diff options
| -rw-r--r-- | README | 19 | ||||
| -rw-r--r-- | files/backports.org.key | 33 | ||||
| -rw-r--r-- | manifests/init.pp | 91 | ||||
| -rw-r--r-- | templates/preferences.erb | 7 | ||||
| -rw-r--r-- | templates/sources.list.erb | 14 |
5 files changed, 164 insertions, 0 deletions
@@ -0,0 +1,19 @@ +Variables: + $apt_clean: Sets DSelect::Clean, defaults to 'auto' on normal hosts and + 'pre-auto' in vservers, since the latter are usually more space-bound and + have better recovery mechanisms via the host + From apt.conf(5), 0.7.2: "Cache Clean mode; this value may be one of + always, prompt, auto, pre-auto and never. always and prompt will + remove all packages from the cache after upgrading, prompt (the + default) does so conditionally. auto removes only those packages + which are no longer downloadable (replaced with a new version for + instance). pre-auto performs this action before downloading new + packages." + +Provided Resources: + File[apt_config]: Use this resource to depend on or add to a completed apt + configuration + Exec[apt_updated]: After this point, current packages can installed via apt, + usually used like this: + Package { require => Exec[apt_updated] } + diff --git a/files/backports.org.key b/files/backports.org.key new file mode 100644 index 0000000..6e66404 --- /dev/null +++ b/files/backports.org.key @@ -0,0 +1,33 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.3 (GNU/Linux) + +mQGiBEMIgw4RBADueqAzlq+rQT9JYSSWnNzo6C+9crI8lzW/fcl2Q3PO97MOQTOx +Qsf/lOh0Ku7O+VdBa+BwVPuUkSw6wTY5Ku1y/6r1BQzJ9oHkryDDJXsHzKhpdyFc +/lD4hNGqRkiNg5ulwAI0O1eqffPWDmeR9ZzSsqM40f1U4TNLfPAu1viWxwCgnbWz +onY6RqSYlRsDQaPsNTwieVEEAJeX2FGgNepD1SvfEremAkWCrYYlSZI76iTIf6bd +kGkWqIT0vJyE2MNenhDJ2ebbHJVFmL9x8S3m1daC4Zwnacm7aoCY/QgMJ+Js1Fex +Acev48W9KHgpVbFMd1t8KAwRbmFcQf0C/FZUbE7xScpTxS4z3SsMOuRyfnGpDOi6 +m/SnA/9wpquf3pPwbPykzKWNJEDouiJgt0zaFLauKDPeyTWeJ6htaAPDglArewdq +bJ9M8QgLFtzjhg/fBQlRRUk7YP4OYtp1OdPkg2D/1rPQNySWlDf21T3N/K8ydKhR +bYi+AsPuJLQUi3d+lVTFOebaL9felePvDC2/Eod7PSD1/rnkZ7Q0QmFja3BvcnRz +Lm9yZyBBcmNoaXZlIEtleSA8ZnRwLW1hc3RlckBiYWNrcG9ydHMub3JnPohGBBAR +AgAGBQJDgImkAAoJEHFe1qB+e4rJ2x4An2oI4xJpDvOx8uDIo9ihG1M0MpUqAJ9S +cqVUmiyYSPtu8MwcZecy9kmOIYheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD +FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AniaEBvlr4oVFMrGgPiye7iE/jv68AJ48 +OkIfwcKJt7N8ImPAboeimFvWgIheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD +FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AnjdB14rGa/rzz1ohwsi1oEnDRYuyAJ44 +Nv8MTPjOaeEZArQ0flg8OXwF37kCDQRDCIMREAgAzXu6DGSDAz4JH+mlthtiQwNZ +FU8bjWanGT3DL6zubxwc3ZQmRaMOiVuvJUuaJv8fdGRSvp09dP2/x5mzq2rACiEn +DwZssNSK5sigxgy2W9zeO9bOtg6bhqZLwlsL8Y2xZhyGL3qGeP4zL1QbXZ1QdJuO +90Xu7GWYS6Wsj+Y6dUsZFYvTZwSiLkEmgFUTxkNue3DQtZ/KNkwoKc+aqU+S7gDN +StQDvTNtR6IV11KbKcY1iQ0B2bkh4zShWwloIr83V6huAhfH8GA7UW6saRJAof5D +JWUb+PRmU2TAOOlyZoM4nMH+sFFDPOeG8fbecwlox5BRTMqcCB5ELbQXoVZT+wAD +BQf/ffI9R53f9USQkhsSak+k82JjRo9hqKAvPwBv3fDhMYqX3XRmwgNeax2y6Ub0 +AQkDhIC6eJILP5hTb2gjpmYYP7YE/7F1h37lUg7dDYeyPQF54mUXPnIg3uQ/V9HB +TY+ZW8rsVe1KRvPAuVFU77FfCvIFdLSXVi1HSUcGv9Y7Kk4Tkr7vzKshlcIp6zZr +O0Y3t/+ekBwTTQqEoUylVYkCSt3z6bjpVWbepkL88rbqJnPueTATw9shjbFYaND8 +cXZox9tQmlOIZ6gDeH1YvFf7ObRLxULm7C6hwik6agtXWkNABVXSxM6MB4hcP9QC ++FEhK6y/7wC3SyNRBuFujDG1aohJBBgRAgAJBQJDCIMRAhsMAAoJEOqOiyEWuhNs +VVMAoJ1gbL0PHVf7yDwMjO3HuJBErxLdAJ4v9ojJnvJu2yUl4W586soBm+wsLg== +=fBrI +-----END PGP PUBLIC KEY BLOCK----- diff --git a/manifests/init.pp b/manifests/init.pp new file mode 100644 index 0000000..c9e61bc --- /dev/null +++ b/manifests/init.pp @@ -0,0 +1,91 @@ +# apt.pp - common components and defaults for handling apt +# Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at> +# See LICENSE for the full license granted to you. +# +# With hints from +# Micah Anderson <micah@riseup.net> +# * backports key + +class apt { + + # See README + $real_apt_clean = $apt_clean ? { + '' => 'auto', + default => $apt_clean, + } + + # a few templates need lsbdistcodename + include assert_lsbdistcodename + + config_file { + # include main, security and backports + # additional sources could be included via an array + "/etc/apt/sources.list": + content => template("apt/sources.list.erb"), + require => Exec[assert_lsbdistcodename]; + # this just pins unstable and testing to very low values + "/etc/apt/preferences": + content => template("apt/preferences.erb"), + # use File[apt_config] to reference a completed configuration + # See "The Puppet Semaphor" 2007-06-25 on the puppet-users ML + alias => apt_config, + # only update together + require => File["/etc/apt/sources.list"]; + # little default settings which keep the system sane + "/etc/apt/apt.conf.d/from_puppet": + content => "APT::Get::Show-Upgraded true;\nDSelect::Clean $real_apt_clean;\n", + before => File[apt_config]; + } + + $base_dir = "/var/lib/puppet/modules/apt" + file { + # remove my legacy files + [ "/etc/apt/backports.key", "/etc/apt/apt.conf.d/local-conf" ]: + ensure => removed; + # create new modules dir + $base_dir: ensure => directory; + # watch apt.conf.d + "/etc/apt/apt.conf.d": ensure => directory, checksum => mtime; + } + + # suppress annoying help texts of dselect + line { dselect_expert: + file => "/etc/dpkg/dselect.cfg", + line => "expert", + ensure => present, + } + + exec { + "/usr/bin/apt-get -y update #on refresh": + refreshonly => true, + subscribe => [ File["/etc/apt/sources.list"], + File["/etc/apt/preferences"], File["/etc/apt/apt.conf.d"], + File[apt_config] ]; + "/usr/bin/apt-get -y update && /usr/bin/apt-get autoclean #hourly": + require => [ File["/etc/apt/sources.list"], + File["/etc/apt/preferences"], File[apt_config] ], + # Another Semaphor for all packages to reference + alias => apt_updated; + } + + case $lsbdistcodename { + etch: { + ## This package should really always be current + package { "debian-archive-keyring": ensure => latest, } + + # This key was downloaded from + # http://backports.org/debian/archive.key + # and is needed to verify the backports + file { "${base_dir}/backports.org.key": + source => "puppet://$servername/apt/backports.org.key", + mode => 0444, owner => root, group => root, + before => File[apt_config], + } + exec { "/usr/bin/apt-key add ${base_dir}/backports.org.key": + refreshonly => true, + subscribe => File["${base_dir}/backports.org.key"], + before => File[apt_config], + } + } + } +} diff --git a/templates/preferences.erb b/templates/preferences.erb new file mode 100644 index 0000000..ac71582 --- /dev/null +++ b/templates/preferences.erb @@ -0,0 +1,7 @@ +Package: * +Pin: release a=unstable +Pin-Priority: 1 + +Package: * +Pin: release a=testing +Pin-Priority: 2 diff --git a/templates/sources.list.erb b/templates/sources.list.erb new file mode 100644 index 0000000..a3880c5 --- /dev/null +++ b/templates/sources.list.erb @@ -0,0 +1,14 @@ +# This file is brought to you by puppet + +# basic <%= dv %> +deb http://ftp.at.debian.org/debian <%= dv %> main +# security suppport +deb http://security.debian.org/ <%= dv %>/updates main +# local packages +#deb http://puppetmaster:81/ / + +# additional packages, see preferences +#deb http://ftp.at.debian.org/debian sid main + +# backports +deb http://www.backports.org/debian/ <%= dv %>-backports main |