diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2016-03-31 14:50:07 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2016-03-31 14:50:07 -0300 |
| commit | b65996f7ae03d2bae118855a3c4d94a3947e556d (patch) | |
| tree | 5bab8e5c3663aaabca34ebcee3c706c4fbc35cb5 | |
| parent | b0425c65ecc61c6af3f31fba577b1e1c5d880674 (diff) | |
| parent | 8c8bd7bb1e5cc0f5297db9629ece783452233d1f (diff) | |
| download | puppet-apt-b65996f7ae03d2bae118855a3c4d94a3947e556d.tar.gz puppet-apt-b65996f7ae03d2bae118855a3c4d94a3947e556d.tar.bz2 | |
Conflicts:
README
files/Debian/50unattended-upgrades.lenny
files/Debian/50unattended-upgrades.wheezy
manifests/init.pp
manifests/params.pp
manifests/unattended_upgrades.pp
templates/Debian/preferences_jessie.erb
templates/Debian/sources.list.erb
59 files changed, 751 insertions, 348 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a54aa97 --- /dev/null +++ b/.gitignore @@ -0,0 +1,12 @@ +/pkg/ +/Gemfile.lock +/vendor/ +/spec/fixtures/manifests/* +/spec/fixtures/modules/* +!/spec/fixtures/modules/apt +!/spec/fixtures/modules/apt/* +/.vagrant/ +/.bundle/ +/coverage/ +/.idea/ +*.iml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..f7b8eca --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,12 @@ +before_script: + - ruby -v + - gem install bundler --no-ri --no-rdoc + - bundle install --jobs $(nproc) "${FLAGS[@]}" + +# don't fail on lint warnings +rspec: + script: + - bundle exec rake lint || /bin/true + - bundle exec rake syntax + - bundle exec rake validate + - bundle exec rake spec @@ -0,0 +1,13 @@ +source "https://rubygems.org" + +group :test do + gem "rake" + gem "rspec", '< 3.2.0' + gem "puppet", ENV['PUPPET_VERSION'] || ENV['GEM_PUPPET_VERSION'] || ENV['PUPPET_GEM_VERSION'] || '~> 3.7.0' + gem "facter", ENV['FACTER_VERSION'] || ENV['GEM_FACTER_VERSION'] || ENV['FACTER_GEM_VERSION'] || '~> 2.2.0' + gem "rspec-puppet" + gem "puppetlabs_spec_helper" + gem "metadata-json-lint" + gem "rspec-puppet-facts" + gem "mocha" +end @@ -17,6 +17,24 @@ Ubuntu support is lagging behind but not absent either. ! Upgrade Notice ! + * The `disable_update` parameter has been removed. The main apt class + defaults to *not* run an `apt-get update` on every run anyway so this + parameter seems useless. + You can include the `apt::update` class if you want it to be run every time. + + * The `apt::upgrade_package` now doesn't automatically call an Exec['apt_updated'] + anymore, so you would need to include `apt::update` now by hand. + + * The apt::codename parameter has been removed. In its place, the + debian_codename fact may be overridden via an environment variable. This + will affect all other debian_* facts, and achieve the same result. + + FACTER_debian_codename=jessie puppet agent -t + + * If you were using custom 50unattended-upgrades.${::lsbdistcodename} in your + site_apt, these are no longer supported. You should migrate to passing + $blacklisted_packages to the apt::unattended_upgrades class. + * the apt class has been moved to a paramterized class. if you were including this class before, after passing some variables, you will need to move to instantiating the class with those variables instead. For example, if you @@ -89,8 +107,9 @@ Requirements This module needs: -- the lsb module: git://labs.riseup.net/shared-lsb -- the common module: git://labs.riseup.net/shared-common +- the lsb-release package should be installed on the server prior to running + puppet. otherwise, all of the $::lsb* facts will be empty during runs. +- the common module: https://gitlab.com/shared-puppet-modules-group/common By default, on normal hosts, this module sets the configuration option DSelect::Clean to 'auto'. On virtual servers, the value is set by default to @@ -113,22 +132,6 @@ the site_apt modules' files directory that is named the same as the host. (example: site_apt/files/some.host.com/03clean, or site_apt/files/some.host.com/03clean_vserver) -Variables -========= - -$custom_sources_list --------------------- - -By default this module will use a basic apt/sources.list template with -a generic Debian mirror. If you need to set more specific sources, -e.g. changing the sections included in the source, etc. you can set -this variable to the content that you desire to use instead. - -For example, setting the following variable before including this class will -pull in the templates/site_apt/sources.list file: - - $custom_sources_list = template('site_apt/sources.list') - Classes ======= @@ -144,11 +147,18 @@ Example usage: Class parameters: +* use_lts + + If this variable is set to true the CODENAME-lts sources (such as + squeeze-lts) are added. + + By default this is false for backward compatibility with older + versions of this module. + * use_volatile - If this variable is set to true the Debian Volatile sources (until - Lenny) or CODENAME-updates (such as squeeze-updates, supported since - Squeeze) are added. + If this variable is set to true the CODENAME-updates sources (such as + squeeze-updates) are added. By default this is false for backward compatibility with older versions of this module. @@ -186,19 +196,10 @@ Class parameters: If this variable is set the default repositories list ("main contrib non-free") is overriden. -* disable_update - - Disable "apt-get update" which is normally triggered by apt::upgrade_package - and apt::dist_upgrade. - - Note that nodes can be updated once a day by using - APT::Periodic::Update-Package-Lists "1"; - in i.e. /etc/apt/apt.conf.d/80_apt_update_daily. - * custom_preferences - Since Debian Lenny's version of APT doesn't support the use of the - preferences.d directory for putting fragments of 'preferences', this + For historical reasons (Debian Lenny's version of APT did not support the use + of the preferences.d directory for putting fragments of 'preferences'), this module will manage a default generic apt/preferences file with more recent releases pinned to very low values so that any package installation will not accidentally pull in packages from those suites @@ -214,14 +215,17 @@ Class parameters: class { 'apt': custom_preferences => false } -* codename +* custom_sources_list + + By default this module will use a basic apt/sources.list template with + a generic Debian mirror. If you need to set more specific sources, + e.g. changing the sections included in the source, etc. you can set + this variable to the content that you desire to use instead. - Contains the codename ("squeeze", "wheezy", ...) of the client's release. While - these values come from lsb-release by default, this parameter can be set - manually, e.g. to enable forced upgrades. For example: + For example, setting this variable will pull in the + templates/site_apt/sources.list file: - include apt::dist_upgrade - class { 'apt': codename => 'wheezy', notify => Exec['apt_dist-upgrade'] } + class { 'apt': custom_sources_list => template('site_apt/sources.list') } * custom_key_dir @@ -291,9 +295,6 @@ classes may inherit from this one and add to its subscription list using the plusignment ('+>') operator. A real-world example can be seen in the apt::dist_upgrade::initiator source. -When this class is included the APT indexes are updated on every -Puppet run due to the author's lack of Puppet wizardry. - apt::dist_upgrade::initiator ---------------------------- @@ -367,6 +368,28 @@ apt::unattended_upgrades If this class is included, it will install the package 'unattended-upgrades' and configure it to daily upgrade the system. +The class has the following parameters that you can use to change the contents +of the configuration file. The values shown here are the default values: + + * $config_content = undef + * $config_template = 'apt/50unattended-upgrades.erb' + * $mailonlyonerror = true + * $mail_recipient = 'root' + * $blacklisted_packages = [] + +Note that using $config_content actually specifies all of the configuration +contents and thus makes the other parameters useless. + +example: + + class { 'apt::unattended_upgrades': + config_template => 'site_apt/50unattended-upgrades.jessie', + blacklisted_packages => [ + 'libc6', 'libc6-dev', 'libc6-i686', 'mysql-server', 'redmine', 'nodejs', + 'bird' + ], + } + Defines ======= @@ -445,15 +468,57 @@ apt::sources_list Creates a file in the apt/sources.list.d directory to easily add additional apt sources. One can use either the 'source' meta-parameter to specify a list of static files to include from the puppet fileserver or the 'content' -meta-parameter to define content inline or with the help of a template. +meta-parameter to define content inline or with the help of a template. Ending +the resource name in '.list' is optional: it will be automatically added to the +file name if not present in the resource name. Example: - apt::sources_list { 'company_internals.list': + apt::sources_list { 'company_internals': source => [ "puppet:///modules/site_apt/${::fqdn}/company_internals.list", 'puppet:///modules/site_apt/company_internals.list' ], } +apt::key +-------- + +Deploys a secure apt OpenPGP key. This usually accompanies the +sources.list snippets above for third party repositories. For example, +you would do: + + apt::key { 'neurodebian.gpg': + ensure => present, + source => 'puppet:///modules/site_apt/neurodebian.gpg', + } + +This deploys the key in the `/etc/apt/trusted.gpg.d` directory, which +is assumed by secure apt to be binary OpenPGP keys and *not* +"ascii-armored" or "plain text" OpenPGP key material. For the latter, +use `apt::key::plain`. + +The `.gpg` extension is compulsory for `apt` to pickup the key properly. + +apt::key::plain +--------------- + +Deploys a secure apt OpenPGP key. This usually accompanies the +sources.list snippets above for third party repositories. For example, +you would do: + + apt::key::plain { 'neurodebian.asc': + source => 'puppet:///modules/site_apt/neurodebian.asc', + } + +This deploys the key in the `${apt_base_dir}/keys` directory (as +opposed to `$custom_key_dir` which deploys it in `keys.d`). The reason +this exists on top of `$custom_key_dir` is to allow a more +decentralised distribution of those keys, without having all modules +throw their keys in the same directory in the manifests. + +Note that this model does *not* currently allow keys to be removed! +Use `apt::key` instead for a more practical, revokable approach, but +that needs binary keys. + apt::upgrade_package -------------------- @@ -486,19 +551,35 @@ Exec['apt_updated'] ------------------- After this point the APT indexes are up-to-date. +This resource is set to `refreshonly => true` so it is not run on +every puppetrun. To run this every time, you can include the `apt::update` +class. This resource is usually used like this to ensure current packages are installed by Package resources: - include apt::update - Package { require => Exec['apt_updated'] } + include apt::update + Package { require => Exec['apt_updated'] } + +Note that nodes can be updated once a day by using + + APT::Periodic::Update-Package-Lists "1"; + +in i.e. /etc/apt/apt.conf.d/80_apt_update_daily. + + +Tests +===== + +To run pupept rspec tests: + + bundle install --path vendor/bundle + bundle exec rake spec -Please note that the apt::upgrade_package define automatically uses -this resource so you don't have to manage this yourself if you need to -make sure APT indexes are up-to-date before a package upgrade is -attempted, but don't want "apt-get update" to happen on every Puppet -run. +Using different facter/puppet versions: + FACTER_GEM_VERSION=1.6.10 PUPPET_GEM_VERSION=2.7.23 bundle install --path vendor/bundle + bundle exec rake spec Licensing ========= diff --git a/Rakefile b/Rakefile new file mode 100644 index 0000000..85326bb --- /dev/null +++ b/Rakefile @@ -0,0 +1,19 @@ +require 'puppetlabs_spec_helper/rake_tasks' +require 'puppet-lint/tasks/puppet-lint' +PuppetLint.configuration.send('disable_80chars') +PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"] + +desc "Validate manifests, templates, and ruby files" +task :validate do + Dir['manifests/**/*.pp'].each do |manifest| + sh "puppet parser validate --noop #{manifest}" + end + Dir['spec/**/*.rb','lib/**/*.rb'].each do |ruby_file| + sh "ruby -c #{ruby_file}" unless ruby_file =~ /spec\/fixtures/ + end + Dir['templates/**/*.erb'].each do |template| + sh "erb -P -x -T '-' #{template} | ruby -c" + end +end + +task :test => [:lint, :syntax , :validate, :spec] diff --git a/files/Debian/50unattended-upgrades.lenny b/files/Debian/50unattended-upgrades.lenny deleted file mode 100644 index d55bb29..0000000 --- a/files/Debian/50unattended-upgrades.lenny +++ /dev/null @@ -1,13 +0,0 @@ -// this file is managed by puppet ! - -Unattended-Upgrade::Allowed-Origins { - "Debian oldstable"; - "Debian-Security oldstable"; -}; - -APT::Periodic::Update-Package-Lists "1"; -APT::Periodic::Download-Upgradeable-Packages "1"; -APT::Periodic::Unattended-Upgrade "1"; - -Unattended-Upgrade::Mail "root"; - diff --git a/files/Debian/50unattended-upgrades.wheezy b/files/Debian/50unattended-upgrades.wheezy deleted file mode 100644 index 0901ad3..0000000 --- a/files/Debian/50unattended-upgrades.wheezy +++ /dev/null @@ -1,14 +0,0 @@ -// this file is managed by puppet ! - -Unattended-Upgrade::Allowed-Origins { - "${distro_id}:stable"; - "${distro_id}:${distro_codename}-security"; - "${distro_id}:${distro_codename}-updates"; - "${distro_id} Backports:${distro_codename}-backports"; -}; - -APT::Periodic::Update-Package-Lists "1"; -APT::Periodic::Download-Upgradeable-Packages "1"; -APT::Periodic::Unattended-Upgrade "1"; - -Unattended-Upgrade::Mail "root"; diff --git a/lib/facter/debian_codename.rb b/lib/facter/debian_codename.rb new file mode 100644 index 0000000..254877a --- /dev/null +++ b/lib/facter/debian_codename.rb @@ -0,0 +1,42 @@ +begin + require 'facter/util/debian' +rescue LoadError + require "#{File.dirname(__FILE__)}/util/debian" +end + +def version_to_codename(version) + if Facter::Util::Debian::CODENAMES.has_key?(version) + return Facter::Util::Debian::CODENAMES[version] + else + Facter.warn("Could not determine codename from version '#{version}'") + end +end + +Facter.add(:debian_codename) do + has_weight 99 + confine :operatingsystem => 'Debian' + setcode do + Facter.value('lsbdistcodename') + end +end + +Facter.add(:debian_codename) do + has_weight 66 + confine :operatingsystem => 'Debian' + setcode do + version_to_codename(Facter.value('operatingsystemmajrelease')) + end +end + +Facter.add(:debian_codename) do + has_weight 33 + confine :operatingsystem => 'Debian' + setcode do + debian_version = File.open('/etc/debian_version', &:readline) + if debian_version.match(/^\d+/) + version_to_codename(debian_version.scan(/^(\d+)/)[0][0]) + elsif debian_version.match(/^[a-z]+\/(sid|unstable)/) + debian_version.scan(/^([a-z]+)\//)[0][0] + end + end +end diff --git a/lib/facter/debian_lts.rb b/lib/facter/debian_lts.rb new file mode 100644 index 0000000..f53a9eb --- /dev/null +++ b/lib/facter/debian_lts.rb @@ -0,0 +1,16 @@ +begin + require 'facter/util/debian' +rescue LoadError + require "#{File.dirname(__FILE__)}/util/debian" +end + +Facter.add(:debian_lts) do + confine :operatingsystem => 'Debian' + setcode do + if Facter::Util::Debian::LTS.include? Facter.value('debian_codename') + true + else + false + end + end +end diff --git a/lib/facter/debian_nextcodename.rb b/lib/facter/debian_nextcodename.rb new file mode 100644 index 0000000..c4c569b --- /dev/null +++ b/lib/facter/debian_nextcodename.rb @@ -0,0 +1,23 @@ +begin + require 'facter/util/debian' +rescue LoadError + require "#{File.dirname(__FILE__)}/util/debian" +end + +def debian_codename_to_next(codename) + if codename == "sid" + return "experimental" + else + codenames = Facter::Util::Debian::CODENAMES + versions = Facter::Util::Debian::CODENAMES.invert + current_version = versions[codename] + return codenames[(current_version.to_i + 1).to_s] + end +end + +Facter.add(:debian_nextcodename) do + confine :operatingsystem => 'Debian' + setcode do + debian_codename_to_next(Facter.value('debian_codename')) + end +end diff --git a/lib/facter/debian_nextrelease.rb b/lib/facter/debian_nextrelease.rb new file mode 100644 index 0000000..2a9c4f5 --- /dev/null +++ b/lib/facter/debian_nextrelease.rb @@ -0,0 +1,23 @@ +def debian_release_to_next(release) + releases = [ + 'oldoldoldstable', + 'oldoldstable', + 'oldstable', + 'stable', + 'testing', + 'unstable', + 'experimental', + ] + if releases.include? release + if releases.index(release)+1 < releases.count + return releases[releases.index(release)+1] + end + end +end + +Facter.add(:debian_nextrelease) do + confine :operatingsystem => 'Debian' + setcode do + debian_release_to_next(Facter.value('debian_release')) + end +end diff --git a/lib/facter/debian_release.rb b/lib/facter/debian_release.rb new file mode 100644 index 0000000..2c334cc --- /dev/null +++ b/lib/facter/debian_release.rb @@ -0,0 +1,38 @@ +begin + require 'facter/util/debian' +rescue LoadError + require "#{File.dirname(__FILE__)}/util/debian" +end + +def debian_codename_to_release(codename) + stable = Facter::Util::Debian::STABLE + versions = Facter::Util::Debian::CODENAMES.invert + release = nil + if codename == "sid" + release = "unstable" + elsif versions.has_key? codename + version = versions[codename].to_i + if version == stable + release = "stable" + elsif version < stable + release = "stable" + for i in version..stable - 1 + release = "old" + release + end + elsif version == stable + 1 + release = "testing" + end + end + if release.nil? + Facter.warn("Could not determine release from codename #{codename}!") + end + return release +end + +Facter.add(:debian_release) do + has_weight 99 + confine :operatingsystem => 'Debian' + setcode do + debian_codename_to_release(Facter.value('debian_codename')) + end +end diff --git a/lib/facter/ubuntu_codename.rb b/lib/facter/ubuntu_codename.rb new file mode 100644 index 0000000..814fd94 --- /dev/null +++ b/lib/facter/ubuntu_codename.rb @@ -0,0 +1,8 @@ +Facter.add(:ubuntu_codename) do + confine :operatingsystem => 'Ubuntu' + setcode do + Facter.value('lsbdistcodename') + end +end + + diff --git a/lib/facter/ubuntu_nextcodename.rb b/lib/facter/ubuntu_nextcodename.rb new file mode 100644 index 0000000..dcd1d42 --- /dev/null +++ b/lib/facter/ubuntu_nextcodename.rb @@ -0,0 +1,20 @@ +begin + require 'facter/util/ubuntu' +rescue LoadError + require "#{File.dirname(__FILE__)}/util/ubuntu" +end + +def ubuntu_codename_to_next(codename) + codenames = Facter::Util::Ubuntu::CODENAMES + i = codenames.index(codename) + if i and i+1 < codenames.count + return codenames[i+1] + end +end + +Facter.add(:ubuntu_nextcodename) do + confine :operatingsystem => 'Ubuntu' + setcode do + ubuntu_codename_to_next(Facter.value('ubuntu_codename')) + end +end diff --git a/lib/facter/util/debian.rb b/lib/facter/util/debian.rb new file mode 100644 index 0000000..290c17b --- /dev/null +++ b/lib/facter/util/debian.rb @@ -0,0 +1,18 @@ +module Facter + module Util + module Debian + STABLE = 8 + CODENAMES = { + "5" => "lenny", + "6" => "squeeze", + "7" => "wheezy", + "8" => "jessie", + "9" => "stretch", + "10" => "buster", + } + LTS = [ + "squeeze", + ] + end + end +end diff --git a/lib/facter/util/ubuntu.rb b/lib/facter/util/ubuntu.rb new file mode 100644 index 0000000..52c15e8 --- /dev/null +++ b/lib/facter/util/ubuntu.rb @@ -0,0 +1,21 @@ +module Facter + module Util + module Ubuntu + CODENAMES = [ + "lucid", + "maverick", + "natty", + "oneiric", + "precise", + "quantal", + "raring", + "saucy", + "trusty", + "utopic", + "vivid", + "wily", + "xenial" + ] + end + end +end diff --git a/lib/puppet/parser/functions/debian_nextcodename.rb b/lib/puppet/parser/functions/debian_nextcodename.rb deleted file mode 100644 index 3d5c3bd..0000000 --- a/lib/puppet/parser/functions/debian_nextcodename.rb +++ /dev/null @@ -1,13 +0,0 @@ -module Puppet::Parser::Functions - newfunction(:debian_nextcodename, :type => :rvalue) do |args| - case args[0] - when "etch" then "lenny" - when "lenny" then "squeeze" - when "squeeze" then "wheezy" - when "wheezy" then "jessie" - when "jessie" then "sid" - when "sid" then "experimental" - else "sid" - end - end -end diff --git a/lib/puppet/parser/functions/debian_nextrelease.rb b/lib/puppet/parser/functions/debian_nextrelease.rb deleted file mode 100644 index 76c3e0d..0000000 --- a/lib/puppet/parser/functions/debian_nextrelease.rb +++ /dev/null @@ -1,11 +0,0 @@ -module Puppet::Parser::Functions - newfunction(:debian_nextrelease, :type => :rvalue) do |args| - case args[0] - when 'oldstable' then 'stable' - when 'stable' then 'testing' - when 'testing' then 'unstable' - when 'unstable' then 'experimental' - else 'unstable' - end - end -end diff --git a/lib/puppet/parser/functions/debian_release.rb b/lib/puppet/parser/functions/debian_release.rb deleted file mode 100644 index d7b6718..0000000 --- a/lib/puppet/parser/functions/debian_release.rb +++ /dev/null @@ -1,12 +0,0 @@ -module Puppet::Parser::Functions - newfunction(:debian_release, :type => :rvalue) do |args| - case args[0] - when 'squeeze' then 'oldstable' - when 'wheezy' then 'stable' - when 'jessie' then 'testing' - when 'sid' then 'unstable' - when 'experimental' then 'experimental' - else 'testing' - end - end -end diff --git a/lib/puppet/parser/functions/debian_release_version.rb b/lib/puppet/parser/functions/debian_release_version.rb deleted file mode 100644 index 0abe90e..0000000 --- a/lib/puppet/parser/functions/debian_release_version.rb +++ /dev/null @@ -1,11 +0,0 @@ -module Puppet::Parser::Functions - newfunction(:debian_release_version, :type => :rvalue) do |args| - case args[0] - when 'etch' then '4.0' - when 'lenny' then '5.0' - when 'squeeze' then '6.0' - when 'wheezy' then '7.0' - else '' - end - end -end diff --git a/manifests/apt_conf.pp b/manifests/apt_conf.pp index f446c69..949f615 100644 --- a/manifests/apt_conf.pp +++ b/manifests/apt_conf.pp @@ -38,7 +38,7 @@ define apt::apt_conf( if $refresh_apt { File["/etc/apt/apt.conf.d/${name}"] { - notify => Exec['refresh_apt'], + notify => Exec['apt_updated'], } } diff --git a/manifests/apticron.pp b/manifests/apticron.pp index 54d7b71..9c94f9c 100644 --- a/manifests/apticron.pp +++ b/manifests/apticron.pp @@ -1,6 +1,6 @@ class apt::apticron( $ensure_version = 'installed', - $config = "apt/${::operatingsystem}/apticron_${::lsbdistcodename}.erb", + $config = "apt/${::operatingsystem}/apticron_${::debian_codename}.erb", $email = 'root', $diff_only = '1', $listchanges_profile = 'apticron', diff --git a/manifests/dist_upgrade.pp b/manifests/dist_upgrade.pp index bf78dcc..19c031e 100644 --- a/manifests/dist_upgrade.pp +++ b/manifests/dist_upgrade.pp @@ -1,18 +1,9 @@ class apt::dist_upgrade { - if $apt::disable_update == false { - include apt::update - } - - $req = $apt::disable_update ? { - true => undef, - default => Exec['apt_updated'], - } - exec { 'apt_dist-upgrade': command => '/usr/bin/apt-get -q -y -o \'DPkg::Options::=--force-confold\' dist-upgrade', refreshonly => true, - require => $req + before => Exec['apt_updated'] } } diff --git a/manifests/dot_d_directories.pp b/manifests/dot_d_directories.pp index 37c3fc8..0ace863 100644 --- a/manifests/dot_d_directories.pp +++ b/manifests/dot_d_directories.pp @@ -5,18 +5,11 @@ class apt::dot_d_directories { '/etc/apt/apt.conf.d': ensure => directory, checksum => mtime, - notify => Exec['refresh_apt']; + notify => Exec['apt_updated']; '/etc/apt/sources.list.d': ensure => directory, checksum => mtime, - notify => Exec['refresh_apt']; - } - - exec { - # "&& sleep 1" is workaround for older(?) clients - 'refresh_apt': - command => '/usr/bin/apt-get update && sleep 1', - refreshonly => true, + notify => Exec['apt_updated']; } } diff --git a/manifests/dselect.pp b/manifests/dselect.pp index 6feeb9f..2b99a43 100644 --- a/manifests/dselect.pp +++ b/manifests/dselect.pp @@ -1,9 +1,10 @@ +# manage dselect, like +# suppressing the annoying help texts class apt::dselect { - # suppress annoying help texts of dselect - line { 'dselect_expert': - file => '/etc/dpkg/dselect.cfg', - line => 'expert', + file_line { 'dselect_expert': + path => '/etc/dpkg/dselect.cfg', + line => 'expert', } package { 'dselect': ensure => installed } diff --git a/manifests/init.pp b/manifests/init.pp index 33eac37..4c44af2 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -4,18 +4,20 @@ # See LICENSE for the full license granted to you. class apt( - $codename = $apt::params::codename, + $use_lts = $apt::params::use_lts, $use_volatile = $apt::params::use_volatile, + $use_backports = $apt::params::use_backports, $include_src = $apt::params::include_src, $use_next_release = $apt::params::use_next_release, $debian_url = $apt::params::debian_url, $security_url = $apt::params::security_url, $backports_url = $apt::params::backports_url, + $lts_url = $apt::params::lts_url, $volatile_url = $apt::params::volatile_url, $ubuntu_url = $apt::params::ubuntu_url, $repos = $apt::params::repos, $custom_preferences = $apt::params::custom_preferences, - $disable_update = $apt::params::disable_update, + $custom_sources_list = '', $custom_key_dir = $apt::params::custom_key_dir ) inherits apt::params { case $::operatingsystem { @@ -38,32 +40,16 @@ class apt( require => undef, } - include lsb - - # init $release, $next_release, $next_codename, $release_version - case $codename { - 'n/a': { - fail("Unknown lsbdistcodename reported by facter: '$::lsbdistcodename', please fix this by setting this variable in your manifest.") - } - default: { - $release = debian_release($codename) - } - } - $release_version = debian_release_version($codename) - $next_codename = debian_nextcodename($codename) - $next_release = debian_nextrelease($release) - - $sources_content = $::custom_sources_list ? { + $sources_content = $custom_sources_list ? { '' => template( "apt/${::operatingsystem}/sources.list.erb"), - default => $::custom_sources_list + default => $custom_sources_list } file { - # include main, security and backports + # include main and security # additional sources should be included via the apt::sources_list define '/etc/apt/sources.list': content => $sources_content, - require => Package['lsb'], - notify => Exec['refresh_apt'], + notify => Exec['apt_updated'], owner => root, group => 0, mode => '0644'; @@ -110,9 +96,22 @@ class apt( # backports uses the normal archive key now package { 'debian-backports-keyring': ensure => absent } + if ($use_backports and !($::debian_release in ['testing', 'unstable', 'experimental'])) { + apt::sources_list { + 'backports': + content => "deb $backports_url ${::debian_codename}-backports ${apt::real_repos}", + } + if $include_src { + apt::sources_list { + 'backports-src': + content => "deb-src $backports_url ${::debian_codename}-backports ${apt::real_repos}", + } + } + } + include common::moduledir + common::module_dir { 'apt': } $apt_base_dir = "${common::moduledir::module_dir_path}/apt" - modules_dir { 'apt': } if $custom_key_dir { file { "${apt_base_dir}/keys.d": @@ -123,21 +122,29 @@ class apt( mode => '0755', } exec { 'custom_keys': - command => "find ${apt_base_dir}/keys.d -type f -exec apt-key add '{}' \\; && /usr/bin/apt-get update", + command => "find ${apt_base_dir}/keys.d -type f -exec apt-key add '{}' \\;", subscribe => File["${apt_base_dir}/keys.d"], refreshonly => true, + notify => Exec[refresh_apt] } if $custom_preferences != false { Exec['custom_keys'] { - before => [ Exec[refresh_apt], File['apt_config'] ] - } - } else { - Exec['custom_keys'] { - before => Exec[refresh_apt] + before => File['apt_config'] } } } # workaround for preseeded_package component file { [ '/var/cache', '/var/cache/local', '/var/cache/local/preseeding' ]: ensure => directory } + + exec { 'update_apt': + command => '/usr/bin/apt-get update', + require => [ + File['/etc/apt/apt.conf.d', '/etc/apt/preferences' ], + File['/etc/apt/sources.list'] ], + refreshonly => true, + # Another Semaphor for all packages to reference + alias => [ 'apt_updated', 'refresh_apt'] + } + } diff --git a/manifests/key.pp b/manifests/key.pp new file mode 100644 index 0000000..cb70ec6 --- /dev/null +++ b/manifests/key.pp @@ -0,0 +1,13 @@ +define apt::key ($source, $ensure = 'present') { + validate_re( + $name, '\.gpg$', + 'An apt::key resource name must have the .gpg extension', + ) + + file { + "/etc/apt/trusted.gpg.d/${name}": + ensure => $ensure, + source => $source, + notify => Exec['apt_updated'], + } +} diff --git a/manifests/key/plain.pp b/manifests/key/plain.pp new file mode 100644 index 0000000..dff8b51 --- /dev/null +++ b/manifests/key/plain.pp @@ -0,0 +1,13 @@ +define apt::key::plain ($source) { + file { + "${apt::apt_base_dir}/keys/${name}": + source => $source; + "${apt::apt_base_dir}/keys": + ensure => directory; + } + exec { "apt-key add '${apt::apt_base_dir}/keys/${name}'": + subscribe => File["${apt::apt_base_dir}/keys/${name}"], + refreshonly => true, + notify => Exec['apt_updated'], + } +} diff --git a/manifests/listchanges.pp b/manifests/listchanges.pp index 0c163ae..e64bb1b 100644 --- a/manifests/listchanges.pp +++ b/manifests/listchanges.pp @@ -1,6 +1,6 @@ class apt::listchanges( $ensure_version = 'installed', - $config = "apt/${::operatingsystem}/listchanges_${::lsbdistcodename}.erb", + $config = "apt/${::operatingsystem}/listchanges_${::debian_codename}.erb", $frontend = 'mail', $email = 'root', $confirm = '0', diff --git a/manifests/params.pp b/manifests/params.pp index 12273ac..28af06e 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -1,18 +1,22 @@ class apt::params () { - $codename = $::lsbdistcodename + $use_lts = false $use_volatile = false + $use_backports = true $include_src = false $use_next_release = false - $debian_url = 'http://http.debian.net/debian/' + $debian_url = 'http://httpredir.debian.org/debian/' $security_url = 'http://security.debian.org/' - $backports_url = $::lsbdistcodename ? { - 'wheezy' => $debian_url, - default => 'http://backports.debian.org/debian-backports/', + $ubuntu_url = 'http://archive.ubuntu.com/ubuntu' + $backports_url = $::debian_codename ? { + 'squeeze' => 'http://backports.debian.org/debian-backports/', + default => $::operatingsystem ? { + 'Ubuntu' => $ubuntu_url, + default => $debian_url, + } } + $lts_url = $debian_url $volatile_url = 'http://volatile.debian.org/debian-volatile/' - $ubuntu_url = 'http://archive.ubuntu.com/ubuntu' $repos = 'auto' $custom_preferences = '' - $disable_update = false $custom_key_dir = false } diff --git a/manifests/preferences.pp b/manifests/preferences.pp index 9ed24c1..6982ca0 100644 --- a/manifests/preferences.pp +++ b/manifests/preferences.pp @@ -2,8 +2,8 @@ class apt::preferences { $pref_contents = $apt::custom_preferences ? { '' => $::operatingsystem ? { - 'debian' => template("apt/${::operatingsystem}/preferences_${apt::codename}.erb"), - 'ubuntu' => template("apt/${::operatingsystem}/preferences_${apt::codename}.erb"), + 'debian' => template("apt/${::operatingsystem}/preferences_${::debian_codename}.erb"), + 'ubuntu' => template("apt/${::operatingsystem}/preferences_${::ubuntu_codename}.erb"), }, default => $apt::custom_preferences } diff --git a/manifests/preferences_snippet.pp b/manifests/preferences_snippet.pp index 5ae748b..b7dba0d 100644 --- a/manifests/preferences_snippet.pp +++ b/manifests/preferences_snippet.pp @@ -13,7 +13,7 @@ define apt::preferences_snippet ( } if $ensure == 'present' { - if $custom_preferences == false { + if $apt::custom_preferences == false { fail('Trying to define a preferences_snippet with $custom_preferences set to false.') } @@ -31,12 +31,10 @@ define apt::preferences_snippet ( file { "/etc/apt/preferences.d/${name}": ensure => $ensure, - owner => root, group => 0, mode => '0644'; + owner => root, group => 0, mode => '0644', + before => Exec['apt_updated']; } - # This should really work in the same manner as sources_list and apt_conf - # snippets, but since the preferences.d directory cannot be used in Debian - # lenny, we can't generalize without going into ugly special-casing. case $source { '': { case $release { diff --git a/manifests/preseeded_package.pp b/manifests/preseeded_package.pp index 9bca8b1..3ef0687 100644 --- a/manifests/preseeded_package.pp +++ b/manifests/preseeded_package.pp @@ -4,7 +4,7 @@ define apt::preseeded_package ( ) { $seedfile = "/var/cache/local/preseeding/${name}.seeds" $real_content = $content ? { - '' => template ( "site_apt/${::lsbdistcodename}/${name}.seeds" ), + '' => template ( "site_apt/${::debian_codename}/${name}.seeds" ), default => $content } diff --git a/manifests/sources_list.pp b/manifests/sources_list.pp index 3367f83..0ee068d 100644 --- a/manifests/sources_list.pp +++ b/manifests/sources_list.pp @@ -15,22 +15,24 @@ define apt::sources_list ( include apt::dot_d_directories + $realname = regsubst($name, '\.list$', '') + # One would expect the 'file' resource on sources.list.d to trigger an # apt-get update when files are added or modified in the directory, but it # apparently doesn't. - file { "/etc/apt/sources.list.d/${name}": + file { "/etc/apt/sources.list.d/${realname}.list": ensure => $ensure, owner => root, group => 0, mode => '0644', - notify => Exec['refresh_apt'], + notify => Exec['apt_updated'], } if $source { - File["/etc/apt/sources.list.d/${name}"] { + File["/etc/apt/sources.list.d/${realname}.list"] { source => $source, } } else { - File["/etc/apt/sources.list.d/${name}"] { + File["/etc/apt/sources.list.d/${realname}.list"] { content => $content, } } diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp index 398a1a7..52d7542 100644 --- a/manifests/unattended_upgrades.pp +++ b/manifests/unattended_upgrades.pp @@ -1,33 +1,34 @@ -class apt::unattended_upgrades { +class apt::unattended_upgrades ( + $config_content = undef, + $config_template = 'apt/50unattended-upgrades.erb', + $mailonlyonerror = true, + $mail_recipient = 'root', + $blacklisted_packages = [], + $ensure_version = present +) { package { 'unattended-upgrades': - ensure => present, - require => undef + ensure => $ensure_version } - apt_conf { '50unattended-upgrades': - source => [ - "puppet:///modules/site_apt/${::lsbdistid}/50unattended-upgrades.${::lsbdistcodename}", - "puppet:///modules/site_apt/${::lsbdistid}/50unattended-upgrades", - "puppet:///modules/apt/${::lsbdistid}/50unattended-upgrades.${::lsbdistcodename}", - "puppet:///modules/apt/${::lsbdistid}/50unattended-upgrades" ], + # For some reason, this directory is sometimes absent, which causes + # unattended-upgrades to crash. + file { '/var/log/unattended-upgrades': + ensure => directory, + owner => 'root', + group => 0, + mode => '0755', require => Package['unattended-upgrades'], } - if defined(File['apt_config']) { - Apt_conf['50unattended-upgrades'] { - before => File['apt_config'], - } + $file_content = $config_content ? { + undef => template($config_template), + default => $config_content } - if $operatingsystem == 'ubuntu' { - file { '/etc/apt/apt.conf.d/10periodic': - ensure => present, - owner => root, - group => root, - mode => 0644, - source => 'puppet:///modules/apt/10periodic', - require => Package['unattended-upgrades'], - } + apt_conf { '50unattended-upgrades': + content => $file_content, + require => Package['unattended-upgrades'], + refresh_apt => false } } diff --git a/manifests/update.pp b/manifests/update.pp index 3f45125..dde8320 100644 --- a/manifests/update.pp +++ b/manifests/update.pp @@ -1,13 +1,7 @@ -class apt::update { +class apt::update inherits ::apt { - exec { 'update_apt': - command => '/usr/bin/apt-get update && /usr/bin/apt-get autoclean', - require => [ - File['/etc/apt/apt.conf.d', '/etc/apt/preferences' ], - File['/etc/apt/sources.list'] ], - loglevel => info, - # Another Semaphor for all packages to reference - alias => 'apt_updated' + Exec['update_apt'] { + refreshonly => false } } diff --git a/manifests/upgrade_package.pp b/manifests/upgrade_package.pp index d607150..30572c9 100644 --- a/manifests/upgrade_package.pp +++ b/manifests/upgrade_package.pp @@ -2,10 +2,6 @@ define apt::upgrade_package ( $version = '' ) { - if $apt::disable_update == false { - include apt::update - } - $version_suffix = $version ? { '' => '', 'latest' => '', @@ -26,17 +22,10 @@ define apt::upgrade_package ( } } - $req = $apt::disable_update ? { - true => Package['apt-show-versions', 'dctrl-tools'], - default => [ - Exec['apt_updated'], - Package['apt-show-versions', 'dctrl-tools'] - ], - } - exec { "apt-get -q -y -o 'DPkg::Options::=--force-confold' install ${name}${version_suffix}": onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ], - require => $req + require => Package['apt-show-versions', 'dctrl-tools'], + before => Exec['apt_updated'] } } diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb new file mode 100644 index 0000000..21d1a98 --- /dev/null +++ b/spec/spec_helper.rb @@ -0,0 +1,12 @@ +# https://puppetlabs.com/blog/testing-modules-in-the-puppet-forge +require 'rspec-puppet' +require 'mocha/api' + +RSpec.configure do |c| + + c.module_path = File.expand_path(File.join(File.dirname(__FILE__), '..', '..')) + c.color = true + + #Puppet.features.stubs(:root? => true) + +end diff --git a/spec/unit/custom_facts_spec.rb b/spec/unit/custom_facts_spec.rb new file mode 100644 index 0000000..9a28d92 --- /dev/null +++ b/spec/unit/custom_facts_spec.rb @@ -0,0 +1,86 @@ +require "spec_helper" + +describe "Facter::Util::Fact" do + before { + Facter.clear + } + + describe 'custom facts' do + + context 'Debian 7' do + before do + Facter.fact(:operatingsystem).stubs(:value).returns("Debian") + Facter.fact(:operatingsystemrelease).stubs(:value).returns("7.8") + Facter.fact(:lsbdistcodename).stubs(:value).returns("wheezy") + end + + it "debian_release = oldstable" do + expect(Facter.fact(:debian_release).value).to eq('oldstable') + end + + it "debian_codename = wheezy" do + expect(Facter.fact(:debian_codename).value).to eq('wheezy') + end + + it "debian_nextcodename = jessie" do + expect(Facter.fact(:debian_nextcodename).value).to eq('jessie') + end + + it "debian_nextrelease = stable" do + expect(Facter.fact(:debian_nextrelease).value).to eq('stable') + end + end + + context 'Debian 8' do + before do + Facter.fact(:operatingsystem).stubs(:value).returns("Debian") + Facter.fact(:operatingsystemrelease).stubs(:value).returns("8.0") + Facter.fact(:lsbdistcodename).stubs(:value).returns("jessie") + end + + it "debian_release = stable" do + expect(Facter.fact(:debian_release).value).to eq('stable') + end + + it "debian_codename = jessie" do + expect(Facter.fact(:debian_codename).value).to eq('jessie') + end + + it "debian_nextcodename = stretch" do + expect(Facter.fact(:debian_nextcodename).value).to eq('stretch') + end + + it "debian_nextrelease = testing" do + expect(Facter.fact(:debian_nextrelease).value).to eq('testing') + end + end + + context 'Ubuntu 15.10' do + before do + Facter.fact(:operatingsystem).stubs(:value).returns("Ubuntu") + Facter.fact(:operatingsystemrelease).stubs(:value).returns("15.10") + Facter.fact(:lsbdistcodename).stubs(:value).returns("wily") + end + + it "ubuntu_codename = wily" do + expect(Facter.fact(:ubuntu_codename).value).to eq('wily') + end + + it "ubuntu_nextcodename = xenial" do + expect(Facter.fact(:ubuntu_nextcodename).value).to eq('xenial') + end + end + end + + describe "Test 'apt_running' fact" do + it "should return true when apt-get is running" do + Facter::Util::Resolution.stubs(:exec).with("pgrep apt-get >/dev/null 2>&1 && echo true || echo false").returns("true") + expect(Facter.fact(:apt_running).value).to eq('true') + end + it "should return false when apt-get is not running" do + Facter::Util::Resolution.stubs(:exec).with("pgrep apt-get >/dev/null 2>&1 && echo true || echo false").returns("false") + expect(Facter.fact(:apt_running).value).to eq('false') + end + end + +end diff --git a/templates/20proxy.erb b/templates/20proxy.erb index ea706b6..520e7b1 100644 --- a/templates/20proxy.erb +++ b/templates/20proxy.erb @@ -1,5 +1,5 @@ // This file is managed by Puppet // all local modifications will be overwritten -Acquire::http { Proxy "<%= proxy %>:<%= port %>"; }; +Acquire::http { Proxy "<%= @proxy %>:<%= @port %>"; }; Acquire::HTTP::Proxy::bugs.debian.org "DIRECT"; diff --git a/templates/50unattended-upgrades.erb b/templates/50unattended-upgrades.erb new file mode 100644 index 0000000..7c65d10 --- /dev/null +++ b/templates/50unattended-upgrades.erb @@ -0,0 +1,38 @@ +// this file is managed by puppet ! + +<% if scope.lookupvar('::operatingsystem') == 'Ubuntu' -%> +Unattended-Upgrade::Allowed-Origins { + "${distro_id}:${distro_codename}-security"; + "${distro_id}:${distro_codename}-updates"; + "${distro_id}:${distro_codename}-backports"; +<% elsif scope.lookupvar('::operatingsystem') == 'Debian' and scope.lookupvar('::debian_codename') == 'squeeze' -%> +Unattended-Upgrade::Allowed-Origins { + "${distro_id}:<%= scope.lookupvar('::debian_release') %>"; + "${distro_id}:squeeze-lts"; +<% elsif scope.lookupvar('::operatingsystem') == 'Debian' and scope.lookupvar('::debian_codename') == 'wheezy' -%> +Unattended-Upgrade::Origins-Pattern { + "origin=Debian,archive=<%= scope.lookupvar('::debian_release') %>,label=Debian-Security"; + "origin=Debian,archive=${distro_codename}-lts"; +<% else -%> +Unattended-Upgrade::Origins-Pattern { + "origin=Debian,codename=${distro_codename},label=Debian"; + "origin=Debian,codename=${distro_codename},label=Debian-Security"; +<% end -%> +}; + +<% if not @blacklisted_packages.empty? -%> +Unattended-Upgrade::Package-Blacklist { +<% @blacklisted_packages.each do |pkg| -%> + "<%= pkg %>"; +<% end -%> +}; +<% end -%> + +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Download-Upgradeable-Packages "1"; +APT::Periodic::Unattended-Upgrade "1"; + +Unattended-Upgrade::Mail "<%= @mail_recipient -%>"; +<% if @mailonlyonerror -%> +Unattended-Upgrade::MailOnlyOnError "true"; +<% end -%> diff --git a/templates/Debian/apticron_jessie.erb b/templates/Debian/apticron_jessie.erb new file mode 120000 index 0000000..a9a3a6f --- /dev/null +++ b/templates/Debian/apticron_jessie.erb @@ -0,0 +1 @@ +apticron_wheezy.erb
\ No newline at end of file diff --git a/templates/Debian/apticron_lenny.erb b/templates/Debian/apticron_lenny.erb index aad9985..86b0997 100644 --- a/templates/Debian/apticron_lenny.erb +++ b/templates/Debian/apticron_lenny.erb @@ -24,9 +24,9 @@ LISTCHANGES_PROFILE="<%= scope.lookupvar('apt::apticron::listchanges_profile') % # of "hostname -f" for the system name in the mails it generates # # SYSTEM="foobar.example.com" -<%- unless scope.lookupvar('apt::apticron::system').to_s == "false" -%> -<%= "SYSTEM=\"#{scope.lookupvar('apt::apticron::system')}\"" %> -<%- end -%> +<% unless (v=scope.lookupvar('apt::apticron::system')).to_s == "false" -%> +SYSTEM="<%= v %>" +<% end -%> # # Set IPADDRESSNUM if you would like to configure the maximal number of IP @@ -34,9 +34,9 @@ LISTCHANGES_PROFILE="<%= scope.lookupvar('apt::apticron::listchanges_profile') % # family type (inet, inet6), if available. # # IPADDRESSNUM="1" -<%- unless scope.lookupvar('apt::apticron::ipaddressnum').to_s == "false" -%> -<%= "IPADDRESSNUM=\"#{scope.lookupvar('apt::apticron::ipaddressnum')}\"" %> -<%- end -%> +<% unless (v=scope.lookupvar('apt::apticron::ipaddressnum')).to_s == "false" -%> +IPADDRESSNUM="<%= v %>" +<% end -%> # # Set IPADDRESSES to a whitespace seperated list of reachable addresses for @@ -44,7 +44,7 @@ LISTCHANGES_PROFILE="<%= scope.lookupvar('apt::apticron::listchanges_profile') % # "ip" command # # IPADDRESSES="192.0.2.1 2001:db8:1:2:3::1" -<%- unless scope.lookupvar('apt::apticron::ipaddresses').to_s == "false" -%> -<%= "IPADDRESSES=\"#{scope.lookupvar('apt::apticron::ipaddresses')}\"" %> -<%- end -%> +<% unless (v=scope.lookupvar('apt::apticron::ipaddresses')).to_s == "false" -%> +IPADDRESSES="<%= v %>" +<% end -%> diff --git a/templates/Debian/apticron_squeeze.erb b/templates/Debian/apticron_squeeze.erb index 580179e..05b7c9b 100644 --- a/templates/Debian/apticron_squeeze.erb +++ b/templates/Debian/apticron_squeeze.erb @@ -26,9 +26,9 @@ LISTCHANGES_PROFILE="<%= scope.lookupvar('apt::apticron::listchanges_profile') % # of "hostname -f" for the system name in the mails it generates # # SYSTEM="foobar.example.com" -<%- unless scope.lookupvar('apt::apticron::system').to_s == "false" -%> -<%= "SYSTEM=\"#{scope.lookupvar('apt::apticron::system')}\"" %> -<%- end -%> +<% unless (v=scope.lookupvar('apt::apticron::system')).to_s == "false" -%> +SYSTEM="<%= v %>" +<% end -%> # @@ -37,9 +37,9 @@ LISTCHANGES_PROFILE="<%= scope.lookupvar('apt::apticron::listchanges_profile') % # family type (inet, inet6), if available. # # IPADDRESSNUM="1" -<%- unless scope.lookupvar('apt::apticron::ipaddressnum').to_s == "false" -%> -<%= "IPADDRESSNUM=\"#{scope.lookupvar('apt::apticron::ipaddressnum')}\"" %> -<%- end -%> +<% unless (v=scope.lookupvar('apt::apticron::ipaddressnum')).to_s == "false" -%> +IPADDRESSNUM="<%= v %>" +<% end -%> # @@ -48,9 +48,9 @@ LISTCHANGES_PROFILE="<%= scope.lookupvar('apt::apticron::listchanges_profile') % # "ip" command # # IPADDRESSES="192.0.2.1 2001:db8:1:2:3::1" -<%- unless scope.lookupvar('apt::apticron::ipaddresses').to_s == "false" -%> -<%= "IPADDRESSES=\"#{scope.lookupvar('apt::apticron::ipaddresses')}\"" %> -<%- end -%> +<% unless (v=scope.lookupvar('apt::apticron::ipaddresses')).to_s == "false" -%> +IPADDRESSES="<%= v %>" +<% end -%> # diff --git a/templates/Debian/apticron_wheezy.erb b/templates/Debian/apticron_wheezy.erb index d8c8804..655854e 100644 --- a/templates/Debian/apticron_wheezy.erb +++ b/templates/Debian/apticron_wheezy.erb @@ -25,9 +25,9 @@ LISTCHANGES_PROFILE="<%= scope.lookupvar('apt::apticron::listchanges_profile') % # of "hostname -f" for the system name in the mails it generates # # SYSTEM="foobar.example.com" -<%- unless scope.lookupvar('apt::apticron::system').to_s == "false" -%> -<%= "SYSTEM=\"#{scope.lookupvar('apt::apticron::system')}\"" %> -<%- end -%> +<% unless (v=scope.lookupvar('apt::apticron::system')).to_s == "false" -%> +SYSTEM="<%= v %>" +<% end -%> # # Set IPADDRESSNUM if you would like to configure the maximal number of IP @@ -35,9 +35,9 @@ LISTCHANGES_PROFILE="<%= scope.lookupvar('apt::apticron::listchanges_profile') % # family type (inet, inet6), if available. # # IPADDRESSNUM="1" -<%- unless scope.lookupvar('apt::apticron::ipaddressnum').to_s == "false" -%> -<%= "IPADDRESSNUM=\"#{scope.lookupvar('apt::apticron::ipaddressnum')}\"" %> -<%- end -%> +<% unless (v=scope.lookupvar('apt::apticron::ipaddressnum')).to_s == "false" -%> +IPADDRESSNUM="<%= v %>" +<% end -%> # # Set IPADDRESSES to a whitespace separated list of reachable addresses for @@ -45,9 +45,9 @@ LISTCHANGES_PROFILE="<%= scope.lookupvar('apt::apticron::listchanges_profile') % # "ip" command # # IPADDRESSES="192.0.2.1 2001:db8:1:2:3::1" -<%- unless scope.lookupvar('apt::apticron::ipaddresses').to_s == "false" -%> -<%= "IPADDRESSES=\"#{scope.lookupvar('apt::apticron::ipaddresses')}\"" %> -<%- end -%> +<% unless (v=scope.lookupvar('apt::apticron::ipaddresses')).to_s == "false" -%> +IPADDRESSES=<%= v %>" +<% end -%> # # Set NOTIFY_HOLDS="0" if you don't want to be notified about new versions of diff --git a/templates/Debian/listchanges_jessie.erb b/templates/Debian/listchanges_jessie.erb new file mode 120000 index 0000000..74ab496 --- /dev/null +++ b/templates/Debian/listchanges_jessie.erb @@ -0,0 +1 @@ +listchanges_lenny.erb
\ No newline at end of file diff --git a/templates/Debian/preferences_jessie.erb b/templates/Debian/preferences_jessie.erb index 0cc0e5c..0888abe 100644 --- a/templates/Debian/preferences_jessie.erb +++ b/templates/Debian/preferences_jessie.erb @@ -1,13 +1,8 @@ -Explanation: Debian <%= codename=scope.lookupvar('apt::codename') %> +Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %> Package: * Pin: release o=Debian,n=<%= codename %> Pin-Priority: 990 -Explanation: Debian <%= codename %>-updates -Package: * -Pin: release o=Debian,n=<%= codename %>-updates -Pin-Priority: 990 - Explanation: Debian sid Package: * Pin: release o=Debian,n=sid @@ -17,4 +12,3 @@ Explanation: Debian fallback Package: * Pin: release o=Debian Pin-Priority: -10 - diff --git a/templates/Debian/preferences_lenny.erb b/templates/Debian/preferences_lenny.erb index 5c3c829..6500168 100644 --- a/templates/Debian/preferences_lenny.erb +++ b/templates/Debian/preferences_lenny.erb @@ -1,6 +1,6 @@ -Explanation: Debian <%= codename=scope.lookupvar('apt::codename') %> +Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %> Package: * -Pin: release o=Debian,a=<%= scope.lookupvar('apt::release') %>,v=<%= scope.lookupvar('apt::release_version') %>* +Pin: release o=Debian,a=<%= scope.lookupvar('::debian_release') %>,v=5* Pin-Priority: 990 Explanation: Debian backports @@ -8,7 +8,7 @@ Package: * Pin: origin backports.debian.org Pin-Priority: 200 -Explanation: Debian <%= next_release=scope.lookupvar('apt::next_release') %> +Explanation: Debian <%= next_release=scope.lookupvar('::debian_nextrelease') %> Package: * Pin: release o=Debian,a=<%= next_release %> Pin-Priority: 2 diff --git a/templates/Debian/preferences_squeeze.erb b/templates/Debian/preferences_squeeze.erb index efe7720..885edc7 100644 --- a/templates/Debian/preferences_squeeze.erb +++ b/templates/Debian/preferences_squeeze.erb @@ -1,4 +1,4 @@ -Explanation: Debian <%= codename=scope.lookupvar('apt::codename') %> +Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %> Package: * Pin: release o=Debian,n=<%= codename %> Pin-Priority: 990 @@ -8,7 +8,12 @@ Package: * Pin: release o=Debian,n=<%= codename %>-updates Pin-Priority: 990 -Explanation: Debian <%= next_codename=scope.lookupvar('apt::next_codename') %> +Explanation: Debian <%= codename %>-lts +Package: * +Pin: release o=Debian,n=<%= codename %>-lts +Pin-Priority: 990 + +Explanation: Debian <%= next_codename=scope.lookupvar('::debian_nextcodename') %> Package: * Pin: release o=Debian,n=<%= next_codename %> Pin-Priority: 2 diff --git a/templates/Debian/preferences_wheezy.erb b/templates/Debian/preferences_wheezy.erb index 0cc0e5c..106108d 100644 --- a/templates/Debian/preferences_wheezy.erb +++ b/templates/Debian/preferences_wheezy.erb @@ -1,4 +1,4 @@ -Explanation: Debian <%= codename=scope.lookupvar('apt::codename') %> +Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %> Package: * Pin: release o=Debian,n=<%= codename %> Pin-Priority: 990 diff --git a/templates/Debian/sources.list.erb b/templates/Debian/sources.list.erb index b2ea727..44eea53 100644 --- a/templates/Debian/sources.list.erb +++ b/templates/Debian/sources.list.erb @@ -1,88 +1,76 @@ # This file is managed by puppet # all local modifications will be overwritten -### Debian current: <%= codename=scope.lookupvar('apt::codename') %> +### Debian current: <%= codename=scope.lookupvar('::debian_codename') %> # basic deb <%= debian_url=scope.lookupvar('apt::debian_url') %> <%= codename %> <%= lrepos=scope.lookupvar('apt::real_repos') %> -<% if scope.lookupvar('apt::include_src') -%> +<% if include_src=scope.lookupvar('apt::include_src') -%> deb-src <%= debian_url %> <%= codename %> <%= lrepos %> <% end -%> # security -<% if ((release=scope.lookupvar('apt::release')) == "unstable" || release == "experimental" || codename == "lenny" ) -%> -# There is no security support for <%= release %> -<% else -%> +<% if ((release=scope.lookupvar('::debian_release')) == "stable" || release == "oldstable") -%> deb <%= security_url=scope.lookupvar('apt::security_url') %> <%= codename %>/updates <%= lrepos %> -<% if @include_src -%> +<% if include_src -%> deb-src <%= security_url %> <%= codename %>/updates <%= lrepos %> <% end -%> -<% end -%> - -# backports -<% if (release == "testing" || release == "unstable" || release == "experimental") -%> -# There is no backports archive for <%= release %> <% else -%> -deb <%= backports_url=scope.lookupvar('apt::backports_url') %> <%= codename %>-backports <%= lrepos %> -<% if include_src -%> -deb-src <%= backports_url %> <%= codename %>-backports <%= lrepos %> -<% end -%> +# There is no security support for <%= release %> <% end -%> <% if use_volatile=scope.lookupvar('apt::use_volatile') -%> # volatile -<% if (release == "testing" || release == "unstable" || release == "experimental") -%> +<% if (release == "testing" || release == "unstable" || release == "experimental") -%> # There is no volatile archive for <%= release %> -<% else -%> -<% if (codename == "lenny" || codename == "etch") -%> -deb <%= volatile_url=scope.lookupvar('apt::volatile_url') %> <%= codename %>/volatile <%= lrepos %> -<% if include_src -%> -deb-src <%= volatile_url %> <%= codename %>/volatile <%= lrepos %> -<% end -%> -<% else -%> +<% else -%> deb <%= debian_url %> <%= codename %>-updates <%= lrepos %> -<% if include_src -%> +<% if include_src -%> deb-src <%= debian_url %> <%= codename %>-updates <%= lrepos %> -<% end -%> +<% end + end + end -%> + +<% if use_lts=scope.lookupvar('apt::use_lts') -%> +# LTS +<% if release_lts=scope.lookupvar('::debian_lts') == "false" -%> +# There is no LTS archive for <%= release %> +<% else -%> +deb <%= debian_url %> <%= codename %>-lts <%= lrepos %> +<% if include_src -%> +deb-src <%= debian_url %> <%= codename %>-lts <%= lrepos %> <% end -%> <% end -%> <% end -%> <% if next_release=scope.lookupvar('apt::use_next_release') -%> -### Debian next: <%= next_release=scope.lookupvar('apt::next_release') ; next_codename=scope.lookupvar('apt::next_codename') %> +### Debian next: <%= next_release=scope.lookupvar('::debian_nextrelease') ; next_codename=scope.lookupvar('::debian_nextcodename') %> # basic deb <%= debian_url %> <%= next_codename %> <%= lrepos %> -<% if include_src then -%> +<% if include_src -%> deb-src <%= debian_url %> <%= next_codename %> <%= lrepos %> -<% end -%> +<% end -%> # security -<% if (next_release == "unstable" || next_release == "experimental") -%> +<% if (next_release == "unstable" || next_release == "experimental") -%> # There is no security support for <%= next_release %> -<% else -%> +<% else -%> deb <%= security_url %> <%= next_codename %>/updates <%= lrepos %> -<% if include_src then -%> +<% if include_src then -%> deb-src <%= security_url %> <%= next_codename %>/updates <%= lrepos %> -<% end -%> -<% end -%> +<% end + end -%> -<% if use_volatile -%> +<% if use_volatile -%> # volatile -<% if (next_release == "testing" || next_release == "unstable" || next_release == "experimental") -%> +<% if (next_release == "testing" || next_release == "unstable" || next_release == "experimental") -%> # There is no volatile archive for <%= next_release %> -<% else -%> -<% if (next_codename == "lenny" || next_codename == "etch") -%> -deb <%= volatile_url %> <%= next_codename %>/volatile <%= lrepos %> -<% if include_src then -%> -deb-src <%= volatile_url %> <%= next_codename %>/volatile <%= lrepos %> -<% end -%> -<% else -%> +<% else -%> deb <%= debian_url %> <%= next_codename %>-updates <%= lrepos %> -<% if include_src then -%> +<% if include_src -%> deb-src <%= debian_url %> <%= next_codename %>-updates <%= lrepos %> -<% end -%> -<% end -%> -<% end -%> -<% end -%> -<% end -%> +<% end + end + end + end -%> diff --git a/templates/Ubuntu/preferences_maverick.erb b/templates/Ubuntu/preferences_maverick.erb index 801ddd4..8e5481d 100644 --- a/templates/Ubuntu/preferences_maverick.erb +++ b/templates/Ubuntu/preferences_maverick.erb @@ -1,4 +1,4 @@ -Explanation: Ubuntu <%= codename=scope.lookupvar('apt::codename') %> security +Explanation: Ubuntu <%= codename=scope.lookupvar('::ubuntu_codename') %> security Package: * Pin: release o=Ubuntu,a=<%= codename %>-security Pin-Priority: 990 @@ -18,7 +18,7 @@ Package: * Pin: release a=<%= codename %>-backports Pin-Priority: 200 -Explanation: Ubuntu <%= next_release=scope.lookupvar('apt::next_release') %> +Explanation: Ubuntu <%= next_release=scope.lookupvar('::ubuntu_nextcodename') %> Package: * Pin: release o=Ubuntu,a=<%= next_release %> Pin-Priority: 2 diff --git a/templates/Ubuntu/preferences_utopic.erb b/templates/Ubuntu/preferences_utopic.erb new file mode 120000 index 0000000..3debe4f --- /dev/null +++ b/templates/Ubuntu/preferences_utopic.erb @@ -0,0 +1 @@ +preferences_maverick.erb
\ No newline at end of file diff --git a/templates/Ubuntu/preferences_vivid.erb b/templates/Ubuntu/preferences_vivid.erb new file mode 120000 index 0000000..3debe4f --- /dev/null +++ b/templates/Ubuntu/preferences_vivid.erb @@ -0,0 +1 @@ +preferences_maverick.erb
\ No newline at end of file diff --git a/templates/Ubuntu/preferences_wily.erb b/templates/Ubuntu/preferences_wily.erb new file mode 120000 index 0000000..3debe4f --- /dev/null +++ b/templates/Ubuntu/preferences_wily.erb @@ -0,0 +1 @@ +preferences_maverick.erb
\ No newline at end of file diff --git a/templates/Ubuntu/preferences_xenial.erb b/templates/Ubuntu/preferences_xenial.erb new file mode 120000 index 0000000..3debe4f --- /dev/null +++ b/templates/Ubuntu/preferences_xenial.erb @@ -0,0 +1 @@ +preferences_maverick.erb
\ No newline at end of file diff --git a/templates/Ubuntu/sources.list.erb b/templates/Ubuntu/sources.list.erb index c1a6115..e6d2f64 100644 --- a/templates/Ubuntu/sources.list.erb +++ b/templates/Ubuntu/sources.list.erb @@ -1,26 +1,22 @@ # This file is managed by puppet # all local modifications will be overwritten -# basic <%= codename=scope.lookupvar('apt::codename') %> +# basic <%= codename=scope.lookupvar('::ubuntu_codename') %> deb <%= ubuntu_url=scope.lookupvar('apt::ubuntu_url') %> <%= codename %> <%= lrepos=scope.lookupvar('apt::real_repos') %> <% if include_src=scope.lookupvar('apt::include_src') -%> deb-src <%= ubuntu_url %> <%= codename %> <%= lrepos %> <% end -%> +<% if use_volatile=scope.lookupvar('apt::use_volatile') -%> # updates deb <%= ubuntu_url %> <%= codename %>-updates <%= lrepos %> -<% if include_src -%> +<% if include_src -%> deb-src <%= ubuntu_url %> <%= codename %>-updates <%= lrepos %> -<% end -%> +<% end + end -%> # security suppport deb <%= ubuntu_url %> <%= codename %>-security <%= lrepos %> <% if include_src -%> deb-src <%= ubuntu_url %> <%= codename %>-security <%= lrepos %> <% end -%> - -# backports -deb <%= ubuntu_url %> <%= codename %>-backports main <%= lrepos %> -<% if include_src -%> -deb-src <%= ubuntu_url %> <%= codename %>-backports <%= lrepos %> -<% end -%> diff --git a/templates/preferences_snippet.erb b/templates/preferences_snippet.erb index b7acaab..903e73d 100644 --- a/templates/preferences_snippet.erb +++ b/templates/preferences_snippet.erb @@ -1,4 +1,4 @@ -Package: <%= real_package %> -Pin: <%= pin %> -Pin-Priority: <%= priority %> +Package: <%= @real_package %> +Pin: <%= @pin %> +Pin-Priority: <%= @priority %> diff --git a/templates/preferences_snippet_release.erb b/templates/preferences_snippet_release.erb index 845d23f..b95d3f8 100644 --- a/templates/preferences_snippet_release.erb +++ b/templates/preferences_snippet_release.erb @@ -1,4 +1,4 @@ -Package: <%= real_package %> -Pin: release a=<%= release %> -Pin-Priority: <%= priority %> +Package: <%= @real_package %> +Pin: release a=<%= @release %> +Pin-Priority: <%= @priority %> |