aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README8
-rw-r--r--manifests/default_preferences.pp16
-rw-r--r--manifests/default_sources_list.pp11
-rw-r--r--manifests/dselect.pp10
-rw-r--r--manifests/init.pp350
-rw-r--r--manifests/preseeded_package.pp18
-rw-r--r--manifests/unattended_upgrades.pp15
-rw-r--r--manifests/upgrade_package.pp19
8 files changed, 225 insertions, 222 deletions
diff --git a/README b/README
index 1dbb995..1234ce2 100644
--- a/README
+++ b/README
@@ -35,7 +35,6 @@ From apt.conf(5), 0.7.2:
instance). pre-auto performs this action before downloading new
packages."
-
$lsbdistcodename
----------------
Contains the codename ("etch", "lenny", ...) of the client's
@@ -70,6 +69,13 @@ apt keyring, you can set this variable to a path in your fileserver
where individual key files can be placed. If this is set and keys
exist there, this module will apt-key add each key
+$apt_unattended_upgrades
+------------------------
+
+If this variable is set to true apt::unattended_upgrades is included,
+which will install the package unattended-upgrades and configure it to
+daily upgrade the system.
+
Classes
=======
diff --git a/manifests/default_preferences.pp b/manifests/default_preferences.pp
new file mode 100644
index 0000000..3cdb355
--- /dev/null
+++ b/manifests/default_preferences.pp
@@ -0,0 +1,16 @@
+class apt::default_preferences {
+ config_file {
+ # this just pins unstable and testing to very low values
+ "/etc/apt/preferences":
+ content => template("apt/preferences.erb"),
+ # use File[apt_config] to reference a completed configuration
+ # See "The Puppet Semaphor" 2007-06-25 on the puppet-users ML
+ alias => apt_config,
+ # only update together
+ require => File["/etc/apt/sources.list"];
+ # little default settings which keep the system sane
+ "/etc/apt/apt.conf.d/from_puppet":
+ content => "APT::Get::Show-Upgraded true;\nDSelect::Clean $real_apt_clean;\n",
+ before => Config_file[apt_config];
+ }
+}
diff --git a/manifests/default_sources_list.pp b/manifests/default_sources_list.pp
new file mode 100644
index 0000000..7db6535
--- /dev/null
+++ b/manifests/default_sources_list.pp
@@ -0,0 +1,11 @@
+class apt::default_sources_list {
+ include lsb
+ config_file {
+ # include main, security and backports
+ # additional sources could be included via an array
+ "/etc/apt/sources.list":
+ content => template("apt/sources.list.erb"),
+ require => Package['lsb'];
+ }
+}
+
diff --git a/manifests/dselect.pp b/manifests/dselect.pp
new file mode 100644
index 0000000..fb138da
--- /dev/null
+++ b/manifests/dselect.pp
@@ -0,0 +1,10 @@
+class apt::dselect {
+ # suppress annoying help texts of dselect
+ line { dselect_expert:
+ file => "/etc/dpkg/dselect.cfg",
+ line => "expert",
+ ensure => present,
+ }
+
+ package { dselect: ensure => installed }
+}
diff --git a/manifests/init.pp b/manifests/init.pp
index 1af6e1f..af860f7 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -5,224 +5,132 @@
class apt {
- # See README
- $real_apt_clean = $apt_clean ? {
- '' => 'auto',
- default => $apt_clean,
- }
-
- $backports_enabled = $backports_enabled ? {
- '' => 'false',
- default => $backports_enabled,
- }
-
- package { apt: ensure => installed }
-
- # a few templates need lsbdistcodename
- include assert_lsbdistcodename
-
- case $custom_sources_list {
- '': {
- include default_sources_list
- }
- default: {
- config_file { "/etc/apt/sources.list":
- content => $custom_sources_list,
- require => Exec[assert_lsbdistcodename];
- }
- }
- }
-
- class default_sources_list {
- config_file {
- # include main, security and backports
- # additional sources could be included via an array
- "/etc/apt/sources.list":
- content => template("apt/sources.list.erb"),
- require => Exec[assert_lsbdistcodename];
- }
- }
-
- case $custom_preferences {
- '': {
- include default_preferences
- }
- default: {
- config_file { "/etc/apt/preferences":
- content => $custom_preferences,
- alias => apt_config,
- require => File["/etc/apt/sources.list"];
- }
- }
- }
- class default_preferences {
- config_file {
- # this just pins unstable and testing to very low values
- "/etc/apt/preferences":
- content => template("apt/preferences.erb"),
- # use File[apt_config] to reference a completed configuration
- # See "The Puppet Semaphor" 2007-06-25 on the puppet-users ML
- alias => apt_config,
- # only update together
- require => File["/etc/apt/sources.list"];
- # little default settings which keep the system sane
- "/etc/apt/apt.conf.d/from_puppet":
- content => "APT::Get::Show-Upgraded true;\nDSelect::Clean $real_apt_clean;\n",
- before => File[apt_config];
- }
- }
-
- $apt_base_dir = "${module_dir_path}/apt"
- module_dir { apt: }
- # watch apt.conf.d
- file { "/etc/apt/apt.conf.d": ensure => directory, checksum => mtime; }
-
- exec {
- # "&& sleep 1" is workaround for older(?) clients
- "/usr/bin/apt-get update && sleep 1 #on refresh":
- refreshonly => true,
- subscribe => [ File["/etc/apt/sources.list"],
- File["/etc/apt/preferences"], File["/etc/apt/apt.conf.d"],
- File[apt_config] ];
- "/usr/bin/apt-get update && /usr/bin/apt-get autoclean #hourly":
- require => [ File["/etc/apt/sources.list"],
- File["/etc/apt/preferences"], File[apt_config] ],
- # Another Semaphor for all packages to reference
- alias => apt_updated;
- }
-
- ## This package should really always be current
- package { "debian-archive-keyring":
- ensure => latest,
- }
-
- case $backports_enabled {
- 'true': {
- config_file {
- # backports
- "/etc/apt/sources.list.d/debian-backports.list":
- content => template("apt/sources.list.backports.erb"),
- require => Exec[assert_lsbdistcodename];
- }
-
- case $lsbdistcodename {
- etch: {
- package { "debian-backports-keyring":
- ensure => latest,
- }
-
- # This key was downloaded from
- # http://backports.org/debian/archive.key
- # and is needed to bootstrap the backports trustpath
- file { "${apt_base_dir}/backports.org.key":
- source => "puppet://$server/modules/apt/backports.org.key",
- mode => 0444, owner => root, group => root,
- }
- exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update":
- alias => "backports_key",
- refreshonly => true,
- subscribe => File["${apt_base_dir}/backports.org.key"],
- before => [ File[apt_config], Package["debian-backports-keyring"] ]
- }
- }
- lenny: {
- package { "debian-backports-keyring":
- ensure => latest,
- }
-
- # This key was downloaded from
- # http://backports.org/debian/archive.key
- # and is needed to bootstrap the backports trustpath
- file { "${apt_base_dir}/backports.org.key":
- source => "puppet://$server/modules/apt/backports.org.key",
- mode => 0444, owner => root, group => root,
- }
- exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update":
- alias => "backports_key",
- refreshonly => true,
- subscribe => File["${apt_base_dir}/backports.org.key"],
- before => [ File[apt_config], Package["debian-backports-keyring"] ]
- }
- }
- }
-
- }
- default: { }
- }
-
-
-
- case $custom_key_dir {
- '': {
- exec { "/bin/true # no_custom_keydir": }
- }
- default: {
- file { "${apt_base_dir}/keys.d":
- source => "$custom_key_dir",
- recurse => true,
- mode => 0755, owner => root, group => root,
- }
- exec { "find ${apt_base_dir}/keys.d -type f -exec apt-key add '{}' \\; && apt-get update":
- alias => "custom_keys",
- subscribe => File["${apt_base_dir}/keys.d"],
- refreshonly => true,
- before => File[apt_config];
- }
- }
- }
-
- # workaround for preseeded_package component
- file { "/var/cache": ensure => directory }
- file { "/var/cache/local": ensure => directory }
- file { "/var/cache/local/preseeding/": ensure => directory }
-
- define preseeded_package ($content = "", $ensure = "installed") {
- $seedfile = "/var/cache/local/preseeding/$name.seeds"
- $real_content = $content ? {
- "" => template ( "$debian_version/$name.seeds" ),
- Default => $content
- }
-
- file{ $seedfile:
- content => $real_content,
- mode => 0600, owner => root, group => root,
- }
-
- package { $name:
- ensure => $ensure,
- responsefile => $seedfile,
- require => File[$seedfile],
- }
- }
-
- define upgrade_package ($version = "") {
- case $version {
- '': {
- exec { "aptitude -y install $name":
- onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ],
- }
- }
- 'latest': {
- exec { "aptitude -y install $name":
- onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ],
- }
- }
- default: {
- exec { "aptitude -y install $name=$version":
- onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ],
- }
- }
- }
- }
-}
-
-class dselect {
- # suppress annoying help texts of dselect
- line { dselect_expert:
- file => "/etc/dpkg/dselect.cfg",
- line => "expert",
- ensure => present,
- }
-
- package { dselect: ensure => installed }
-}
+ # See README
+ $real_apt_clean = $apt_clean ? {
+ '' => 'auto',
+ default => $apt_clean,
+ }
+
+ package { apt:
+ ensure => installed,
+ require => undef,
+ }
+
+ case $custom_sources_list {
+ '': {
+ include apt::default_sources_list
+ }
+ default: {
+ include lsb
+ config_file { "/etc/apt/sources.list":
+ content => $custom_sources_list,
+ require => Package['lsb'];
+ }
+ }
+ }
+
+ case $custom_preferences {
+ '': {
+ include apt::default_preferences
+ }
+ default: {
+ config_file { "/etc/apt/preferences":
+ content => $custom_preferences,
+ alias => apt_config,
+ require => File["/etc/apt/sources.list"];
+ }
+ }
+ }
+
+ if $apt_unattended_upgrades {
+ include apt::unattended_upgrades
+ }
+
+ include common::moduledir
+ $apt_base_dir = "${common::moduledir::module_dir_path}/apt"
+ modules_dir { apt: }
+ # watch apt.conf.d
+ file { "/etc/apt/apt.conf.d": ensure => directory, checksum => mtime; }
+
+ exec {
+ # "&& sleep 1" is workaround for older(?) clients
+ 'refresh_apt':
+ command => '/usr/bin/apt-get update && sleep 1',
+ refreshonly => true,
+ subscribe => [ File["/etc/apt/sources.list"],
+ File["/etc/apt/preferences"],
+ File["/etc/apt/apt.conf.d"],
+ Config_file[apt_config] ];
+ 'update_apt':
+ command => '/usr/bin/apt-get update && /usr/bin/apt-get autoclean',
+ require => [ File["/etc/apt/sources.list"],
+ File["/etc/apt/preferences"], Config_file[apt_config] ],
+ loglevel => info,
+ # Another Semaphor for all packages to reference
+ alias => apt_updated;
+ }
+
+ ## This package should really always be current
+ package { "debian-archive-keyring": ensure => latest }
+
+ case $lsbdistcodename {
+ etch: {
+ package { "debian-backports-keyring": ensure => latest }
+
+ # This key was downloaded from
+ # http://backports.org/debian/archive.key
+ # and is needed to bootstrap the backports trustpath
+ file { "${apt_base_dir}/backports.org.key":
+ source => "puppet:///modules/apt/backports.org.key",
+ mode => 0444, owner => root, group => root,
+ }
+ exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update":
+ alias => "backports_key",
+ refreshonly => true,
+ subscribe => File["${apt_base_dir}/backports.org.key"],
+ before => [ File[apt_config], Package["debian-backports-keyring"] ]
+ }
+ }
+ lenny: {
+ package { "debian-backports-keyring": ensure => latest }
+
+ # This key was downloaded from
+ # http://backports.org/debian/archive.key
+ # and is needed to bootstrap the backports trustpath
+ file { "${apt_base_dir}/backports.org.key":
+ source => "puppet:///modules/apt/backports.org.key",
+ mode => 0444, owner => root, group => root,
+ }
+ exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update":
+ alias => "backports_key",
+ refreshonly => true,
+ subscribe => File["${apt_base_dir}/backports.org.key"],
+ before => [ Config_file[apt_config], Package["debian-backports-keyring"] ]
+ }
+ }
+ }
+
+ case $custom_key_dir {
+ '': {
+ exec { "/bin/true # no_custom_keydir": }
+ }
+ default: {
+ file { "${apt_base_dir}/keys.d":
+ source => "$custom_key_dir",
+ recurse => true,
+ mode => 0755, owner => root, group => root,
+ }
+ exec { "find ${apt_base_dir}/keys.d -type f -exec apt-key add '{}' \\; && apt-get update":
+ alias => "custom_keys",
+ subscribe => File["${apt_base_dir}/keys.d"],
+ refreshonly => true,
+ before => Config_file[apt_config];
+ }
+ }
+ }
+
+ # workaround for preseeded_package component
+ file { "/var/cache": ensure => directory }
+ file { "/var/cache/local": ensure => directory }
+ file { "/var/cache/local/preseeding": ensure => directory }
+}
diff --git a/manifests/preseeded_package.pp b/manifests/preseeded_package.pp
new file mode 100644
index 0000000..276c90f
--- /dev/null
+++ b/manifests/preseeded_package.pp
@@ -0,0 +1,18 @@
+define apt::preseeded_package ($content = "", $ensure = "installed") {
+ $seedfile = "/var/cache/local/preseeding/$name.seeds"
+ $real_content = $content ? {
+ "" => template ( "$debian_version/$name.seeds" ),
+ Default => $content
+ }
+
+ file{ $seedfile:
+ content => $real_content,
+ mode => 0600, owner => root, group => root,
+ }
+
+ package { $name:
+ ensure => $ensure,
+ responsefile => $seedfile,
+ require => File[$seedfile],
+ }
+}
diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp
new file mode 100644
index 0000000..c984c40
--- /dev/null
+++ b/manifests/unattended_upgrades.pp
@@ -0,0 +1,15 @@
+class apt::unattended_upgrades {
+ package{'unattended-upgrades':
+ ensure => present,
+ require => undef,
+ }
+
+ config_file {
+ "/etc/apt/apt.conf.d/unattended_upgrades":
+ content => 'APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Unattended-Upgrade "1";
+',
+ before => Config_file[apt_config],
+ require => Package['unattended-upgrades'],
+ }
+}
diff --git a/manifests/upgrade_package.pp b/manifests/upgrade_package.pp
new file mode 100644
index 0000000..41d5d52
--- /dev/null
+++ b/manifests/upgrade_package.pp
@@ -0,0 +1,19 @@
+define apt::upgrade_package ($version = "") {
+ case $version {
+ '': {
+ exec { "aptitude -y install $name":
+ onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ],
+ }
+ }
+ 'latest': {
+ exec { "aptitude -y install $name":
+ onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ],
+ }
+ }
+ default: {
+ exec { "aptitude -y install $name=$version":
+ onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ],
+ }
+ }
+ }
+}