feat: update autoremove to work on Debian and RedHat with systemd-timer

REFERENCE.md

@@ -106,7 +106,7 @@ The following parameters are available in the `os_patching` class:
 * [`block_patching_on_warnings`](#-os_patching--block_patching_on_warnings)
 * [`yum_utils`](#-os_patching--yum_utils)
 * [`fact_upload`](#-os_patching--fact_upload)
-* [`apt_autoremove`](#-os_patching--apt_autoremove)
+* [`autoremove`](#-os_patching--autoremove)
 * [`manage_delta_rpm`](#-os_patching--manage_delta_rpm)
 * [`delta_rpm`](#-os_patching--delta_rpm)
 * [`manage_yum_plugin_security`](#-os_patching--manage_yum_plugin_security)
@@ -125,6 +125,7 @@ The following parameters are available in the `os_patching` class:
 * [`fact_mode`](#-os_patching--fact_mode)
 * [`ensure`](#-os_patching--ensure)
 * [`group`](#-os_patching--group)
+* [`autoremove_delay_sec`](#-os_patching--autoremove_delay_sec)
 
 ##### <a name="-os_patching--puppet_binary"></a>`puppet_binary`
 
@@ -177,11 +178,11 @@ Data type: `Boolean`
 
 Should `puppet fact upload` be run after any changes to the fact cache files?
 
-##### <a name="-os_patching--apt_autoremove"></a>`apt_autoremove`
+##### <a name="-os_patching--autoremove"></a>`autoremove`
 
 Data type: `Boolean`
 
-Should `apt-get autoremove` be run during reboot?
+Should autoremove via the package manager be run after reboot? Only supported on Debian and RedHat family nodes.
 
 ##### <a name="-os_patching--manage_delta_rpm"></a>`manage_delta_rpm`
 
@@ -310,6 +311,12 @@ The group to assign the node for patching purposes.
 
 Default value: `undef`
 
+##### <a name="-os_patching--autoremove_delay_sec"></a>`autoremove_delay_sec`
+
+Data type: `Integer`
+
+The number of seconds to wait after boot before running autoremove
+
 ## Tasks
 
 ### <a name="clean_cache"></a>`clean_cache`

data/common.yaml

@@ -4,7 +4,8 @@ os_patching::pre_patching_command: NULL
 os_patching::block_patching_on_warnings: false
 os_patching::reboot_override: 'default'
 os_patching::ensure: 'present'
-os_patching::apt_autoremove: false
+os_patching::autoremove: false
+os_patching::autoremove_delay_sec: 300
 os_patching::delta_rpm: 'installed'
 os_patching::manage_delta_rpm: false
 os_patching::manage_yum_plugin_security: false

manifests/init.pp

@@ -28,8 +28,8 @@
 # @param fact_upload [Boolean]
 #   Should `puppet fact upload` be run after any changes to the fact cache files?
 #
-# @param apt_autoremove [Boolean]
-#   Should `apt-get autoremove` be run during reboot?
+# @param autoremove [Boolean]
+#   Should autoremove via the package manager be run after reboot? Only supported on Debian and RedHat family nodes.
 #
 # @param manage_delta_rpm [Boolean]
 #   Should the deltarpm package be managed by this module on RedHat family nodes?
@@ -99,6 +99,9 @@
 # @param group
 #   The group to assign the node for patching purposes.
 #
+# @param autoremove_delay_sec
+#   The number of seconds to wait after boot before running autoremove
+#
 # @example assign node to 'Week3' patching window, force a reboot and create a blackout window for the end of the year
 #   class { 'os_patching':
 #     patch_window     => 'Week3',
@@ -155,7 +158,8 @@
   Boolean $manage_yum_plugin_security,
   Boolean $fact_upload,
   Boolean $block_patching_on_warnings,
-  Boolean $apt_autoremove,
+  Boolean $autoremove,
+  Integer $autoremove_delay_sec,
   Integer[0,23] $windows_update_hour,
   Integer $windows_update_interval_mins,
   Stdlib::Filemode $fact_mode,
@@ -225,7 +229,7 @@
     notify => Exec[$fact_exec],
   }
 
-  $autoremove_ensure = $apt_autoremove ? {
+  $autoremove_ensure = $autoremove ? {
     true    => 'present',
     default => 'absent'
   }
@@ -372,7 +376,7 @@
           refreshonly => true,
           require     => [
             File[$fact_cmd],
-            File["${cache_dir}/reboot_override"]
+            File["${cache_dir}/reboot_override"],
           ],
         }
       }
@@ -397,12 +401,22 @@
         require => File[$fact_cmd],
       }
 
-      if $facts['os']['family'] == 'Debian' {
+      if $facts['os']['family'] in ['Debian', 'RedHat'] and $autoremove {
+        $autoremove_command = $facts['os']['family'] ? {
+          'Debian' => 'apt-get -y --purge autoremove',
+          'RedHat' => 'yum -y autoremove',
+        }
+
+        systemd::timer_wrapper { 'autoremove':
+          ensure      => $autoremove_ensure,
+          command     => $autoremove_command,
+          user        => $patch_cron_user,
+          on_boot_sec => $autoremove_delay_sec,
+        }
+
         cron { 'Run apt autoremove on reboot':
-          ensure  => $autoremove_ensure,
-          command => 'apt-get -y autoremove',
-          user    => $patch_cron_user,
-          special => 'reboot',
+          ensure => absent,
+          user   => $patch_cron_user,
         }
       }
     }

metadata.json

@@ -1,3 +1,3 @@
 {
   "name": "puppet-os_patching",
   "version": "2.0.1-rc0",
@@ -23,6 +23,10 @@
     {
       "name": "puppetlabs-cron_core",
       "version_requirement": ">= 1.3.0 < 2.0.0"
+    },
+    {
+      "name": "puppet-systemd",
+      "version_requirement": ">= 9.3.0 < 10.0.0"
     }
   ],
   "operatingsystem_support": [