diff options
| -rw-r--r-- | README | 22 | ||||
| -rw-r--r-- | files/10periodic | 7 | ||||
| -rw-r--r-- | files/Debian/50unattended-upgrades | 7 | ||||
| -rw-r--r-- | files/lucid/50unattended-upgrades | 34 | ||||
| -rw-r--r-- | files/wheezy/50unattended-upgrades | 63 | ||||
| -rw-r--r-- | lib/puppet/parser/functions/debian_nextcodename.rb | 3 | ||||
| -rw-r--r-- | lib/puppet/parser/functions/debian_release.rb | 6 | ||||
| -rw-r--r-- | lib/puppet/parser/functions/debian_release_version.rb | 1 | ||||
| -rw-r--r-- | manifests/init.pp | 7 | ||||
| -rw-r--r-- | manifests/params.pp | 1 | ||||
| -rw-r--r-- | manifests/unattended_upgrades.pp | 13 | ||||
| -rw-r--r-- | templates/proxy.erb | 4 | ||||
| -rw-r--r-- | templates/sources.list.volatile.erb | 8 |
13 files changed, 152 insertions, 24 deletions
@@ -129,18 +129,6 @@ pull in the templates/site_apt/sources.list file: $custom_sources_list = template('site_apt/sources.list') -$custom_key_dir ---------------- - -If you have different apt-key files that you want to get added to your -apt keyring, you can set this variable to a path in your fileserver -where individual key files can be placed. If this is set and keys -exist there, this module will 'apt-key add' each key. - -The debian-archive-keyring package is installed and kept current up to the -latest revision (this includes the backports archive keyring). - - Classes ======= @@ -235,6 +223,16 @@ Class parameters: include apt::dist_upgrade class { 'apt': codename => 'wheezy', notify => Exec['apt_dist-upgrade'] } +* custom_key_dir + + If you have different apt-key files that you want to get added to your + apt keyring, you can set this variable to a path in your fileserver + where individual key files can be placed. If this is set and keys + exist there, this module will 'apt-key add' each key. + + The debian-archive-keyring package is installed and kept current up to the + latest revision (this includes the backports archive keyring). + apt::apticron ------------- diff --git a/files/10periodic b/files/10periodic new file mode 100644 index 0000000..6c06232 --- /dev/null +++ b/files/10periodic @@ -0,0 +1,7 @@ +// this file is managed by puppet ! +// +//See https://wiki.ubuntu.com/AutomaticUpdates for more details about this feature. +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Download-Upgradeable-Packages "1"; +APT::Periodic::AutocleanInterval "7"; +APT::Periodic::Unattended-Upgrade "1"; diff --git a/files/Debian/50unattended-upgrades b/files/Debian/50unattended-upgrades index 0901ad3..72df8f6 100644 --- a/files/Debian/50unattended-upgrades +++ b/files/Debian/50unattended-upgrades @@ -1,10 +1,9 @@ // this file is managed by puppet ! Unattended-Upgrade::Allowed-Origins { - "${distro_id}:stable"; - "${distro_id}:${distro_codename}-security"; - "${distro_id}:${distro_codename}-updates"; - "${distro_id} Backports:${distro_codename}-backports"; + "Debian oldstable"; + "Debian-Security oldstable"; + "${distro_id} Backports:${distro_codename}-backports"; }; APT::Periodic::Update-Package-Lists "1"; diff --git a/files/lucid/50unattended-upgrades b/files/lucid/50unattended-upgrades new file mode 100644 index 0000000..9c22a64 --- /dev/null +++ b/files/lucid/50unattended-upgrades @@ -0,0 +1,34 @@ +// this file is managed by puppet ! +// +//See https://wiki.ubuntu.com/AutomaticUpdates for more details about this feature. + +// allowed (origin, archive) pairs +Unattended-Upgrade::Allowed-Origins { + "Ubuntu lucid-security"; + "Ubuntu lucid-updates"; +}; + +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Unattended-Upgrade "1"; +Unattended-Upgrade::Mail "root"; +Unattended-Upgrade::MailOnlyOnError "true"; + +APT::UnattendedUpgrades::LogDir "/var/log/"; +APT::UnattendedUpgrades::LogFile "unattended_upgrades.log"; + +Unattended-Upgrade::Package-Blacklist { + // we don't want the kernel to be updated so nagios still can give a warning if there is + // a manual update (and reboot) left + + "linux-image-*"; + + // unfortunately there seems to be a bug in unattended-upgrades <= 0.62 that wildcards aren't recognized: + //2009-12-11 13:41:43,267 INFO Initial blacklisted packages: linux-image-* + //2009-12-11 13:41:43,267 INFO Starting unattended upgrades script + //2009-12-11 13:41:43,267 INFO Allowed origins are: ["['Debian', 'stable']", "['Debian-Security', 'stable']"] + //2009-12-11 13:41:45,233 INFO Packages that are upgraded: linux-image-2.6.26-2-amd64 + //2009-12-11 13:41:45,233 INFO Writing dpkg log to '/var/log/unattended-upgrades-dpkg_2009-12-11_13:41:45.233713.log' + //2009-12-11 13:42:11,988 INFO All upgrades installed + +}; + diff --git a/files/wheezy/50unattended-upgrades b/files/wheezy/50unattended-upgrades new file mode 100644 index 0000000..300f1fe --- /dev/null +++ b/files/wheezy/50unattended-upgrades @@ -0,0 +1,63 @@ +// Automatically upgrade packages from these origin patterns +Unattended-Upgrade::Origins-Pattern { + // Archive or Suite based matching: + // Note that this will silently match a different release after + // migration to the specified archive (e.g. testing becomes the + // new stable). + "o=Debian,a=stable"; + "o=Debian,a=stable-updates"; + "o=Debian,a=proposed-updates"; + "origin=Debian,archive=stable,label=Debian-Security"; +}; + +// List of packages to not update +Unattended-Upgrade::Package-Blacklist { +// "vim"; +// "libc6"; +// "libc6-dev"; +// "libc6-i686"; +}; + +// This option allows you to control if on a unclean dpkg exit +// unattended-upgrades will automatically run +// dpkg --force-confold --configure -a +// The default is true, to ensure updates keep getting installed +//Unattended-Upgrade::AutoFixInterruptedDpkg "false"; + +// Split the upgrade into the smallest possible chunks so that +// they can be interrupted with SIGUSR1. This makes the upgrade +// a bit slower but it has the benefit that shutdown while a upgrade +// is running is possible (with a small delay) +//Unattended-Upgrade::MinimalSteps "true"; + +// Install all unattended-upgrades when the machine is shuting down +// instead of doing it in the background while the machine is running +// This will (obviously) make shutdown slower +//Unattended-Upgrade::InstallOnShutdown "true"; + +// Send email to this address for problems or packages upgrades +// If empty or unset then no email is sent, make sure that you +// have a working mail setup on your system. A package that provides +// 'mailx' must be installed. E.g. "user@example.com" +Unattended-Upgrade::Mail "root"; + +// Set this value to "true" to get emails only on errors. Default +// is to always send a mail if Unattended-Upgrade::Mail is set +//Unattended-Upgrade::MailOnlyOnError "true"; + +// Do automatic removal of new unused dependencies after the upgrade +// (equivalent to apt-get autoremove) +//Unattended-Upgrade::Remove-Unused-Dependencies "false"; + +// Automatically reboot *WITHOUT CONFIRMATION* if a +// the file /var/run/reboot-required is found after the upgrade +//Unattended-Upgrade::Automatic-Reboot "false"; + + +// Use apt bandwidth limit feature, this example limits the download +// speed to 70kb/sec +//Acquire::http::Dl-Limit "70"; + +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Download-Upgradeable-Packages "1"; +APT::Periodic::Unattended-Upgrade "1"; diff --git a/lib/puppet/parser/functions/debian_nextcodename.rb b/lib/puppet/parser/functions/debian_nextcodename.rb index f57dd2a..3d5c3bd 100644 --- a/lib/puppet/parser/functions/debian_nextcodename.rb +++ b/lib/puppet/parser/functions/debian_nextcodename.rb @@ -4,7 +4,8 @@ module Puppet::Parser::Functions when "etch" then "lenny" when "lenny" then "squeeze" when "squeeze" then "wheezy" - when "wheezy" then "sid" + when "wheezy" then "jessie" + when "jessie" then "sid" when "sid" then "experimental" else "sid" end diff --git a/lib/puppet/parser/functions/debian_release.rb b/lib/puppet/parser/functions/debian_release.rb index 857edf3..d7b6718 100644 --- a/lib/puppet/parser/functions/debian_release.rb +++ b/lib/puppet/parser/functions/debian_release.rb @@ -1,9 +1,9 @@ module Puppet::Parser::Functions newfunction(:debian_release, :type => :rvalue) do |args| case args[0] - when 'lenny' then 'oldstable' - when 'squeeze' then 'stable' - when 'wheezy' then 'testing' + when 'squeeze' then 'oldstable' + when 'wheezy' then 'stable' + when 'jessie' then 'testing' when 'sid' then 'unstable' when 'experimental' then 'experimental' else 'testing' diff --git a/lib/puppet/parser/functions/debian_release_version.rb b/lib/puppet/parser/functions/debian_release_version.rb index ff58f72..0abe90e 100644 --- a/lib/puppet/parser/functions/debian_release_version.rb +++ b/lib/puppet/parser/functions/debian_release_version.rb @@ -4,6 +4,7 @@ module Puppet::Parser::Functions when 'etch' then '4.0' when 'lenny' then '5.0' when 'squeeze' then '6.0' + when 'wheezy' then '7.0' else '' end end diff --git a/manifests/init.pp b/manifests/init.pp index faddf09..33eac37 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -15,7 +15,8 @@ class apt( $ubuntu_url = $apt::params::ubuntu_url, $repos = $apt::params::repos, $custom_preferences = $apt::params::custom_preferences, - $disable_update = $apt::params::disable_update + $disable_update = $apt::params::disable_update, + $custom_key_dir = $apt::params::custom_key_dir ) inherits apt::params { case $::operatingsystem { 'debian': { @@ -113,9 +114,9 @@ class apt( $apt_base_dir = "${common::moduledir::module_dir_path}/apt" modules_dir { 'apt': } - if $::custom_key_dir { + if $custom_key_dir { file { "${apt_base_dir}/keys.d": - source => $::custom_key_dir, + source => $custom_key_dir, recurse => true, owner => root, group => root, diff --git a/manifests/params.pp b/manifests/params.pp index b210ff6..12273ac 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -14,4 +14,5 @@ class apt::params () { $repos = 'auto' $custom_preferences = '' $disable_update = false + $custom_key_dir = false } diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp index 2f6c2a5..398a1a7 100644 --- a/manifests/unattended_upgrades.pp +++ b/manifests/unattended_upgrades.pp @@ -14,9 +14,20 @@ class apt::unattended_upgrades { require => Package['unattended-upgrades'], } - if $apt::custom_preferences != false { + if defined(File['apt_config']) { Apt_conf['50unattended-upgrades'] { before => File['apt_config'], } } + + if $operatingsystem == 'ubuntu' { + file { '/etc/apt/apt.conf.d/10periodic': + ensure => present, + owner => root, + group => root, + mode => 0644, + source => 'puppet:///modules/apt/10periodic', + require => Package['unattended-upgrades'], + } + } } diff --git a/templates/proxy.erb b/templates/proxy.erb new file mode 100644 index 0000000..01c9861 --- /dev/null +++ b/templates/proxy.erb @@ -0,0 +1,4 @@ +Acquire { +<% if apt_http_proxy != false %> HTTP::Proxy "<%= apt_http_proxy %>";<% end %> +<% if apt_ftp_proxy != false %> FTP::Proxy "<%= apt_ftp_proxy %>";<% end %> +}; diff --git a/templates/sources.list.volatile.erb b/templates/sources.list.volatile.erb new file mode 100644 index 0000000..cc9316b --- /dev/null +++ b/templates/sources.list.volatile.erb @@ -0,0 +1,8 @@ +# This file is brought to you by puppet + +# backports +<% if (lsbdistcodename == "sid" || lsbdistcodename == "unstable") -%> +# There are no backports for for <%= lsbdistcodename %> +<% else -%> +deb http://volatile.debian.org/debian-volatile <%= lsbdistcodename %>/volatile main contrib non-free +<% end -%> |