diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2016-03-31 14:50:07 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2016-03-31 14:50:07 -0300 |
commit | b65996f7ae03d2bae118855a3c4d94a3947e556d (patch) | |
tree | 5bab8e5c3663aaabca34ebcee3c706c4fbc35cb5 /README | |
parent | b0425c65ecc61c6af3f31fba577b1e1c5d880674 (diff) | |
parent | 8c8bd7bb1e5cc0f5297db9629ece783452233d1f (diff) | |
download | puppet-apt-b65996f7ae03d2bae118855a3c4d94a3947e556d.tar.gz puppet-apt-b65996f7ae03d2bae118855a3c4d94a3947e556d.tar.bz2 |
Conflicts:
README
files/Debian/50unattended-upgrades.lenny
files/Debian/50unattended-upgrades.wheezy
manifests/init.pp
manifests/params.pp
manifests/unattended_upgrades.pp
templates/Debian/preferences_jessie.erb
templates/Debian/sources.list.erb
Diffstat (limited to 'README')
-rw-r--r-- | README | 181 |
1 files changed, 131 insertions, 50 deletions
@@ -17,6 +17,24 @@ Ubuntu support is lagging behind but not absent either. ! Upgrade Notice ! + * The `disable_update` parameter has been removed. The main apt class + defaults to *not* run an `apt-get update` on every run anyway so this + parameter seems useless. + You can include the `apt::update` class if you want it to be run every time. + + * The `apt::upgrade_package` now doesn't automatically call an Exec['apt_updated'] + anymore, so you would need to include `apt::update` now by hand. + + * The apt::codename parameter has been removed. In its place, the + debian_codename fact may be overridden via an environment variable. This + will affect all other debian_* facts, and achieve the same result. + + FACTER_debian_codename=jessie puppet agent -t + + * If you were using custom 50unattended-upgrades.${::lsbdistcodename} in your + site_apt, these are no longer supported. You should migrate to passing + $blacklisted_packages to the apt::unattended_upgrades class. + * the apt class has been moved to a paramterized class. if you were including this class before, after passing some variables, you will need to move to instantiating the class with those variables instead. For example, if you @@ -89,8 +107,9 @@ Requirements This module needs: -- the lsb module: git://labs.riseup.net/shared-lsb -- the common module: git://labs.riseup.net/shared-common +- the lsb-release package should be installed on the server prior to running + puppet. otherwise, all of the $::lsb* facts will be empty during runs. +- the common module: https://gitlab.com/shared-puppet-modules-group/common By default, on normal hosts, this module sets the configuration option DSelect::Clean to 'auto'. On virtual servers, the value is set by default to @@ -113,22 +132,6 @@ the site_apt modules' files directory that is named the same as the host. (example: site_apt/files/some.host.com/03clean, or site_apt/files/some.host.com/03clean_vserver) -Variables -========= - -$custom_sources_list --------------------- - -By default this module will use a basic apt/sources.list template with -a generic Debian mirror. If you need to set more specific sources, -e.g. changing the sections included in the source, etc. you can set -this variable to the content that you desire to use instead. - -For example, setting the following variable before including this class will -pull in the templates/site_apt/sources.list file: - - $custom_sources_list = template('site_apt/sources.list') - Classes ======= @@ -144,11 +147,18 @@ Example usage: Class parameters: +* use_lts + + If this variable is set to true the CODENAME-lts sources (such as + squeeze-lts) are added. + + By default this is false for backward compatibility with older + versions of this module. + * use_volatile - If this variable is set to true the Debian Volatile sources (until - Lenny) or CODENAME-updates (such as squeeze-updates, supported since - Squeeze) are added. + If this variable is set to true the CODENAME-updates sources (such as + squeeze-updates) are added. By default this is false for backward compatibility with older versions of this module. @@ -186,19 +196,10 @@ Class parameters: If this variable is set the default repositories list ("main contrib non-free") is overriden. -* disable_update - - Disable "apt-get update" which is normally triggered by apt::upgrade_package - and apt::dist_upgrade. - - Note that nodes can be updated once a day by using - APT::Periodic::Update-Package-Lists "1"; - in i.e. /etc/apt/apt.conf.d/80_apt_update_daily. - * custom_preferences - Since Debian Lenny's version of APT doesn't support the use of the - preferences.d directory for putting fragments of 'preferences', this + For historical reasons (Debian Lenny's version of APT did not support the use + of the preferences.d directory for putting fragments of 'preferences'), this module will manage a default generic apt/preferences file with more recent releases pinned to very low values so that any package installation will not accidentally pull in packages from those suites @@ -214,14 +215,17 @@ Class parameters: class { 'apt': custom_preferences => false } -* codename +* custom_sources_list + + By default this module will use a basic apt/sources.list template with + a generic Debian mirror. If you need to set more specific sources, + e.g. changing the sections included in the source, etc. you can set + this variable to the content that you desire to use instead. - Contains the codename ("squeeze", "wheezy", ...) of the client's release. While - these values come from lsb-release by default, this parameter can be set - manually, e.g. to enable forced upgrades. For example: + For example, setting this variable will pull in the + templates/site_apt/sources.list file: - include apt::dist_upgrade - class { 'apt': codename => 'wheezy', notify => Exec['apt_dist-upgrade'] } + class { 'apt': custom_sources_list => template('site_apt/sources.list') } * custom_key_dir @@ -291,9 +295,6 @@ classes may inherit from this one and add to its subscription list using the plusignment ('+>') operator. A real-world example can be seen in the apt::dist_upgrade::initiator source. -When this class is included the APT indexes are updated on every -Puppet run due to the author's lack of Puppet wizardry. - apt::dist_upgrade::initiator ---------------------------- @@ -367,6 +368,28 @@ apt::unattended_upgrades If this class is included, it will install the package 'unattended-upgrades' and configure it to daily upgrade the system. +The class has the following parameters that you can use to change the contents +of the configuration file. The values shown here are the default values: + + * $config_content = undef + * $config_template = 'apt/50unattended-upgrades.erb' + * $mailonlyonerror = true + * $mail_recipient = 'root' + * $blacklisted_packages = [] + +Note that using $config_content actually specifies all of the configuration +contents and thus makes the other parameters useless. + +example: + + class { 'apt::unattended_upgrades': + config_template => 'site_apt/50unattended-upgrades.jessie', + blacklisted_packages => [ + 'libc6', 'libc6-dev', 'libc6-i686', 'mysql-server', 'redmine', 'nodejs', + 'bird' + ], + } + Defines ======= @@ -445,15 +468,57 @@ apt::sources_list Creates a file in the apt/sources.list.d directory to easily add additional apt sources. One can use either the 'source' meta-parameter to specify a list of static files to include from the puppet fileserver or the 'content' -meta-parameter to define content inline or with the help of a template. +meta-parameter to define content inline or with the help of a template. Ending +the resource name in '.list' is optional: it will be automatically added to the +file name if not present in the resource name. Example: - apt::sources_list { 'company_internals.list': + apt::sources_list { 'company_internals': source => [ "puppet:///modules/site_apt/${::fqdn}/company_internals.list", 'puppet:///modules/site_apt/company_internals.list' ], } +apt::key +-------- + +Deploys a secure apt OpenPGP key. This usually accompanies the +sources.list snippets above for third party repositories. For example, +you would do: + + apt::key { 'neurodebian.gpg': + ensure => present, + source => 'puppet:///modules/site_apt/neurodebian.gpg', + } + +This deploys the key in the `/etc/apt/trusted.gpg.d` directory, which +is assumed by secure apt to be binary OpenPGP keys and *not* +"ascii-armored" or "plain text" OpenPGP key material. For the latter, +use `apt::key::plain`. + +The `.gpg` extension is compulsory for `apt` to pickup the key properly. + +apt::key::plain +--------------- + +Deploys a secure apt OpenPGP key. This usually accompanies the +sources.list snippets above for third party repositories. For example, +you would do: + + apt::key::plain { 'neurodebian.asc': + source => 'puppet:///modules/site_apt/neurodebian.asc', + } + +This deploys the key in the `${apt_base_dir}/keys` directory (as +opposed to `$custom_key_dir` which deploys it in `keys.d`). The reason +this exists on top of `$custom_key_dir` is to allow a more +decentralised distribution of those keys, without having all modules +throw their keys in the same directory in the manifests. + +Note that this model does *not* currently allow keys to be removed! +Use `apt::key` instead for a more practical, revokable approach, but +that needs binary keys. + apt::upgrade_package -------------------- @@ -486,19 +551,35 @@ Exec['apt_updated'] ------------------- After this point the APT indexes are up-to-date. +This resource is set to `refreshonly => true` so it is not run on +every puppetrun. To run this every time, you can include the `apt::update` +class. This resource is usually used like this to ensure current packages are installed by Package resources: - include apt::update - Package { require => Exec['apt_updated'] } + include apt::update + Package { require => Exec['apt_updated'] } + +Note that nodes can be updated once a day by using + + APT::Periodic::Update-Package-Lists "1"; + +in i.e. /etc/apt/apt.conf.d/80_apt_update_daily. + + +Tests +===== + +To run pupept rspec tests: + + bundle install --path vendor/bundle + bundle exec rake spec -Please note that the apt::upgrade_package define automatically uses -this resource so you don't have to manage this yourself if you need to -make sure APT indexes are up-to-date before a package upgrade is -attempted, but don't want "apt-get update" to happen on every Puppet -run. +Using different facter/puppet versions: + FACTER_GEM_VERSION=1.6.10 PUPPET_GEM_VERSION=2.7.23 bundle install --path vendor/bundle + bundle exec rake spec Licensing ========= |