aboutsummaryrefslogtreecommitdiff
path: root/README
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2016-03-31 14:50:07 -0300
committerSilvio Rhatto <rhatto@riseup.net>2016-03-31 14:50:07 -0300
commitb65996f7ae03d2bae118855a3c4d94a3947e556d (patch)
tree5bab8e5c3663aaabca34ebcee3c706c4fbc35cb5 /README
parentb0425c65ecc61c6af3f31fba577b1e1c5d880674 (diff)
parent8c8bd7bb1e5cc0f5297db9629ece783452233d1f (diff)
downloadpuppet-apt-b65996f7ae03d2bae118855a3c4d94a3947e556d.tar.gz
puppet-apt-b65996f7ae03d2bae118855a3c4d94a3947e556d.tar.bz2
Merge remote-tracking branch 'shared/master' into developHEADmasterdevelop
Conflicts: README files/Debian/50unattended-upgrades.lenny files/Debian/50unattended-upgrades.wheezy manifests/init.pp manifests/params.pp manifests/unattended_upgrades.pp templates/Debian/preferences_jessie.erb templates/Debian/sources.list.erb
Diffstat (limited to 'README')
-rw-r--r--README181
1 files changed, 131 insertions, 50 deletions
diff --git a/README b/README
index 35a88b2..e097a7e 100644
--- a/README
+++ b/README
@@ -17,6 +17,24 @@ Ubuntu support is lagging behind but not absent either.
! Upgrade Notice !
+ * The `disable_update` parameter has been removed. The main apt class
+ defaults to *not* run an `apt-get update` on every run anyway so this
+ parameter seems useless.
+ You can include the `apt::update` class if you want it to be run every time.
+
+ * The `apt::upgrade_package` now doesn't automatically call an Exec['apt_updated']
+ anymore, so you would need to include `apt::update` now by hand.
+
+ * The apt::codename parameter has been removed. In its place, the
+ debian_codename fact may be overridden via an environment variable. This
+ will affect all other debian_* facts, and achieve the same result.
+
+ FACTER_debian_codename=jessie puppet agent -t
+
+ * If you were using custom 50unattended-upgrades.${::lsbdistcodename} in your
+ site_apt, these are no longer supported. You should migrate to passing
+ $blacklisted_packages to the apt::unattended_upgrades class.
+
* the apt class has been moved to a paramterized class. if you were including
this class before, after passing some variables, you will need to move to
instantiating the class with those variables instead. For example, if you
@@ -89,8 +107,9 @@ Requirements
This module needs:
-- the lsb module: git://labs.riseup.net/shared-lsb
-- the common module: git://labs.riseup.net/shared-common
+- the lsb-release package should be installed on the server prior to running
+ puppet. otherwise, all of the $::lsb* facts will be empty during runs.
+- the common module: https://gitlab.com/shared-puppet-modules-group/common
By default, on normal hosts, this module sets the configuration option
DSelect::Clean to 'auto'. On virtual servers, the value is set by default to
@@ -113,22 +132,6 @@ the site_apt modules' files directory that is named the same as the
host. (example: site_apt/files/some.host.com/03clean, or
site_apt/files/some.host.com/03clean_vserver)
-Variables
-=========
-
-$custom_sources_list
---------------------
-
-By default this module will use a basic apt/sources.list template with
-a generic Debian mirror. If you need to set more specific sources,
-e.g. changing the sections included in the source, etc. you can set
-this variable to the content that you desire to use instead.
-
-For example, setting the following variable before including this class will
-pull in the templates/site_apt/sources.list file:
-
- $custom_sources_list = template('site_apt/sources.list')
-
Classes
=======
@@ -144,11 +147,18 @@ Example usage:
Class parameters:
+* use_lts
+
+ If this variable is set to true the CODENAME-lts sources (such as
+ squeeze-lts) are added.
+
+ By default this is false for backward compatibility with older
+ versions of this module.
+
* use_volatile
- If this variable is set to true the Debian Volatile sources (until
- Lenny) or CODENAME-updates (such as squeeze-updates, supported since
- Squeeze) are added.
+ If this variable is set to true the CODENAME-updates sources (such as
+ squeeze-updates) are added.
By default this is false for backward compatibility with older
versions of this module.
@@ -186,19 +196,10 @@ Class parameters:
If this variable is set the default repositories list ("main contrib non-free")
is overriden.
-* disable_update
-
- Disable "apt-get update" which is normally triggered by apt::upgrade_package
- and apt::dist_upgrade.
-
- Note that nodes can be updated once a day by using
- APT::Periodic::Update-Package-Lists "1";
- in i.e. /etc/apt/apt.conf.d/80_apt_update_daily.
-
* custom_preferences
- Since Debian Lenny's version of APT doesn't support the use of the
- preferences.d directory for putting fragments of 'preferences', this
+ For historical reasons (Debian Lenny's version of APT did not support the use
+ of the preferences.d directory for putting fragments of 'preferences'), this
module will manage a default generic apt/preferences file with more
recent releases pinned to very low values so that any package
installation will not accidentally pull in packages from those suites
@@ -214,14 +215,17 @@ Class parameters:
class { 'apt': custom_preferences => false }
-* codename
+* custom_sources_list
+
+ By default this module will use a basic apt/sources.list template with
+ a generic Debian mirror. If you need to set more specific sources,
+ e.g. changing the sections included in the source, etc. you can set
+ this variable to the content that you desire to use instead.
- Contains the codename ("squeeze", "wheezy", ...) of the client's release. While
- these values come from lsb-release by default, this parameter can be set
- manually, e.g. to enable forced upgrades. For example:
+ For example, setting this variable will pull in the
+ templates/site_apt/sources.list file:
- include apt::dist_upgrade
- class { 'apt': codename => 'wheezy', notify => Exec['apt_dist-upgrade'] }
+ class { 'apt': custom_sources_list => template('site_apt/sources.list') }
* custom_key_dir
@@ -291,9 +295,6 @@ classes may inherit from this one and add to its subscription list
using the plusignment ('+>') operator. A real-world example can be
seen in the apt::dist_upgrade::initiator source.
-When this class is included the APT indexes are updated on every
-Puppet run due to the author's lack of Puppet wizardry.
-
apt::dist_upgrade::initiator
----------------------------
@@ -367,6 +368,28 @@ apt::unattended_upgrades
If this class is included, it will install the package 'unattended-upgrades'
and configure it to daily upgrade the system.
+The class has the following parameters that you can use to change the contents
+of the configuration file. The values shown here are the default values:
+
+ * $config_content = undef
+ * $config_template = 'apt/50unattended-upgrades.erb'
+ * $mailonlyonerror = true
+ * $mail_recipient = 'root'
+ * $blacklisted_packages = []
+
+Note that using $config_content actually specifies all of the configuration
+contents and thus makes the other parameters useless.
+
+example:
+
+ class { 'apt::unattended_upgrades':
+ config_template => 'site_apt/50unattended-upgrades.jessie',
+ blacklisted_packages => [
+ 'libc6', 'libc6-dev', 'libc6-i686', 'mysql-server', 'redmine', 'nodejs',
+ 'bird'
+ ],
+ }
+
Defines
=======
@@ -445,15 +468,57 @@ apt::sources_list
Creates a file in the apt/sources.list.d directory to easily add additional apt
sources. One can use either the 'source' meta-parameter to specify a list of
static files to include from the puppet fileserver or the 'content'
-meta-parameter to define content inline or with the help of a template.
+meta-parameter to define content inline or with the help of a template. Ending
+the resource name in '.list' is optional: it will be automatically added to the
+file name if not present in the resource name.
Example:
- apt::sources_list { 'company_internals.list':
+ apt::sources_list { 'company_internals':
source => [ "puppet:///modules/site_apt/${::fqdn}/company_internals.list",
'puppet:///modules/site_apt/company_internals.list' ],
}
+apt::key
+--------
+
+Deploys a secure apt OpenPGP key. This usually accompanies the
+sources.list snippets above for third party repositories. For example,
+you would do:
+
+ apt::key { 'neurodebian.gpg':
+ ensure => present,
+ source => 'puppet:///modules/site_apt/neurodebian.gpg',
+ }
+
+This deploys the key in the `/etc/apt/trusted.gpg.d` directory, which
+is assumed by secure apt to be binary OpenPGP keys and *not*
+"ascii-armored" or "plain text" OpenPGP key material. For the latter,
+use `apt::key::plain`.
+
+The `.gpg` extension is compulsory for `apt` to pickup the key properly.
+
+apt::key::plain
+---------------
+
+Deploys a secure apt OpenPGP key. This usually accompanies the
+sources.list snippets above for third party repositories. For example,
+you would do:
+
+ apt::key::plain { 'neurodebian.asc':
+ source => 'puppet:///modules/site_apt/neurodebian.asc',
+ }
+
+This deploys the key in the `${apt_base_dir}/keys` directory (as
+opposed to `$custom_key_dir` which deploys it in `keys.d`). The reason
+this exists on top of `$custom_key_dir` is to allow a more
+decentralised distribution of those keys, without having all modules
+throw their keys in the same directory in the manifests.
+
+Note that this model does *not* currently allow keys to be removed!
+Use `apt::key` instead for a more practical, revokable approach, but
+that needs binary keys.
+
apt::upgrade_package
--------------------
@@ -486,19 +551,35 @@ Exec['apt_updated']
-------------------
After this point the APT indexes are up-to-date.
+This resource is set to `refreshonly => true` so it is not run on
+every puppetrun. To run this every time, you can include the `apt::update`
+class.
This resource is usually used like this to ensure current packages are
installed by Package resources:
- include apt::update
- Package { require => Exec['apt_updated'] }
+ include apt::update
+ Package { require => Exec['apt_updated'] }
+
+Note that nodes can be updated once a day by using
+
+ APT::Periodic::Update-Package-Lists "1";
+
+in i.e. /etc/apt/apt.conf.d/80_apt_update_daily.
+
+
+Tests
+=====
+
+To run pupept rspec tests:
+
+ bundle install --path vendor/bundle
+ bundle exec rake spec
-Please note that the apt::upgrade_package define automatically uses
-this resource so you don't have to manage this yourself if you need to
-make sure APT indexes are up-to-date before a package upgrade is
-attempted, but don't want "apt-get update" to happen on every Puppet
-run.
+Using different facter/puppet versions:
+ FACTER_GEM_VERSION=1.6.10 PUPPET_GEM_VERSION=2.7.23 bundle install --path vendor/bundle
+ bundle exec rake spec
Licensing
=========