aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorroot <nadir-technik@nadir.org>2009-12-11 17:51:49 +0100
committerroot <nadir-technik@nadir.org>2009-12-11 17:51:49 +0100
commit854f3c10b09b46ef9d9fce5293dd0665b619065e (patch)
tree26e18d1021eb8be0674f751d99ce7fccb2f8b572
parent2b2950b20e2b171c2798e1265cde62a44382616f (diff)
downloadpuppet-apt-854f3c10b09b46ef9d9fce5293dd0665b619065e.tar.gz
puppet-apt-854f3c10b09b46ef9d9fce5293dd0665b619065e.tar.bz2
Added apt::unattended_upgrades class, and extra template for "deb-src"
-rw-r--r--README25
-rw-r--r--files/50unattended-upgrades43
-rw-r--r--manifests/init.pp33
-rw-r--r--templates/sources.list.deb-src.erb11
4 files changed, 108 insertions, 4 deletions
diff --git a/README b/README
index 8299c02..72afcfc 100644
--- a/README
+++ b/README
@@ -72,11 +72,30 @@ apt keyring, you can set this variable to a path in your fileserver
where individual key files can be placed. If this is set and keys
exist there, this module will apt-key add each key
+$backports_enabled
+------------------
+If set to true, the debian backports repository is enabled through a
+file in /etc/apt/sources.d/. Defaults to false.
+
+$apt_deb_src_enabled
+--------------------
+If set to true, the debian sources repository is enabled through a
+file in /etc/apt/sources.d/. Defaults to false.
+
+
Classes
=======
-
-This module contains only the apt class, which sets up all described
-functionality.
+apt
+---
+Sets up the basic apt package management.
+
+apt::unattended_upgrades
+------------------------
+Sets up the unattended-upgrades package, and configures it mostly through
+the file /etc/apt/apt.conf.d/50unattended-upgrades.
+Unfortunately there seems to be a bug in unattended-upgrades <= 0.25.1 that
+wildcards aren't recognized, so use it with care !
+http://packages.debian.org/de/lenny/unattended-upgrades
Resources
diff --git a/files/50unattended-upgrades b/files/50unattended-upgrades
new file mode 100644
index 0000000..06036bf
--- /dev/null
+++ b/files/50unattended-upgrades
@@ -0,0 +1,43 @@
+// this file is managed by puppet !
+//
+//See https://wiki.ubuntu.com/AutomaticUpdates for more details about this feature.
+
+// allowed (origin, archive) pairs
+Unattended-Upgrade::Allowed-Origins {
+ "Debian stable";
+ "Debian-Security stable";
+// "Debian testing";
+};
+
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Unattended-Upgrade "1";
+Unattended-Upgrade::Mail "root";
+
+APT::UnattendedUpgrades::LogDir "/var/log/";
+APT::UnattendedUpgrades::LogFile "unattended_upgrades.log";
+
+Unattended-Upgrade::Package-Blacklist {
+ // we don't want the kernel to be updated so nagios still can give a warnig if there is
+ // a manual update (and reboot) left
+
+ "linux-image-*";
+
+ // unfortunately there seems to be a bug in unattended-upgrades <= 0.25.1 that wildcards aren't recognized:
+ //2009-12-11 13:41:43,267 INFO Initial blacklisted packages: linux-image-*
+ //2009-12-11 13:41:43,267 INFO Starting unattended upgrades script
+ //2009-12-11 13:41:43,267 INFO Allowed origins are: ["['Debian', 'stable']", "['Debian-Security', 'stable']"]
+ //2009-12-11 13:41:45,233 INFO Packages that are upgraded: linux-image-2.6.26-2-amd64
+ //2009-12-11 13:41:45,233 INFO Writing dpkg log to '/var/log/unattended-upgrades-dpkg_2009-12-11_13:41:45.233713.log'
+ //2009-12-11 13:42:11,988 INFO All upgrades installed
+
+ "linux-image-2.6.18-5-vserver-686";
+ "linux-image-2.6.18-5-xen-vserver-686";
+ "linux-image-2.6.18-6-vserver-686";
+ "linux-image-2.6.18-6-xen-vserver-686";
+ "linux-image-2.6.24.3";
+ "linux-image-2.6.26-1-686";
+ "linux-image-2.6.26-2-xen-amd64";
+ "linux-image-2.6.26-2-xen-686";
+ "linux-image-2.6.26-2-amd64";
+};
+
diff --git a/manifests/init.pp b/manifests/init.pp
index 1af6e1f..07b6c2b 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -3,6 +3,7 @@
# Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at>
# See LICENSE for the full license granted to you.
+
class apt {
# See README
@@ -15,6 +16,11 @@ class apt {
'' => 'false',
default => $backports_enabled,
}
+
+ $apt_deb_src_enabled = $apt_deb_src_enabled ? {
+ 'true' => 'true',
+ default => $apt_deb_src_enabled,
+ }
package { apt: ensure => installed }
@@ -150,7 +156,17 @@ class apt {
default: { }
}
-
+ case $apt_deb_src_enabled {
+ 'true': {
+ config_file {
+ # deb-src
+ "/etc/apt/sources.list.d/debian-sources.list":
+ content => template("apt/sources.list.deb-src.erb"),
+ require => Exec[assert_lsbdistcodename];
+ }
+ }
+ default: {}
+ }
case $custom_key_dir {
'': {
@@ -226,3 +242,18 @@ class dselect {
package { dselect: ensure => installed }
}
+
+
+class apt::unattended_upgrades {
+ case $operatingsystem {
+ debian,ubuntu: {
+ package { unattended-upgrades : ensure => latest; }
+ file { "/etc/apt/apt.conf.d/50unattended-upgrades":
+ source => "puppet://$server/modules/apt/50unattended-upgrades" }
+ }
+
+ default: { notice "unknown operatingsystem: $operatingsystem for class apt::unattended_upgrades" }
+ }
+
+}
+
diff --git a/templates/sources.list.deb-src.erb b/templates/sources.list.deb-src.erb
new file mode 100644
index 0000000..6811eca
--- /dev/null
+++ b/templates/sources.list.deb-src.erb
@@ -0,0 +1,11 @@
+# This file is brought to you by puppet
+
+# basic <%= lsbdistcodename %>
+deb-src http://ftp.debian.org/debian/ <%= lsbdistcodename %> main contrib non-free
+# security suppport
+<% if (lsbdistcodename == "sid" || lsbdistcodename == "unstable") -%>
+# There is no security mirror for <%= lsbdistcodename %>
+<% else -%>
+deb-src http://security.debian.org/ <%= lsbdistcodename %>/updates main contrib non-free
+<% end -%>
+