Age | Commit message (Collapse) | Author |
|
Conflicts:
README
files/Debian/50unattended-upgrades.lenny
files/Debian/50unattended-upgrades.wheezy
manifests/init.pp
manifests/params.pp
manifests/unattended_upgrades.pp
templates/Debian/preferences_jessie.erb
templates/Debian/sources.list.erb
|
|
Remove loglevel directive from Exec[update_apt]
When using puppet apply (v 3.7), loglevel 'info'
won't show the output on error. This is bad for
debugging.
micah, assigning to you because this has already bitten me while debugging a failed `apt-get update` for the leap_platform.
See merge request !39
|
|
When using puppet apply (v 3.7), loglevel 'info'
won't show the output on error. This is bad for
debugging.
|
|
Manage unattended-upgrades log directory
In some situations, the log directory for unattended-upgrades might not
exist. In those cases, packages will not get upgraded!
unattended-upgrades crashes with a python backtrace because the log dir
is not present.
See merge request !38
|
|
In some situations, the log directory for unattended-upgrades might not
exist. In those cases, packages will not get upgraded!
unattended-upgrades crashes with a python backtrace because the log dir
is not present.
|
|
The `disable_update` parameter has been removed. The main apt class
defaults to *not* run an `apt-get update` on every run anyway so
this parameter seems useless.
You can include the `apt::update` class if you want it to be
run every time.
|
|
`apt-get autoclean` should not be run on every puppetrun when
including `apt::update`, but rather be configured as a `APT::Periodic`
task that is run by cron, see
https://wiki.debian.org/UnattendedUpgrades.
|
|
Before, there were two Execs that did an `apt-get update`,
`Exec[refresh_apt]` and `Exec[apt_updated]`, which were triggered
by different resources.
This changes gets rid of the first one, and all resources now depend
on `Exec[apt_updated]`.
|
|
When pinning packages with apt::preferences_snippet,
we need to make sure these get deployed before an
`apt-get update` is triggered, so pinned packages can
get installed in the right way with a single puppetrun.
|
|
[feat] Enable gitlab CI builds, simplify Gemfile
Test this module using existing rspec test, using gitlab CI on gitlab.com shared runners.
See https://gitlab.com/varac/apt/builds/473836 for the CI build of this merge req.
See merge request !33
|
|
|
|
[feat] Don't run an additional apt-get update
When adding custom keys, an additional `apt-get update` would
be run before the Exec['refresh_apt'], which don't make sense.
See merge request !31
|
|
When adding custom keys, an additional `apt-get update` would
be run before the Exec['refresh_apt'], which don't make sense.
|
|
|
|
|
|
I noticed this behaviour because $::debian_nextcodename was
"squeeze" on a wheezy host.
For debugging, i inserted a "puts codenames" in
lib/facter/debian_nextcodename.rb, and it turned out that it
was sorted differently on wheezy and jessie hosts:
On wheezy:
buster
stretch
jessie
wheezy
squeeze
lenny
On jessie:
lenny
squeeze
wheezy
jessie
stretch
buster
So i decided to rewrite this so this doesn't happen again.
|
|
|
|
requirering the facter/util/debian.rb module causes
puppet warnings on wheezy hosts, and custom facts like
`$::debian_codename` cannot be evaluated.
warning: Could not load fact file
/srv/dev/projects/puppet/shared-modules//apt/lib/facter/debian_nextcodename.rb:
no such file to load -- facter/util/debian
Removing the require line solves this.
|
|
|
|
[feat] Support vivid, wily, xenial ubuntu release
See merge request !27
|
|
Managing requirements for installing the lsb package has proven over
time to make no sense. The best approach to this is to require
lsb-release to be installed alongside puppet, since otherwise there are
so much facts that get no value during the run and you end up needing to
run puppet twice to get the real end result.
Also, since we're not including a class that is actually installing the
'lsb' package, that require line makes it so that including the apt
module doesn't work, and there's no documentation in the README about
needing to provide a package{'lsb':} resource with the apt class.
Because of all that, it makes more sense to just get rid of that require
line and mark lsb as a pre-requirement in the README file.
|
|
|
|
|
|
this allows for third party modules to enable this on the fly
|
|
Ubuntu shouldn't be using debian backports by default.
This was written by Anoine Beaupré, but split from the commit "move
backports to snippets" since the change is unrelated and needs to be
more visible in the commit history.
|
|
|
|
Also add an example for how to use the apt::unattended_upgrades class.
|
|
Micah found an issue with usage of config_content: if you call template('...')
yourself and pass that on to config_content, then your template gets evaluated
without all of the variables. This means that you don't hava access to
blacklisted_packages, mail_recipient or mailonlyonerror.
To make it possible to use a different template while still having access to
those variables, let's make it possible to change the template name that we're
using.
|
|
|
|
* On squeeze, use release fact instead of hardcoded release name
* On wheezy, special-case because codename selector is not available
* On jessie and up, start pulling in point-release updates. The
codename selector ensures that we won't be upgrading to a new
release automatically.
|
|
|
|
GPLv3 was already applied 3 years ago to this code base. See LICENSE
file.
|
|
|
|
It's great to document requirements in README, but error'ing out whenever
the user messes up is even better IMO.
|
|
This is not perfect protection against special chars that the shell may
interpret, but should help at least in case $name contains spaces.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
the rationale of this is that isn't useful for third party modules,
because they cannot inject keys in there without some serious apt
class hijacking
|
|
allow disabling backports (and volatile in ubuntu)
as the module stands now, there's no way to disable backports.
there are a few reasons why we want to allow this:
* "tools, not policy" - if Debian doesn't ship with backports enabled by default, why should we change that policy?
* too many sources.list entries can cause problems on `apt-get update`, which can run out of memory and require special config
* if the pinning fails, some packages may be updated by mistake
* even if pinning works, some may *want* to keep admins from installing anything from backports as a policy
this keeps backports installed by default (begrudgingly) however. it just allows disabling it.
it also allows disabling volatile in ubuntu, which wasn't possible before.
See merge request !16
|
|
|
|
|
|
|
|
|
|
|