diff options
| -rw-r--r-- | README | 22 | ||||
| -rw-r--r-- | files/10periodic | 7 | ||||
| -rw-r--r-- | files/lucid/50unattended-upgrades | 34 | ||||
| -rw-r--r-- | manifests/init.pp | 7 | ||||
| -rw-r--r-- | manifests/unattended_upgrades.pp | 11 | ||||
| -rw-r--r-- | templates/proxy.erb | 4 | ||||
| -rw-r--r-- | templates/sources.list.volatile.erb | 8 |
7 files changed, 78 insertions, 15 deletions
@@ -129,18 +129,6 @@ pull in the templates/site_apt/sources.list file: $custom_sources_list = template('site_apt/sources.list') -$custom_key_dir ---------------- - -If you have different apt-key files that you want to get added to your -apt keyring, you can set this variable to a path in your fileserver -where individual key files can be placed. If this is set and keys -exist there, this module will 'apt-key add' each key. - -The debian-archive-keyring package is installed and kept current up to the -latest revision (this includes the backports archive keyring). - - Classes ======= @@ -235,6 +223,16 @@ Class parameters: include apt::dist_upgrade class { 'apt': codename => 'wheezy', notify => Exec['apt_dist-upgrade'] } +* custom_key_dir + + If you have different apt-key files that you want to get added to your + apt keyring, you can set this variable to a path in your fileserver + where individual key files can be placed. If this is set and keys + exist there, this module will 'apt-key add' each key. + + The debian-archive-keyring package is installed and kept current up to the + latest revision (this includes the backports archive keyring). + apt::apticron ------------- diff --git a/files/10periodic b/files/10periodic new file mode 100644 index 0000000..6c06232 --- /dev/null +++ b/files/10periodic @@ -0,0 +1,7 @@ +// this file is managed by puppet ! +// +//See https://wiki.ubuntu.com/AutomaticUpdates for more details about this feature. +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Download-Upgradeable-Packages "1"; +APT::Periodic::AutocleanInterval "7"; +APT::Periodic::Unattended-Upgrade "1"; diff --git a/files/lucid/50unattended-upgrades b/files/lucid/50unattended-upgrades new file mode 100644 index 0000000..9c22a64 --- /dev/null +++ b/files/lucid/50unattended-upgrades @@ -0,0 +1,34 @@ +// this file is managed by puppet ! +// +//See https://wiki.ubuntu.com/AutomaticUpdates for more details about this feature. + +// allowed (origin, archive) pairs +Unattended-Upgrade::Allowed-Origins { + "Ubuntu lucid-security"; + "Ubuntu lucid-updates"; +}; + +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Unattended-Upgrade "1"; +Unattended-Upgrade::Mail "root"; +Unattended-Upgrade::MailOnlyOnError "true"; + +APT::UnattendedUpgrades::LogDir "/var/log/"; +APT::UnattendedUpgrades::LogFile "unattended_upgrades.log"; + +Unattended-Upgrade::Package-Blacklist { + // we don't want the kernel to be updated so nagios still can give a warning if there is + // a manual update (and reboot) left + + "linux-image-*"; + + // unfortunately there seems to be a bug in unattended-upgrades <= 0.62 that wildcards aren't recognized: + //2009-12-11 13:41:43,267 INFO Initial blacklisted packages: linux-image-* + //2009-12-11 13:41:43,267 INFO Starting unattended upgrades script + //2009-12-11 13:41:43,267 INFO Allowed origins are: ["['Debian', 'stable']", "['Debian-Security', 'stable']"] + //2009-12-11 13:41:45,233 INFO Packages that are upgraded: linux-image-2.6.26-2-amd64 + //2009-12-11 13:41:45,233 INFO Writing dpkg log to '/var/log/unattended-upgrades-dpkg_2009-12-11_13:41:45.233713.log' + //2009-12-11 13:42:11,988 INFO All upgrades installed + +}; + diff --git a/manifests/init.pp b/manifests/init.pp index 5722c6a..17d87c7 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -15,7 +15,8 @@ class apt( $ubuntu_url = 'http://archive.ubuntu.com/ubuntu', $repos = 'auto', $custom_preferences = '', - $disable_update = false + $disable_update = false, + $custom_key_dir = false ){ case $::operatingsystem { 'debian': { @@ -113,9 +114,9 @@ class apt( $apt_base_dir = "${common::moduledir::module_dir_path}/apt" modules_dir { 'apt': } - if $::custom_key_dir { + if $custom_key_dir { file { "${apt_base_dir}/keys.d": - source => $::custom_key_dir, + source => $custom_key_dir, recurse => true, owner => root, group => root, diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp index c538831..4f1eb20 100644 --- a/manifests/unattended_upgrades.pp +++ b/manifests/unattended_upgrades.pp @@ -19,4 +19,15 @@ class apt::unattended_upgrades { before => File['apt_config'], } } + + if $operatingsystem == 'ubuntu' { + file { '/etc/apt/apt.conf.d/10periodic': + ensure => present, + owner => root, + group => root, + mode => 0644, + source => 'puppet:///modules/apt/10periodic', + require => Package['unattended-upgrades'], + } + } } diff --git a/templates/proxy.erb b/templates/proxy.erb new file mode 100644 index 0000000..01c9861 --- /dev/null +++ b/templates/proxy.erb @@ -0,0 +1,4 @@ +Acquire { +<% if apt_http_proxy != false %> HTTP::Proxy "<%= apt_http_proxy %>";<% end %> +<% if apt_ftp_proxy != false %> FTP::Proxy "<%= apt_ftp_proxy %>";<% end %> +}; diff --git a/templates/sources.list.volatile.erb b/templates/sources.list.volatile.erb new file mode 100644 index 0000000..cc9316b --- /dev/null +++ b/templates/sources.list.volatile.erb @@ -0,0 +1,8 @@ +# This file is brought to you by puppet + +# backports +<% if (lsbdistcodename == "sid" || lsbdistcodename == "unstable") -%> +# There are no backports for for <%= lsbdistcodename %> +<% else -%> +deb http://volatile.debian.org/debian-volatile <%= lsbdistcodename %>/volatile main contrib non-free +<% end -%> |