Unattended-upgrades ensuring service running on every puppet run
This is not needed anymore, see https://github.com/andschwa/puppet-unattended_upgrades/issues/4
The puppet service just needs to be enabled (systemd) but not running. It does nothing on startup or when running. The systemd unit is just there for handling halt and shutdown.
The normal unattended-upgrades are triggert by the apt cronjob. See /etc/cron.daily/apt for more information.
To get this working I would recommend to fork the github repo, fix this, test by ourself and the make a merge request in the github repo to get our work upstream.
The relevant code part is in init.pp:
service { $package:
ensure => running,
subscribe => [ File[$conf_path], File[$apt_path], Package[$package], ],
}