From 50b4bef76180181a34d04958b320295c7b6e9cf0 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 26 Jan 2013 15:20:30 -0200 Subject: Make custom_key_dir a class parameter and not a global variable Conflicts: manifests/init.pp --- README | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) (limited to 'README') diff --git a/README b/README index f241a19..35a88b2 100644 --- a/README +++ b/README @@ -129,18 +129,6 @@ pull in the templates/site_apt/sources.list file: $custom_sources_list = template('site_apt/sources.list') -$custom_key_dir ---------------- - -If you have different apt-key files that you want to get added to your -apt keyring, you can set this variable to a path in your fileserver -where individual key files can be placed. If this is set and keys -exist there, this module will 'apt-key add' each key. - -The debian-archive-keyring package is installed and kept current up to the -latest revision (this includes the backports archive keyring). - - Classes ======= @@ -235,6 +223,16 @@ Class parameters: include apt::dist_upgrade class { 'apt': codename => 'wheezy', notify => Exec['apt_dist-upgrade'] } +* custom_key_dir + + If you have different apt-key files that you want to get added to your + apt keyring, you can set this variable to a path in your fileserver + where individual key files can be placed. If this is set and keys + exist there, this module will 'apt-key add' each key. + + The debian-archive-keyring package is installed and kept current up to the + latest revision (this includes the backports archive keyring). + apt::apticron ------------- -- cgit v1.2.3 From c99227ad55e8d266a77ad5dfb672147eec6e1c3b Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Sat, 27 Jul 2013 06:14:47 -0400 Subject: Make custom_sources_list into a class paramter and thus remove the last global variable. --- README | 28 ++++++++++++---------------- manifests/init.pp | 5 +++-- 2 files changed, 15 insertions(+), 18 deletions(-) (limited to 'README') diff --git a/README b/README index 35a88b2..90301be 100644 --- a/README +++ b/README @@ -113,22 +113,6 @@ the site_apt modules' files directory that is named the same as the host. (example: site_apt/files/some.host.com/03clean, or site_apt/files/some.host.com/03clean_vserver) -Variables -========= - -$custom_sources_list --------------------- - -By default this module will use a basic apt/sources.list template with -a generic Debian mirror. If you need to set more specific sources, -e.g. changing the sections included in the source, etc. you can set -this variable to the content that you desire to use instead. - -For example, setting the following variable before including this class will -pull in the templates/site_apt/sources.list file: - - $custom_sources_list = template('site_apt/sources.list') - Classes ======= @@ -214,6 +198,18 @@ Class parameters: class { 'apt': custom_preferences => false } +* custom_sources_list + + By default this module will use a basic apt/sources.list template with + a generic Debian mirror. If you need to set more specific sources, + e.g. changing the sections included in the source, etc. you can set + this variable to the content that you desire to use instead. + + For example, setting this variable will pull in the + templates/site_apt/sources.list file: + + class { 'apt': custom_sources_list => template('site_apt/sources.list') } + * codename Contains the codename ("squeeze", "wheezy", ...) of the client's release. While diff --git a/manifests/init.pp b/manifests/init.pp index 33eac37..7550aaa 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -15,6 +15,7 @@ class apt( $ubuntu_url = $apt::params::ubuntu_url, $repos = $apt::params::repos, $custom_preferences = $apt::params::custom_preferences, + $custom_sources_list = '', $disable_update = $apt::params::disable_update, $custom_key_dir = $apt::params::custom_key_dir ) inherits apt::params { @@ -53,9 +54,9 @@ class apt( $next_codename = debian_nextcodename($codename) $next_release = debian_nextrelease($release) - $sources_content = $::custom_sources_list ? { + $sources_content = $custom_sources_list ? { '' => template( "apt/${::operatingsystem}/sources.list.erb"), - default => $::custom_sources_list + default => $custom_sources_list } file { # include main, security and backports -- cgit v1.2.3 From f8aa2ef8722592b61fcbc10959c571ff19dee573 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Sun, 8 Dec 2013 21:58:20 +0000 Subject: Drop Debian Etch and Lenny compatibility. Both have been unsupported for ages. --- README | 5 ++--- lib/puppet/parser/functions/debian_nextcodename.rb | 2 -- lib/puppet/parser/functions/debian_release_version.rb | 2 -- templates/Debian/sources.list.erb | 14 -------------- 4 files changed, 2 insertions(+), 21 deletions(-) (limited to 'README') diff --git a/README b/README index 90301be..b241739 100644 --- a/README +++ b/README @@ -130,9 +130,8 @@ Class parameters: * use_volatile - If this variable is set to true the Debian Volatile sources (until - Lenny) or CODENAME-updates (such as squeeze-updates, supported since - Squeeze) are added. + If this variable is set to true the CODENAME-updates sources (such as + squeeze-updates) are added. By default this is false for backward compatibility with older versions of this module. diff --git a/lib/puppet/parser/functions/debian_nextcodename.rb b/lib/puppet/parser/functions/debian_nextcodename.rb index 3d5c3bd..f3190ef 100644 --- a/lib/puppet/parser/functions/debian_nextcodename.rb +++ b/lib/puppet/parser/functions/debian_nextcodename.rb @@ -1,8 +1,6 @@ module Puppet::Parser::Functions newfunction(:debian_nextcodename, :type => :rvalue) do |args| case args[0] - when "etch" then "lenny" - when "lenny" then "squeeze" when "squeeze" then "wheezy" when "wheezy" then "jessie" when "jessie" then "sid" diff --git a/lib/puppet/parser/functions/debian_release_version.rb b/lib/puppet/parser/functions/debian_release_version.rb index 0abe90e..0a57fd3 100644 --- a/lib/puppet/parser/functions/debian_release_version.rb +++ b/lib/puppet/parser/functions/debian_release_version.rb @@ -1,8 +1,6 @@ module Puppet::Parser::Functions newfunction(:debian_release_version, :type => :rvalue) do |args| case args[0] - when 'etch' then '4.0' - when 'lenny' then '5.0' when 'squeeze' then '6.0' when 'wheezy' then '7.0' else '' diff --git a/templates/Debian/sources.list.erb b/templates/Debian/sources.list.erb index 49cf38c..65b5945 100644 --- a/templates/Debian/sources.list.erb +++ b/templates/Debian/sources.list.erb @@ -34,19 +34,12 @@ deb-src <%= backports_url %> <%= codename %>-backports <%= lrepos %> <% if (release == "testing" || release == "unstable" || release == "experimental") -%> # There is no volatile archive for <%= release %> <% else -%> -<% if (codename == "lenny" || codename == "etch") -%> -deb <%= volatile_url=scope.lookupvar('apt::volatile_url') %> <%= codename %>/volatile <%= lrepos %> -<% if include_src -%> -deb-src <%= volatile_url %> <%= codename %>/volatile <%= lrepos %> -<% end -%> -<% else -%> deb <%= debian_url %> <%= codename %>-updates <%= lrepos %> <% if include_src -%> deb-src <%= debian_url %> <%= codename %>-updates <%= lrepos %> <% end -%> <% end -%> <% end -%> -<% end -%> <% if next_release=scope.lookupvar('apt::use_next_release') -%> ### Debian next: <%= next_release=scope.lookupvar('apt::next_release') ; next_codename=scope.lookupvar('apt::next_codename') %> @@ -72,12 +65,6 @@ deb-src <%= security_url %> <%= next_codename %>/updates <%= lrepos %> <% if (next_release == "testing" || next_release == "unstable" || next_release == "experimental") -%> # There is no volatile archive for <%= next_release %> <% else -%> -<% if (next_codename == "lenny" || next_codename == "etch") -%> -deb <%= volatile_url %> <%= next_codename %>/volatile <%= lrepos %> -<% if include_src then -%> -deb-src <%= volatile_url %> <%= next_codename %>/volatile <%= lrepos %> -<% end -%> -<% else -%> deb <%= debian_url %> <%= next_codename %>-updates <%= lrepos %> <% if include_src then -%> deb-src <%= debian_url %> <%= next_codename %>-updates <%= lrepos %> @@ -85,4 +72,3 @@ deb-src <%= debian_url %> <%= next_codename %>-updates <%= lrepos %> <% end -%> <% end -%> <% end -%> -<% end -%> -- cgit v1.2.3 From 128410f64363f717fc0d5a13faf769843a0b733c Mon Sep 17 00:00:00 2001 From: intrigeri Date: Sun, 8 Dec 2013 22:00:22 +0000 Subject: Adapt documentation to take into account we haven't been supporting Lenny for more than a year. --- README | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'README') diff --git a/README b/README index b241739..0057d87 100644 --- a/README +++ b/README @@ -180,8 +180,8 @@ Class parameters: * custom_preferences - Since Debian Lenny's version of APT doesn't support the use of the - preferences.d directory for putting fragments of 'preferences', this + For historical reasons (Debian Lenny's version of APT did not support the use + of the preferences.d directory for putting fragments of 'preferences'), this module will manage a default generic apt/preferences file with more recent releases pinned to very low values so that any package installation will not accidentally pull in packages from those suites -- cgit v1.2.3 From 18a2525b7ab8f25790942e72774f118f94dbb0d1 Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Sat, 6 Dec 2014 12:14:50 -0500 Subject: Update the README to show that .list is optional for sources --- README | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'README') diff --git a/README b/README index 0057d87..0dec9d3 100644 --- a/README +++ b/README @@ -440,11 +440,13 @@ apt::sources_list Creates a file in the apt/sources.list.d directory to easily add additional apt sources. One can use either the 'source' meta-parameter to specify a list of static files to include from the puppet fileserver or the 'content' -meta-parameter to define content inline or with the help of a template. +meta-parameter to define content inline or with the help of a template. Ending +the resource name in '.list' is optional since this extension will +automatically be added to the created file. Example: - apt::sources_list { 'company_internals.list': + apt::sources_list { 'company_internals': source => [ "puppet:///modules/site_apt/${::fqdn}/company_internals.list", 'puppet:///modules/site_apt/company_internals.list' ], } -- cgit v1.2.3 From 54532e917965cba5989b3781071dd54af702752e Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Sat, 6 Dec 2014 21:55:20 -0500 Subject: rephrase documentation of option .list as suggested during review --- README | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'README') diff --git a/README b/README index 0dec9d3..2ebc1b7 100644 --- a/README +++ b/README @@ -441,8 +441,8 @@ Creates a file in the apt/sources.list.d directory to easily add additional apt sources. One can use either the 'source' meta-parameter to specify a list of static files to include from the puppet fileserver or the 'content' meta-parameter to define content inline or with the help of a template. Ending -the resource name in '.list' is optional since this extension will -automatically be added to the created file. +the resource name in '.list' is optional: it will be automatically added to the +file name if not present in the resource name. Example: -- cgit v1.2.3 From 85c7554c4bb06130ab3e88170842dc1b2ddbb186 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Sat, 7 Feb 2015 16:12:55 +0000 Subject: Add support for Squeeze LTS. --- README | 8 ++++++++ manifests/init.pp | 2 ++ manifests/params.pp | 2 ++ templates/Debian/preferences_squeeze.erb | 5 +++++ templates/Debian/sources.list.erb | 12 ++++++++++++ 5 files changed, 29 insertions(+) (limited to 'README') diff --git a/README b/README index 0057d87..5e5c7c5 100644 --- a/README +++ b/README @@ -128,6 +128,14 @@ Example usage: Class parameters: +* use_lts + + If this variable is set to true the CODENAME-lts sources (such as + squeeze-lts) are added. + + By default this is false for backward compatibility with older + versions of this module. + * use_volatile If this variable is set to true the CODENAME-updates sources (such as diff --git a/manifests/init.pp b/manifests/init.pp index 7550aaa..2814013 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -5,12 +5,14 @@ class apt( $codename = $apt::params::codename, + $use_lts = $apt::params::use_lts, $use_volatile = $apt::params::use_volatile, $include_src = $apt::params::include_src, $use_next_release = $apt::params::use_next_release, $debian_url = $apt::params::debian_url, $security_url = $apt::params::security_url, $backports_url = $apt::params::backports_url, + $lts_url = $apt::params::lts_url, $volatile_url = $apt::params::volatile_url, $ubuntu_url = $apt::params::ubuntu_url, $repos = $apt::params::repos, diff --git a/manifests/params.pp b/manifests/params.pp index 12273ac..54fd13e 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -1,5 +1,6 @@ class apt::params () { $codename = $::lsbdistcodename + $use_lts = false $use_volatile = false $include_src = false $use_next_release = false @@ -9,6 +10,7 @@ class apt::params () { 'wheezy' => $debian_url, default => 'http://backports.debian.org/debian-backports/', } + $lts_url = $debian_url $volatile_url = 'http://volatile.debian.org/debian-volatile/' $ubuntu_url = 'http://archive.ubuntu.com/ubuntu' $repos = 'auto' diff --git a/templates/Debian/preferences_squeeze.erb b/templates/Debian/preferences_squeeze.erb index efe7720..838b3a1 100644 --- a/templates/Debian/preferences_squeeze.erb +++ b/templates/Debian/preferences_squeeze.erb @@ -8,6 +8,11 @@ Package: * Pin: release o=Debian,n=<%= codename %>-updates Pin-Priority: 990 +Explanation: Debian <%= codename %>-lts +Package: * +Pin: release o=Debian,n=<%= codename %>-lts +Pin-Priority: 990 + Explanation: Debian <%= next_codename=scope.lookupvar('apt::next_codename') %> Package: * Pin: release o=Debian,n=<%= next_codename %> diff --git a/templates/Debian/sources.list.erb b/templates/Debian/sources.list.erb index 65b5945..7b99df6 100644 --- a/templates/Debian/sources.list.erb +++ b/templates/Debian/sources.list.erb @@ -41,6 +41,18 @@ deb-src <%= debian_url %> <%= codename %>-updates <%= lrepos %> <% end -%> <% end -%> +<% if use_lts=scope.lookupvar('apt::use_lts') -%> +# LTS +<% if release != "oldstable" -%> +# There is no LTS archive for <%= release %> +<% else -%> +deb <%= debian_url %> <%= codename %>-lts <%= lrepos %> +<% if include_src -%> +deb-src <%= debian_url %> <%= codename %>-lts <%= lrepos %> +<% end -%> +<% end -%> +<% end -%> + <% if next_release=scope.lookupvar('apt::use_next_release') -%> ### Debian next: <%= next_release=scope.lookupvar('apt::next_release') ; next_codename=scope.lookupvar('apt::next_codename') %> -- cgit v1.2.3 From 6f6e725e60f05a232ba6053cfc49ce1b219be7c7 Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Fri, 17 Apr 2015 16:43:26 -0400 Subject: Add parameter for blacklisting a list of packages. This functionality was lost because we stopped using a source file for the 50unattended-upgrades file that would previously let one override the configuration per release or per host. --- README | 4 ++++ manifests/unattended_upgrades.pp | 1 + templates/50unattended-upgrades.erb | 8 ++++++++ 3 files changed, 13 insertions(+) (limited to 'README') diff --git a/README b/README index 87b303a..9cf17d1 100644 --- a/README +++ b/README @@ -17,6 +17,10 @@ Ubuntu support is lagging behind but not absent either. ! Upgrade Notice ! + * If you were using custom 50unattended-upgrades.${::lsbdistcodename} in your + site_apt, these are no longer supported. You should migrate to passing + $blacklisted_packages to the apt::unattended_upgrades class. + * the apt class has been moved to a paramterized class. if you were including this class before, after passing some variables, you will need to move to instantiating the class with those variables instead. For example, if you diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp index 7e17333..9f74bbd 100644 --- a/manifests/unattended_upgrades.pp +++ b/manifests/unattended_upgrades.pp @@ -2,6 +2,7 @@ class apt::unattended_upgrades ( $config_content = undef, $mailonlyonerror = true, $mail_recipient = 'root', + $blacklisted_packages = [], ) { package { 'unattended-upgrades': diff --git a/templates/50unattended-upgrades.erb b/templates/50unattended-upgrades.erb index 318b69d..4492c2d 100644 --- a/templates/50unattended-upgrades.erb +++ b/templates/50unattended-upgrades.erb @@ -16,6 +16,14 @@ Unattended-Upgrade::Allowed-Origins { <% end -%> }; +<% if not @blacklisted_packages.empty? -%> +Unattended-Upgrade::Package-Blacklist { +<% @blacklisted_packages.each do |pkg| -%> + "<%= pkg %>"; +<% end -%> +} +<% end -%> + APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Download-Upgradeable-Packages "1"; APT::Periodic::Unattended-Upgrade "1"; -- cgit v1.2.3 From 25af635994f793238bb2f227984c157d5d4c7ddf Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Fri, 17 Apr 2015 16:45:35 -0400 Subject: Document unattended_upgrades class parameters --- README | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'README') diff --git a/README b/README index 9cf17d1..5c13fc4 100644 --- a/README +++ b/README @@ -374,6 +374,17 @@ apt::unattended_upgrades If this class is included, it will install the package 'unattended-upgrades' and configure it to daily upgrade the system. +The class has the following parameters that you can use to change the contents +of the configuration file. The values shown here are the default values: + + * $config_content = undef + * $mailonlyonerror = true + * $mail_recipient = 'root' + * $blacklisted_packages = [] + +Note that using $config_content actually specifies all of the configuration +contents and thus makes the other parameters useless. + Defines ======= -- cgit v1.2.3 From 95a68805a0ec1c175472f44b720c9f9ee7a57e45 Mon Sep 17 00:00:00 2001 From: Jerome Charaoui Date: Thu, 7 May 2015 18:35:53 -0400 Subject: Add upgrade notice about updated functions --- README | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'README') diff --git a/README b/README index 5c13fc4..8333be2 100644 --- a/README +++ b/README @@ -17,6 +17,10 @@ Ubuntu support is lagging behind but not absent either. ! Upgrade Notice ! + * Several parser functions have been updated: you need to restart your puppet + master, otherwise some nodes may keep on using an old, cached version! + (https://docs.puppetlabs.com/guides/custom_functions.html#gotchas) + * If you were using custom 50unattended-upgrades.${::lsbdistcodename} in your site_apt, these are no longer supported. You should migrate to passing $blacklisted_packages to the apt::unattended_upgrades class. -- cgit v1.2.3 From d007a403330c553d925b1b4888d93962a5f83f99 Mon Sep 17 00:00:00 2001 From: Jerome Charaoui Date: Mon, 11 May 2015 10:49:27 -0400 Subject: Replace debian_*() parser functions with facts * Removes dependency on lsb-release and/or Facter >1.7 (values are based on $::lsbdistcodename, when available) * Simplifies maintenance: only lib/facter/util/* require updates as new releases are made Caveats: * apt::codename is removed; to override debian_* facts, set the FACTER_debian_codename environment variable for puppet * If tracking unstable, make sure lsb-release is installed, as other methods can't tell between testing and unstable --- README | 22 +++++------- lib/facter/debian_codename.rb | 40 ++++++++++++++++++++++ lib/facter/debian_lts.rb | 14 ++++++++ lib/facter/debian_nextcodename.rb | 22 ++++++++++++ lib/facter/debian_nextrelease.rb | 23 +++++++++++++ lib/facter/debian_release.rb | 36 +++++++++++++++++++ lib/facter/ubuntu_codename.rb | 8 +++++ lib/facter/ubuntu_nextcodename.rb | 18 ++++++++++ lib/facter/util/debian.rb | 18 ++++++++++ lib/facter/util/ubuntu.rb | 20 +++++++++++ lib/puppet/parser/functions/debian_nextcodename.rb | 12 ------- lib/puppet/parser/functions/debian_nextrelease.rb | 11 ------ lib/puppet/parser/functions/debian_release.rb | 13 ------- .../parser/functions/debian_release_version.rb | 12 ------- manifests/apticron.pp | 2 +- manifests/init.pp | 16 --------- manifests/listchanges.pp | 2 +- manifests/params.pp | 3 +- manifests/preferences.pp | 4 +-- manifests/preseeded_package.pp | 2 +- templates/50unattended-upgrades.erb | 4 +-- templates/Debian/preferences_jessie.erb | 2 +- templates/Debian/preferences_lenny.erb | 6 ++-- templates/Debian/preferences_squeeze.erb | 4 +-- templates/Debian/preferences_wheezy.erb | 2 +- templates/Debian/sources.list.erb | 8 ++--- templates/Ubuntu/preferences_maverick.erb | 4 +-- templates/Ubuntu/sources.list.erb | 2 +- 28 files changed, 229 insertions(+), 101 deletions(-) create mode 100644 lib/facter/debian_codename.rb create mode 100644 lib/facter/debian_lts.rb create mode 100644 lib/facter/debian_nextcodename.rb create mode 100644 lib/facter/debian_nextrelease.rb create mode 100644 lib/facter/debian_release.rb create mode 100644 lib/facter/ubuntu_codename.rb create mode 100644 lib/facter/ubuntu_nextcodename.rb create mode 100644 lib/facter/util/debian.rb create mode 100644 lib/facter/util/ubuntu.rb delete mode 100644 lib/puppet/parser/functions/debian_nextcodename.rb delete mode 100644 lib/puppet/parser/functions/debian_nextrelease.rb delete mode 100644 lib/puppet/parser/functions/debian_release.rb delete mode 100644 lib/puppet/parser/functions/debian_release_version.rb (limited to 'README') diff --git a/README b/README index 8333be2..e554837 100644 --- a/README +++ b/README @@ -17,9 +17,11 @@ Ubuntu support is lagging behind but not absent either. ! Upgrade Notice ! - * Several parser functions have been updated: you need to restart your puppet - master, otherwise some nodes may keep on using an old, cached version! - (https://docs.puppetlabs.com/guides/custom_functions.html#gotchas) + * The apt::codename parameter has been removed. In its place, the + debian_codename fact may be overridden via an environment variable. This + will affect all other debian_* facts, and achieve the same result. + + FACTER_debian_codename=jessie puppet agent -t * If you were using custom 50unattended-upgrades.${::lsbdistcodename} in your site_apt, these are no longer supported. You should migrate to passing @@ -97,8 +99,9 @@ Requirements This module needs: -- the lsb module: git://labs.riseup.net/shared-lsb -- the common module: git://labs.riseup.net/shared-common +- the common module: https://gitlab.com/shared-puppet-modules-group/common +- the lsb module: https://gitlab.com/shared-puppet-modules-group/lsb + (optional but recommended, required on Ubuntu) By default, on normal hosts, this module sets the configuration option DSelect::Clean to 'auto'. On virtual servers, the value is set by default to @@ -225,15 +228,6 @@ Class parameters: class { 'apt': custom_sources_list => template('site_apt/sources.list') } -* codename - - Contains the codename ("squeeze", "wheezy", ...) of the client's release. While - these values come from lsb-release by default, this parameter can be set - manually, e.g. to enable forced upgrades. For example: - - include apt::dist_upgrade - class { 'apt': codename => 'wheezy', notify => Exec['apt_dist-upgrade'] } - * custom_key_dir If you have different apt-key files that you want to get added to your diff --git a/lib/facter/debian_codename.rb b/lib/facter/debian_codename.rb new file mode 100644 index 0000000..73eeea2 --- /dev/null +++ b/lib/facter/debian_codename.rb @@ -0,0 +1,40 @@ +begin + require 'facter/util/debian' +end + +def version_to_codename(version) + if Facter::Util::Debian::CODENAMES.has_key?(version) + return Facter::Util::Debian::CODENAMES[version] + else + Facter.warn("Could not determine codename from version '#{version}'") + end +end + +Facter.add(:debian_codename) do + has_weight 99 + confine :operatingsystem => 'Debian' + setcode do + Facter.value('lsbdistcodename') + end +end + +Facter.add(:debian_codename) do + has_weight 66 + confine :operatingsystem => 'Debian' + setcode do + version_to_codename(Facter.value('operatingsystemmajrelease')) + end +end + +Facter.add(:debian_codename) do + has_weight 33 + confine :operatingsystem => 'Debian' + setcode do + debian_version = File.open('/etc/debian_version', &:readline) + if debian_version.match(/^\d+/) + version_to_codename(version_to_codename.scan(/^(\d+)/)[0][0]) + elsif debian_version.match(/^[a-z]+\/(sid|unstable)/) + debian_version.scan(/^([a-z]+)\//)[0][0] + end + end +end diff --git a/lib/facter/debian_lts.rb b/lib/facter/debian_lts.rb new file mode 100644 index 0000000..1c137e1 --- /dev/null +++ b/lib/facter/debian_lts.rb @@ -0,0 +1,14 @@ +begin + require 'facter/util/debian' +end + +Facter.add(:debian_lts) do + confine :operatingsystem => 'Debian' + setcode do + if Facter::Util::Debian::LTS.include? Facter.value('debian_codename') + true + else + false + end + end +end diff --git a/lib/facter/debian_nextcodename.rb b/lib/facter/debian_nextcodename.rb new file mode 100644 index 0000000..755a0e5 --- /dev/null +++ b/lib/facter/debian_nextcodename.rb @@ -0,0 +1,22 @@ +begin + require 'facter/util/debian' +end + +def debian_codename_to_next(codename) + if codename == "sid" + return "experimental" + else + codenames = Facter::Util::Debian::CODENAMES.values.reverse + i = codenames.index(codename) + if i and i+1 < codenames.count + return codenames[i+1] + end + end +end + +Facter.add(:debian_nextcodename) do + confine :operatingsystem => 'Debian' + setcode do + debian_codename_to_next(Facter.value('debian_codename')) + end +end diff --git a/lib/facter/debian_nextrelease.rb b/lib/facter/debian_nextrelease.rb new file mode 100644 index 0000000..2a9c4f5 --- /dev/null +++ b/lib/facter/debian_nextrelease.rb @@ -0,0 +1,23 @@ +def debian_release_to_next(release) + releases = [ + 'oldoldoldstable', + 'oldoldstable', + 'oldstable', + 'stable', + 'testing', + 'unstable', + 'experimental', + ] + if releases.include? release + if releases.index(release)+1 < releases.count + return releases[releases.index(release)+1] + end + end +end + +Facter.add(:debian_nextrelease) do + confine :operatingsystem => 'Debian' + setcode do + debian_release_to_next(Facter.value('debian_release')) + end +end diff --git a/lib/facter/debian_release.rb b/lib/facter/debian_release.rb new file mode 100644 index 0000000..09e8eef --- /dev/null +++ b/lib/facter/debian_release.rb @@ -0,0 +1,36 @@ +begin + require 'facter/util/debian' +end + +def debian_codename_to_release(codename) + stable = Facter::Util::Debian::STABLE + versions = Facter::Util::Debian::CODENAMES.invert + release = nil + if codename == "sid" + release = "unstable" + elsif versions.has_key? codename + version = versions[codename].to_i + if version == stable + release = "stable" + elsif version < stable + release = "stable" + for i in version..stable - 1 + release = "old" + release + end + elsif version == stable + 1 + release = "testing" + end + end + if release.nil? + Facter.warn("Could not determine release from codename #{codename}!") + end + return release +end + +Facter.add(:debian_release) do + has_weight 99 + confine :operatingsystem => 'Debian' + setcode do + debian_codename_to_release(Facter.value('debian_codename')) + end +end diff --git a/lib/facter/ubuntu_codename.rb b/lib/facter/ubuntu_codename.rb new file mode 100644 index 0000000..814fd94 --- /dev/null +++ b/lib/facter/ubuntu_codename.rb @@ -0,0 +1,8 @@ +Facter.add(:ubuntu_codename) do + confine :operatingsystem => 'Ubuntu' + setcode do + Facter.value('lsbdistcodename') + end +end + + diff --git a/lib/facter/ubuntu_nextcodename.rb b/lib/facter/ubuntu_nextcodename.rb new file mode 100644 index 0000000..38b64ad --- /dev/null +++ b/lib/facter/ubuntu_nextcodename.rb @@ -0,0 +1,18 @@ +begin + require 'facter/util/ubuntu' +end + +def ubuntu_codename_to_next(codename) + codenames = Facter::Util::Ubuntu::CODENAMES + i = codenames.index(codename) + if i and i+1 < codenames.count + return codenames[i+1] + end +end + +Facter.add(:ubuntu_nextcodename) do + confine :operatingsystem => 'Ubuntu' + setcode do + ubuntu_codename_to_next(Facter.value('ubuntu_codename')) + end +end diff --git a/lib/facter/util/debian.rb b/lib/facter/util/debian.rb new file mode 100644 index 0000000..290c17b --- /dev/null +++ b/lib/facter/util/debian.rb @@ -0,0 +1,18 @@ +module Facter + module Util + module Debian + STABLE = 8 + CODENAMES = { + "5" => "lenny", + "6" => "squeeze", + "7" => "wheezy", + "8" => "jessie", + "9" => "stretch", + "10" => "buster", + } + LTS = [ + "squeeze", + ] + end + end +end diff --git a/lib/facter/util/ubuntu.rb b/lib/facter/util/ubuntu.rb new file mode 100644 index 0000000..1b2411a --- /dev/null +++ b/lib/facter/util/ubuntu.rb @@ -0,0 +1,20 @@ +module Facter + module Util + module Ubuntu + CODENAMES = [ + "lucid", + "maverick", + "natty", + "oneiric", + "precise", + "quantal", + "raring", + "saucy", + "trusty", + "utopic", + "vivid", + "wily", + ] + end + end +end diff --git a/lib/puppet/parser/functions/debian_nextcodename.rb b/lib/puppet/parser/functions/debian_nextcodename.rb deleted file mode 100644 index ee59612..0000000 --- a/lib/puppet/parser/functions/debian_nextcodename.rb +++ /dev/null @@ -1,12 +0,0 @@ -module Puppet::Parser::Functions - newfunction(:debian_nextcodename, :type => :rvalue) do |args| - case args[0] - when "squeeze" then "wheezy" - when "wheezy" then "jessie" - when "jessie" then "stretch" - when "stretch" then "sid" - when "sid" then "experimental" - else "sid" - end - end -end diff --git a/lib/puppet/parser/functions/debian_nextrelease.rb b/lib/puppet/parser/functions/debian_nextrelease.rb deleted file mode 100644 index 76c3e0d..0000000 --- a/lib/puppet/parser/functions/debian_nextrelease.rb +++ /dev/null @@ -1,11 +0,0 @@ -module Puppet::Parser::Functions - newfunction(:debian_nextrelease, :type => :rvalue) do |args| - case args[0] - when 'oldstable' then 'stable' - when 'stable' then 'testing' - when 'testing' then 'unstable' - when 'unstable' then 'experimental' - else 'unstable' - end - end -end diff --git a/lib/puppet/parser/functions/debian_release.rb b/lib/puppet/parser/functions/debian_release.rb deleted file mode 100644 index 3f24ad0..0000000 --- a/lib/puppet/parser/functions/debian_release.rb +++ /dev/null @@ -1,13 +0,0 @@ -module Puppet::Parser::Functions - newfunction(:debian_release, :type => :rvalue) do |args| - case args[0] - when 'squeeze' then 'oldoldstable' - when 'wheezy' then 'oldstable' - when 'jessie' then 'stable' - when 'stretch' then 'testing' - when 'sid' then 'unstable' - when 'experimental' then 'experimental' - else 'testing' - end - end -end diff --git a/lib/puppet/parser/functions/debian_release_version.rb b/lib/puppet/parser/functions/debian_release_version.rb deleted file mode 100644 index 32cafcb..0000000 --- a/lib/puppet/parser/functions/debian_release_version.rb +++ /dev/null @@ -1,12 +0,0 @@ -module Puppet::Parser::Functions - newfunction(:debian_release_version, :type => :rvalue) do |args| - case args[0] - when 'squeeze' then '6.0' - when 'wheezy' then '7.0' - when 'jessie' then '8.0' - when 'stretch' then '9.0' - when 'buster' then '10.0' - else '' - end - end -end diff --git a/manifests/apticron.pp b/manifests/apticron.pp index 54d7b71..9c94f9c 100644 --- a/manifests/apticron.pp +++ b/manifests/apticron.pp @@ -1,6 +1,6 @@ class apt::apticron( $ensure_version = 'installed', - $config = "apt/${::operatingsystem}/apticron_${::lsbdistcodename}.erb", + $config = "apt/${::operatingsystem}/apticron_${::debian_codename}.erb", $email = 'root', $diff_only = '1', $listchanges_profile = 'apticron', diff --git a/manifests/init.pp b/manifests/init.pp index 68856cc..5aaa13a 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -4,7 +4,6 @@ # See LICENSE for the full license granted to you. class apt( - $codename = $apt::params::codename, $use_lts = $apt::params::use_lts, $use_volatile = $apt::params::use_volatile, $include_src = $apt::params::include_src, @@ -41,21 +40,6 @@ class apt( require => undef, } - include lsb - - # init $release, $next_release, $next_codename, $release_version - case $codename { - 'n/a': { - fail("Unknown lsbdistcodename reported by facter: '$::lsbdistcodename', please fix this by setting this variable in your manifest.") - } - default: { - $release = debian_release($codename) - } - } - $release_version = debian_release_version($codename) - $next_codename = debian_nextcodename($codename) - $next_release = debian_nextrelease($release) - $sources_content = $custom_sources_list ? { '' => template( "apt/${::operatingsystem}/sources.list.erb"), default => $custom_sources_list diff --git a/manifests/listchanges.pp b/manifests/listchanges.pp index 0c163ae..e64bb1b 100644 --- a/manifests/listchanges.pp +++ b/manifests/listchanges.pp @@ -1,6 +1,6 @@ class apt::listchanges( $ensure_version = 'installed', - $config = "apt/${::operatingsystem}/listchanges_${::lsbdistcodename}.erb", + $config = "apt/${::operatingsystem}/listchanges_${::debian_codename}.erb", $frontend = 'mail', $email = 'root', $confirm = '0', diff --git a/manifests/params.pp b/manifests/params.pp index f977c27..da531db 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -1,12 +1,11 @@ class apt::params () { - $codename = $::lsbdistcodename $use_lts = false $use_volatile = false $include_src = false $use_next_release = false $debian_url = 'http://httpredir.debian.org/debian/' $security_url = 'http://security.debian.org/' - $backports_url = $::lsbdistcodename ? { + $backports_url = $::debian_codename ? { 'squeeze' => 'http://backports.debian.org/debian-backports/', default => $debian_url } diff --git a/manifests/preferences.pp b/manifests/preferences.pp index 9ed24c1..6982ca0 100644 --- a/manifests/preferences.pp +++ b/manifests/preferences.pp @@ -2,8 +2,8 @@ class apt::preferences { $pref_contents = $apt::custom_preferences ? { '' => $::operatingsystem ? { - 'debian' => template("apt/${::operatingsystem}/preferences_${apt::codename}.erb"), - 'ubuntu' => template("apt/${::operatingsystem}/preferences_${apt::codename}.erb"), + 'debian' => template("apt/${::operatingsystem}/preferences_${::debian_codename}.erb"), + 'ubuntu' => template("apt/${::operatingsystem}/preferences_${::ubuntu_codename}.erb"), }, default => $apt::custom_preferences } diff --git a/manifests/preseeded_package.pp b/manifests/preseeded_package.pp index 9bca8b1..3ef0687 100644 --- a/manifests/preseeded_package.pp +++ b/manifests/preseeded_package.pp @@ -4,7 +4,7 @@ define apt::preseeded_package ( ) { $seedfile = "/var/cache/local/preseeding/${name}.seeds" $real_content = $content ? { - '' => template ( "site_apt/${::lsbdistcodename}/${name}.seeds" ), + '' => template ( "site_apt/${::debian_codename}/${name}.seeds" ), default => $content } diff --git a/templates/50unattended-upgrades.erb b/templates/50unattended-upgrades.erb index 23c5c89..2afebfe 100644 --- a/templates/50unattended-upgrades.erb +++ b/templates/50unattended-upgrades.erb @@ -5,13 +5,13 @@ Unattended-Upgrade::Allowed-Origins { "${distro_id}:${distro_codename}-security"; "${distro_id}:${distro_codename}-updates"; "${distro_id}:${distro_codename}-backports"; -<% elsif scope.lookupvar('::operatingsystem') == 'Debian' and scope.lookupvar('::operatingsystemmajrelease') == 6 -%> +<% elsif scope.lookupvar('::operatingsystem') == 'Debian' and scope.lookupvar('::debian_codename') == 'squeeze' -%> Unattended-Upgrade::Allowed-Origins { "${distro_id}:oldoldstable"; "${distro_id}:squeeze-lts"; <% else -%> Unattended-Upgrade::Origins-Pattern { - "origin=Debian,archive=<%= scope.lookupvar('::apt::release') %>,label=Debian-Security"; + "origin=Debian,archive=<%= scope.lookupvar('::debian_release') %>,label=Debian-Security"; "origin=Debian,archive=${distro_codename}-lts"; <% end -%> }; diff --git a/templates/Debian/preferences_jessie.erb b/templates/Debian/preferences_jessie.erb index 4f8e95c..0888abe 100644 --- a/templates/Debian/preferences_jessie.erb +++ b/templates/Debian/preferences_jessie.erb @@ -1,4 +1,4 @@ -Explanation: Debian <%= codename=scope.lookupvar('apt::codename') %> +Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %> Package: * Pin: release o=Debian,n=<%= codename %> Pin-Priority: 990 diff --git a/templates/Debian/preferences_lenny.erb b/templates/Debian/preferences_lenny.erb index 5c3c829..6500168 100644 --- a/templates/Debian/preferences_lenny.erb +++ b/templates/Debian/preferences_lenny.erb @@ -1,6 +1,6 @@ -Explanation: Debian <%= codename=scope.lookupvar('apt::codename') %> +Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %> Package: * -Pin: release o=Debian,a=<%= scope.lookupvar('apt::release') %>,v=<%= scope.lookupvar('apt::release_version') %>* +Pin: release o=Debian,a=<%= scope.lookupvar('::debian_release') %>,v=5* Pin-Priority: 990 Explanation: Debian backports @@ -8,7 +8,7 @@ Package: * Pin: origin backports.debian.org Pin-Priority: 200 -Explanation: Debian <%= next_release=scope.lookupvar('apt::next_release') %> +Explanation: Debian <%= next_release=scope.lookupvar('::debian_nextrelease') %> Package: * Pin: release o=Debian,a=<%= next_release %> Pin-Priority: 2 diff --git a/templates/Debian/preferences_squeeze.erb b/templates/Debian/preferences_squeeze.erb index 838b3a1..885edc7 100644 --- a/templates/Debian/preferences_squeeze.erb +++ b/templates/Debian/preferences_squeeze.erb @@ -1,4 +1,4 @@ -Explanation: Debian <%= codename=scope.lookupvar('apt::codename') %> +Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %> Package: * Pin: release o=Debian,n=<%= codename %> Pin-Priority: 990 @@ -13,7 +13,7 @@ Package: * Pin: release o=Debian,n=<%= codename %>-lts Pin-Priority: 990 -Explanation: Debian <%= next_codename=scope.lookupvar('apt::next_codename') %> +Explanation: Debian <%= next_codename=scope.lookupvar('::debian_nextcodename') %> Package: * Pin: release o=Debian,n=<%= next_codename %> Pin-Priority: 2 diff --git a/templates/Debian/preferences_wheezy.erb b/templates/Debian/preferences_wheezy.erb index 0cc0e5c..106108d 100644 --- a/templates/Debian/preferences_wheezy.erb +++ b/templates/Debian/preferences_wheezy.erb @@ -1,4 +1,4 @@ -Explanation: Debian <%= codename=scope.lookupvar('apt::codename') %> +Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %> Package: * Pin: release o=Debian,n=<%= codename %> Pin-Priority: 990 diff --git a/templates/Debian/sources.list.erb b/templates/Debian/sources.list.erb index d043b70..8629626 100644 --- a/templates/Debian/sources.list.erb +++ b/templates/Debian/sources.list.erb @@ -1,7 +1,7 @@ # This file is managed by puppet # all local modifications will be overwritten -### Debian current: <%= codename=scope.lookupvar('apt::codename') %> +### Debian current: <%= codename=scope.lookupvar('::debian_codename') %> # basic deb <%= debian_url=scope.lookupvar('apt::debian_url') %> <%= codename %> <%= lrepos=scope.lookupvar('apt::real_repos') %> @@ -10,7 +10,7 @@ deb-src <%= debian_url %> <%= codename %> <%= lrepos %> <% end -%> # security -<% if ((release=scope.lookupvar('apt::release')) == "stable" || release == "oldstable") -%> +<% if ((release=scope.lookupvar('::debian_release')) == "stable" || release == "oldstable") -%> deb <%= security_url=scope.lookupvar('apt::security_url') %> <%= codename %>/updates <%= lrepos %> <% if include_src -%> deb-src <%= security_url %> <%= codename %>/updates <%= lrepos %> @@ -43,7 +43,7 @@ deb-src <%= debian_url %> <%= codename %>-updates <%= lrepos %> <% if use_lts=scope.lookupvar('apt::use_lts') -%> # LTS -<% if release != "oldoldstable" -%> +<% if release_lts=scope.lookupvar('::debian_lts') == "false" -%> # There is no LTS archive for <%= release %> <% else -%> deb <%= debian_url %> <%= codename %>-lts <%= lrepos %> @@ -54,7 +54,7 @@ deb-src <%= debian_url %> <%= codename %>-lts <%= lrepos %> <% end -%> <% if next_release=scope.lookupvar('apt::use_next_release') -%> -### Debian next: <%= next_release=scope.lookupvar('apt::next_release') ; next_codename=scope.lookupvar('apt::next_codename') %> +### Debian next: <%= next_release=scope.lookupvar('::debian_nextrelease') ; next_codename=scope.lookupvar('::debian_nextcodename') %> # basic deb <%= debian_url %> <%= next_codename %> <%= lrepos %> diff --git a/templates/Ubuntu/preferences_maverick.erb b/templates/Ubuntu/preferences_maverick.erb index 801ddd4..8e5481d 100644 --- a/templates/Ubuntu/preferences_maverick.erb +++ b/templates/Ubuntu/preferences_maverick.erb @@ -1,4 +1,4 @@ -Explanation: Ubuntu <%= codename=scope.lookupvar('apt::codename') %> security +Explanation: Ubuntu <%= codename=scope.lookupvar('::ubuntu_codename') %> security Package: * Pin: release o=Ubuntu,a=<%= codename %>-security Pin-Priority: 990 @@ -18,7 +18,7 @@ Package: * Pin: release a=<%= codename %>-backports Pin-Priority: 200 -Explanation: Ubuntu <%= next_release=scope.lookupvar('apt::next_release') %> +Explanation: Ubuntu <%= next_release=scope.lookupvar('::ubuntu_nextcodename') %> Package: * Pin: release o=Ubuntu,a=<%= next_release %> Pin-Priority: 2 diff --git a/templates/Ubuntu/sources.list.erb b/templates/Ubuntu/sources.list.erb index 8d2585d..e68399b 100644 --- a/templates/Ubuntu/sources.list.erb +++ b/templates/Ubuntu/sources.list.erb @@ -1,7 +1,7 @@ # This file is managed by puppet # all local modifications will be overwritten -# basic <%= codename=scope.lookupvar('apt::codename') %> +# basic <%= codename=scope.lookupvar('::ubuntu_codename') %> deb <%= ubuntu_url=scope.lookupvar('apt::ubuntu_url') %> <%= codename %> <%= lrepos=scope.lookupvar('apt::real_repos') %> <% if include_src=scope.lookupvar('apt::include_src') -%> deb-src <%= ubuntu_url %> <%= codename %> <%= lrepos %> -- cgit v1.2.3 From 33acc00e5c6d8ab18f2992cccc8ee036b4d7771d Mon Sep 17 00:00:00 2001 From: Antoine Beaupré Date: Thu, 11 Jun 2015 10:07:47 -0400 Subject: add apt::key resource to deploy arbitrary keys the rationale of this is that isn't useful for third party modules, because they cannot inject keys in there without some serious apt class hijacking --- README | 17 +++++++++++++++++ manifests/key.pp | 13 +++++++++++++ 2 files changed, 30 insertions(+) create mode 100644 manifests/key.pp (limited to 'README') diff --git a/README b/README index 8333be2..835db79 100644 --- a/README +++ b/README @@ -478,6 +478,23 @@ Example: 'puppet:///modules/site_apt/company_internals.list' ], } +apt::key +-------- + +Deploys a secure apt OpenPGP key. This usually accompanies the +sources.list snippets above for third party repositories. For example, +you would do: + + apt::key { 'neurodebian.key': + source => 'puppet:///modules/site_apt/neurodebian.key', + } + +This deploys the key in the `${apt_base_dir}/keys` directory (as +opposed to `$custom_key_dir` which deploys it in `keys.d`). The reason +this exists on top of `$custom_key_dir` is to allow a more +decentralised distribution of those keys, without having all modules +throw their keys in the same directory in the manifests. + apt::upgrade_package -------------------- diff --git a/manifests/key.pp b/manifests/key.pp new file mode 100644 index 0000000..0ef9721 --- /dev/null +++ b/manifests/key.pp @@ -0,0 +1,13 @@ +define apt::key ($source) { + file { + "${apt::apt_base_dir}/${name}": + source => $source; + "${apt::apt_base_dir}/keys": + ensure => directory; + } + exec { "apt-key add ${apt::apt_base_dir}/${name}": + subscribe => File["${apt::apt_base_dir}/${name}"], + refreshonly => true, + notify => Exec['refresh_apt'], + } +} -- cgit v1.2.3 From 891aa0fbbed87e24322da7d3a80514f1bf94f0ac Mon Sep 17 00:00:00 2001 From: Antoine Beaupré Date: Thu, 11 Jun 2015 10:21:56 -0400 Subject: allow for binary keys that can be removed --- README | 25 +++++++++++++++++++++++-- manifests/key.pp | 15 +++++---------- manifests/key/plain.pp | 13 +++++++++++++ 3 files changed, 41 insertions(+), 12 deletions(-) create mode 100644 manifests/key/plain.pp (limited to 'README') diff --git a/README b/README index 835db79..d2cb71b 100644 --- a/README +++ b/README @@ -485,8 +485,25 @@ Deploys a secure apt OpenPGP key. This usually accompanies the sources.list snippets above for third party repositories. For example, you would do: - apt::key { 'neurodebian.key': - source => 'puppet:///modules/site_apt/neurodebian.key', + apt::key { 'neurodebian.gpg': + ensure => present, + source => 'puppet:///modules/site_apt/neurodebian.gpg', + } + +This deploys the key in the `/etc/apt/trusted.gpg.d` directory, which +is assumed by secure apt to be binary OpenPGP keys and *not* +"ascii-armored" or "plain text" OpenPGP key material. For the latter, +use `apt::key::plain`. + +apt::key::plain +--------------- + +Deploys a secure apt OpenPGP key. This usually accompanies the +sources.list snippets above for third party repositories. For example, +you would do: + + apt::key::asc { 'neurodebian.asc': + source => 'puppet:///modules/site_apt/neurodebian.asc', } This deploys the key in the `${apt_base_dir}/keys` directory (as @@ -495,6 +512,10 @@ this exists on top of `$custom_key_dir` is to allow a more decentralised distribution of those keys, without having all modules throw their keys in the same directory in the manifests. +Note that this model does *not* currently allow keys to be removed! +Use `apt::key` instead for a more practical, revokable approach, but +that needs binary keys. + apt::upgrade_package -------------------- diff --git a/manifests/key.pp b/manifests/key.pp index 0ef9721..3f9660f 100644 --- a/manifests/key.pp +++ b/manifests/key.pp @@ -1,13 +1,8 @@ -define apt::key ($source) { +define apt::key ($ensure => 'present', $source) { file { - "${apt::apt_base_dir}/${name}": - source => $source; - "${apt::apt_base_dir}/keys": - ensure => directory; - } - exec { "apt-key add ${apt::apt_base_dir}/${name}": - subscribe => File["${apt::apt_base_dir}/${name}"], - refreshonly => true, - notify => Exec['refresh_apt'], + "/etc/apt/trusted.gpg.d/$name": + source => $source, + ensure => $ensure, + notify => Exec['refresh_apt'], } } diff --git a/manifests/key/plain.pp b/manifests/key/plain.pp new file mode 100644 index 0000000..a84e6dd --- /dev/null +++ b/manifests/key/plain.pp @@ -0,0 +1,13 @@ +define apt::key::plain ($source) { + file { + "${apt::apt_base_dir}/${name}": + source => $source; + "${apt::apt_base_dir}/keys": + ensure => directory; + } + exec { "apt-key add ${apt::apt_base_dir}/${name}": + subscribe => File["${apt::apt_base_dir}/${name}"], + refreshonly => true, + notify => Exec['refresh_apt'], + } +} -- cgit v1.2.3 From ae0570dee6b46081c1e58d0f3cb2263caf55d667 Mon Sep 17 00:00:00 2001 From: Antoine Beaupré Date: Wed, 26 Aug 2015 23:25:16 -0400 Subject: fix typo --- README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'README') diff --git a/README b/README index d2cb71b..bcec047 100644 --- a/README +++ b/README @@ -502,7 +502,7 @@ Deploys a secure apt OpenPGP key. This usually accompanies the sources.list snippets above for third party repositories. For example, you would do: - apt::key::asc { 'neurodebian.asc': + apt::key::plain { 'neurodebian.asc': source => 'puppet:///modules/site_apt/neurodebian.asc', } -- cgit v1.2.3 From 544796e0502e1377fc374bc9092a0ae8d8392be0 Mon Sep 17 00:00:00 2001 From: Antoine Beaupré Date: Wed, 26 Aug 2015 23:29:11 -0400 Subject: document the .gpg extension requirement --- README | 2 ++ 1 file changed, 2 insertions(+) (limited to 'README') diff --git a/README b/README index bcec047..85cf6df 100644 --- a/README +++ b/README @@ -495,6 +495,8 @@ is assumed by secure apt to be binary OpenPGP keys and *not* "ascii-armored" or "plain text" OpenPGP key material. For the latter, use `apt::key::plain`. +The `.gpg` extension is compulsory for `apt` to pickup the key properly. + apt::key::plain --------------- -- cgit v1.2.3 From 5f7232b420e02eaa38c14a7be75034d9b3cdd64b Mon Sep 17 00:00:00 2001 From: intrigeri Date: Mon, 31 Aug 2015 10:00:09 +0000 Subject: Add validation for apt::key's name. It's great to document requirements in README, but error'ing out whenever the user messes up is even better IMO. --- README | 1 + manifests/key.pp | 5 +++++ 2 files changed, 6 insertions(+) (limited to 'README') diff --git a/README b/README index 85cf6df..1a83ac9 100644 --- a/README +++ b/README @@ -99,6 +99,7 @@ This module needs: - the lsb module: git://labs.riseup.net/shared-lsb - the common module: git://labs.riseup.net/shared-common +- the stdlib module: https://forge.puppetlabs.com/puppetlabs/stdlib By default, on normal hosts, this module sets the configuration option DSelect::Clean to 'auto'. On virtual servers, the value is set by default to diff --git a/manifests/key.pp b/manifests/key.pp index 7be526e..65b62e9 100644 --- a/manifests/key.pp +++ b/manifests/key.pp @@ -1,4 +1,9 @@ define apt::key ($source, $ensure = 'present') { + validate_re( + $name, '\.gpg$', + 'An apt::key resource name must have the .gpg extension', + ) + file { "/etc/apt/trusted.gpg.d/${name}": ensure => $ensure, -- cgit v1.2.3 From 99fe7db72135c8bca025a5870e693689b8803d94 Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Fri, 9 Oct 2015 17:18:57 -0400 Subject: Document the new config_template parameter Also add an example for how to use the apt::unattended_upgrades class. --- README | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'README') diff --git a/README b/README index 7dfe0d1..45e0797 100644 --- a/README +++ b/README @@ -376,6 +376,7 @@ The class has the following parameters that you can use to change the contents of the configuration file. The values shown here are the default values: * $config_content = undef + * $config_template = 'apt/50unattended-upgrades.erb' * $mailonlyonerror = true * $mail_recipient = 'root' * $blacklisted_packages = [] @@ -383,6 +384,16 @@ of the configuration file. The values shown here are the default values: Note that using $config_content actually specifies all of the configuration contents and thus makes the other parameters useless. +example: + + class { 'apt::unattended_upgrades': + config_template => 'site_apt/50unattended-upgrades.jessie', + blacklisted_packages => [ + 'libc6', 'libc6-dev', 'libc6-i686', 'mysql-server', 'redmine', 'nodejs', + 'bird' + ], + } + Defines ======= -- cgit v1.2.3 From 2942cd0dd88ec3a1d38197d148af9952a397b67c Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Fri, 4 Dec 2015 14:29:36 -0500 Subject: remove requirement on lsb package for sources.list file Managing requirements for installing the lsb package has proven over time to make no sense. The best approach to this is to require lsb-release to be installed alongside puppet, since otherwise there are so much facts that get no value during the run and you end up needing to run puppet twice to get the real end result. Also, since we're not including a class that is actually installing the 'lsb' package, that require line makes it so that including the apt module doesn't work, and there's no documentation in the README about needing to provide a package{'lsb':} resource with the apt class. Because of all that, it makes more sense to just get rid of that require line and mark lsb as a pre-requirement in the README file. --- README | 4 ++-- manifests/init.pp | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) (limited to 'README') diff --git a/README b/README index 45e0797..e46a3c7 100644 --- a/README +++ b/README @@ -99,9 +99,9 @@ Requirements This module needs: +- the lsb-release package should be installed on the server prior to running + puppet. otherwise, all of the $::lsb* facts will be empty during runs. - the common module: https://gitlab.com/shared-puppet-modules-group/common -- the lsb module: https://gitlab.com/shared-puppet-modules-group/lsb - (optional but recommended, required on Ubuntu) By default, on normal hosts, this module sets the configuration option DSelect::Clean to 'auto'. On virtual servers, the value is set by default to diff --git a/manifests/init.pp b/manifests/init.pp index 2660612..6732ade 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -50,7 +50,6 @@ class apt( # additional sources should be included via the apt::sources_list define '/etc/apt/sources.list': content => $sources_content, - require => Package['lsb'], notify => Exec['refresh_apt'], owner => root, group => 0, -- cgit v1.2.3 From 6b27efb4346e61280f041b63dd8df7ad1f2e7f81 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 7 Dec 2015 00:22:50 +0100 Subject: Add inital puppet rspec test for custom facts --- .gitignore | 12 ++++++++ Gemfile | 37 +++++++++++++++++++++++ README | 8 +++++ Rakefile | 19 ++++++++++++ spec/spec_helper.rb | 12 ++++++++ spec/unit/custom_facts_spec.rb | 67 ++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 155 insertions(+) create mode 100644 .gitignore create mode 100644 Gemfile create mode 100644 Rakefile create mode 100644 spec/spec_helper.rb create mode 100644 spec/unit/custom_facts_spec.rb (limited to 'README') diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a54aa97 --- /dev/null +++ b/.gitignore @@ -0,0 +1,12 @@ +/pkg/ +/Gemfile.lock +/vendor/ +/spec/fixtures/manifests/* +/spec/fixtures/modules/* +!/spec/fixtures/modules/apt +!/spec/fixtures/modules/apt/* +/.vagrant/ +/.bundle/ +/coverage/ +/.idea/ +*.iml diff --git a/Gemfile b/Gemfile new file mode 100644 index 0000000..4033611 --- /dev/null +++ b/Gemfile @@ -0,0 +1,37 @@ +source "https://rubygems.org" + +def location_for(place, fake_version = nil) + if place =~ /^(git[:@][^#]*)#(.*)/ + [fake_version, { :git => $1, :branch => $2, :require => false }].compact + elsif place =~ /^file:\/\/(.*)/ + ['>= 0', { :path => File.expand_path($1), :require => false }] + else + [place, { :require => false }] + end +end + + +group :test do + gem "rake" + gem "rspec", '< 3.2.0' + gem "rspec-puppet" + gem "puppetlabs_spec_helper" + gem "metadata-json-lint" + gem "rspec-puppet-facts" + gem "mocha" +end + +facterversion = ENV['GEM_FACTER_VERSION'] || ENV['FACTER_GEM_VERSION'] +if facterversion + gem 'facter', *location_for(facterversion) +else + gem 'facter', :require => false +end + +puppetversion = ENV['GEM_PUPPET_VERSION'] || ENV['PUPPET_GEM_VERSION'] +if puppetversion + gem 'puppet', *location_for(puppetversion) +else + gem 'puppet', :require => false +end + diff --git a/README b/README index e46a3c7..e08cc5b 100644 --- a/README +++ b/README @@ -568,6 +568,14 @@ make sure APT indexes are up-to-date before a package upgrade is attempted, but don't want "apt-get update" to happen on every Puppet run. +Tests +===== + +To run pupept rspec tests: + + bundle install --path vendor/bundle + bundle exec rake spec + Licensing ========= diff --git a/Rakefile b/Rakefile new file mode 100644 index 0000000..85326bb --- /dev/null +++ b/Rakefile @@ -0,0 +1,19 @@ +require 'puppetlabs_spec_helper/rake_tasks' +require 'puppet-lint/tasks/puppet-lint' +PuppetLint.configuration.send('disable_80chars') +PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"] + +desc "Validate manifests, templates, and ruby files" +task :validate do + Dir['manifests/**/*.pp'].each do |manifest| + sh "puppet parser validate --noop #{manifest}" + end + Dir['spec/**/*.rb','lib/**/*.rb'].each do |ruby_file| + sh "ruby -c #{ruby_file}" unless ruby_file =~ /spec\/fixtures/ + end + Dir['templates/**/*.erb'].each do |template| + sh "erb -P -x -T '-' #{template} | ruby -c" + end +end + +task :test => [:lint, :syntax , :validate, :spec] diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb new file mode 100644 index 0000000..21d1a98 --- /dev/null +++ b/spec/spec_helper.rb @@ -0,0 +1,12 @@ +# https://puppetlabs.com/blog/testing-modules-in-the-puppet-forge +require 'rspec-puppet' +require 'mocha/api' + +RSpec.configure do |c| + + c.module_path = File.expand_path(File.join(File.dirname(__FILE__), '..', '..')) + c.color = true + + #Puppet.features.stubs(:root? => true) + +end diff --git a/spec/unit/custom_facts_spec.rb b/spec/unit/custom_facts_spec.rb new file mode 100644 index 0000000..2d36bd7 --- /dev/null +++ b/spec/unit/custom_facts_spec.rb @@ -0,0 +1,67 @@ +require "spec_helper" + +describe "Facter::Util::Fact" do + before { + Facter.clear + } + + describe 'custom facts' do + + context 'Debian 7' do + before do + Facter.fact(:operatingsystem).stubs(:value).returns("Debian") + Facter.fact(:operatingsystemrelease).stubs(:value).returns("7.8") + Facter.fact(:lsbdistcodename).stubs(:value).returns("wheezy") + end + + it "debian_release = oldstable" do + expect(Facter.fact(:debian_release).value).to eq('oldstable') + end + + it "debian_codename = wheezy" do + expect(Facter.fact(:debian_codename).value).to eq('wheezy') + end + end + + context 'Debian 8' do + before do + Facter.fact(:operatingsystem).stubs(:value).returns("Debian") + Facter.fact(:operatingsystemrelease).stubs(:value).returns("8.0") + Facter.fact(:lsbdistcodename).stubs(:value).returns("jessie") + end + + it "debian_release = stable" do + expect(Facter.fact(:debian_release).value).to eq('stable') + end + + it "debian_codename = jessie" do + expect(Facter.fact(:debian_codename).value).to eq('jessie') + end + end + + context 'Ubuntu 15.10' do + before do + Facter.fact(:operatingsystem).stubs(:value).returns("Ubuntu") + Facter.fact(:operatingsystemrelease).stubs(:value).returns("15.10") + Facter.fact(:lsbdistcodename).stubs(:value).returns("Vivid") + end + + it "ubuntu_codename = Vivid" do + expect(Facter.fact(:ubuntu_codename).value).to eq('Vivid') + end + end + + end + + describe "Test 'apt_running' fact" do + it "should return true when apt-get is running" do + Facter::Util::Resolution.stubs(:exec).with("pgrep apt-get >/dev/null 2>&1 && echo true || echo false").returns("true") + expect(Facter.fact(:apt_running).value).to eq('true') + end + it "should return false when apt-get is not running" do + Facter::Util::Resolution.stubs(:exec).with("pgrep apt-get >/dev/null 2>&1 && echo true || echo false").returns("false") + expect(Facter.fact(:apt_running).value).to eq('false') + end + end + +end -- cgit v1.2.3 From bf4daa73b11fe7d7db49a6f863d8e850288c57e8 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 7 Dec 2015 14:36:48 +0100 Subject: [docs] Add test docs how to use custom facter/puppet version --- README | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'README') diff --git a/README b/README index e08cc5b..410201d 100644 --- a/README +++ b/README @@ -576,6 +576,10 @@ To run pupept rspec tests: bundle install --path vendor/bundle bundle exec rake spec +Using different facter/puppet versions: + + FACTER_GEM_VERSION=1.6.10 PUPPET_GEM_VERSION=2.7.23 bundle install --path vendor/bundle + bundle exec rake spec Licensing ========= -- cgit v1.2.3 From f12b007edd557e91359fd9a5fba57f49e4a59a04 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 26 Jan 2016 14:42:17 +0100 Subject: [refactor] Unify `apt-get update` into one resource Before, there were two Execs that did an `apt-get update`, `Exec[refresh_apt]` and `Exec[apt_updated]`, which were triggered by different resources. This changes gets rid of the first one, and all resources now depend on `Exec[apt_updated]`. --- README | 38 +++++++++++++++++++------------------- manifests/apt_conf.pp | 2 +- manifests/dist_upgrade.pp | 11 +---------- manifests/dot_d_directories.pp | 11 ++--------- manifests/init.pp | 14 +++++++++++++- manifests/key.pp | 2 +- manifests/key/plain.pp | 2 +- manifests/preferences_snippet.pp | 2 +- manifests/sources_list.pp | 2 +- manifests/update.pp | 12 +++--------- 10 files changed, 43 insertions(+), 53 deletions(-) (limited to 'README') diff --git a/README b/README index 410201d..e097a7e 100644 --- a/README +++ b/README @@ -17,6 +17,14 @@ Ubuntu support is lagging behind but not absent either. ! Upgrade Notice ! + * The `disable_update` parameter has been removed. The main apt class + defaults to *not* run an `apt-get update` on every run anyway so this + parameter seems useless. + You can include the `apt::update` class if you want it to be run every time. + + * The `apt::upgrade_package` now doesn't automatically call an Exec['apt_updated'] + anymore, so you would need to include `apt::update` now by hand. + * The apt::codename parameter has been removed. In its place, the debian_codename fact may be overridden via an environment variable. This will affect all other debian_* facts, and achieve the same result. @@ -188,15 +196,6 @@ Class parameters: If this variable is set the default repositories list ("main contrib non-free") is overriden. -* disable_update - - Disable "apt-get update" which is normally triggered by apt::upgrade_package - and apt::dist_upgrade. - - Note that nodes can be updated once a day by using - APT::Periodic::Update-Package-Lists "1"; - in i.e. /etc/apt/apt.conf.d/80_apt_update_daily. - * custom_preferences For historical reasons (Debian Lenny's version of APT did not support the use @@ -296,9 +295,6 @@ classes may inherit from this one and add to its subscription list using the plusignment ('+>') operator. A real-world example can be seen in the apt::dist_upgrade::initiator source. -When this class is included the APT indexes are updated on every -Puppet run due to the author's lack of Puppet wizardry. - apt::dist_upgrade::initiator ---------------------------- @@ -555,18 +551,22 @@ Exec['apt_updated'] ------------------- After this point the APT indexes are up-to-date. +This resource is set to `refreshonly => true` so it is not run on +every puppetrun. To run this every time, you can include the `apt::update` +class. This resource is usually used like this to ensure current packages are installed by Package resources: - include apt::update - Package { require => Exec['apt_updated'] } + include apt::update + Package { require => Exec['apt_updated'] } + +Note that nodes can be updated once a day by using + + APT::Periodic::Update-Package-Lists "1"; + +in i.e. /etc/apt/apt.conf.d/80_apt_update_daily. -Please note that the apt::upgrade_package define automatically uses -this resource so you don't have to manage this yourself if you need to -make sure APT indexes are up-to-date before a package upgrade is -attempted, but don't want "apt-get update" to happen on every Puppet -run. Tests ===== diff --git a/manifests/apt_conf.pp b/manifests/apt_conf.pp index f446c69..949f615 100644 --- a/manifests/apt_conf.pp +++ b/manifests/apt_conf.pp @@ -38,7 +38,7 @@ define apt::apt_conf( if $refresh_apt { File["/etc/apt/apt.conf.d/${name}"] { - notify => Exec['refresh_apt'], + notify => Exec['apt_updated'], } } diff --git a/manifests/dist_upgrade.pp b/manifests/dist_upgrade.pp index bf78dcc..19c031e 100644 --- a/manifests/dist_upgrade.pp +++ b/manifests/dist_upgrade.pp @@ -1,18 +1,9 @@ class apt::dist_upgrade { - if $apt::disable_update == false { - include apt::update - } - - $req = $apt::disable_update ? { - true => undef, - default => Exec['apt_updated'], - } - exec { 'apt_dist-upgrade': command => '/usr/bin/apt-get -q -y -o \'DPkg::Options::=--force-confold\' dist-upgrade', refreshonly => true, - require => $req + before => Exec['apt_updated'] } } diff --git a/manifests/dot_d_directories.pp b/manifests/dot_d_directories.pp index 37c3fc8..0ace863 100644 --- a/manifests/dot_d_directories.pp +++ b/manifests/dot_d_directories.pp @@ -5,18 +5,11 @@ class apt::dot_d_directories { '/etc/apt/apt.conf.d': ensure => directory, checksum => mtime, - notify => Exec['refresh_apt']; + notify => Exec['apt_updated']; '/etc/apt/sources.list.d': ensure => directory, checksum => mtime, - notify => Exec['refresh_apt']; - } - - exec { - # "&& sleep 1" is workaround for older(?) clients - 'refresh_apt': - command => '/usr/bin/apt-get update && sleep 1', - refreshonly => true, + notify => Exec['apt_updated']; } } diff --git a/manifests/init.pp b/manifests/init.pp index 1e7ddd7..f9f9357 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -50,7 +50,7 @@ class apt( # additional sources should be included via the apt::sources_list define '/etc/apt/sources.list': content => $sources_content, - notify => Exec['refresh_apt'], + notify => Exec['apt_updated'], owner => root, group => 0, mode => '0644'; @@ -137,4 +137,16 @@ class apt( # workaround for preseeded_package component file { [ '/var/cache', '/var/cache/local', '/var/cache/local/preseeding' ]: ensure => directory } + + exec { 'update_apt': + command => '/usr/bin/apt-get update && /usr/bin/apt-get autoclean', + require => [ + File['/etc/apt/apt.conf.d', '/etc/apt/preferences' ], + File['/etc/apt/sources.list'] ], + loglevel => 'info', + refreshonly => true, + # Another Semaphor for all packages to reference + alias => [ 'apt_updated', 'refresh_apt'] + } + } diff --git a/manifests/key.pp b/manifests/key.pp index 65b62e9..cb70ec6 100644 --- a/manifests/key.pp +++ b/manifests/key.pp @@ -8,6 +8,6 @@ define apt::key ($source, $ensure = 'present') { "/etc/apt/trusted.gpg.d/${name}": ensure => $ensure, source => $source, - notify => Exec['refresh_apt'], + notify => Exec['apt_updated'], } } diff --git a/manifests/key/plain.pp b/manifests/key/plain.pp index e4a2f89..dff8b51 100644 --- a/manifests/key/plain.pp +++ b/manifests/key/plain.pp @@ -8,6 +8,6 @@ define apt::key::plain ($source) { exec { "apt-key add '${apt::apt_base_dir}/keys/${name}'": subscribe => File["${apt::apt_base_dir}/keys/${name}"], refreshonly => true, - notify => Exec['refresh_apt'], + notify => Exec['apt_updated'], } } diff --git a/manifests/preferences_snippet.pp b/manifests/preferences_snippet.pp index 99feac4..b7dba0d 100644 --- a/manifests/preferences_snippet.pp +++ b/manifests/preferences_snippet.pp @@ -32,7 +32,7 @@ define apt::preferences_snippet ( file { "/etc/apt/preferences.d/${name}": ensure => $ensure, owner => root, group => 0, mode => '0644', - before => Exec['refresh_apt']; + before => Exec['apt_updated']; } case $source { diff --git a/manifests/sources_list.pp b/manifests/sources_list.pp index aefad2d..0ee068d 100644 --- a/manifests/sources_list.pp +++ b/manifests/sources_list.pp @@ -23,7 +23,7 @@ define apt::sources_list ( file { "/etc/apt/sources.list.d/${realname}.list": ensure => $ensure, owner => root, group => 0, mode => '0644', - notify => Exec['refresh_apt'], + notify => Exec['apt_updated'], } if $source { diff --git a/manifests/update.pp b/manifests/update.pp index 3f45125..dde8320 100644 --- a/manifests/update.pp +++ b/manifests/update.pp @@ -1,13 +1,7 @@ -class apt::update { +class apt::update inherits ::apt { - exec { 'update_apt': - command => '/usr/bin/apt-get update && /usr/bin/apt-get autoclean', - require => [ - File['/etc/apt/apt.conf.d', '/etc/apt/preferences' ], - File['/etc/apt/sources.list'] ], - loglevel => info, - # Another Semaphor for all packages to reference - alias => 'apt_updated' + Exec['update_apt'] { + refreshonly => false } } -- cgit v1.2.3