eecf0e404959c6cd595ac81a1aa0bb Mon Sep 17 00:00:00 2001
From: Joe Beda <joe.github@bedafamily.com>
Date: Mon, 27 Oct 2014 13:49:06 -0700
Subject: [PATCH] Turn on auto security updates for debian based systems.

Fixes #2008
---
 .../salt/debian-auto-upgrades/20auto-upgrades       |  4 ++++
 cluster/saltbase/salt/debian-auto-upgrades/init.sls | 13 +++++++++++++
 cluster/saltbase/salt/top.sls                       |  1 +
 3 files changed, 18 insertions(+)
 create mode 100644 cluster/saltbase/salt/debian-auto-upgrades/20auto-upgrades
 create mode 100644 cluster/saltbase/salt/debian-auto-upgrades/init.sls

diff --git a/cluster/saltbase/salt/debian-auto-upgrades/20auto-upgrades b/cluster/saltbase/salt/debian-auto-upgrades/20auto-upgrades
new file mode 100644
index 00000000000..2bb25d7053b
--- /dev/null
+++ b/cluster/saltbase/salt/debian-auto-upgrades/20auto-upgrades
@@ -0,0 +1,4 @@
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Unattended-Upgrade "1";
+
+APT::Periodic::AutocleanInterval "7";
diff --git a/cluster/saltbase/salt/debian-auto-upgrades/init.sls b/cluster/saltbase/salt/debian-auto-upgrades/init.sls
new file mode 100644
index 00000000000..79e28a6820f
--- /dev/null
+++ b/cluster/saltbase/salt/debian-auto-upgrades/init.sls
@@ -0,0 +1,13 @@
+{% if grains['os_family'] == 'Debian' %}
+unattended-upgrades:
+  pkg.installed
+
+'/etc/apt/apt.conf.d/20auto-upgrades':
+  file.managed:
+    - source: salt://debian-auto-upgrades/20auto-upgrades
+    - user: root
+    - group: root
+    - mode: 644
+    - require:
+      - pkg: unattended-upgrades
+{% endif %}
diff --git a/cluster/saltbase/salt/top.sls b/cluster/saltbase/salt/top.sls
index bd7e21c6aa2..e45d1fb0b8c 100644
--- a/cluster/saltbase/salt/top.sls
+++ b/cluster/saltbase/salt/top.sls
@@ -1,6 +1,7 @@
 base:
   '*':
     - base
+    - debian-auto-upgrades
 
   'roles:kubernetes-pool':
     - match: grain