diff options
45 files changed, 1351 insertions, 369 deletions
@@ -7,26 +7,25 @@ This module manages apt on Debian. It keeps dpkg's and apt's databases as well as the keyrings for securing package download current. -backports.org is added and an archive key is provided[1]. +backports.debian.org is added. -dselect is switched to expert mode to suppress superfluous help screens. +/etc/apt/sources.list and /etc/apt/preferences are managed. More +recent Debian releases are pinned to very low values by default to +prevent accidental upgrades. -sources.list and apt_preferences are managed. Testing and unstable are pinned to -very low values by default to prevent accidental upgrades. +Ubuntu support is lagging behind but not absent either. -This module needs lsb-release installed. +This module needs: +- lsb-release installed +- the common module: git://labs.riseup.net/shared-common -Variables -========= - -$apt_clean ----------- -Sets DSelect::Clean, defaults to 'auto' on normal hosts and 'pre-auto' -in vservers, since the latter are usually more space-bound and have -better recovery mechanisms via the host: +By default, on normal hosts, this module sets the configuration option +DSelect::Clean to 'auto'. On virtual servers, the value is set by default to +'pre-auto', because virtual servers are usually more space-bound and have better +recovery mechanisms via the host: -From apt.conf(5), 0.7.2: +From apt.conf(5), 0.7.2: "Cache Clean mode; this value may be one of always, prompt, auto, pre-auto and never. always and prompt will remove all packages from the cache after upgrading, prompt (the default) does so @@ -35,83 +34,330 @@ From apt.conf(5), 0.7.2: instance). pre-auto performs this action before downloading new packages." +To change the default setting for DSelect::Clean, you can create a file named +"03clean" or "03clean_vserver" in your site-apt module's files directory. You +can also define this for a specific host by creating a file in a subdirectory of +the site-apt modules' files directory that is named the same as the +host. (example: site-apt/files/some.host.com/03clean, or +site-apt/files/some.host.com/03clean_vserver) + +Variables +========= $lsbdistcodename ----------------- +---------------- + Contains the codename ("etch", "lenny", ...) of the client's release. While these values come from lsb-release by default, this -value can be set manually too, e.g. to enable forced upgrades +value can be set manually too, e.g. to enable forced upgrades. $custom_sources_list -------------------- -By default this module will use a basic apt/sources.list with a -generic debian mirror. If you need to set more specific sources, -e.g. for country proximity, proxies, etc. you can set this variable to -the location of your sources.list template. For example, setting the -following variable before including this class will pull in the -templates/apt/sources.list file: -$custom_sources_list ='template("apt/sources.list")' - -$custom_preferences --------------------- -By default this module will use a basic apt/preferences file with -unstable and testing pinned to very low values so that any package + +By default this module will use a basic apt/sources.list template with +a generic Debian mirror. If you need to set more specific sources, +e.g. changing the sections included in the source, etc. you can set +this variable to the content that you desire to use instead. + +For example, setting the following variable before including this class will +pull in the templates/site-apt/sources.list file: + + $custom_sources_list = template("site-apt/sources.list") + +$custom_preferences +------------------- + +Since Debian Lenny's version of APT doesn't support the use of the +preferences.d directory for putting fragments of 'preferences', this +module will manage a default generic apt/preferences file with more +recent releases pinned to very low values so that any package installation will not accidentally pull in packages from those suites -unless you explicitly specify the version number. You can set this -variable to pull in a customized apt/preferences template, for -example, setting the following variable before including this class -will pull in the templates/apt/preferences file: -$custom_preferences = 'template("apt/preferences")' +unless you explicitly specify the version number. This file will be +complemented with all of the preferences_snippet calls (see below). + +If the default preferences template doesn't suit your needs, you can create a +template located in your site-apt module, and set $custom_preferences with the +location (eg. $custom_preferences = "puppet:///modules/site-apt/preferences") + +Setting this variable to false before including this class will force the +apt/preferences file to be absent: + + $custom_preferences = false $custom_key_dir --------------- + If you have different apt-key files that you want to get added to your apt keyring, you can set this variable to a path in your fileserver where individual key files can be placed. If this is set and keys -exist there, this module will apt-key add each key +exist there, this module will 'apt-key add' each key. + +The debian-archive-keyring package is installed and kept current up to the +latest revision (this includes the backports archive keyring). + +$apt_proxy / $apt_proxy_port +---------------------------- + +When you include the apt::proxy_client class in your nodes, you can set the +$apt_proxy variable to the URL of the proxy that will be used. +By default, the proxy will be queried on port 3142, but you can change the port +number by setting the $apt_proxy_port variable. + +Here's an example of setting the proxy to 'http://proxy.domain' at port 666: + + $apt_proxy = 'http://proxy.domain' + $apt_proxy_port = 666 + include apt::proxy_client + +$apt_volatile_enabled +----------------- + +If this variable is set to true the Debian Volatile sources (until +Lenny) or CODENAME-updates (such as squeeze-updates, supported since +Squeeze) are added. +By default this is false for backward compatibility with older +versions of this module. + +$apt_include_src +---------------- + +If this variable is set to true a deb-src source is added for every +added binary archive source. +By default this is false for backward compatibility with older +versions of this module. + +$apt_use_next_release +--------------------- + +If this variable is set to true the sources for the next Debian +release are added. The default pinning configuration pins it to very +low values. +By default this is false for backward compatibility with older +versions of this module. + +$apt_debian_url, $apt_security_url, $apt_backports_url, $apt_volatile_url +------------------------------------------------------------------------- + +These variables allow to override the default APT mirrors respectively +used for the standard Debian archives, the Debian security archive, +the Debian official backports and the Debian Volatile archive. + +$apt_ubuntu_url +--------------- + +These variables allows to override the default APT mirror used for all +standard Ubuntu archives (including updates, security, backports). + +$apt_repos +---------- + +If this variable is set the default repositories list ("main contrib non-free") +is overriden. Classes ======= -This module contains only the apt class, which sets up all described -functionality. +apt +--- +The apt class sets up most of the documented functionality. To use +functionality that is not enabled by default, you must include one of +the following classes. -Resources -========= +apt::apticron +------------- + +When you include this class, apticron will be installed, with the following +defaults, which you are free to change before you include the class: + + $apticron_ensure_version = "present" + $apticron_email = "root" + $apticron_config = "apt/${operatingsystem}/apticron_${lsbrelease}.erb" + $apticron_diff_only = "1" + $apticron_listchanges_profile = "apticron" + $apticron_system = false + $apticron_ipaddressnum = false + $apticron_ipaddresses = false + $apticron_notifyholds = "0" + $apticron_notifynew = "0" + $apticron_customsubject = "" + +apt::cron::download +------------------- + +This class sets up cron-apt so that it downloads upgradable packages, does not +actually do any upgrade and emails when the output changes. + +cron-apt defaults to run at 4 AM. You may want to set the +$apt_cron_hours variable before you include the class: its value will +be passed as the "hours" parameter of a cronjob. Example: + + # Run cron-apt every three hours + $apt_cron_hours = "*/3" + +Note that the default 4 AM cronjob won't be disabled. -File[apt_config] +apt::cron::dist-upgrade +----------------------- + +This class sets up cron-apt so that it dist-upgrades the system and +emails when upgrades are performed. + +See apt::cron::download above if you need to run cron-apt more often +than once a day. + +apt::dist_upgrade +----------------- + +This class provides the Exec['apt_dist-upgrade'] resource that +dist-upgrade's the system. + +This exec is set as refreshonly so including this class does not +trigger any action per-se: other resources may notify it, other +classes may inherit from this one and add to its subscription list +using the plusignment ('+>') operator. A real-world example can be +seen in the apt::dist_upgrade::initiator source. + +When this class is included the APT indexes are updated on every +Puppet run due to the author's lack of Puppet wizardry. + +apt::dist_upgrade::initiator +---------------------------- + +This class automatically dist-upgrade's the system when an initiator +file's content changes. The initiator file is copied from the first +available source amongst the following ones, in decreasing priority +order: + +- puppet:///site-apt/${fqdn}/upgrade_initiator +- puppet:///site-apt/upgrade_initiator +- puppet:///apt/upgrade_initiator + +This is useful when one does not want to setup a fully automated +upgrade process but still needs a way to manually trigger full +upgrades of any number of systems at scheduled times. + +Beware: a dist-upgrade is triggered the first time Puppet runs after +this class has been included. This is actually the single reason why +this class is not enabled by default. + +When this class is included the APT indexes are updated on every +Puppet run due to the author's lack of Puppet wizardry. + +apt::dselect +------------ + +This class, when included, installs dselect and switches it to expert mode to +suppress superfluous help screens. + +apt::listchanges ---------------- -Use this resource to depend on or add to a completed apt configuration -Exec[apt_updated] +This class, when included, installs apt-listchanges and configures it using the +following variables, the defaults are below: + + $apt_listchanges_version = "present" + $apt_listchanges_config = "apt/${operatingsystem}/listchanges_${lsbrelease}.erb" + $apt_listchanges_frontend = "pager" + $apt_listchanges_email = "root" + $apt_listchanges_confirm = "0" + $apt_listchanges_saveseen = "/var/lib/apt/listchanges.db" + $apt_listchanges_which = "both" + +apt::proxy_client ----------------- -After this point, current packages can installed via apt, usually used -like this: -Package { require => Exec[apt_updated] } +This class adds the right configuration to apt to make it fetch packages via a +proxy. The variables $apt_proxy and $apt_proxy_port need to be set (see above). + +apt::reboot_required_notify +--------------------------- + +This class installs a daily cronjob that checks if a package upgrade +requires the system to be rebooted; if so, cron sends a notification +email to root. + +apt::unattended_upgrades +------------------------ + +If this class is included, it will install the package 'unattended-upgrades' +and configure it to daily upgrade the system. + +Defines +======= + +apt::apt_conf +------------- + +Creates a file in the apt/apt.conf.d directory to easily add configuration +components. One can use either the 'source' meta-parameter to specify a list of +static files to include from the puppet fileserver or the 'content' +meta-parameter to define content inline or with the help of a template. + +Example: + + apt::apt_conf { "80download-only": + source => "puppet:///modules/site-apt/80download-only", + } + +apt::preferences_snippet +------------------------ + +A way to add pinning information to /etc/apt/preferences + +Example: + + apt::preferences_snippet{ + 'irssi-plugin-otr': + release => 'lenny-backports', + priority => 999; + } apt::preseeded_package ---------------------- -This simplifies installation of packages that you wish to preseed the -answers to debconf. For example, if you wish to provide a preseed file -for the locales package, you would place the locales.seed file in -templates/$debian_version/locales.seeds and then include the following -in your manifest: -apt::preseeded_package { locales: } +This simplifies installation of packages for which you wish to preseed the +answers to debconf. For example, if you wish to provide a preseed file for the +locales package, you would place the locales.seed file in +'site-apt/templates/$lsbdistcodename/locales.seeds' and then include the +following in your manifest: + + apt::preseeded_package { locales: } + +You can also specify the content of the seed via the content parameter, +for example: + + apt::preseeded_package { "apticron": + content => "apticron apticron/notification string root@example.com", + } + +apt::sources_list +------------- + +Creates a file in the apt/sources.list.d directory to easily add additional apt +sources. One can use either the 'source' meta-parameter to specify a list of +static files to include from the puppet fileserver or the 'content' +meta-parameter to define content inline or with the help of a template. + +Example: + + apt::sources_list { "company_internals.list": + source => ["puppet:///modules/site-apt/${fqdn}/company_internals.list", + "puppet:///modules/site-apt/company_internals.list"], + } apt::upgrade_package -------------------- + This simplifies upgrades for DSA security announcements or point-releases. This -will ensure that the named package is upgrade to the version specified, only if the -package is installed, otherwise nothing happens. If the specified version is 'latest' (the -default), then the package is ensured to be upgraded to the latest package revision when -it becomes available. +will ensure that the named package is upgraded to the version specified, only if +the package is installed, otherwise nothing happens. If the specified version +is 'latest' (the default), then the package is ensured to be upgraded to the +latest package revision when it becomes available. -For example, the following upgrades the perl package to version 5.8.8-7etch1 (if it is -installed), it also upgrades the syslog-ng and perl-modules packages to their latest (also, -only if they are installed): +For example, the following upgrades the perl package to version 5.8.8-7etch1 +(if it is installed), it also upgrades the syslog-ng and perl-modules packages +to their latest (also, only if they are installed): upgrade_package { "perl": version => '5.8.8-7etch1'; @@ -120,20 +366,27 @@ upgrade_package { "perl": "perl-modules": } -TODO -==== +Resources +========= + +Concatenated_file[apt_config] +----------------------------- -Enable debian-archive-keyring handling for sarge, lenny and sid. +Use this resource to depend on or add to a completed apt configuration -Enable selection of country-specific mirrors. +Exec[apt_updated] +----------------- -Currently this module updates the caches on every run. Running dselect update is -a expensive operation and should be done only on schedule by using apticron. -Sometimes -- especially when initially starting management or deploying new -packages -- a immediate update is really needed to be able to install the right -packages without errors. Thus a method should be devised to be able to specify -with high fidelity when a update should be run and when it is not needed. +After this point the APT indexes are up-to-date. +This resource is usually used like this to ensure current packages are +installed by Package resources: + include apt::update + Package { require => Exec[apt_updated] } -[1] Of course, you should check the validity of _this_ key yourself. +Please note that the apt::upgrade_package define automatically uses +this resource so you don't have to manage this yourself if you need to +make sure APT indexes are up-to-date before a package upgrade is +attempted, but don't want "apt-get update" to happen on every Puppet +run. diff --git a/files/02show_upgraded b/files/02show_upgraded new file mode 100644 index 0000000..bb127d4 --- /dev/null +++ b/files/02show_upgraded @@ -0,0 +1,4 @@ +// This file is managed by Puppet +// all local modifications will be overwritten + +APT::Get::Show-Upgraded true; diff --git a/files/03clean b/files/03clean new file mode 100644 index 0000000..3d20924 --- /dev/null +++ b/files/03clean @@ -0,0 +1,4 @@ +// This file is managed by Puppet +// all local modifications will be overwritten + +DSelect::Clean auto; diff --git a/files/03clean_vserver b/files/03clean_vserver new file mode 100644 index 0000000..6bb84e5 --- /dev/null +++ b/files/03clean_vserver @@ -0,0 +1,4 @@ +// This file is managed by Puppet +// all local modifications will be overwritten + +DSelect::Clean pre-auto; diff --git a/files/50unattended-upgrades b/files/50unattended-upgrades new file mode 100644 index 0000000..fbab858 --- /dev/null +++ b/files/50unattended-upgrades @@ -0,0 +1,57 @@ +// this file is managed by puppet ! +// +//See https://wiki.ubuntu.com/AutomaticUpdates for more details about this feature. + +// allowed (origin, archive) pairs +Unattended-Upgrade::Allowed-Origins { + "Debian stable"; + "Debian-Security stable"; +// "Debian testing"; +}; + +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Unattended-Upgrade "1"; +Unattended-Upgrade::Mail "root"; + +APT::UnattendedUpgrades::LogDir "/var/log/"; +APT::UnattendedUpgrades::LogFile "unattended_upgrades.log"; + +Unattended-Upgrade::Package-Blacklist { + // we don't want the kernel to be updated so nagios still can give a warning if there is + // a manual update (and reboot) left + + "linux-image-*"; + + // unfortunately there seems to be a bug in unattended-upgrades <= 0.62 that wildcards aren't recognized: + //2009-12-11 13:41:43,267 INFO Initial blacklisted packages: linux-image-* + //2009-12-11 13:41:43,267 INFO Starting unattended upgrades script + //2009-12-11 13:41:43,267 INFO Allowed origins are: ["['Debian', 'stable']", "['Debian-Security', 'stable']"] + //2009-12-11 13:41:45,233 INFO Packages that are upgraded: linux-image-2.6.26-2-amd64 + //2009-12-11 13:41:45,233 INFO Writing dpkg log to '/var/log/unattended-upgrades-dpkg_2009-12-11_13:41:45.233713.log' + //2009-12-11 13:42:11,988 INFO All upgrades installed + + // lenny + "linux-image-2.6.26-1-686"; + "linux-image-2.6.26-1-amd64"; + "linux-image-2.6.26-1-xen-686"; + "linux-image-2.6.26-1-xen-amd64"; + "linux-image-2.6.26-1-vserver-686"; + "linux-image-2.6.26-1-vserver-amd64"; + + "linux-image-2.6.26-2-686"; + "linux-image-2.6.26-2-amd64"; + "linux-image-2.6.26-2-xen-686"; + "linux-image-2.6.26-2-xen-amd64"; + "linux-image-2.6.26-2-vserver-686"; + "linux-image-2.6.26-2-vserver-amd64"; + + // squeeze + "linux-image-2.6.32-5-686"; + "linux-image-2.6.32-5-amd64"; + "linux-image-2.6.32-5-xen-686"; + "linux-image-2.6.32-5-xen-amd64"; + "linux-image-2.6.32-5-vserver-686"; + "linux-image-2.6.32-5-vserver-amd64"; + +}; + diff --git a/files/backports.org.key b/files/backports.org.key deleted file mode 100644 index 6e66404..0000000 --- a/files/backports.org.key +++ /dev/null @@ -1,33 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.3 (GNU/Linux) - -mQGiBEMIgw4RBADueqAzlq+rQT9JYSSWnNzo6C+9crI8lzW/fcl2Q3PO97MOQTOx -Qsf/lOh0Ku7O+VdBa+BwVPuUkSw6wTY5Ku1y/6r1BQzJ9oHkryDDJXsHzKhpdyFc -/lD4hNGqRkiNg5ulwAI0O1eqffPWDmeR9ZzSsqM40f1U4TNLfPAu1viWxwCgnbWz -onY6RqSYlRsDQaPsNTwieVEEAJeX2FGgNepD1SvfEremAkWCrYYlSZI76iTIf6bd -kGkWqIT0vJyE2MNenhDJ2ebbHJVFmL9x8S3m1daC4Zwnacm7aoCY/QgMJ+Js1Fex -Acev48W9KHgpVbFMd1t8KAwRbmFcQf0C/FZUbE7xScpTxS4z3SsMOuRyfnGpDOi6 -m/SnA/9wpquf3pPwbPykzKWNJEDouiJgt0zaFLauKDPeyTWeJ6htaAPDglArewdq -bJ9M8QgLFtzjhg/fBQlRRUk7YP4OYtp1OdPkg2D/1rPQNySWlDf21T3N/K8ydKhR -bYi+AsPuJLQUi3d+lVTFOebaL9felePvDC2/Eod7PSD1/rnkZ7Q0QmFja3BvcnRz -Lm9yZyBBcmNoaXZlIEtleSA8ZnRwLW1hc3RlckBiYWNrcG9ydHMub3JnPohGBBAR -AgAGBQJDgImkAAoJEHFe1qB+e4rJ2x4An2oI4xJpDvOx8uDIo9ihG1M0MpUqAJ9S -cqVUmiyYSPtu8MwcZecy9kmOIYheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD -FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AniaEBvlr4oVFMrGgPiye7iE/jv68AJ48 -OkIfwcKJt7N8ImPAboeimFvWgIheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD -FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AnjdB14rGa/rzz1ohwsi1oEnDRYuyAJ44 -Nv8MTPjOaeEZArQ0flg8OXwF37kCDQRDCIMREAgAzXu6DGSDAz4JH+mlthtiQwNZ -FU8bjWanGT3DL6zubxwc3ZQmRaMOiVuvJUuaJv8fdGRSvp09dP2/x5mzq2rACiEn -DwZssNSK5sigxgy2W9zeO9bOtg6bhqZLwlsL8Y2xZhyGL3qGeP4zL1QbXZ1QdJuO -90Xu7GWYS6Wsj+Y6dUsZFYvTZwSiLkEmgFUTxkNue3DQtZ/KNkwoKc+aqU+S7gDN -StQDvTNtR6IV11KbKcY1iQ0B2bkh4zShWwloIr83V6huAhfH8GA7UW6saRJAof5D -JWUb+PRmU2TAOOlyZoM4nMH+sFFDPOeG8fbecwlox5BRTMqcCB5ELbQXoVZT+wAD -BQf/ffI9R53f9USQkhsSak+k82JjRo9hqKAvPwBv3fDhMYqX3XRmwgNeax2y6Ub0 -AQkDhIC6eJILP5hTb2gjpmYYP7YE/7F1h37lUg7dDYeyPQF54mUXPnIg3uQ/V9HB -TY+ZW8rsVe1KRvPAuVFU77FfCvIFdLSXVi1HSUcGv9Y7Kk4Tkr7vzKshlcIp6zZr -O0Y3t/+ekBwTTQqEoUylVYkCSt3z6bjpVWbepkL88rbqJnPueTATw9shjbFYaND8 -cXZox9tQmlOIZ6gDeH1YvFf7ObRLxULm7C6hwik6agtXWkNABVXSxM6MB4hcP9QC -+FEhK6y/7wC3SyNRBuFujDG1aohJBBgRAgAJBQJDCIMRAhsMAAoJEOqOiyEWuhNs -VVMAoJ1gbL0PHVf7yDwMjO3HuJBErxLdAJ4v9ojJnvJu2yUl4W586soBm+wsLg== -=fBrI ------END PGP PUBLIC KEY BLOCK----- diff --git a/files/upgrade_initiator b/files/upgrade_initiator new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/files/upgrade_initiator @@ -0,0 +1 @@ + diff --git a/lib/puppet/parser/functions/debian_nextcodename.rb b/lib/puppet/parser/functions/debian_nextcodename.rb new file mode 100644 index 0000000..f57dd2a --- /dev/null +++ b/lib/puppet/parser/functions/debian_nextcodename.rb @@ -0,0 +1,12 @@ +module Puppet::Parser::Functions + newfunction(:debian_nextcodename, :type => :rvalue) do |args| + case args[0] + when "etch" then "lenny" + when "lenny" then "squeeze" + when "squeeze" then "wheezy" + when "wheezy" then "sid" + when "sid" then "experimental" + else "sid" + end + end +end diff --git a/lib/puppet/parser/functions/debian_nextrelease.rb b/lib/puppet/parser/functions/debian_nextrelease.rb new file mode 100644 index 0000000..76c3e0d --- /dev/null +++ b/lib/puppet/parser/functions/debian_nextrelease.rb @@ -0,0 +1,11 @@ +module Puppet::Parser::Functions + newfunction(:debian_nextrelease, :type => :rvalue) do |args| + case args[0] + when 'oldstable' then 'stable' + when 'stable' then 'testing' + when 'testing' then 'unstable' + when 'unstable' then 'experimental' + else 'unstable' + end + end +end diff --git a/lib/puppet/parser/functions/debian_release.rb b/lib/puppet/parser/functions/debian_release.rb new file mode 100644 index 0000000..857edf3 --- /dev/null +++ b/lib/puppet/parser/functions/debian_release.rb @@ -0,0 +1,12 @@ +module Puppet::Parser::Functions + newfunction(:debian_release, :type => :rvalue) do |args| + case args[0] + when 'lenny' then 'oldstable' + when 'squeeze' then 'stable' + when 'wheezy' then 'testing' + when 'sid' then 'unstable' + when 'experimental' then 'experimental' + else 'testing' + end + end +end diff --git a/lib/puppet/parser/functions/debian_release_version.rb b/lib/puppet/parser/functions/debian_release_version.rb new file mode 100644 index 0000000..ff58f72 --- /dev/null +++ b/lib/puppet/parser/functions/debian_release_version.rb @@ -0,0 +1,10 @@ +module Puppet::Parser::Functions + newfunction(:debian_release_version, :type => :rvalue) do |args| + case args[0] + when 'etch' then '4.0' + when 'lenny' then '5.0' + when 'squeeze' then '6.0' + else '' + end + end +end diff --git a/manifests/apt_conf.pp b/manifests/apt_conf.pp new file mode 100644 index 0000000..c484ec3 --- /dev/null +++ b/manifests/apt_conf.pp @@ -0,0 +1,31 @@ +define apt::apt_conf( + $ensure = 'present', + $source = '', + $content = undef ) +{ + + if $source == '' and $content == undef { + fail("One of \$source or \$content must be specified for apt_conf ${name}") + } + + if $source != '' and $content != undef { + fail("Only one of \$source or \$content must specified for apt_conf ${name}") + } + + file { "/etc/apt/apt.conf.d/${name}": + ensure => $ensure, + notify => Exec["refresh_apt"], + owner => root, group => 0, mode => 0644; + } + + if $source { + File["/etc/apt/apt.conf.d/${name}"] { + source => $source, + } + } + else { + File["/etc/apt/apt.conf.d/${name}"] { + content => $content, + } + } +} diff --git a/manifests/apticron.pp b/manifests/apticron.pp new file mode 100644 index 0000000..2fe8e44 --- /dev/null +++ b/manifests/apticron.pp @@ -0,0 +1,54 @@ +class apt::apticron { + + case $apticron_ensure_version { + '': { $apticron_ensure_version = "present" } + } + + case $apticron_config { + '': { $apticron_config = "apt/${operatingsystem}/apticron_${lsbdistcodename}.erb" } + } + + case $apticron_email { + '': { $apticron_email = "root" } + } + + case $apticron_diff_only { + '': { $apticron_diff_only = "1" } + } + + case $apticron_listchanges_profile { + '': { $apticron_listchanges_profile = "apticron" } + } + + case $apticron_system { + '': { $apticron_system = false } + } + + case $apticron_ipaddressnum { + '': { $apticron_ipaddressnum = false } + } + + case $apticron_ipaddresses { + '': { $apticron_ipaddresses = false } + } + + case $apticron_notifyholds { + '': { $apticron_notifyholds = "0" } + } + + case $apticron_notifynew { + '': { $apticron_notifynew = "0" } + } + + case $apticron_customsubject { + '': { $apticron_customsubject = "" } + } + + package { apticron: ensure => $apticron_ensure_version } + + file { "/etc/apticron/apticron.conf": + content => template($apticron_config), + mode => 0644, owner => root, group => root, + require => Package["apticron"]; + } +} diff --git a/manifests/cron/base.pp b/manifests/cron/base.pp new file mode 100644 index 0000000..7ccfce6 --- /dev/null +++ b/manifests/cron/base.pp @@ -0,0 +1,20 @@ +class apt::cron::base { + + package { cron-apt: ensure => installed } + + case $apt_cron_hours { + '': {} + default: { + # cron-apt defaults to run every night at 4 o'clock + # so we try not to run at the same time. + cron { 'apt_cron_every_N_hours': + command => 'test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt', + user => root, + hour => "${apt_cron_hours}", + minute => 10, + require => Package['cron-apt'], + } + } + } + +} diff --git a/manifests/cron/dist-upgrade.pp b/manifests/cron/dist-upgrade.pp new file mode 100644 index 0000000..3d7cf16 --- /dev/null +++ b/manifests/cron/dist-upgrade.pp @@ -0,0 +1,23 @@ +class apt::cron::dist-upgrade inherits apt::cron::base { + + $action = "autoclean -y +dist-upgrade -y -o APT::Get::Show-Upgraded=true +" + + file { "/etc/cron-apt/action.d/3-download": + ensure => absent, + } + + package { "apt-listbugs": ensure => absent } + + config_file { "/etc/cron-apt/action.d/4-dist-upgrade": + content => $action, + require => Package[cron-apt] + } + + config_file { "/etc/cron-apt/config.d/MAILON": + content => "MAILON=upgrade\n", + require => Package[cron-apt] + } + +} diff --git a/manifests/cron/download.pp b/manifests/cron/download.pp new file mode 100644 index 0000000..a27967d --- /dev/null +++ b/manifests/cron/download.pp @@ -0,0 +1,21 @@ +class apt::cron::download inherits apt::cron::base { + + $action = "autoclean -y +dist-upgrade -d -y -o APT::Get::Show-Upgraded=true +" + + file { "/etc/cron-apt/action.d/4-dist-upgrade": + ensure => absent, + } + + config_file { "/etc/cron-apt/action.d/3-download": + content => $action, + require => Package[cron-apt] + } + + config_file { "/etc/cron-apt/config.d/MAILON": + content => "MAILON=changes\n", + require => Package[cron-apt] + } + +} diff --git a/manifests/dist_upgrade.pp b/manifests/dist_upgrade.pp new file mode 100644 index 0000000..9e26769 --- /dev/null +++ b/manifests/dist_upgrade.pp @@ -0,0 +1,11 @@ +class apt::dist_upgrade { + + include apt::update + + exec { 'apt_dist-upgrade': + command => "/usr/bin/apt-get -q -y -o 'DPkg::Options::=--force-confold' dist-upgrade", + refreshonly => true, + require => Exec['apt_updated'], + } + +} diff --git a/manifests/dist_upgrade/initiator.pp b/manifests/dist_upgrade/initiator.pp new file mode 100644 index 0000000..6d57947 --- /dev/null +++ b/manifests/dist_upgrade/initiator.pp @@ -0,0 +1,23 @@ +class apt::dist_upgrade::initiator inherits apt::dist_upgrade { + + $initiator = 'upgrade_initiator' + $initiator_abs = "${apt::apt_base_dir}/${initiator}" + + file { 'apt_upgrade_initiator': + mode => 0644, + owner => root, + group => 0, + path => "${initiator_abs}", + checksum => md5, + source => [ + "puppet:///modules/site-apt/${fqdn}/${initiator}", + "puppet:///modules/site-apt/${initiator}", + "puppet:///modules/apt/${initiator}", + ], + } + + Exec['apt_dist-upgrade'] { + subscribe +> File['apt_upgrade_initiator'], + } + +} diff --git a/manifests/dselect.pp b/manifests/dselect.pp new file mode 100644 index 0000000..44f0e19 --- /dev/null +++ b/manifests/dselect.pp @@ -0,0 +1,10 @@ +class apt::dselect { + + # suppress annoying help texts of dselect + line { dselect_expert: + file => "/etc/dpkg/dselect.cfg", + line => "expert", + } + + package { dselect: ensure => installed } +} diff --git a/manifests/init.pp b/manifests/init.pp index c431b59..b5be91f 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -5,273 +5,173 @@ class apt { - # See README - $real_apt_clean = $apt_clean ? { - '' => 'auto', - default => $apt_clean, - } - - $backports_enabled = $backports_enabled ? { - '' => 'false', - default => $backports_enabled, - } - - $apt_update_method = $apt_update_method ? { - '' => 'exec', - default => $apt_update_method, + $use_volatile = $apt_volatile_enabled ? { + '' => false, + default => $apt_volatile_enabled, } - $apt_http_proxy = $apt_http_proxy ? { + $include_src = $apt_include_src ? { '' => false, - default => $apt_http_proxy, + default => $apt_include_src, } - $apt_ftp_proxy = $apt_ftp_proxy ? { + $use_next_release = $apt_use_next_release ? { '' => false, - default => $apt_ftp_proxy, + default => $apt_use_next_release, } - package { apt: ensure => installed } - - # a few templates need lsbdistcodename - include lsb - - case $custom_sources_list { - '': { - include default_sources_list - } - default: { - config_file { "/etc/apt/sources.list": - content => $custom_sources_list, - } - } - } + $debian_url = $apt_debian_url ? { + '' => 'http://cdn.debian.net/debian/', + default => "${apt_debian_url}", + } + $security_url = $apt_security_url ? { + '' => 'http://security.debian.org/', + default => "${apt_security_url}", + } + $backports_url = $apt_backports_url ? { + '' => 'http://backports.debian.org/debian-backports/', + default => "${apt_backports_url}", + } + $volatile_url = $apt_volatile_url ? { + '' => 'http://volatile.debian.org/debian-volatile/', + default => "${apt_volatile_url}", + } + $ubuntu_url = $apt_ubuntu_url ? { + '' => 'http://archive.ubuntu.com/ubuntu', + default => "${apt_ubuntu_url}", + } + case $operatingsystem { + 'debian': { + $repos = $apt_repos ? { + '' => 'main contrib non-free', + default => "${apt_repos}", + } + } + 'ubuntu': { + $repos = $apt_repos ? { + '' => 'main restricted universe multiverse', + default => "${apt_repos}", + } + } + } - class default_sources_list { - config_file { - # include main, security and backports - # additional sources could be included via an array - "/etc/apt/sources.list": - content => template("apt/sources.list.erb"), - } - } + package { apt: + ensure => installed, + require => undef, + } - case $custom_preferences { - '': { - include default_preferences - } - default: { - config_file { "/etc/apt/preferences": - content => $custom_preferences, - alias => "apt_config", - require => File["/etc/apt/sources.list"]; - } - } - } - class default_preferences { - config_file { - # this just pins unstable and testing to very low values - "/etc/apt/preferences": - content => template("apt/preferences.erb"), - # use Config_File["apt_config"] to reference a completed configuration - # See "The Puppet Semaphor" 2007-06-25 on the puppet-users ML - alias => "apt_config", - # only update together - require => File["/etc/apt/sources.list"]; - # little default settings which keep the system sane - "/etc/apt/apt.conf.d/from_puppet": - content => "APT::Get::Show-Upgraded true;\nDSelect::Clean $real_apt_clean;\n", - before => Config_File["apt_config"]; - } - } + include lsb - $apt_base_dir = "${common::moduledir::module_dir_path}/apt" - module_dir { apt: } - # watch apt.conf.d - file { "/etc/apt/apt.conf.d": ensure => directory, checksum => mtime; } + # init $release, $next_release, $codename, $next_codename, $release_version + case $lsbdistcodename { + '': { + $codename = $lsbdistcodename + $release = $lsbdistrelease + } + default: { + $codename = $lsbdistcodename + $release = debian_release($codename) + } + } + $release_version = debian_release_version($codename) + $next_codename = debian_nextcodename($codename) + $next_release = debian_nextrelease($release) + + config_file { + # include main, security and backports + # additional sources should be included via the apt::sources_list define + "/etc/apt/sources.list": + content => $custom_sources_list ? { + '' => template( "apt/$operatingsystem/sources.list.erb"), + default => $custom_sources_list + }, + require => Package['lsb']; + } - exec { - # "&& sleep 1" is workaround for older(?) clients - "/usr/bin/apt-get update && sleep 1 #on refresh": - refreshonly => true, - subscribe => [ File["/etc/apt/sources.list"], - File["/etc/apt/preferences"], File["/etc/apt/apt.conf.d"], - Config_File["apt_config"] ], + apt_conf { "02show_upgraded": + source => [ "puppet:///modules/site-apt/${fqdn}/02show_upgraded", + "puppet:///modules/site-apt/02show_upgraded", + "puppet:///modules/apt/02show_upgraded" ] } - if $apt_update_method == 'exec' { - exec { "/usr/bin/apt-get update > /dev/null 2>&1 && /usr/bin/apt-get autoclean > /dev/null 2>&1 #hourly": - require => [ File["/etc/apt/sources.list"], File["/etc/apt/preferences"], Config_File["apt_config"] ], - # Another Semaphor for all packages to reference - alias => apt_updated, - } - } else { - cron { "apt_updated": - command => "/usr/bin/apt-get update > /dev/null 2>&1 && /usr/bin/apt-get autoclean > /dev/null 2>&1", - user => root, - hour => "*/1", - minute => "0", - ensure => present, - require => [ File["/etc/apt/sources.list"], File["/etc/apt/preferences"], Config_File["apt_config"] ], + if ( $virtual == "vserver" ) { + apt_conf { "03clean_vserver": + source => [ "puppet:///modules/site-apt/${fqdn}/03clean_vserver", + "puppet:///modules/site-apt/03clean_vserver", + "puppet:///modules/apt/03clean_vserver" ], + alias => "03clean"; } } - - ## This package should really always be current - package { "debian-archive-keyring": - ensure => latest, - } - - case $volatile_enabled { - true: { - config_file { "/etc/apt/sources.list.d/debian-volatile.list": - content => template("apt/sources.list.volatile.erb"), - } + else { + apt_conf { "03clean": + source => [ "puppet:///modules/site-apt/${fqdn}/03clean", + "puppet:///modules/site-apt/03clean", + "puppet:///modules/apt/03clean" ] } - default: { - config_file { "/etc/apt/sources.list.d/debian-volatile.list": - ensure => absent, - } + } + + case $custom_preferences { + false: { + include apt::preferences::absent + } + default: { + # When squeeze becomes the stable branch, transform this file's header + # into a preferences.d file + include apt::preferences } } - case $backports_enabled { - true: { - config_file { - # backports - "/etc/apt/sources.list.d/debian-backports.list": - content => template("apt/sources.list.backports.erb"), - } - - case $lsbdistcodename { - etch: { - package { "debian-backports-keyring": - ensure => latest, - } - - # This key was downloaded from - # http://backports.org/debian/archive.key - # and is needed to bootstrap the backports trustpath - file { "${apt_base_dir}/backports.org.key": - source => "puppet://$server/modules/apt/backports.org.key", - mode => 0444, owner => root, group => root, - } - exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update": - alias => "backports_key", - refreshonly => true, - subscribe => File["${apt_base_dir}/backports.org.key"], - before => [ Config_File["apt_config"], Package["debian-backports-keyring"] ] - } - } - lenny: { - package { "debian-backports-keyring": - ensure => latest, - } - - # This key was downloaded from - # http://backports.org/debian/archive.key - # and is needed to bootstrap the backports trustpath - file { "${apt_base_dir}/backports.org.key": - source => "puppet://$server/modules/apt/backports.org.key", - mode => 0444, owner => root, group => root, - } - exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update": - alias => "backports_key", - refreshonly => true, - subscribe => File["${apt_base_dir}/backports.org.key"], - before => [ Config_File["apt_config"], Package["debian-backports-keyring"] ] - } - } - } - - } - default: { } - } - - + # backward compatibility: upgrade from previous versions of this module. + file { + [ "/etc/apt/apt.conf.d/from_puppet", "/etc/apt/apt.conf.d/99from_puppet" ]: + ensure => 'absent', + require => [ Apt_conf['02show_upgraded'], Apt_conf['03clean'] ]; + } - case $custom_key_dir { - '': { } - default: { - file { "${apt_base_dir}/keys.d": - source => "$custom_key_dir", - recurse => true, - mode => 0755, owner => root, group => root, - } - exec { "find ${apt_base_dir}/keys.d -type f -exec apt-key add '{}' \\; && apt-get update": - alias => "custom_keys", - subscribe => File["${apt_base_dir}/keys.d"], - refreshonly => true, - before => Config_File["apt_config"]; - } - } - } + # watch .d directories and ensure they are present + file { "/etc/apt/apt.conf.d": ensure => directory, checksum => mtime; } + file { "/etc/apt/sources.list.d": + ensure => directory, + checksum => mtime, + notify => Exec['refresh_apt'], + } - # workaround for preseeded_package component - file { "/var/cache": ensure => directory } - file { "/var/cache/local": ensure => directory } - file { "/var/cache/local/preseeding/": ensure => directory } + exec { + # "&& sleep 1" is workaround for older(?) clients + 'refresh_apt': + command => '/usr/bin/apt-get update && sleep 1', + refreshonly => true, + subscribe => [ File['/etc/apt/apt.conf.d'], Config_file['/etc/apt/sources.list'] ]; + } - define preseeded_package ($content = "", $ensure = "installed") { - $seedfile = "/var/cache/local/preseeding/$name.seeds" - $real_content = $content ? { - "" => template ( "$debian_version/$name.seeds" ), - Default => $content - } - - file{ $seedfile: - content => $real_content, - mode => 0600, owner => root, group => root, - } - - package { $name: - ensure => $ensure, - responsefile => $seedfile, - require => File[$seedfile], - } - } + ## This package should really always be current + package { "debian-archive-keyring": ensure => latest } - define upgrade_package ($version = "") { - case $version { - '': { - exec { "aptitude -y install $name": - onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ], - } - } - 'latest': { - exec { "aptitude -y install $name": - onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ], - } - } - default: { - exec { "aptitude -y install $name=$version": - onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ], - } - } - } - } + # backports uses the normal archive key now + package { "debian-backports-keyring": ensure => absent } - if $apt_http_proxy or $apt_ftp_proxy { - file { "/etc/apt/apt.conf.d/proxy": - owner => root, - group => root, - mode => 0644, - content => template("apt/proxy.erb"), - require => Config_File["apt_config"], - } - } else { - file { "/etc/apt/apt.conf.d/proxy": - ensure => absent, - } - } -} + include common::moduledir + $apt_base_dir = "${common::moduledir::module_dir_path}/apt" + modules_dir { apt: } -class dselect { - # suppress annoying help texts of dselect - line { dselect_expert: - file => "/etc/dpkg/dselect.cfg", - line => "expert", - ensure => present, - } + if $custom_key_dir { + file { "${apt_base_dir}/keys.d": + source => "$custom_key_dir", + recurse => true, + mode => 0755, owner => root, group => root, + } + exec { "custom_keys": + command => "find ${apt_base_dir}/keys.d -type f -exec apt-key add '{}' \\; && /usr/bin/apt-get update", + subscribe => File["${apt_base_dir}/keys.d"], + refreshonly => true, + } + if $custom_preferences != false { + Exec["custom_keys"] { + before => Concatenated_file[apt_config], + } + } + } - package { dselect: ensure => installed } + # workaround for preseeded_package component + file { [ "/var/cache", "/var/cache/local", "/var/cache/local/preseeding" ]: ensure => directory } } diff --git a/manifests/listchanges.pp b/manifests/listchanges.pp new file mode 100644 index 0000000..038d5c9 --- /dev/null +++ b/manifests/listchanges.pp @@ -0,0 +1,38 @@ +class apt::listchanges { + + case $apt_listchanges_version { + '': { $apt_listchanges_version = "present" } + } + + case $apt_listchanges_config { + '': { $apt_listchanges_config = "apt/${operatingsystem}/listchanges_${lsbdistcodename}.erb" } + } + + case $apt_listchanges_frontend { + '': { $apt_listchanges_frontend = "mail" } + } + + case $apt_listchanges_email { + '': { $apt_listchanges_email = "root" } + } + + case $apt_listchanges_confirm { + '': { $apt_listchanges_confirm = "0" } + } + + case $apt_listchanges_saveseen { + '': { $apt_listchanges_saveseen = "/var/lib/apt/listchanges.db" } + } + + case $apt_listchanges_which { + '': { $apt_listchanges_which = "both" } + } + + package { apt-listchanges: ensure => $apt_listchanges_ensure_version } + + file { "/etc/apt/listchanges.conf": + content => template($apt_listchanges_config), + mode => 0644, owner => root, group => root, + require => Package["apt-listchanges"]; + } +} diff --git a/manifests/preferences.pp b/manifests/preferences.pp new file mode 100644 index 0000000..4c93542 --- /dev/null +++ b/manifests/preferences.pp @@ -0,0 +1,26 @@ +class apt::preferences { + + include common::moduledir + $apt_preferences_dir = "${common::moduledir::module_dir_path}/apt/preferences" + module_dir{'apt/preferences': } + file { "${apt_preferences_dir}_header": + content => $custom_preferences ? { + '' => $operatingsystem ? { + 'debian' => template("apt/${operatingsystem}/preferences_${codename}.erb"), + 'ubuntu' => '', + }, + default => $custom_preferences + }, + } + + concatenated_file { '/etc/apt/preferences': + dir => $apt_preferences_dir, + header => "${apt_preferences_dir}_header", + # use Concatenated_file[apt_config] to reference a completed configuration + # See "The Puppet Semaphor" 2007-06-25 on the puppet-users ML + alias => apt_config, + # only update together + require => File["/etc/apt/sources.list"]; + } + +} diff --git a/manifests/preferences/absent.pp b/manifests/preferences/absent.pp new file mode 100644 index 0000000..0e96119 --- /dev/null +++ b/manifests/preferences/absent.pp @@ -0,0 +1,6 @@ +class apt::preferences::absent { + + file { '/etc/apt/preferences': + ensure => absent, + } +} diff --git a/manifests/preferences_snippet.pp b/manifests/preferences_snippet.pp new file mode 100644 index 0000000..4b8e575 --- /dev/null +++ b/manifests/preferences_snippet.pp @@ -0,0 +1,36 @@ +define apt::preferences_snippet( + $ensure = 'present', + $source = '', + $release, + $priority ) +{ + + if $custom_preferences == false { + fail("Trying to define a preferences_snippet with \$custom_preferences set to false.") + } + + include apt::preferences + + file { "${apt::preferences::apt_preferences_dir}/${name}": + ensure => $ensure, + #TODO this template is somewhat limited + notify => Exec["concat_${apt::preferences::apt_preferences_dir}"], + owner => root, group => 0, mode => 0600; + } + + # This should really work in the same manner as sources_list and apt_conf + # snippets, but since the preferences.d directory cannot be used in Debian + # lenny, we can't generalize without going into ugly special-casing. + case $source { + '': { + File["${apt::preferences::apt_preferences_dir}/${name}"] { + content => template("apt/preferences_snippet.erb") + } + } + default: { + File["${apt::preferences::apt_preferences_dir}/${name}"] { + source => $source + } + } + } +} diff --git a/manifests/preseeded_package.pp b/manifests/preseeded_package.pp new file mode 100644 index 0000000..839f200 --- /dev/null +++ b/manifests/preseeded_package.pp @@ -0,0 +1,18 @@ +define apt::preseeded_package ($content = "", $ensure = "installed") { + $seedfile = "/var/cache/local/preseeding/$name.seeds" + $real_content = $content ? { + "" => template ( "site-apt/$lsbdistcodename/$name.seeds" ), + default => $content + } + + file { $seedfile: + content => $real_content, + mode => 0600, owner => root, group => root, + } + + package { $name: + ensure => $ensure, + responsefile => $seedfile, + require => File[$seedfile], + } +} diff --git a/manifests/proxy_client.pp b/manifests/proxy_client.pp new file mode 100644 index 0000000..23e9bd1 --- /dev/null +++ b/manifests/proxy_client.pp @@ -0,0 +1,16 @@ +class apt::proxy_client { + + $real_apt_proxy = $apt_proxy ? { + "" => "http://localhost", + default => $apt_proxy + } + + $real_apt_proxy_port = $apt_proxy_port ? { + "" => "3142", + default => $apt_proxy_port + } + + apt_conf { "20proxy": + content => template("apt/20proxy.erb"), + } +} diff --git a/manifests/reboot_required_notify.pp b/manifests/reboot_required_notify.pp new file mode 100644 index 0000000..3603aa2 --- /dev/null +++ b/manifests/reboot_required_notify.pp @@ -0,0 +1,21 @@ +class apt::reboot_required_notify { + + # This package installs the script that created /var/run/reboot-required*. + # This script (/usr/share/update-notifier/notify-reboot-required) is + # triggered e.g. by kernel packages. + package { update-notifier-common: + ensure => installed, + } + + # cron-apt defaults to run every night at 4 o'clock + # plus some random time <1h. + # so we check if a reboot is required a bit later. + cron { 'apt_reboot_required_notify': + command => 'if [ -f /var/run/reboot-required ]; then echo "Reboot required\n" ; cat /var/run/reboot-required.pkgs ; fi', + user => root, + hour => 5, + minute => 20, + require => Package['update-notifier-common'], + } + +} diff --git a/manifests/sources_list.pp b/manifests/sources_list.pp new file mode 100644 index 0000000..86b35a7 --- /dev/null +++ b/manifests/sources_list.pp @@ -0,0 +1,30 @@ +define apt::sources_list ( + $ensure = 'present', + $source = '', + $content = undef ) +{ + + if $source == '' and $content == undef { + fail("One of \$source or \$content must be specified for apt_sources_snippet ${name}") + } + if $source != '' and $content != undef { + fail("Only one of \$source or \$content must specified for apt_sources_snippet ${name}") + } + + file { "/etc/apt/sources.list.d/${name}": + ensure => $ensure, + owner => root, group => 0, mode => 0644; + } + + if $source { + File["/etc/apt/sources.list.d/${name}"] { + source => $source, + } + } + else { + File["/etc/apt/sources.list.d/${name}"] { + content => $content, + } + } +} + diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp new file mode 100644 index 0000000..e2992f8 --- /dev/null +++ b/manifests/unattended_upgrades.pp @@ -0,0 +1,19 @@ +class apt::unattended_upgrades { + + package { 'unattended-upgrades': + ensure => present, + require => undef, + } + + apt_conf { "50unattended-upgrades": + source => ["puppet:///modules/site-apt/50unattended-upgrades", + "puppet:///modules/apt/50unattended-upgrades" ], + require => Package['unattended-upgrades'], + } + + if $custom_preferences != false { + Apt_conf["50unattended-upgrades"] { + before => Concatenated_file[apt_config], + } + } +} diff --git a/manifests/update.pp b/manifests/update.pp new file mode 100644 index 0000000..ae992f4 --- /dev/null +++ b/manifests/update.pp @@ -0,0 +1,12 @@ +class apt::update { + + exec { 'update_apt': + command => '/usr/bin/apt-get update && /usr/bin/apt-get autoclean', + require => [ File['/etc/apt/apt.conf.d', '/etc/apt/preferences' ], + Config_file['/etc/apt/sources.list'] ], + loglevel => info, + # Another Semaphor for all packages to reference + alias => "apt_updated" + } + +} diff --git a/manifests/upgrade_package.pp b/manifests/upgrade_package.pp new file mode 100644 index 0000000..9202624 --- /dev/null +++ b/manifests/upgrade_package.pp @@ -0,0 +1,33 @@ +define apt::upgrade_package ($version = "") { + + include apt::update + + $version_suffix = $version ? { + '' => '', + 'latest' => '', + default => "=${version}", + } + + if !defined(Package['apt-show-versions']) { + package { 'apt-show-versions': + ensure => installed, + require => undef, + } + } + + if !defined(Package['dctrl-tools']) { + package { 'dctrl-tools': + ensure => installed, + require => undef, + } + } + + exec { "apt-get -q -y -o 'DPkg::Options::=--force-confold' install ${name}${version_suffix}": + onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ], + require => [ + Exec['apt_updated'], + Package['apt-show-versions', 'dctrl-tools'], + ], + } + +} diff --git a/templates/20proxy.erb b/templates/20proxy.erb new file mode 100644 index 0000000..fd0c7fe --- /dev/null +++ b/templates/20proxy.erb @@ -0,0 +1,5 @@ +// This file is managed by Puppet +// all local modifications will be overwritten + +Acquire::http { Proxy "<%= real_apt_proxy %>:<%= real_apt_proxy_port %>"; }; +Acquire::HTTP::Proxy::bugs.debian.org "DIRECT"; diff --git a/templates/Debian/apticron_lenny.erb b/templates/Debian/apticron_lenny.erb new file mode 100644 index 0000000..9ec1c6d --- /dev/null +++ b/templates/Debian/apticron_lenny.erb @@ -0,0 +1,49 @@ +# apticron.conf +# +# set EMAIL to a list of addresses which will be notified of impending updates +# +EMAIL="<%= apticron_email %>" + +# +# Set DIFF_ONLY to "1" to only output the difference of the current run +# compared to the last run (ie. only new upgrades since the last run). If there +# are no differences, no output/email will be generated. By default, apticron +# will output everything that needs to be upgraded. +# +DIFF_ONLY="<%= apticron_diff_only %>" + +# +# Set LISTCHANGES_PROFILE if you would like apticron to invoke apt-listchanges +# with the --profile option. You should add a corresponding profile to +# /etc/apt/listchanges.conf +# +LISTCHANGES_PROFILE="<%= apticron_listchanges_profile %>" + +# +# Set SYSTEM if you would like apticron to use something other than the output +# of "hostname -f" for the system name in the mails it generates +# +# SYSTEM="foobar.example.com" +<%- if has_variable?('apticron_system') and instance_variable_get("@#{'apticron_system'}").to_s != "false" -%> +<%= 'SYSTEM="' + instance_variable_get("@#{'apticron_system'}").to_s + '"' %> +<%- end -%> + +# +# Set IPADDRESSNUM if you would like to configure the maximal number of IP +# addresses apticron displays. The default is to display 1 address of each +# family type (inet, inet6), if available. +# +# IPADDRESSNUM="1" +<%- if has_variable?('apticron_ipaddressnum') and instance_variable_get("@#{'apticron_ipaddressnum'}").to_s != "false" -%> +<%= 'IPADDRESSNUM="' + instance_variable_get("@#{'apticron_ipaddressnum'}").to_s + '"' %> +<%- end -%> + +# +# Set IPADDRESSES to a whitespace seperated list of reachable addresses for +# this system. By default, apticron will try to work these out using the +# "ip" command +# +# IPADDRESSES="192.0.2.1 2001:db8:1:2:3::1" +<%- if has_variable?('apticron_ipaddresses') and instance_variable_get("@#{'apticron_ipaddresses'}").to_s != "false" -%> +<%= 'IPADDRESSES="' + instance_variable_get("@#{'apticron_ipaddresses'}").to_s + '"' %> +<%- end -%>
\ No newline at end of file diff --git a/templates/Debian/apticron_squeeze.erb b/templates/Debian/apticron_squeeze.erb new file mode 100644 index 0000000..b0aa975 --- /dev/null +++ b/templates/Debian/apticron_squeeze.erb @@ -0,0 +1,78 @@ +# apticron.conf +# +# set EMAIL to a space separated list of addresses which will be notified of +# impending updates +# +EMAIL="<%= apticron_email %>" + +# +# Set DIFF_ONLY to "1" to only output the difference of the current run +# compared to the last run (ie. only new upgrades since the last run). If there +# are no differences, no output/email will be generated. By default, apticron +# will output everything that needs to be upgraded. +# +DIFF_ONLY="<%= apticron_diff_only %>" + +# +# Set LISTCHANGES_PROFILE if you would like apticron to invoke apt-listchanges +# with the --profile option. You should add a corresponding profile to +# /etc/apt/listchanges.conf +# +LISTCHANGES_PROFILE="<%= apticron_listchanges_profile %>" + +# +# Set SYSTEM if you would like apticron to use something other than the output +# of "hostname -f" for the system name in the mails it generates +# +# SYSTEM="foobar.example.com" +<%- if has_variable?('apticron_system') and instance_variable_get("@#{'apticron_system'}").to_s != "false" -%> +<%= 'SYSTEM="' + instance_variable_get("@#{'apticron_system'}").to_s + '"' %> +<%- end -%> + +# +# Set IPADDRESSNUM if you would like to configure the maximal number of IP +# addresses apticron displays. The default is to display 1 address of each +# family type (inet, inet6), if available. +# +# IPADDRESSNUM="1" +<%- if has_variable?('apticron_ipaddressnum') and instance_variable_get("@#{'apticron_ipaddressnum'}").to_s != "false" -%> +<%= 'IPADDRESSNUM="' + instance_variable_get("@#{'apticron_ipaddressnum'}").to_s + '"' %> +<%- end -%> + +# +# Set IPADDRESSES to a whitespace separated list of reachable addresses for +# this system. By default, apticron will try to work these out using the +# "ip" command +# +# IPADDRESSES="192.0.2.1 2001:db8:1:2:3::1" +<%- if has_variable?('apticron_ipaddresses') and instance_variable_get("@#{'apticron_ipaddresses'}").to_s != "false" -%> +<%= 'IPADDRESSES="' + instance_variable_get("@#{'apticron_ipaddresses'}").to_s + '"' %> +<%- end -%> + +# +# Set NOTIFY_HOLDS="0" if you don't want to be notified about new versions of +# packages on hold in your system. The default behavior is downloading and +# listing them as any other package. +# +# NOTIFY_HOLDS="0" +NOTIFY_HOLDS="<%= apticron_notifyholds %>" + +# +# Set NOTIFY_NEW="0" if you don't want to be notified about packages which +# are not installed in your system. Yes, it's possible! There are some issues +# related to systems which have mixed stable/unstable sources. In these cases +# apt-get will consider for example that packages with "Priority: +# required"/"Essential: yes" in unstable but not in stable should be installed, +# so they will be listed in dist-upgrade output. Please take a look at +# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531002#44 +# +# NOTIFY_NEW="0" +NOTIFY_NEW="<%= apticron_notifynew %>" + +# +# Set CUSTOM_SUBJECT if you want to replace the default subject used in +# the notification e-mails. This may help filtering/sorting client-side e-mail. +# +# CUSTOM_SUBJECT="" +CUSTOM_SUBJECT="<%= apticron_customsubject %>" + diff --git a/templates/Debian/listchanges_lenny.erb b/templates/Debian/listchanges_lenny.erb new file mode 100644 index 0000000..3624b39 --- /dev/null +++ b/templates/Debian/listchanges_lenny.erb @@ -0,0 +1,7 @@ +[apt] +frontend=<%= apt_listchanges_frontend %> +email_address=<%= apt_listchanges_email %> +confirm=<%= apt_listchanges_confirm %> +save_seen=<%= apt_listchanges_saveseen %> +which=<%= apt_listchanges_which %> + diff --git a/templates/Debian/listchanges_squeeze.erb b/templates/Debian/listchanges_squeeze.erb new file mode 120000 index 0000000..74ab496 --- /dev/null +++ b/templates/Debian/listchanges_squeeze.erb @@ -0,0 +1 @@ +listchanges_lenny.erb
\ No newline at end of file diff --git a/templates/Debian/preferences_lenny.erb b/templates/Debian/preferences_lenny.erb new file mode 100644 index 0000000..dda2d7a --- /dev/null +++ b/templates/Debian/preferences_lenny.erb @@ -0,0 +1,24 @@ +Explanation: Debian <%= codename %> +Package: * +Pin: release o=Debian,a=<%= release %>,v=<%= release_version %>* +Pin-Priority: 990 + +Explanation: Debian backports +Package: * +Pin: origin backports.debian.org +Pin-Priority: 200 + +Explanation: Debian <%= next_release %> +Package: * +Pin: release o=Debian,a=<%= next_release %> +Pin-Priority: 2 + +Explanation: Debian sid +Package: * +Pin: release o=Debian,a=unstable +Pin-Priority: 1 + +Explanation: Debian fallback +Package: * +Pin: release o=Debian +Pin-Priority: -10 diff --git a/templates/Debian/preferences_sid.erb b/templates/Debian/preferences_sid.erb new file mode 100644 index 0000000..3d8a45f --- /dev/null +++ b/templates/Debian/preferences_sid.erb @@ -0,0 +1,9 @@ +Explanation: Debian sid +Package: * +Pin: release o=Debian,n=sid +Pin-Priority: 990 + +Explanation: Debian fallback +Package: * +Pin: release o=Debian +Pin-Priority: -10 diff --git a/templates/Debian/preferences_squeeze.erb b/templates/Debian/preferences_squeeze.erb new file mode 100644 index 0000000..3de7959 --- /dev/null +++ b/templates/Debian/preferences_squeeze.erb @@ -0,0 +1,24 @@ +Explanation: Debian <%= codename %> +Package: * +Pin: release o=Debian,n=<%= codename %> +Pin-Priority: 990 + +Explanation: Debian backports +Package: * +Pin: origin backports.debian.org +Pin-Priority: 200 + +Explanation: Debian <%= next_codename %> +Package: * +Pin: release o=Debian,n=<%= next_codename %> +Pin-Priority: 2 + +Explanation: Debian sid +Package: * +Pin: release o=Debian,n=sid +Pin-Priority: 1 + +Explanation: Debian fallback +Package: * +Pin: release o=Debian +Pin-Priority: -10 diff --git a/templates/Debian/sources.list.erb b/templates/Debian/sources.list.erb new file mode 100644 index 0000000..3a810e3 --- /dev/null +++ b/templates/Debian/sources.list.erb @@ -0,0 +1,98 @@ +# This file is managed by puppet +# all local modifications will be overwritten + +### Debian current: <%= codename %> + +# basic +deb <%= debian_url %> <%= codename %> <%= repos %> +<% if include_src then -%> +deb-src <%= debian_url %> <%= codename %> <%= repos %> +<% end -%> + +# security +<% if (release == "unstable" || release == "experimental") -%> +# There is no security support for <%= release %> +<% else -%> +deb <%= security_url %> <%= codename %>/updates <%= repos %> +<% if include_src then -%> +deb-src <%= security_url %> <%= codename %>/updates <%= repos %> +<% end -%> +<% end -%> + +# backports +<% if (release == "testing" || release == "unstable" || release == "experimental") -%> +# There is no backports archive for <%= release %> +<% else -%> +deb <%= backports_url %> <%= codename %>-backports <%= repos %> +<% if include_src then -%> +deb-src <%= backports_url %> <%= codename %>-backports <%= repos %> +<% end -%> +<% end -%> + +<% if use_volatile -%> +# volatile +<% if (release == "testing" || release == "unstable" || release == "experimental") -%> +# There is no volatile archive for <%= release %> +<% else -%> +<% if (codename == "lenny" || codename == "etch") -%> +deb <%= volatile_url %> <%= codename %>/volatile <%= repos %> +<% if include_src then -%> +deb-src <%= volatile_url %> <%= codename %>/volatile <%= repos %> +<% end -%> +<% else -%> +deb <%= debian_url %> <%= codename %>-updates <%= repos %> +<% if include_src then -%> +deb-src <%= debian_url %> <%= codename %>-updates <%= repos %> +<% end -%> +<% end -%> +<% end -%> +<% end -%> + +<% if use_next_release then -%> +### Debian next: <%= next_codename %> + +# basic +deb <%= debian_url %> <%= next_codename %> <%= repos %> +<% if include_src then -%> +deb-src <%= debian_url %> <%= next_codename %> <%= repos %> +<% end -%> + +# security +<% if (next_release == "unstable" || next_release == "experimental") -%> +# There is no security support for <%= next_release %> +<% else -%> +deb <%= security_url %> <%= next_codename %>/updates <%= repos %> +<% if include_src then -%> +deb-src <%= security_url %> <%= next_codename %>/updates <%= repos %> +<% end -%> +<% end -%> + +# backports +<% if (next_release == "testing" || next_release == "unstable" || next_release == "experimental") -%> +# There is no backports archive for <%= next_release %> +<% else -%> +deb <%= backports_url %> <%= next_codename %>-backports <%= repos %> +<% if include_src then -%> +deb-src <%= backports_url %> <%= next_codename %>-backports <%= repos %> +<% end -%> +<% end -%> + +<% if use_volatile -%> +# volatile +<% if (next_release == "testing" || next_release == "unstable" || next_release == "experimental") -%> +# There is no volatile archive for <%= next_release %> +<% else -%> +<% if (next_codename == "lenny" || next_codename == "etch") -%> +deb <%= volatile_url %> <%= next_codename %>/volatile <%= repos %> +<% if include_src then -%> +deb-src <%= volatile_url %> <%= next_codename %>/volatile <%= repos %> +<% end -%> +<% else -%> +deb <%= debian_url %> <%= next_codename %>-updates <%= repos %> +<% if include_src then -%> +deb-src <%= debian_url %> <%= next_codename %>-updates <%= repos %> +<% end -%> +<% end -%> +<% end -%> +<% end -%> +<% end -%> diff --git a/templates/Ubuntu/sources.list.erb b/templates/Ubuntu/sources.list.erb new file mode 100644 index 0000000..b5725f5 --- /dev/null +++ b/templates/Ubuntu/sources.list.erb @@ -0,0 +1,26 @@ +# This file is managed by puppet +# all local modifications will be overwritten + +# basic <%= lsbdistcodename %> +deb <%= ubuntu_url %> <%= lsbdistcodename %> <%= repos %> +<% if include_src then -%> +deb-src <%= ubuntu_url %> <%= lsbdistcodename %> <%= repos %> +<% end -%> + +# updates +deb <%= ubuntu_url %> <%= lsbdistcodename %>-updates <%= repos %> +<% if include_src then -%> +deb-src <%= ubuntu_url %> <%= lsbdistcodename %>-updates <%= repos %> +<% end -%> + +# security suppport +deb <%= ubuntu_url %> <%= lsbdistcodename %>-security <%= repos %> +<% if include_src then -%> +deb-src <%= ubuntu_url %> <%= lsbdistcodename %>-security <%= repos %> +<% end -%> + +# backports +deb <%= ubuntu_url %> <%= lsbdistcodename %>-backports main <%= repos %> +<% if include_src then -%> +deb-src <%= ubuntu_url %> <%= lsbdistcodename %>-backports <%= repos %> +<% end -%> diff --git a/templates/preferences.erb b/templates/preferences.erb deleted file mode 100644 index ac71582..0000000 --- a/templates/preferences.erb +++ /dev/null @@ -1,7 +0,0 @@ -Package: * -Pin: release a=unstable -Pin-Priority: 1 - -Package: * -Pin: release a=testing -Pin-Priority: 2 diff --git a/templates/preferences_snippet.erb b/templates/preferences_snippet.erb new file mode 100644 index 0000000..4dfb701 --- /dev/null +++ b/templates/preferences_snippet.erb @@ -0,0 +1,4 @@ +Package: <%= name %> +Pin: release a=<%= release %> +Pin-Priority: <%= priority %> + diff --git a/templates/sources.list.backports.erb b/templates/sources.list.backports.erb deleted file mode 100644 index 06cd45b..0000000 --- a/templates/sources.list.backports.erb +++ /dev/null @@ -1,8 +0,0 @@ -# This file is brought to you by puppet - -# backports -<% if (lsbdistcodename == "sid" || lsbdistcodename == "unstable") -%> -# There are no backports for for <%= lsbdistcodename %> -<% else -%> -deb http://www.backports.org/debian/ <%= lsbdistcodename %>-backports main contrib -<% end -%> diff --git a/templates/sources.list.erb b/templates/sources.list.erb deleted file mode 100644 index feb5603..0000000 --- a/templates/sources.list.erb +++ /dev/null @@ -1,11 +0,0 @@ -# This file is brought to you by puppet - -# basic <%= lsbdistcodename %> -deb http://ftp.debian.org/debian/ <%= lsbdistcodename %> main contrib non-free -# security suppport -<% if (lsbdistcodename == "sid" || lsbdistcodename == "unstable") -%> -# There is no security mirror for <%= lsbdistcodename %> -<% else -%> -deb http://security.debian.org/ <%= lsbdistcodename %>/updates main contrib non-free -<% end -%> - |