From 88bfe5fbab79b23a3f1d19c6283bdb2efd28598e Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 20 Jun 2013 15:32:51 -0400 Subject: fix for the following: warning: Dynamic lookup of $custom_preferences at modules/apt/manifests/preferences_snippet.pp:16 is deprecated. For more information, see http://docs.puppetlabs.com/guides/scope_and_puppet.html. To see the change in behavior, use the --debug flag. --- manifests/preferences_snippet.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/preferences_snippet.pp b/manifests/preferences_snippet.pp index 5ae748b..cbc83d2 100644 --- a/manifests/preferences_snippet.pp +++ b/manifests/preferences_snippet.pp @@ -13,7 +13,7 @@ define apt::preferences_snippet ( } if $ensure == 'present' { - if $custom_preferences == false { + if $apt::custom_preferences == false { fail('Trying to define a preferences_snippet with $custom_preferences set to false.') } -- cgit v1.2.3 From f11e3d475345059220402a44a97da491c85d2b5a Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 25 Jun 2013 11:31:22 -0400 Subject: remove unnecessary before dependency on the /etc/apt/preferences file in unattended_upgrades.pp --- manifests/unattended_upgrades.pp | 6 ------ 1 file changed, 6 deletions(-) (limited to 'manifests') diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp index b9d19c3..3492e5f 100644 --- a/manifests/unattended_upgrades.pp +++ b/manifests/unattended_upgrades.pp @@ -18,10 +18,4 @@ class apt::unattended_upgrades { Apt_conf['50unattended-upgrades'] { notify => undef } - - if $apt::custom_preferences != false { - Apt_conf['50unattended-upgrades'] { - before => File['apt_config'], - } - } } -- cgit v1.2.3 From 50b4bef76180181a34d04958b320295c7b6e9cf0 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 26 Jan 2013 15:20:30 -0200 Subject: Make custom_key_dir a class parameter and not a global variable Conflicts: manifests/init.pp --- README | 22 ++++++++++------------ manifests/init.pp | 7 ++++--- manifests/params.pp | 1 + 3 files changed, 15 insertions(+), 15 deletions(-) (limited to 'manifests') diff --git a/README b/README index f241a19..35a88b2 100644 --- a/README +++ b/README @@ -129,18 +129,6 @@ pull in the templates/site_apt/sources.list file: $custom_sources_list = template('site_apt/sources.list') -$custom_key_dir ---------------- - -If you have different apt-key files that you want to get added to your -apt keyring, you can set this variable to a path in your fileserver -where individual key files can be placed. If this is set and keys -exist there, this module will 'apt-key add' each key. - -The debian-archive-keyring package is installed and kept current up to the -latest revision (this includes the backports archive keyring). - - Classes ======= @@ -235,6 +223,16 @@ Class parameters: include apt::dist_upgrade class { 'apt': codename => 'wheezy', notify => Exec['apt_dist-upgrade'] } +* custom_key_dir + + If you have different apt-key files that you want to get added to your + apt keyring, you can set this variable to a path in your fileserver + where individual key files can be placed. If this is set and keys + exist there, this module will 'apt-key add' each key. + + The debian-archive-keyring package is installed and kept current up to the + latest revision (this includes the backports archive keyring). + apt::apticron ------------- diff --git a/manifests/init.pp b/manifests/init.pp index 3f8e1c8..de28c23 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -15,7 +15,8 @@ class apt( $ubuntu_url = $apt::params::ubuntu_url, $repos = $apt::params::repos, $custom_preferences = $apt::params::custom_preferences, - $disable_update = $apt::params::disable_update + $disable_update = $apt::params::disable_update, + $custom_key_dir = $apt::params::custom_key_dir ) inherits apt::params { case $::operatingsystem { 'debian': { @@ -113,9 +114,9 @@ class apt( $apt_base_dir = "${common::moduledir::module_dir_path}/apt" modules_dir { 'apt': } - if $::custom_key_dir { + if $custom_key_dir { file { "${apt_base_dir}/keys.d": - source => $::custom_key_dir, + source => $custom_key_dir, recurse => true, owner => root, group => root, diff --git a/manifests/params.pp b/manifests/params.pp index b210ff6..12273ac 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -14,4 +14,5 @@ class apt::params () { $repos = 'auto' $custom_preferences = '' $disable_update = false + $custom_key_dir = false } -- cgit v1.2.3 From 9a3068016feffa328bf6e0f265e316eb813b7ee8 Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 14 Apr 2013 14:54:10 +0200 Subject: using distribution sprecific files again --- files/50unattended-upgrades | 20 -------------------- files/Debian/50unattended-upgrades | 14 ++++++++++++++ files/Debian/50unattended-upgrades.lenny | 13 +++++++++++++ files/Debian/50unattended-upgrades.squeeze | 13 +++++++++++++ files/Debian/50unattended-upgrades.wheezy | 14 ++++++++++++++ files/Ubuntu/50unattended-upgrades | 16 ++++++++++++++++ files/lenny/50unattended-upgrades | 13 ------------- files/squeeze/50unattended-upgrades | 14 -------------- manifests/unattended_upgrades.pp | 8 ++++---- 9 files changed, 74 insertions(+), 51 deletions(-) delete mode 100644 files/50unattended-upgrades create mode 100644 files/Debian/50unattended-upgrades create mode 100644 files/Debian/50unattended-upgrades.lenny create mode 100644 files/Debian/50unattended-upgrades.squeeze create mode 100644 files/Debian/50unattended-upgrades.wheezy create mode 100644 files/Ubuntu/50unattended-upgrades delete mode 100644 files/lenny/50unattended-upgrades delete mode 100644 files/squeeze/50unattended-upgrades (limited to 'manifests') diff --git a/files/50unattended-upgrades b/files/50unattended-upgrades deleted file mode 100644 index 329c95c..0000000 --- a/files/50unattended-upgrades +++ /dev/null @@ -1,20 +0,0 @@ -// this file is managed by puppet ! - -Unattended-Upgrade::Origins-Pattern { - // Debian - "${distro_id} ${distro_codename}"; - "${distro_id} ${distro_codename}-updates"; - "${distro_id} ${distro_codename}-security"; - "${distro_id} Backports:${distro_codename}-backports"; - // Ubuntu specific - "${distro_id} ${distro_codename}-security"; - "${distro_id} ${distro_codename}-backports"; - "${distro_id} ${distro_codename}-proposed"; -}; - -APT::Periodic::Update-Package-Lists "1"; -APT::Periodic::Download-Upgradeable-Packages "1"; -APT::Periodic::Unattended-Upgrade "1"; - -Unattended-Upgrade::Mail "root"; -Unattended-Upgrade::MailOnlyOnError "true"; diff --git a/files/Debian/50unattended-upgrades b/files/Debian/50unattended-upgrades new file mode 100644 index 0000000..0901ad3 --- /dev/null +++ b/files/Debian/50unattended-upgrades @@ -0,0 +1,14 @@ +// this file is managed by puppet ! + +Unattended-Upgrade::Allowed-Origins { + "${distro_id}:stable"; + "${distro_id}:${distro_codename}-security"; + "${distro_id}:${distro_codename}-updates"; + "${distro_id} Backports:${distro_codename}-backports"; +}; + +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Download-Upgradeable-Packages "1"; +APT::Periodic::Unattended-Upgrade "1"; + +Unattended-Upgrade::Mail "root"; diff --git a/files/Debian/50unattended-upgrades.lenny b/files/Debian/50unattended-upgrades.lenny new file mode 100644 index 0000000..d55bb29 --- /dev/null +++ b/files/Debian/50unattended-upgrades.lenny @@ -0,0 +1,13 @@ +// this file is managed by puppet ! + +Unattended-Upgrade::Allowed-Origins { + "Debian oldstable"; + "Debian-Security oldstable"; +}; + +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Download-Upgradeable-Packages "1"; +APT::Periodic::Unattended-Upgrade "1"; + +Unattended-Upgrade::Mail "root"; + diff --git a/files/Debian/50unattended-upgrades.squeeze b/files/Debian/50unattended-upgrades.squeeze new file mode 100644 index 0000000..38da1f4 --- /dev/null +++ b/files/Debian/50unattended-upgrades.squeeze @@ -0,0 +1,13 @@ +// this file is managed by puppet ! + +Unattended-Upgrade::Allowed-Origins { + "${distro_id} stable"; + "${distro_id} ${distro_codename}-security"; + "${distro_id} ${distro_codename}-backports"; +}; + +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Download-Upgradeable-Packages "1"; +APT::Periodic::Unattended-Upgrade "1"; + +Unattended-Upgrade::Mail "root"; diff --git a/files/Debian/50unattended-upgrades.wheezy b/files/Debian/50unattended-upgrades.wheezy new file mode 100644 index 0000000..4463406 --- /dev/null +++ b/files/Debian/50unattended-upgrades.wheezy @@ -0,0 +1,14 @@ +// this file is managed by puppet ! + +Unattended-Upgrade::Allowed-Origins { + "${distro_id}:testing"; + "${distro_id}:${distro_codename}-security"; + "${distro_id}:${distro_codename}-updates"; + "${distro_id} Backports:${distro_codename}-backports"; +}; + +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Download-Upgradeable-Packages "1"; +APT::Periodic::Unattended-Upgrade "1"; + +Unattended-Upgrade::Mail "root"; diff --git a/files/Ubuntu/50unattended-upgrades b/files/Ubuntu/50unattended-upgrades new file mode 100644 index 0000000..25c7758 --- /dev/null +++ b/files/Ubuntu/50unattended-upgrades @@ -0,0 +1,16 @@ +// this file is managed by puppet ! + +Unattended-Upgrade::Allowed-Origins { + "${distro_id}:${distro_codename}-security"; + "${distro_id}:${distro_codename}-updates"; + "${distro_id}:${distro_codename}-backports"; + //"${distro_id}:${distro_codename}-proposed"; +}; + + +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Download-Upgradeable-Packages "1"; +APT::Periodic::Unattended-Upgrade "1"; + +Unattended-Upgrade::Mail "root"; +Unattended-Upgrade::MailOnlyOnError "true"; diff --git a/files/lenny/50unattended-upgrades b/files/lenny/50unattended-upgrades deleted file mode 100644 index d55bb29..0000000 --- a/files/lenny/50unattended-upgrades +++ /dev/null @@ -1,13 +0,0 @@ -// this file is managed by puppet ! - -Unattended-Upgrade::Allowed-Origins { - "Debian oldstable"; - "Debian-Security oldstable"; -}; - -APT::Periodic::Update-Package-Lists "1"; -APT::Periodic::Download-Upgradeable-Packages "1"; -APT::Periodic::Unattended-Upgrade "1"; - -Unattended-Upgrade::Mail "root"; - diff --git a/files/squeeze/50unattended-upgrades b/files/squeeze/50unattended-upgrades deleted file mode 100644 index 0901ad3..0000000 --- a/files/squeeze/50unattended-upgrades +++ /dev/null @@ -1,14 +0,0 @@ -// this file is managed by puppet ! - -Unattended-Upgrade::Allowed-Origins { - "${distro_id}:stable"; - "${distro_id}:${distro_codename}-security"; - "${distro_id}:${distro_codename}-updates"; - "${distro_id} Backports:${distro_codename}-backports"; -}; - -APT::Periodic::Update-Package-Lists "1"; -APT::Periodic::Download-Upgradeable-Packages "1"; -APT::Periodic::Unattended-Upgrade "1"; - -Unattended-Upgrade::Mail "root"; diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp index c538831..f74fc81 100644 --- a/manifests/unattended_upgrades.pp +++ b/manifests/unattended_upgrades.pp @@ -7,10 +7,10 @@ class apt::unattended_upgrades { apt_conf { '50unattended-upgrades': source => [ - "puppet:///modules/site_apt/${::lsbdistcodename}/50unattended-upgrades", - 'puppet:///modules/site_apt/50unattended-upgrades', - "puppet:///modules/apt/${::lsbdistcodename}/50unattended-upgrades", - 'puppet:///modules/apt/50unattended-upgrades' ], + "puppet:///modules/site_apt/${::lsbdistid}/50unattended-upgrades.${::lsbdistcodename}", + "puppet:///modules/site_apt/${::lsbdistid}/50unattended-upgrades", + "puppet:///modules/apt/${::lsbdistid}/50unattended-upgrades.${::lsbdistcodename}", + "puppet:///modules/apt/${::lsbdistid}/50unattended-upgrades" ], require => Package['unattended-upgrades'], } -- cgit v1.2.3 From 07266be25546482b021e5ba62cf155b8b0e770be Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 14 Apr 2013 15:06:30 +0200 Subject: fix unattended-upgrades dependency cycle --- manifests/unattended_upgrades.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp index f74fc81..2f6c2a5 100644 --- a/manifests/unattended_upgrades.pp +++ b/manifests/unattended_upgrades.pp @@ -2,7 +2,7 @@ class apt::unattended_upgrades { package { 'unattended-upgrades': ensure => present, - require => undef, + require => undef } apt_conf { '50unattended-upgrades': -- cgit v1.2.3 From 1a72a99693c1d77bfe891546408f88264fca98ee Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 27 Jun 2013 11:58:39 -0400 Subject: remove unnecessary override and accidentally merge issue --- manifests/unattended_upgrades.pp | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'manifests') diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp index 17455fe..80939e3 100644 --- a/manifests/unattended_upgrades.pp +++ b/manifests/unattended_upgrades.pp @@ -1,8 +1,7 @@ class apt::unattended_upgrades { package { 'unattended-upgrades': - ensure => present, - require => Exec[refresh_apt] + ensure => present } apt_conf { '50unattended-upgrades': @@ -13,8 +12,4 @@ class apt::unattended_upgrades { "puppet:///modules/apt/${::lsbdistid}/50unattended-upgrades" ], require => Package['unattended-upgrades'], } - - Apt_conf['50unattended-upgrades'] { - notify => undef - } } -- cgit v1.2.3 From c99227ad55e8d266a77ad5dfb672147eec6e1c3b Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Sat, 27 Jul 2013 06:14:47 -0400 Subject: Make custom_sources_list into a class paramter and thus remove the last global variable. --- README | 28 ++++++++++++---------------- manifests/init.pp | 5 +++-- 2 files changed, 15 insertions(+), 18 deletions(-) (limited to 'manifests') diff --git a/README b/README index 35a88b2..90301be 100644 --- a/README +++ b/README @@ -113,22 +113,6 @@ the site_apt modules' files directory that is named the same as the host. (example: site_apt/files/some.host.com/03clean, or site_apt/files/some.host.com/03clean_vserver) -Variables -========= - -$custom_sources_list --------------------- - -By default this module will use a basic apt/sources.list template with -a generic Debian mirror. If you need to set more specific sources, -e.g. changing the sections included in the source, etc. you can set -this variable to the content that you desire to use instead. - -For example, setting the following variable before including this class will -pull in the templates/site_apt/sources.list file: - - $custom_sources_list = template('site_apt/sources.list') - Classes ======= @@ -214,6 +198,18 @@ Class parameters: class { 'apt': custom_preferences => false } +* custom_sources_list + + By default this module will use a basic apt/sources.list template with + a generic Debian mirror. If you need to set more specific sources, + e.g. changing the sections included in the source, etc. you can set + this variable to the content that you desire to use instead. + + For example, setting this variable will pull in the + templates/site_apt/sources.list file: + + class { 'apt': custom_sources_list => template('site_apt/sources.list') } + * codename Contains the codename ("squeeze", "wheezy", ...) of the client's release. While diff --git a/manifests/init.pp b/manifests/init.pp index 33eac37..7550aaa 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -15,6 +15,7 @@ class apt( $ubuntu_url = $apt::params::ubuntu_url, $repos = $apt::params::repos, $custom_preferences = $apt::params::custom_preferences, + $custom_sources_list = '', $disable_update = $apt::params::disable_update, $custom_key_dir = $apt::params::custom_key_dir ) inherits apt::params { @@ -53,9 +54,9 @@ class apt( $next_codename = debian_nextcodename($codename) $next_release = debian_nextrelease($release) - $sources_content = $::custom_sources_list ? { + $sources_content = $custom_sources_list ? { '' => template( "apt/${::operatingsystem}/sources.list.erb"), - default => $::custom_sources_list + default => $custom_sources_list } file { # include main, security and backports -- cgit v1.2.3 From f286b0ed860660ce255740f2f43123d024553bcc Mon Sep 17 00:00:00 2001 From: intrigeri Date: Sun, 8 Dec 2013 21:58:38 +0000 Subject: Remove Lenny-related comment that was made obsolete a year ago by commit 822950. --- manifests/preferences_snippet.pp | 3 --- 1 file changed, 3 deletions(-) (limited to 'manifests') diff --git a/manifests/preferences_snippet.pp b/manifests/preferences_snippet.pp index cbc83d2..0c7b7bb 100644 --- a/manifests/preferences_snippet.pp +++ b/manifests/preferences_snippet.pp @@ -34,9 +34,6 @@ define apt::preferences_snippet ( owner => root, group => 0, mode => '0644'; } - # This should really work in the same manner as sources_list and apt_conf - # snippets, but since the preferences.d directory cannot be used in Debian - # lenny, we can't generalize without going into ugly special-casing. case $source { '': { case $release { -- cgit v1.2.3 From 4bd4dd254263003a404a1573abd50307b04057c8 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 8 Jan 2014 21:27:05 +0100 Subject: use stdlib instead of the common module --- manifests/dselect.pp | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'manifests') diff --git a/manifests/dselect.pp b/manifests/dselect.pp index 6feeb9f..2b99a43 100644 --- a/manifests/dselect.pp +++ b/manifests/dselect.pp @@ -1,9 +1,10 @@ +# manage dselect, like +# suppressing the annoying help texts class apt::dselect { - # suppress annoying help texts of dselect - line { 'dselect_expert': - file => '/etc/dpkg/dselect.cfg', - line => 'expert', + file_line { 'dselect_expert': + path => '/etc/dpkg/dselect.cfg', + line => 'expert', } package { 'dselect': ensure => installed } -- cgit v1.2.3 From 9d56396a0439a19dd6cd3a09a5d1a9f7d6345778 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 8 Jan 2014 21:28:42 +0100 Subject: use the new style common module --- manifests/init.pp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'manifests') diff --git a/manifests/init.pp b/manifests/init.pp index 7550aaa..034d79e 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -111,9 +111,8 @@ class apt( # backports uses the normal archive key now package { 'debian-backports-keyring': ensure => absent } - include common::moduledir + common::module_dir { 'apt': } $apt_base_dir = "${common::moduledir::module_dir_path}/apt" - modules_dir { 'apt': } if $custom_key_dir { file { "${apt_base_dir}/keys.d": -- cgit v1.2.3 From 7c68c19973518841ba2462371b9d4b4d4f1da37e Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Sat, 6 Dec 2014 00:52:59 -0500 Subject: make it optional to end sources in ".list" --- manifests/sources_list.pp | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'manifests') diff --git a/manifests/sources_list.pp b/manifests/sources_list.pp index 3367f83..aefad2d 100644 --- a/manifests/sources_list.pp +++ b/manifests/sources_list.pp @@ -15,22 +15,24 @@ define apt::sources_list ( include apt::dot_d_directories + $realname = regsubst($name, '\.list$', '') + # One would expect the 'file' resource on sources.list.d to trigger an # apt-get update when files are added or modified in the directory, but it # apparently doesn't. - file { "/etc/apt/sources.list.d/${name}": + file { "/etc/apt/sources.list.d/${realname}.list": ensure => $ensure, owner => root, group => 0, mode => '0644', notify => Exec['refresh_apt'], } if $source { - File["/etc/apt/sources.list.d/${name}"] { + File["/etc/apt/sources.list.d/${realname}.list"] { source => $source, } } else { - File["/etc/apt/sources.list.d/${name}"] { + File["/etc/apt/sources.list.d/${realname}.list"] { content => $content, } } -- cgit v1.2.3 From 85c7554c4bb06130ab3e88170842dc1b2ddbb186 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Sat, 7 Feb 2015 16:12:55 +0000 Subject: Add support for Squeeze LTS. --- README | 8 ++++++++ manifests/init.pp | 2 ++ manifests/params.pp | 2 ++ templates/Debian/preferences_squeeze.erb | 5 +++++ templates/Debian/sources.list.erb | 12 ++++++++++++ 5 files changed, 29 insertions(+) (limited to 'manifests') diff --git a/README b/README index 0057d87..5e5c7c5 100644 --- a/README +++ b/README @@ -128,6 +128,14 @@ Example usage: Class parameters: +* use_lts + + If this variable is set to true the CODENAME-lts sources (such as + squeeze-lts) are added. + + By default this is false for backward compatibility with older + versions of this module. + * use_volatile If this variable is set to true the CODENAME-updates sources (such as diff --git a/manifests/init.pp b/manifests/init.pp index 7550aaa..2814013 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -5,12 +5,14 @@ class apt( $codename = $apt::params::codename, + $use_lts = $apt::params::use_lts, $use_volatile = $apt::params::use_volatile, $include_src = $apt::params::include_src, $use_next_release = $apt::params::use_next_release, $debian_url = $apt::params::debian_url, $security_url = $apt::params::security_url, $backports_url = $apt::params::backports_url, + $lts_url = $apt::params::lts_url, $volatile_url = $apt::params::volatile_url, $ubuntu_url = $apt::params::ubuntu_url, $repos = $apt::params::repos, diff --git a/manifests/params.pp b/manifests/params.pp index 12273ac..54fd13e 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -1,5 +1,6 @@ class apt::params () { $codename = $::lsbdistcodename + $use_lts = false $use_volatile = false $include_src = false $use_next_release = false @@ -9,6 +10,7 @@ class apt::params () { 'wheezy' => $debian_url, default => 'http://backports.debian.org/debian-backports/', } + $lts_url = $debian_url $volatile_url = 'http://volatile.debian.org/debian-volatile/' $ubuntu_url = 'http://archive.ubuntu.com/ubuntu' $repos = 'auto' diff --git a/templates/Debian/preferences_squeeze.erb b/templates/Debian/preferences_squeeze.erb index efe7720..838b3a1 100644 --- a/templates/Debian/preferences_squeeze.erb +++ b/templates/Debian/preferences_squeeze.erb @@ -8,6 +8,11 @@ Package: * Pin: release o=Debian,n=<%= codename %>-updates Pin-Priority: 990 +Explanation: Debian <%= codename %>-lts +Package: * +Pin: release o=Debian,n=<%= codename %>-lts +Pin-Priority: 990 + Explanation: Debian <%= next_codename=scope.lookupvar('apt::next_codename') %> Package: * Pin: release o=Debian,n=<%= next_codename %> diff --git a/templates/Debian/sources.list.erb b/templates/Debian/sources.list.erb index 65b5945..7b99df6 100644 --- a/templates/Debian/sources.list.erb +++ b/templates/Debian/sources.list.erb @@ -41,6 +41,18 @@ deb-src <%= debian_url %> <%= codename %>-updates <%= lrepos %> <% end -%> <% end -%> +<% if use_lts=scope.lookupvar('apt::use_lts') -%> +# LTS +<% if release != "oldstable" -%> +# There is no LTS archive for <%= release %> +<% else -%> +deb <%= debian_url %> <%= codename %>-lts <%= lrepos %> +<% if include_src -%> +deb-src <%= debian_url %> <%= codename %>-lts <%= lrepos %> +<% end -%> +<% end -%> +<% end -%> + <% if next_release=scope.lookupvar('apt::use_next_release') -%> ### Debian next: <%= next_release=scope.lookupvar('apt::next_release') ; next_codename=scope.lookupvar('apt::next_codename') %> -- cgit v1.2.3 From 3bd6f73973f0a4b744f75d3a9b2c73b15e76603b Mon Sep 17 00:00:00 2001 From: intrigeri Date: Sat, 28 Feb 2015 13:01:14 +0000 Subject: Add missing "include common::moduledir". Without this, $common::moduledir::module_dir_path is empty. --- manifests/init.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'manifests') diff --git a/manifests/init.pp b/manifests/init.pp index 0fb4f1b..68856cc 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -113,6 +113,7 @@ class apt( # backports uses the normal archive key now package { 'debian-backports-keyring': ensure => absent } + include common::moduledir common::module_dir { 'apt': } $apt_base_dir = "${common::moduledir::module_dir_path}/apt" -- cgit v1.2.3 From 9192785c452ce2cfa0f58984d3aebdcaf841113a Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Sat, 27 Jul 2013 13:38:27 -0400 Subject: make it possible to opt out of MailOnlyOnError This combines all files into one template. It should make maintenance easier. --- files/Debian/50unattended-upgrades | 12 ------------ files/Debian/50unattended-upgrades.squeeze | 14 -------------- files/Ubuntu/50unattended-upgrades | 16 ---------------- manifests/unattended_upgrades.pp | 16 ++++++++++------ templates/50unattended-upgrades.erb | 26 ++++++++++++++++++++++++++ 5 files changed, 36 insertions(+), 48 deletions(-) delete mode 100644 files/Debian/50unattended-upgrades delete mode 100644 files/Debian/50unattended-upgrades.squeeze delete mode 100644 files/Ubuntu/50unattended-upgrades create mode 100644 templates/50unattended-upgrades.erb (limited to 'manifests') diff --git a/files/Debian/50unattended-upgrades b/files/Debian/50unattended-upgrades deleted file mode 100644 index 075f680..0000000 --- a/files/Debian/50unattended-upgrades +++ /dev/null @@ -1,12 +0,0 @@ -// this file is managed by puppet ! - -Unattended-Upgrade::Origins-Pattern { - "o=Debian,a=oldstable,l=Debian-Security"; - "o=Debian,a=stable,l=Debian-Security"; -} - -APT::Periodic::Update-Package-Lists "1"; -APT::Periodic::Download-Upgradeable-Packages "1"; -APT::Periodic::Unattended-Upgrade "1"; - -Unattended-Upgrade::Mail "root"; diff --git a/files/Debian/50unattended-upgrades.squeeze b/files/Debian/50unattended-upgrades.squeeze deleted file mode 100644 index 77f715d..0000000 --- a/files/Debian/50unattended-upgrades.squeeze +++ /dev/null @@ -1,14 +0,0 @@ -// this file is managed by puppet ! - -Unattended-Upgrade::Allowed-Origins { -// "${distro-id} oldstable"; -// "${distro_id} ${distro_codename}-backports"; - "${distro_id} ${distro_codename}-security"; - "${distro_id} ${distro_codename}-lts"; -}; - -APT::Periodic::Update-Package-Lists "1"; -APT::Periodic::Download-Upgradeable-Packages "1"; -APT::Periodic::Unattended-Upgrade "1"; - -Unattended-Upgrade::Mail "root"; diff --git a/files/Ubuntu/50unattended-upgrades b/files/Ubuntu/50unattended-upgrades deleted file mode 100644 index 25c7758..0000000 --- a/files/Ubuntu/50unattended-upgrades +++ /dev/null @@ -1,16 +0,0 @@ -// this file is managed by puppet ! - -Unattended-Upgrade::Allowed-Origins { - "${distro_id}:${distro_codename}-security"; - "${distro_id}:${distro_codename}-updates"; - "${distro_id}:${distro_codename}-backports"; - //"${distro_id}:${distro_codename}-proposed"; -}; - - -APT::Periodic::Update-Package-Lists "1"; -APT::Periodic::Download-Upgradeable-Packages "1"; -APT::Periodic::Unattended-Upgrade "1"; - -Unattended-Upgrade::Mail "root"; -Unattended-Upgrade::MailOnlyOnError "true"; diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp index 80939e3..b63b483 100644 --- a/manifests/unattended_upgrades.pp +++ b/manifests/unattended_upgrades.pp @@ -1,15 +1,19 @@ -class apt::unattended_upgrades { +class apt::unattended_upgrades ( + $config_content = undef, + $mailonlyonerror = true, +) { package { 'unattended-upgrades': ensure => present } + $file_content = $config_content ? { + undef => template('apt/50unattended-upgrades.erb'), + default => $config_content + } + apt_conf { '50unattended-upgrades': - source => [ - "puppet:///modules/site_apt/${::lsbdistid}/50unattended-upgrades.${::lsbdistcodename}", - "puppet:///modules/site_apt/${::lsbdistid}/50unattended-upgrades", - "puppet:///modules/apt/${::lsbdistid}/50unattended-upgrades.${::lsbdistcodename}", - "puppet:///modules/apt/${::lsbdistid}/50unattended-upgrades" ], + content => $file_content, require => Package['unattended-upgrades'], } } diff --git a/templates/50unattended-upgrades.erb b/templates/50unattended-upgrades.erb new file mode 100644 index 0000000..0ba0d7e --- /dev/null +++ b/templates/50unattended-upgrades.erb @@ -0,0 +1,26 @@ +// this file is managed by puppet ! + +Unattended-Upgrade::Allowed-Origins { +<% if scope.lookupvar('::operatingsystem') == 'Ubuntu' -%> + "${distro_id}:${distro_codename}-security"; + "${distro_id}:${distro_codename}-updates"; + "${distro_id}:${distro_codename}-backports"; +<% else -%> +<% if scope.lookupvar('::lsbdistcodename') == 'squeeze' -%> + "${distro-id} ${distro-codename}-security"; + "${distro-id} ${distro-codename}-lts"; +<% else -%> + # See Debian bug #704087 + "o=Debian,a=oldstable,l=Debian-Security"; + "o=Debian,a=stable,l=Debian-Security"; +<% end -%> +}; + +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Download-Upgradeable-Packages "1"; +APT::Periodic::Unattended-Upgrade "1"; + +Unattended-Upgrade::Mail "root"; +<% if mailonlyonerror -%> +Unattended-Upgrade::MailOnlyOnError "true"; +<% end -%> -- cgit v1.2.3 From d24ca3314fadd7836ed0d6345359eb7ccfad6419 Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Sat, 27 Jul 2013 13:42:54 -0400 Subject: Parametrize unattended-upgrades mail recipient --- manifests/unattended_upgrades.pp | 1 + templates/50unattended-upgrades.erb | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp index b63b483..7e17333 100644 --- a/manifests/unattended_upgrades.pp +++ b/manifests/unattended_upgrades.pp @@ -1,6 +1,7 @@ class apt::unattended_upgrades ( $config_content = undef, $mailonlyonerror = true, + $mail_recipient = 'root', ) { package { 'unattended-upgrades': diff --git a/templates/50unattended-upgrades.erb b/templates/50unattended-upgrades.erb index 0ba0d7e..41bac87 100644 --- a/templates/50unattended-upgrades.erb +++ b/templates/50unattended-upgrades.erb @@ -20,7 +20,7 @@ APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Download-Upgradeable-Packages "1"; APT::Periodic::Unattended-Upgrade "1"; -Unattended-Upgrade::Mail "root"; +Unattended-Upgrade::Mail "<%= mail_recipient -%>"; <% if mailonlyonerror -%> Unattended-Upgrade::MailOnlyOnError "true"; <% end -%> -- cgit v1.2.3 From 6f6e725e60f05a232ba6053cfc49ce1b219be7c7 Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Fri, 17 Apr 2015 16:43:26 -0400 Subject: Add parameter for blacklisting a list of packages. This functionality was lost because we stopped using a source file for the 50unattended-upgrades file that would previously let one override the configuration per release or per host. --- README | 4 ++++ manifests/unattended_upgrades.pp | 1 + templates/50unattended-upgrades.erb | 8 ++++++++ 3 files changed, 13 insertions(+) (limited to 'manifests') diff --git a/README b/README index 87b303a..9cf17d1 100644 --- a/README +++ b/README @@ -17,6 +17,10 @@ Ubuntu support is lagging behind but not absent either. ! Upgrade Notice ! + * If you were using custom 50unattended-upgrades.${::lsbdistcodename} in your + site_apt, these are no longer supported. You should migrate to passing + $blacklisted_packages to the apt::unattended_upgrades class. + * the apt class has been moved to a paramterized class. if you were including this class before, after passing some variables, you will need to move to instantiating the class with those variables instead. For example, if you diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp index 7e17333..9f74bbd 100644 --- a/manifests/unattended_upgrades.pp +++ b/manifests/unattended_upgrades.pp @@ -2,6 +2,7 @@ class apt::unattended_upgrades ( $config_content = undef, $mailonlyonerror = true, $mail_recipient = 'root', + $blacklisted_packages = [], ) { package { 'unattended-upgrades': diff --git a/templates/50unattended-upgrades.erb b/templates/50unattended-upgrades.erb index 318b69d..4492c2d 100644 --- a/templates/50unattended-upgrades.erb +++ b/templates/50unattended-upgrades.erb @@ -16,6 +16,14 @@ Unattended-Upgrade::Allowed-Origins { <% end -%> }; +<% if not @blacklisted_packages.empty? -%> +Unattended-Upgrade::Package-Blacklist { +<% @blacklisted_packages.each do |pkg| -%> + "<%= pkg %>"; +<% end -%> +} +<% end -%> + APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Download-Upgradeable-Packages "1"; APT::Periodic::Unattended-Upgrade "1"; -- cgit v1.2.3 From 5532df22f12655ddb7f99f5eee2fe05e8c953444 Mon Sep 17 00:00:00 2001 From: Matt Taggart Date: Tue, 28 Apr 2015 11:57:23 -0700 Subject: invert the backports logic because squeeze and older were the exception and wheezy and newer the default --- manifests/params.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'manifests') diff --git a/manifests/params.pp b/manifests/params.pp index 54fd13e..35fa44f 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -7,8 +7,8 @@ class apt::params () { $debian_url = 'http://http.debian.net/debian/' $security_url = 'http://security.debian.org/' $backports_url = $::lsbdistcodename ? { - 'wheezy' => $debian_url, - default => 'http://backports.debian.org/debian-backports/', + 'squeeze' => 'http://backports.debian.org/debian-backports/', + default => $debian_url } $lts_url = $debian_url $volatile_url = 'http://volatile.debian.org/debian-volatile/' -- cgit v1.2.3 From 3dac57374f63ca6f0565f46feb5970fade960c6b Mon Sep 17 00:00:00 2001 From: Matt Taggart Date: Tue, 28 Apr 2015 11:59:46 -0700 Subject: the http redirector has a new official home --- manifests/params.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/params.pp b/manifests/params.pp index 35fa44f..f977c27 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -4,7 +4,7 @@ class apt::params () { $use_volatile = false $include_src = false $use_next_release = false - $debian_url = 'http://http.debian.net/debian/' + $debian_url = 'http://httpredir.debian.org/debian/' $security_url = 'http://security.debian.org/' $backports_url = $::lsbdistcodename ? { 'squeeze' => 'http://backports.debian.org/debian-backports/', -- cgit v1.2.3 From a7cc68ed9965f665572afd9d279ebf5f3c7043d7 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 6 May 2015 15:52:07 -0400 Subject: add $ensure_version parameter, to allow for overriding which version of unattended-upgrades is installed --- manifests/unattended_upgrades.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp index 9f74bbd..28c6092 100644 --- a/manifests/unattended_upgrades.pp +++ b/manifests/unattended_upgrades.pp @@ -3,10 +3,11 @@ class apt::unattended_upgrades ( $mailonlyonerror = true, $mail_recipient = 'root', $blacklisted_packages = [], + $ensure_version = present ) { package { 'unattended-upgrades': - ensure => present + ensure => $ensure_version } $file_content = $config_content ? { -- cgit v1.2.3 From a4d788d778ad9b517c840c157d0c0119443c6ac9 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 6 May 2015 21:40:35 +0200 Subject: don't call Exec[refresh_apt] after deploying unattended-upgrades config unattended-upgrades is run on a daily base by cron, no need to force an `apt-get update` after changing this file. --- manifests/unattended_upgrades.pp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'manifests') diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp index 28c6092..6cb0518 100644 --- a/manifests/unattended_upgrades.pp +++ b/manifests/unattended_upgrades.pp @@ -16,7 +16,8 @@ class apt::unattended_upgrades ( } apt_conf { '50unattended-upgrades': - content => $file_content, - require => Package['unattended-upgrades'], + content => $file_content, + require => Package['unattended-upgrades'], + refresh_apt => false } } -- cgit v1.2.3 From d007a403330c553d925b1b4888d93962a5f83f99 Mon Sep 17 00:00:00 2001 From: Jerome Charaoui Date: Mon, 11 May 2015 10:49:27 -0400 Subject: Replace debian_*() parser functions with facts * Removes dependency on lsb-release and/or Facter >1.7 (values are based on $::lsbdistcodename, when available) * Simplifies maintenance: only lib/facter/util/* require updates as new releases are made Caveats: * apt::codename is removed; to override debian_* facts, set the FACTER_debian_codename environment variable for puppet * If tracking unstable, make sure lsb-release is installed, as other methods can't tell between testing and unstable --- README | 22 +++++------- lib/facter/debian_codename.rb | 40 ++++++++++++++++++++++ lib/facter/debian_lts.rb | 14 ++++++++ lib/facter/debian_nextcodename.rb | 22 ++++++++++++ lib/facter/debian_nextrelease.rb | 23 +++++++++++++ lib/facter/debian_release.rb | 36 +++++++++++++++++++ lib/facter/ubuntu_codename.rb | 8 +++++ lib/facter/ubuntu_nextcodename.rb | 18 ++++++++++ lib/facter/util/debian.rb | 18 ++++++++++ lib/facter/util/ubuntu.rb | 20 +++++++++++ lib/puppet/parser/functions/debian_nextcodename.rb | 12 ------- lib/puppet/parser/functions/debian_nextrelease.rb | 11 ------ lib/puppet/parser/functions/debian_release.rb | 13 ------- .../parser/functions/debian_release_version.rb | 12 ------- manifests/apticron.pp | 2 +- manifests/init.pp | 16 --------- manifests/listchanges.pp | 2 +- manifests/params.pp | 3 +- manifests/preferences.pp | 4 +-- manifests/preseeded_package.pp | 2 +- templates/50unattended-upgrades.erb | 4 +-- templates/Debian/preferences_jessie.erb | 2 +- templates/Debian/preferences_lenny.erb | 6 ++-- templates/Debian/preferences_squeeze.erb | 4 +-- templates/Debian/preferences_wheezy.erb | 2 +- templates/Debian/sources.list.erb | 8 ++--- templates/Ubuntu/preferences_maverick.erb | 4 +-- templates/Ubuntu/sources.list.erb | 2 +- 28 files changed, 229 insertions(+), 101 deletions(-) create mode 100644 lib/facter/debian_codename.rb create mode 100644 lib/facter/debian_lts.rb create mode 100644 lib/facter/debian_nextcodename.rb create mode 100644 lib/facter/debian_nextrelease.rb create mode 100644 lib/facter/debian_release.rb create mode 100644 lib/facter/ubuntu_codename.rb create mode 100644 lib/facter/ubuntu_nextcodename.rb create mode 100644 lib/facter/util/debian.rb create mode 100644 lib/facter/util/ubuntu.rb delete mode 100644 lib/puppet/parser/functions/debian_nextcodename.rb delete mode 100644 lib/puppet/parser/functions/debian_nextrelease.rb delete mode 100644 lib/puppet/parser/functions/debian_release.rb delete mode 100644 lib/puppet/parser/functions/debian_release_version.rb (limited to 'manifests') diff --git a/README b/README index 8333be2..e554837 100644 --- a/README +++ b/README @@ -17,9 +17,11 @@ Ubuntu support is lagging behind but not absent either. ! Upgrade Notice ! - * Several parser functions have been updated: you need to restart your puppet - master, otherwise some nodes may keep on using an old, cached version! - (https://docs.puppetlabs.com/guides/custom_functions.html#gotchas) + * The apt::codename parameter has been removed. In its place, the + debian_codename fact may be overridden via an environment variable. This + will affect all other debian_* facts, and achieve the same result. + + FACTER_debian_codename=jessie puppet agent -t * If you were using custom 50unattended-upgrades.${::lsbdistcodename} in your site_apt, these are no longer supported. You should migrate to passing @@ -97,8 +99,9 @@ Requirements This module needs: -- the lsb module: git://labs.riseup.net/shared-lsb -- the common module: git://labs.riseup.net/shared-common +- the common module: https://gitlab.com/shared-puppet-modules-group/common +- the lsb module: https://gitlab.com/shared-puppet-modules-group/lsb + (optional but recommended, required on Ubuntu) By default, on normal hosts, this module sets the configuration option DSelect::Clean to 'auto'. On virtual servers, the value is set by default to @@ -225,15 +228,6 @@ Class parameters: class { 'apt': custom_sources_list => template('site_apt/sources.list') } -* codename - - Contains the codename ("squeeze", "wheezy", ...) of the client's release. While - these values come from lsb-release by default, this parameter can be set - manually, e.g. to enable forced upgrades. For example: - - include apt::dist_upgrade - class { 'apt': codename => 'wheezy', notify => Exec['apt_dist-upgrade'] } - * custom_key_dir If you have different apt-key files that you want to get added to your diff --git a/lib/facter/debian_codename.rb b/lib/facter/debian_codename.rb new file mode 100644 index 0000000..73eeea2 --- /dev/null +++ b/lib/facter/debian_codename.rb @@ -0,0 +1,40 @@ +begin + require 'facter/util/debian' +end + +def version_to_codename(version) + if Facter::Util::Debian::CODENAMES.has_key?(version) + return Facter::Util::Debian::CODENAMES[version] + else + Facter.warn("Could not determine codename from version '#{version}'") + end +end + +Facter.add(:debian_codename) do + has_weight 99 + confine :operatingsystem => 'Debian' + setcode do + Facter.value('lsbdistcodename') + end +end + +Facter.add(:debian_codename) do + has_weight 66 + confine :operatingsystem => 'Debian' + setcode do + version_to_codename(Facter.value('operatingsystemmajrelease')) + end +end + +Facter.add(:debian_codename) do + has_weight 33 + confine :operatingsystem => 'Debian' + setcode do + debian_version = File.open('/etc/debian_version', &:readline) + if debian_version.match(/^\d+/) + version_to_codename(version_to_codename.scan(/^(\d+)/)[0][0]) + elsif debian_version.match(/^[a-z]+\/(sid|unstable)/) + debian_version.scan(/^([a-z]+)\//)[0][0] + end + end +end diff --git a/lib/facter/debian_lts.rb b/lib/facter/debian_lts.rb new file mode 100644 index 0000000..1c137e1 --- /dev/null +++ b/lib/facter/debian_lts.rb @@ -0,0 +1,14 @@ +begin + require 'facter/util/debian' +end + +Facter.add(:debian_lts) do + confine :operatingsystem => 'Debian' + setcode do + if Facter::Util::Debian::LTS.include? Facter.value('debian_codename') + true + else + false + end + end +end diff --git a/lib/facter/debian_nextcodename.rb b/lib/facter/debian_nextcodename.rb new file mode 100644 index 0000000..755a0e5 --- /dev/null +++ b/lib/facter/debian_nextcodename.rb @@ -0,0 +1,22 @@ +begin + require 'facter/util/debian' +end + +def debian_codename_to_next(codename) + if codename == "sid" + return "experimental" + else + codenames = Facter::Util::Debian::CODENAMES.values.reverse + i = codenames.index(codename) + if i and i+1 < codenames.count + return codenames[i+1] + end + end +end + +Facter.add(:debian_nextcodename) do + confine :operatingsystem => 'Debian' + setcode do + debian_codename_to_next(Facter.value('debian_codename')) + end +end diff --git a/lib/facter/debian_nextrelease.rb b/lib/facter/debian_nextrelease.rb new file mode 100644 index 0000000..2a9c4f5 --- /dev/null +++ b/lib/facter/debian_nextrelease.rb @@ -0,0 +1,23 @@ +def debian_release_to_next(release) + releases = [ + 'oldoldoldstable', + 'oldoldstable', + 'oldstable', + 'stable', + 'testing', + 'unstable', + 'experimental', + ] + if releases.include? release + if releases.index(release)+1 < releases.count + return releases[releases.index(release)+1] + end + end +end + +Facter.add(:debian_nextrelease) do + confine :operatingsystem => 'Debian' + setcode do + debian_release_to_next(Facter.value('debian_release')) + end +end diff --git a/lib/facter/debian_release.rb b/lib/facter/debian_release.rb new file mode 100644 index 0000000..09e8eef --- /dev/null +++ b/lib/facter/debian_release.rb @@ -0,0 +1,36 @@ +begin + require 'facter/util/debian' +end + +def debian_codename_to_release(codename) + stable = Facter::Util::Debian::STABLE + versions = Facter::Util::Debian::CODENAMES.invert + release = nil + if codename == "sid" + release = "unstable" + elsif versions.has_key? codename + version = versions[codename].to_i + if version == stable + release = "stable" + elsif version < stable + release = "stable" + for i in version..stable - 1 + release = "old" + release + end + elsif version == stable + 1 + release = "testing" + end + end + if release.nil? + Facter.warn("Could not determine release from codename #{codename}!") + end + return release +end + +Facter.add(:debian_release) do + has_weight 99 + confine :operatingsystem => 'Debian' + setcode do + debian_codename_to_release(Facter.value('debian_codename')) + end +end diff --git a/lib/facter/ubuntu_codename.rb b/lib/facter/ubuntu_codename.rb new file mode 100644 index 0000000..814fd94 --- /dev/null +++ b/lib/facter/ubuntu_codename.rb @@ -0,0 +1,8 @@ +Facter.add(:ubuntu_codename) do + confine :operatingsystem => 'Ubuntu' + setcode do + Facter.value('lsbdistcodename') + end +end + + diff --git a/lib/facter/ubuntu_nextcodename.rb b/lib/facter/ubuntu_nextcodename.rb new file mode 100644 index 0000000..38b64ad --- /dev/null +++ b/lib/facter/ubuntu_nextcodename.rb @@ -0,0 +1,18 @@ +begin + require 'facter/util/ubuntu' +end + +def ubuntu_codename_to_next(codename) + codenames = Facter::Util::Ubuntu::CODENAMES + i = codenames.index(codename) + if i and i+1 < codenames.count + return codenames[i+1] + end +end + +Facter.add(:ubuntu_nextcodename) do + confine :operatingsystem => 'Ubuntu' + setcode do + ubuntu_codename_to_next(Facter.value('ubuntu_codename')) + end +end diff --git a/lib/facter/util/debian.rb b/lib/facter/util/debian.rb new file mode 100644 index 0000000..290c17b --- /dev/null +++ b/lib/facter/util/debian.rb @@ -0,0 +1,18 @@ +module Facter + module Util + module Debian + STABLE = 8 + CODENAMES = { + "5" => "lenny", + "6" => "squeeze", + "7" => "wheezy", + "8" => "jessie", + "9" => "stretch", + "10" => "buster", + } + LTS = [ + "squeeze", + ] + end + end +end diff --git a/lib/facter/util/ubuntu.rb b/lib/facter/util/ubuntu.rb new file mode 100644 index 0000000..1b2411a --- /dev/null +++ b/lib/facter/util/ubuntu.rb @@ -0,0 +1,20 @@ +module Facter + module Util + module Ubuntu + CODENAMES = [ + "lucid", + "maverick", + "natty", + "oneiric", + "precise", + "quantal", + "raring", + "saucy", + "trusty", + "utopic", + "vivid", + "wily", + ] + end + end +end diff --git a/lib/puppet/parser/functions/debian_nextcodename.rb b/lib/puppet/parser/functions/debian_nextcodename.rb deleted file mode 100644 index ee59612..0000000 --- a/lib/puppet/parser/functions/debian_nextcodename.rb +++ /dev/null @@ -1,12 +0,0 @@ -module Puppet::Parser::Functions - newfunction(:debian_nextcodename, :type => :rvalue) do |args| - case args[0] - when "squeeze" then "wheezy" - when "wheezy" then "jessie" - when "jessie" then "stretch" - when "stretch" then "sid" - when "sid" then "experimental" - else "sid" - end - end -end diff --git a/lib/puppet/parser/functions/debian_nextrelease.rb b/lib/puppet/parser/functions/debian_nextrelease.rb deleted file mode 100644 index 76c3e0d..0000000 --- a/lib/puppet/parser/functions/debian_nextrelease.rb +++ /dev/null @@ -1,11 +0,0 @@ -module Puppet::Parser::Functions - newfunction(:debian_nextrelease, :type => :rvalue) do |args| - case args[0] - when 'oldstable' then 'stable' - when 'stable' then 'testing' - when 'testing' then 'unstable' - when 'unstable' then 'experimental' - else 'unstable' - end - end -end diff --git a/lib/puppet/parser/functions/debian_release.rb b/lib/puppet/parser/functions/debian_release.rb deleted file mode 100644 index 3f24ad0..0000000 --- a/lib/puppet/parser/functions/debian_release.rb +++ /dev/null @@ -1,13 +0,0 @@ -module Puppet::Parser::Functions - newfunction(:debian_release, :type => :rvalue) do |args| - case args[0] - when 'squeeze' then 'oldoldstable' - when 'wheezy' then 'oldstable' - when 'jessie' then 'stable' - when 'stretch' then 'testing' - when 'sid' then 'unstable' - when 'experimental' then 'experimental' - else 'testing' - end - end -end diff --git a/lib/puppet/parser/functions/debian_release_version.rb b/lib/puppet/parser/functions/debian_release_version.rb deleted file mode 100644 index 32cafcb..0000000 --- a/lib/puppet/parser/functions/debian_release_version.rb +++ /dev/null @@ -1,12 +0,0 @@ -module Puppet::Parser::Functions - newfunction(:debian_release_version, :type => :rvalue) do |args| - case args[0] - when 'squeeze' then '6.0' - when 'wheezy' then '7.0' - when 'jessie' then '8.0' - when 'stretch' then '9.0' - when 'buster' then '10.0' - else '' - end - end -end diff --git a/manifests/apticron.pp b/manifests/apticron.pp index 54d7b71..9c94f9c 100644 --- a/manifests/apticron.pp +++ b/manifests/apticron.pp @@ -1,6 +1,6 @@ class apt::apticron( $ensure_version = 'installed', - $config = "apt/${::operatingsystem}/apticron_${::lsbdistcodename}.erb", + $config = "apt/${::operatingsystem}/apticron_${::debian_codename}.erb", $email = 'root', $diff_only = '1', $listchanges_profile = 'apticron', diff --git a/manifests/init.pp b/manifests/init.pp index 68856cc..5aaa13a 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -4,7 +4,6 @@ # See LICENSE for the full license granted to you. class apt( - $codename = $apt::params::codename, $use_lts = $apt::params::use_lts, $use_volatile = $apt::params::use_volatile, $include_src = $apt::params::include_src, @@ -41,21 +40,6 @@ class apt( require => undef, } - include lsb - - # init $release, $next_release, $next_codename, $release_version - case $codename { - 'n/a': { - fail("Unknown lsbdistcodename reported by facter: '$::lsbdistcodename', please fix this by setting this variable in your manifest.") - } - default: { - $release = debian_release($codename) - } - } - $release_version = debian_release_version($codename) - $next_codename = debian_nextcodename($codename) - $next_release = debian_nextrelease($release) - $sources_content = $custom_sources_list ? { '' => template( "apt/${::operatingsystem}/sources.list.erb"), default => $custom_sources_list diff --git a/manifests/listchanges.pp b/manifests/listchanges.pp index 0c163ae..e64bb1b 100644 --- a/manifests/listchanges.pp +++ b/manifests/listchanges.pp @@ -1,6 +1,6 @@ class apt::listchanges( $ensure_version = 'installed', - $config = "apt/${::operatingsystem}/listchanges_${::lsbdistcodename}.erb", + $config = "apt/${::operatingsystem}/listchanges_${::debian_codename}.erb", $frontend = 'mail', $email = 'root', $confirm = '0', diff --git a/manifests/params.pp b/manifests/params.pp index f977c27..da531db 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -1,12 +1,11 @@ class apt::params () { - $codename = $::lsbdistcodename $use_lts = false $use_volatile = false $include_src = false $use_next_release = false $debian_url = 'http://httpredir.debian.org/debian/' $security_url = 'http://security.debian.org/' - $backports_url = $::lsbdistcodename ? { + $backports_url = $::debian_codename ? { 'squeeze' => 'http://backports.debian.org/debian-backports/', default => $debian_url } diff --git a/manifests/preferences.pp b/manifests/preferences.pp index 9ed24c1..6982ca0 100644 --- a/manifests/preferences.pp +++ b/manifests/preferences.pp @@ -2,8 +2,8 @@ class apt::preferences { $pref_contents = $apt::custom_preferences ? { '' => $::operatingsystem ? { - 'debian' => template("apt/${::operatingsystem}/preferences_${apt::codename}.erb"), - 'ubuntu' => template("apt/${::operatingsystem}/preferences_${apt::codename}.erb"), + 'debian' => template("apt/${::operatingsystem}/preferences_${::debian_codename}.erb"), + 'ubuntu' => template("apt/${::operatingsystem}/preferences_${::ubuntu_codename}.erb"), }, default => $apt::custom_preferences } diff --git a/manifests/preseeded_package.pp b/manifests/preseeded_package.pp index 9bca8b1..3ef0687 100644 --- a/manifests/preseeded_package.pp +++ b/manifests/preseeded_package.pp @@ -4,7 +4,7 @@ define apt::preseeded_package ( ) { $seedfile = "/var/cache/local/preseeding/${name}.seeds" $real_content = $content ? { - '' => template ( "site_apt/${::lsbdistcodename}/${name}.seeds" ), + '' => template ( "site_apt/${::debian_codename}/${name}.seeds" ), default => $content } diff --git a/templates/50unattended-upgrades.erb b/templates/50unattended-upgrades.erb index 23c5c89..2afebfe 100644 --- a/templates/50unattended-upgrades.erb +++ b/templates/50unattended-upgrades.erb @@ -5,13 +5,13 @@ Unattended-Upgrade::Allowed-Origins { "${distro_id}:${distro_codename}-security"; "${distro_id}:${distro_codename}-updates"; "${distro_id}:${distro_codename}-backports"; -<% elsif scope.lookupvar('::operatingsystem') == 'Debian' and scope.lookupvar('::operatingsystemmajrelease') == 6 -%> +<% elsif scope.lookupvar('::operatingsystem') == 'Debian' and scope.lookupvar('::debian_codename') == 'squeeze' -%> Unattended-Upgrade::Allowed-Origins { "${distro_id}:oldoldstable"; "${distro_id}:squeeze-lts"; <% else -%> Unattended-Upgrade::Origins-Pattern { - "origin=Debian,archive=<%= scope.lookupvar('::apt::release') %>,label=Debian-Security"; + "origin=Debian,archive=<%= scope.lookupvar('::debian_release') %>,label=Debian-Security"; "origin=Debian,archive=${distro_codename}-lts"; <% end -%> }; diff --git a/templates/Debian/preferences_jessie.erb b/templates/Debian/preferences_jessie.erb index 4f8e95c..0888abe 100644 --- a/templates/Debian/preferences_jessie.erb +++ b/templates/Debian/preferences_jessie.erb @@ -1,4 +1,4 @@ -Explanation: Debian <%= codename=scope.lookupvar('apt::codename') %> +Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %> Package: * Pin: release o=Debian,n=<%= codename %> Pin-Priority: 990 diff --git a/templates/Debian/preferences_lenny.erb b/templates/Debian/preferences_lenny.erb index 5c3c829..6500168 100644 --- a/templates/Debian/preferences_lenny.erb +++ b/templates/Debian/preferences_lenny.erb @@ -1,6 +1,6 @@ -Explanation: Debian <%= codename=scope.lookupvar('apt::codename') %> +Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %> Package: * -Pin: release o=Debian,a=<%= scope.lookupvar('apt::release') %>,v=<%= scope.lookupvar('apt::release_version') %>* +Pin: release o=Debian,a=<%= scope.lookupvar('::debian_release') %>,v=5* Pin-Priority: 990 Explanation: Debian backports @@ -8,7 +8,7 @@ Package: * Pin: origin backports.debian.org Pin-Priority: 200 -Explanation: Debian <%= next_release=scope.lookupvar('apt::next_release') %> +Explanation: Debian <%= next_release=scope.lookupvar('::debian_nextrelease') %> Package: * Pin: release o=Debian,a=<%= next_release %> Pin-Priority: 2 diff --git a/templates/Debian/preferences_squeeze.erb b/templates/Debian/preferences_squeeze.erb index 838b3a1..885edc7 100644 --- a/templates/Debian/preferences_squeeze.erb +++ b/templates/Debian/preferences_squeeze.erb @@ -1,4 +1,4 @@ -Explanation: Debian <%= codename=scope.lookupvar('apt::codename') %> +Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %> Package: * Pin: release o=Debian,n=<%= codename %> Pin-Priority: 990 @@ -13,7 +13,7 @@ Package: * Pin: release o=Debian,n=<%= codename %>-lts Pin-Priority: 990 -Explanation: Debian <%= next_codename=scope.lookupvar('apt::next_codename') %> +Explanation: Debian <%= next_codename=scope.lookupvar('::debian_nextcodename') %> Package: * Pin: release o=Debian,n=<%= next_codename %> Pin-Priority: 2 diff --git a/templates/Debian/preferences_wheezy.erb b/templates/Debian/preferences_wheezy.erb index 0cc0e5c..106108d 100644 --- a/templates/Debian/preferences_wheezy.erb +++ b/templates/Debian/preferences_wheezy.erb @@ -1,4 +1,4 @@ -Explanation: Debian <%= codename=scope.lookupvar('apt::codename') %> +Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %> Package: * Pin: release o=Debian,n=<%= codename %> Pin-Priority: 990 diff --git a/templates/Debian/sources.list.erb b/templates/Debian/sources.list.erb index d043b70..8629626 100644 --- a/templates/Debian/sources.list.erb +++ b/templates/Debian/sources.list.erb @@ -1,7 +1,7 @@ # This file is managed by puppet # all local modifications will be overwritten -### Debian current: <%= codename=scope.lookupvar('apt::codename') %> +### Debian current: <%= codename=scope.lookupvar('::debian_codename') %> # basic deb <%= debian_url=scope.lookupvar('apt::debian_url') %> <%= codename %> <%= lrepos=scope.lookupvar('apt::real_repos') %> @@ -10,7 +10,7 @@ deb-src <%= debian_url %> <%= codename %> <%= lrepos %> <% end -%> # security -<% if ((release=scope.lookupvar('apt::release')) == "stable" || release == "oldstable") -%> +<% if ((release=scope.lookupvar('::debian_release')) == "stable" || release == "oldstable") -%> deb <%= security_url=scope.lookupvar('apt::security_url') %> <%= codename %>/updates <%= lrepos %> <% if include_src -%> deb-src <%= security_url %> <%= codename %>/updates <%= lrepos %> @@ -43,7 +43,7 @@ deb-src <%= debian_url %> <%= codename %>-updates <%= lrepos %> <% if use_lts=scope.lookupvar('apt::use_lts') -%> # LTS -<% if release != "oldoldstable" -%> +<% if release_lts=scope.lookupvar('::debian_lts') == "false" -%> # There is no LTS archive for <%= release %> <% else -%> deb <%= debian_url %> <%= codename %>-lts <%= lrepos %> @@ -54,7 +54,7 @@ deb-src <%= debian_url %> <%= codename %>-lts <%= lrepos %> <% end -%> <% if next_release=scope.lookupvar('apt::use_next_release') -%> -### Debian next: <%= next_release=scope.lookupvar('apt::next_release') ; next_codename=scope.lookupvar('apt::next_codename') %> +### Debian next: <%= next_release=scope.lookupvar('::debian_nextrelease') ; next_codename=scope.lookupvar('::debian_nextcodename') %> # basic deb <%= debian_url %> <%= next_codename %> <%= lrepos %> diff --git a/templates/Ubuntu/preferences_maverick.erb b/templates/Ubuntu/preferences_maverick.erb index 801ddd4..8e5481d 100644 --- a/templates/Ubuntu/preferences_maverick.erb +++ b/templates/Ubuntu/preferences_maverick.erb @@ -1,4 +1,4 @@ -Explanation: Ubuntu <%= codename=scope.lookupvar('apt::codename') %> security +Explanation: Ubuntu <%= codename=scope.lookupvar('::ubuntu_codename') %> security Package: * Pin: release o=Ubuntu,a=<%= codename %>-security Pin-Priority: 990 @@ -18,7 +18,7 @@ Package: * Pin: release a=<%= codename %>-backports Pin-Priority: 200 -Explanation: Ubuntu <%= next_release=scope.lookupvar('apt::next_release') %> +Explanation: Ubuntu <%= next_release=scope.lookupvar('::ubuntu_nextcodename') %> Package: * Pin: release o=Ubuntu,a=<%= next_release %> Pin-Priority: 2 diff --git a/templates/Ubuntu/sources.list.erb b/templates/Ubuntu/sources.list.erb index 8d2585d..e68399b 100644 --- a/templates/Ubuntu/sources.list.erb +++ b/templates/Ubuntu/sources.list.erb @@ -1,7 +1,7 @@ # This file is managed by puppet # all local modifications will be overwritten -# basic <%= codename=scope.lookupvar('apt::codename') %> +# basic <%= codename=scope.lookupvar('::ubuntu_codename') %> deb <%= ubuntu_url=scope.lookupvar('apt::ubuntu_url') %> <%= codename %> <%= lrepos=scope.lookupvar('apt::real_repos') %> <% if include_src=scope.lookupvar('apt::include_src') -%> deb-src <%= ubuntu_url %> <%= codename %> <%= lrepos %> -- cgit v1.2.3 From 5ea69cb0390deac15d57aefc361a895a0c9a6e96 Mon Sep 17 00:00:00 2001 From: Antoine Beaupré Date: Tue, 9 Jun 2015 11:25:34 -0400 Subject: allow possibility of disabling backports --- manifests/init.pp | 1 + manifests/params.pp | 1 + templates/Debian/sources.list.erb | 10 ++++++---- 3 files changed, 8 insertions(+), 4 deletions(-) (limited to 'manifests') diff --git a/manifests/init.pp b/manifests/init.pp index 68856cc..062be4c 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -7,6 +7,7 @@ class apt( $codename = $apt::params::codename, $use_lts = $apt::params::use_lts, $use_volatile = $apt::params::use_volatile, + $use_backports = $apt::params::use_backports, $include_src = $apt::params::include_src, $use_next_release = $apt::params::use_next_release, $debian_url = $apt::params::debian_url, diff --git a/manifests/params.pp b/manifests/params.pp index f977c27..a1c7392 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -2,6 +2,7 @@ class apt::params () { $codename = $::lsbdistcodename $use_lts = false $use_volatile = false + $use_backports = true $include_src = false $use_next_release = false $debian_url = 'http://httpredir.debian.org/debian/' diff --git a/templates/Debian/sources.list.erb b/templates/Debian/sources.list.erb index d043b70..a19893d 100644 --- a/templates/Debian/sources.list.erb +++ b/templates/Debian/sources.list.erb @@ -19,14 +19,16 @@ deb-src <%= security_url %> <%= codename %>/updates <%= lrepos %> # There is no security support for <%= release %> <% end -%> +<% if use_volatile=scope.lookupvar('apt::use_backports') -%> # backports -<% if (release == "testing" || release == "unstable" || release == "experimental") -%> +<% if (release == "testing" || release == "unstable" || release == "experimental") -%> # There is no backports archive for <%= release %> -<% else -%> +<% else -%> deb <%= backports_url=scope.lookupvar('apt::backports_url') %> <%= codename %>-backports <%= lrepos %> -<% if include_src -%> +<% if include_src -%> deb-src <%= backports_url %> <%= codename %>-backports <%= lrepos %> -<% end +<% end + end end -%> <% if use_volatile=scope.lookupvar('apt::use_volatile') -%> -- cgit v1.2.3 From 33acc00e5c6d8ab18f2992cccc8ee036b4d7771d Mon Sep 17 00:00:00 2001 From: Antoine Beaupré Date: Thu, 11 Jun 2015 10:07:47 -0400 Subject: add apt::key resource to deploy arbitrary keys the rationale of this is that isn't useful for third party modules, because they cannot inject keys in there without some serious apt class hijacking --- README | 17 +++++++++++++++++ manifests/key.pp | 13 +++++++++++++ 2 files changed, 30 insertions(+) create mode 100644 manifests/key.pp (limited to 'manifests') diff --git a/README b/README index 8333be2..835db79 100644 --- a/README +++ b/README @@ -478,6 +478,23 @@ Example: 'puppet:///modules/site_apt/company_internals.list' ], } +apt::key +-------- + +Deploys a secure apt OpenPGP key. This usually accompanies the +sources.list snippets above for third party repositories. For example, +you would do: + + apt::key { 'neurodebian.key': + source => 'puppet:///modules/site_apt/neurodebian.key', + } + +This deploys the key in the `${apt_base_dir}/keys` directory (as +opposed to `$custom_key_dir` which deploys it in `keys.d`). The reason +this exists on top of `$custom_key_dir` is to allow a more +decentralised distribution of those keys, without having all modules +throw their keys in the same directory in the manifests. + apt::upgrade_package -------------------- diff --git a/manifests/key.pp b/manifests/key.pp new file mode 100644 index 0000000..0ef9721 --- /dev/null +++ b/manifests/key.pp @@ -0,0 +1,13 @@ +define apt::key ($source) { + file { + "${apt::apt_base_dir}/${name}": + source => $source; + "${apt::apt_base_dir}/keys": + ensure => directory; + } + exec { "apt-key add ${apt::apt_base_dir}/${name}": + subscribe => File["${apt::apt_base_dir}/${name}"], + refreshonly => true, + notify => Exec['refresh_apt'], + } +} -- cgit v1.2.3 From 891aa0fbbed87e24322da7d3a80514f1bf94f0ac Mon Sep 17 00:00:00 2001 From: Antoine Beaupré Date: Thu, 11 Jun 2015 10:21:56 -0400 Subject: allow for binary keys that can be removed --- README | 25 +++++++++++++++++++++++-- manifests/key.pp | 15 +++++---------- manifests/key/plain.pp | 13 +++++++++++++ 3 files changed, 41 insertions(+), 12 deletions(-) create mode 100644 manifests/key/plain.pp (limited to 'manifests') diff --git a/README b/README index 835db79..d2cb71b 100644 --- a/README +++ b/README @@ -485,8 +485,25 @@ Deploys a secure apt OpenPGP key. This usually accompanies the sources.list snippets above for third party repositories. For example, you would do: - apt::key { 'neurodebian.key': - source => 'puppet:///modules/site_apt/neurodebian.key', + apt::key { 'neurodebian.gpg': + ensure => present, + source => 'puppet:///modules/site_apt/neurodebian.gpg', + } + +This deploys the key in the `/etc/apt/trusted.gpg.d` directory, which +is assumed by secure apt to be binary OpenPGP keys and *not* +"ascii-armored" or "plain text" OpenPGP key material. For the latter, +use `apt::key::plain`. + +apt::key::plain +--------------- + +Deploys a secure apt OpenPGP key. This usually accompanies the +sources.list snippets above for third party repositories. For example, +you would do: + + apt::key::asc { 'neurodebian.asc': + source => 'puppet:///modules/site_apt/neurodebian.asc', } This deploys the key in the `${apt_base_dir}/keys` directory (as @@ -495,6 +512,10 @@ this exists on top of `$custom_key_dir` is to allow a more decentralised distribution of those keys, without having all modules throw their keys in the same directory in the manifests. +Note that this model does *not* currently allow keys to be removed! +Use `apt::key` instead for a more practical, revokable approach, but +that needs binary keys. + apt::upgrade_package -------------------- diff --git a/manifests/key.pp b/manifests/key.pp index 0ef9721..3f9660f 100644 --- a/manifests/key.pp +++ b/manifests/key.pp @@ -1,13 +1,8 @@ -define apt::key ($source) { +define apt::key ($ensure => 'present', $source) { file { - "${apt::apt_base_dir}/${name}": - source => $source; - "${apt::apt_base_dir}/keys": - ensure => directory; - } - exec { "apt-key add ${apt::apt_base_dir}/${name}": - subscribe => File["${apt::apt_base_dir}/${name}"], - refreshonly => true, - notify => Exec['refresh_apt'], + "/etc/apt/trusted.gpg.d/$name": + source => $source, + ensure => $ensure, + notify => Exec['refresh_apt'], } } diff --git a/manifests/key/plain.pp b/manifests/key/plain.pp new file mode 100644 index 0000000..a84e6dd --- /dev/null +++ b/manifests/key/plain.pp @@ -0,0 +1,13 @@ +define apt::key::plain ($source) { + file { + "${apt::apt_base_dir}/${name}": + source => $source; + "${apt::apt_base_dir}/keys": + ensure => directory; + } + exec { "apt-key add ${apt::apt_base_dir}/${name}": + subscribe => File["${apt::apt_base_dir}/${name}"], + refreshonly => true, + notify => Exec['refresh_apt'], + } +} -- cgit v1.2.3 From 931076f85488e1b0f57aeaf67357a2443b18ffba Mon Sep 17 00:00:00 2001 From: Antoine Beaupré Date: Thu, 11 Jun 2015 10:32:40 -0400 Subject: fix typo --- manifests/key.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/key.pp b/manifests/key.pp index 3f9660f..b396c1e 100644 --- a/manifests/key.pp +++ b/manifests/key.pp @@ -1,4 +1,4 @@ -define apt::key ($ensure => 'present', $source) { +define apt::key ($ensure = 'present', $source) { file { "/etc/apt/trusted.gpg.d/$name": source => $source, -- cgit v1.2.3 From 5564b3fba3d8aebdc3cbcd7441e9c7a216243f46 Mon Sep 17 00:00:00 2001 From: Antoine Beaupré Date: Wed, 26 Aug 2015 23:27:58 -0400 Subject: fix install location of apt::key::plain --- manifests/key/plain.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'manifests') diff --git a/manifests/key/plain.pp b/manifests/key/plain.pp index a84e6dd..a24a51b 100644 --- a/manifests/key/plain.pp +++ b/manifests/key/plain.pp @@ -1,12 +1,12 @@ define apt::key::plain ($source) { file { - "${apt::apt_base_dir}/${name}": + "${apt::apt_base_dir}/keys/${name}": source => $source; "${apt::apt_base_dir}/keys": ensure => directory; } - exec { "apt-key add ${apt::apt_base_dir}/${name}": - subscribe => File["${apt::apt_base_dir}/${name}"], + exec { "apt-key add ${apt::apt_base_dir}/keys/${name}": + subscribe => File["${apt::apt_base_dir}/keys/${name}"], refreshonly => true, notify => Exec['refresh_apt'], } -- cgit v1.2.3 From dc1a19e6cb7f05815f95f90033d212758f59744b Mon Sep 17 00:00:00 2001 From: intrigeri Date: Mon, 31 Aug 2015 09:54:28 +0000 Subject: Linting. --- manifests/key.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'manifests') diff --git a/manifests/key.pp b/manifests/key.pp index b396c1e..7be526e 100644 --- a/manifests/key.pp +++ b/manifests/key.pp @@ -1,8 +1,8 @@ -define apt::key ($ensure = 'present', $source) { +define apt::key ($source, $ensure = 'present') { file { - "/etc/apt/trusted.gpg.d/$name": - source => $source, + "/etc/apt/trusted.gpg.d/${name}": ensure => $ensure, + source => $source, notify => Exec['refresh_apt'], } } -- cgit v1.2.3 From 8745de17d64a6eac0eb9f15c19f990fd80383c1f Mon Sep 17 00:00:00 2001 From: intrigeri Date: Mon, 31 Aug 2015 09:55:17 +0000 Subject: Quote apt-key variable parameter. This is not perfect protection against special chars that the shell may interpret, but should help at least in case $name contains spaces. --- manifests/key/plain.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/key/plain.pp b/manifests/key/plain.pp index a24a51b..e4a2f89 100644 --- a/manifests/key/plain.pp +++ b/manifests/key/plain.pp @@ -5,7 +5,7 @@ define apt::key::plain ($source) { "${apt::apt_base_dir}/keys": ensure => directory; } - exec { "apt-key add ${apt::apt_base_dir}/keys/${name}": + exec { "apt-key add '${apt::apt_base_dir}/keys/${name}'": subscribe => File["${apt::apt_base_dir}/keys/${name}"], refreshonly => true, notify => Exec['refresh_apt'], -- cgit v1.2.3 From 5f7232b420e02eaa38c14a7be75034d9b3cdd64b Mon Sep 17 00:00:00 2001 From: intrigeri Date: Mon, 31 Aug 2015 10:00:09 +0000 Subject: Add validation for apt::key's name. It's great to document requirements in README, but error'ing out whenever the user messes up is even better IMO. --- README | 1 + manifests/key.pp | 5 +++++ 2 files changed, 6 insertions(+) (limited to 'manifests') diff --git a/README b/README index 85cf6df..1a83ac9 100644 --- a/README +++ b/README @@ -99,6 +99,7 @@ This module needs: - the lsb module: git://labs.riseup.net/shared-lsb - the common module: git://labs.riseup.net/shared-common +- the stdlib module: https://forge.puppetlabs.com/puppetlabs/stdlib By default, on normal hosts, this module sets the configuration option DSelect::Clean to 'auto'. On virtual servers, the value is set by default to diff --git a/manifests/key.pp b/manifests/key.pp index 7be526e..65b62e9 100644 --- a/manifests/key.pp +++ b/manifests/key.pp @@ -1,4 +1,9 @@ define apt::key ($source, $ensure = 'present') { + validate_re( + $name, '\.gpg$', + 'An apt::key resource name must have the .gpg extension', + ) + file { "/etc/apt/trusted.gpg.d/${name}": ensure => $ensure, -- cgit v1.2.3 From e714859a10776123afe77bbd15d9f7a02ea9682f Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Fri, 9 Oct 2015 16:59:33 -0400 Subject: Make it possible to specify own template. Micah found an issue with usage of config_content: if you call template('...') yourself and pass that on to config_content, then your template gets evaluated without all of the variables. This means that you don't hava access to blacklisted_packages, mail_recipient or mailonlyonerror. To make it possible to use a different template while still having access to those variables, let's make it possible to change the template name that we're using. --- manifests/unattended_upgrades.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp index 6cb0518..ffb5fad 100644 --- a/manifests/unattended_upgrades.pp +++ b/manifests/unattended_upgrades.pp @@ -1,5 +1,6 @@ class apt::unattended_upgrades ( $config_content = undef, + $config_template = 'apt/50unattended-upgrades.erb', $mailonlyonerror = true, $mail_recipient = 'root', $blacklisted_packages = [], @@ -11,7 +12,7 @@ class apt::unattended_upgrades ( } $file_content = $config_content ? { - undef => template('apt/50unattended-upgrades.erb'), + undef => template($config_template), default => $config_content } -- cgit v1.2.3 From bfa973a66896208e2cf0bea37ec15a4f950f09bd Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Fri, 4 Dec 2015 12:33:35 -0500 Subject: Use $ubuntu_url as default value of $backports_url on Ubuntu MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Ubuntu shouldn't be using debian backports by default. This was written by Anoine Beaupré, but split from the commit "move backports to snippets" since the change is unrelated and needs to be more visible in the commit history. --- manifests/params.pp | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'manifests') diff --git a/manifests/params.pp b/manifests/params.pp index 9c85b6f..28da13e 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -6,13 +6,16 @@ class apt::params () { $use_next_release = false $debian_url = 'http://httpredir.debian.org/debian/' $security_url = 'http://security.debian.org/' + $ubuntu_url = 'http://archive.ubuntu.com/ubuntu' $backports_url = $::debian_codename ? { 'squeeze' => 'http://backports.debian.org/debian-backports/', - default => $debian_url + default => $::operatingsystem ? { + 'Ubuntu' => $ubuntu_url, + default => $debian_url, + } } $lts_url = $debian_url $volatile_url = 'http://volatile.debian.org/debian-volatile/' - $ubuntu_url = 'http://archive.ubuntu.com/ubuntu' $repos = 'auto' $custom_preferences = '' $disable_update = false -- cgit v1.2.3 From e4a9222d861ae05a8d9d0a43f2ed4aa0be229390 Mon Sep 17 00:00:00 2001 From: Antoine Beaupré Date: Thu, 11 Jun 2015 11:04:46 -0400 Subject: move backports to snippets this allows for third party modules to enable this on the fly --- manifests/init.pp | 17 ++++++++++++++++- templates/Debian/sources.list.erb | 12 ------------ templates/Ubuntu/sources.list.erb | 8 -------- 3 files changed, 16 insertions(+), 21 deletions(-) (limited to 'manifests') diff --git a/manifests/init.pp b/manifests/init.pp index fc93eb3..4f5dd25 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -46,7 +46,7 @@ class apt( default => $custom_sources_list } file { - # include main, security and backports + # include main and security # additional sources should be included via the apt::sources_list define '/etc/apt/sources.list': content => $sources_content, @@ -98,6 +98,21 @@ class apt( # backports uses the normal archive key now package { 'debian-backports-keyring': ensure => absent } + if $use_backports { + if ($release != "testing" and $release != "unstable" and $release != "experimental") { + apt::sources_list { + "${codename}-backports": + content => "deb $backports_url ${codename}-backports ${apt::real_repos}", + } + if $include_src { + apt::sources_list { + "${codename}-backports-src": + content => "deb-src $backports_url ${codename}-backports ${apt::real_repos}", + } + } + } + } + include common::moduledir common::module_dir { 'apt': } $apt_base_dir = "${common::moduledir::module_dir_path}/apt" diff --git a/templates/Debian/sources.list.erb b/templates/Debian/sources.list.erb index bde87ac..44eea53 100644 --- a/templates/Debian/sources.list.erb +++ b/templates/Debian/sources.list.erb @@ -19,18 +19,6 @@ deb-src <%= security_url %> <%= codename %>/updates <%= lrepos %> # There is no security support for <%= release %> <% end -%> -<% if use_backports=scope.lookupvar('apt::use_backports') -%> -# backports -<% if (release == "testing" || release == "unstable" || release == "experimental") -%> -# There is no backports archive for <%= release %> -<% else -%> -deb <%= backports_url=scope.lookupvar('apt::backports_url') %> <%= codename %>-backports <%= lrepos %> -<% if include_src -%> -deb-src <%= backports_url %> <%= codename %>-backports <%= lrepos %> -<% end - end - end -%> - <% if use_volatile=scope.lookupvar('apt::use_volatile') -%> # volatile <% if (release == "testing" || release == "unstable" || release == "experimental") -%> diff --git a/templates/Ubuntu/sources.list.erb b/templates/Ubuntu/sources.list.erb index d0a3a5a..e6d2f64 100644 --- a/templates/Ubuntu/sources.list.erb +++ b/templates/Ubuntu/sources.list.erb @@ -20,11 +20,3 @@ deb <%= ubuntu_url %> <%= codename %>-security <%= lrepos %> <% if include_src -%> deb-src <%= ubuntu_url %> <%= codename %>-security <%= lrepos %> <% end -%> - -<% if use_backports=scope.lookupvar('apt::use_backports') -%> -# backports -deb <%= ubuntu_url %> <%= codename %>-backports <%= lrepos %> -<% if include_src -%> -deb-src <%= ubuntu_url %> <%= codename %>-backports <%= lrepos %> -<% end - end -%> -- cgit v1.2.3 From f492e5840b3d2122e347ead5d1c240e794120d0e Mon Sep 17 00:00:00 2001 From: Jerome Charaoui Date: Fri, 9 Oct 2015 13:50:43 -0400 Subject: Switch old $release and $codename local variables to new debian_* facts --- manifests/init.pp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'manifests') diff --git a/manifests/init.pp b/manifests/init.pp index 4f5dd25..16593c7 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -99,15 +99,15 @@ class apt( package { 'debian-backports-keyring': ensure => absent } if $use_backports { - if ($release != "testing" and $release != "unstable" and $release != "experimental") { + if (${::debian_release} != "testing" and ${::debian_release} != "unstable" and ${::debian_release} != "experimental") { apt::sources_list { - "${codename}-backports": - content => "deb $backports_url ${codename}-backports ${apt::real_repos}", + 'backports': + content => "deb $backports_url ${::debian_codename}-backports ${apt::real_repos}", } if $include_src { apt::sources_list { - "${codename}-backports-src": - content => "deb-src $backports_url ${codename}-backports ${apt::real_repos}", + 'backports-src': + content => "deb-src $backports_url ${::debian_codename}-backports ${apt::real_repos}", } } } -- cgit v1.2.3 From 4d3b720308964c027674bb08c49f142b4684ff58 Mon Sep 17 00:00:00 2001 From: Jerome Charaoui Date: Fri, 9 Oct 2015 14:08:46 -0400 Subject: Simplify conditional expressions --- manifests/init.pp | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) (limited to 'manifests') diff --git a/manifests/init.pp b/manifests/init.pp index 16593c7..2660612 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -98,17 +98,15 @@ class apt( # backports uses the normal archive key now package { 'debian-backports-keyring': ensure => absent } - if $use_backports { - if (${::debian_release} != "testing" and ${::debian_release} != "unstable" and ${::debian_release} != "experimental") { + if ($use_backports and !($::debian_release in ['testing', 'unstable', 'experimental'])) { + apt::sources_list { + 'backports': + content => "deb $backports_url ${::debian_codename}-backports ${apt::real_repos}", + } + if $include_src { apt::sources_list { - 'backports': - content => "deb $backports_url ${::debian_codename}-backports ${apt::real_repos}", - } - if $include_src { - apt::sources_list { - 'backports-src': - content => "deb-src $backports_url ${::debian_codename}-backports ${apt::real_repos}", - } + 'backports-src': + content => "deb-src $backports_url ${::debian_codename}-backports ${apt::real_repos}", } } } -- cgit v1.2.3 From 2942cd0dd88ec3a1d38197d148af9952a397b67c Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Fri, 4 Dec 2015 14:29:36 -0500 Subject: remove requirement on lsb package for sources.list file Managing requirements for installing the lsb package has proven over time to make no sense. The best approach to this is to require lsb-release to be installed alongside puppet, since otherwise there are so much facts that get no value during the run and you end up needing to run puppet twice to get the real end result. Also, since we're not including a class that is actually installing the 'lsb' package, that require line makes it so that including the apt module doesn't work, and there's no documentation in the README about needing to provide a package{'lsb':} resource with the apt class. Because of all that, it makes more sense to just get rid of that require line and mark lsb as a pre-requirement in the README file. --- README | 4 ++-- manifests/init.pp | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) (limited to 'manifests') diff --git a/README b/README index 45e0797..e46a3c7 100644 --- a/README +++ b/README @@ -99,9 +99,9 @@ Requirements This module needs: +- the lsb-release package should be installed on the server prior to running + puppet. otherwise, all of the $::lsb* facts will be empty during runs. - the common module: https://gitlab.com/shared-puppet-modules-group/common -- the lsb module: https://gitlab.com/shared-puppet-modules-group/lsb - (optional but recommended, required on Ubuntu) By default, on normal hosts, this module sets the configuration option DSelect::Clean to 'auto'. On virtual servers, the value is set by default to diff --git a/manifests/init.pp b/manifests/init.pp index 2660612..6732ade 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -50,7 +50,6 @@ class apt( # additional sources should be included via the apt::sources_list define '/etc/apt/sources.list': content => $sources_content, - require => Package['lsb'], notify => Exec['refresh_apt'], owner => root, group => 0, -- cgit v1.2.3 From d67dfe4beb6cc21660281a5c02a4c4b7a061fa1c Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 9 Dec 2015 16:31:35 +0100 Subject: [feat] Don't run an additional apt-get update When adding custom keys, an additional `apt-get update` would be run before the Exec['refresh_apt'], which don't make sense. --- manifests/init.pp | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) (limited to 'manifests') diff --git a/manifests/init.pp b/manifests/init.pp index 6732ade..1e7ddd7 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -123,17 +123,14 @@ class apt( mode => '0755', } exec { 'custom_keys': - command => "find ${apt_base_dir}/keys.d -type f -exec apt-key add '{}' \\; && /usr/bin/apt-get update", + command => "find ${apt_base_dir}/keys.d -type f -exec apt-key add '{}' \\;", subscribe => File["${apt_base_dir}/keys.d"], refreshonly => true, + notify => Exec[refresh_apt] } if $custom_preferences != false { Exec['custom_keys'] { - before => [ Exec[refresh_apt], File['apt_config'] ] - } - } else { - Exec['custom_keys'] { - before => Exec[refresh_apt] + before => File['apt_config'] } } } -- cgit v1.2.3 From fa1751c4de0154de7431ea18f57ddaeff329cf73 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 5 Jan 2016 11:39:57 +0100 Subject: [bug] Deploy preferene snippets before apt_refresh When pinning packages with apt::preferences_snippet, we need to make sure these get deployed before an `apt-get update` is triggered, so pinned packages can get installed in the right way with a single puppetrun. --- manifests/preferences_snippet.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/preferences_snippet.pp b/manifests/preferences_snippet.pp index 0c7b7bb..99feac4 100644 --- a/manifests/preferences_snippet.pp +++ b/manifests/preferences_snippet.pp @@ -31,7 +31,8 @@ define apt::preferences_snippet ( file { "/etc/apt/preferences.d/${name}": ensure => $ensure, - owner => root, group => 0, mode => '0644'; + owner => root, group => 0, mode => '0644', + before => Exec['refresh_apt']; } case $source { -- cgit v1.2.3 From f12b007edd557e91359fd9a5fba57f49e4a59a04 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 26 Jan 2016 14:42:17 +0100 Subject: [refactor] Unify `apt-get update` into one resource Before, there were two Execs that did an `apt-get update`, `Exec[refresh_apt]` and `Exec[apt_updated]`, which were triggered by different resources. This changes gets rid of the first one, and all resources now depend on `Exec[apt_updated]`. --- README | 38 +++++++++++++++++++------------------- manifests/apt_conf.pp | 2 +- manifests/dist_upgrade.pp | 11 +---------- manifests/dot_d_directories.pp | 11 ++--------- manifests/init.pp | 14 +++++++++++++- manifests/key.pp | 2 +- manifests/key/plain.pp | 2 +- manifests/preferences_snippet.pp | 2 +- manifests/sources_list.pp | 2 +- manifests/update.pp | 12 +++--------- 10 files changed, 43 insertions(+), 53 deletions(-) (limited to 'manifests') diff --git a/README b/README index 410201d..e097a7e 100644 --- a/README +++ b/README @@ -17,6 +17,14 @@ Ubuntu support is lagging behind but not absent either. ! Upgrade Notice ! + * The `disable_update` parameter has been removed. The main apt class + defaults to *not* run an `apt-get update` on every run anyway so this + parameter seems useless. + You can include the `apt::update` class if you want it to be run every time. + + * The `apt::upgrade_package` now doesn't automatically call an Exec['apt_updated'] + anymore, so you would need to include `apt::update` now by hand. + * The apt::codename parameter has been removed. In its place, the debian_codename fact may be overridden via an environment variable. This will affect all other debian_* facts, and achieve the same result. @@ -188,15 +196,6 @@ Class parameters: If this variable is set the default repositories list ("main contrib non-free") is overriden. -* disable_update - - Disable "apt-get update" which is normally triggered by apt::upgrade_package - and apt::dist_upgrade. - - Note that nodes can be updated once a day by using - APT::Periodic::Update-Package-Lists "1"; - in i.e. /etc/apt/apt.conf.d/80_apt_update_daily. - * custom_preferences For historical reasons (Debian Lenny's version of APT did not support the use @@ -296,9 +295,6 @@ classes may inherit from this one and add to its subscription list using the plusignment ('+>') operator. A real-world example can be seen in the apt::dist_upgrade::initiator source. -When this class is included the APT indexes are updated on every -Puppet run due to the author's lack of Puppet wizardry. - apt::dist_upgrade::initiator ---------------------------- @@ -555,18 +551,22 @@ Exec['apt_updated'] ------------------- After this point the APT indexes are up-to-date. +This resource is set to `refreshonly => true` so it is not run on +every puppetrun. To run this every time, you can include the `apt::update` +class. This resource is usually used like this to ensure current packages are installed by Package resources: - include apt::update - Package { require => Exec['apt_updated'] } + include apt::update + Package { require => Exec['apt_updated'] } + +Note that nodes can be updated once a day by using + + APT::Periodic::Update-Package-Lists "1"; + +in i.e. /etc/apt/apt.conf.d/80_apt_update_daily. -Please note that the apt::upgrade_package define automatically uses -this resource so you don't have to manage this yourself if you need to -make sure APT indexes are up-to-date before a package upgrade is -attempted, but don't want "apt-get update" to happen on every Puppet -run. Tests ===== diff --git a/manifests/apt_conf.pp b/manifests/apt_conf.pp index f446c69..949f615 100644 --- a/manifests/apt_conf.pp +++ b/manifests/apt_conf.pp @@ -38,7 +38,7 @@ define apt::apt_conf( if $refresh_apt { File["/etc/apt/apt.conf.d/${name}"] { - notify => Exec['refresh_apt'], + notify => Exec['apt_updated'], } } diff --git a/manifests/dist_upgrade.pp b/manifests/dist_upgrade.pp index bf78dcc..19c031e 100644 --- a/manifests/dist_upgrade.pp +++ b/manifests/dist_upgrade.pp @@ -1,18 +1,9 @@ class apt::dist_upgrade { - if $apt::disable_update == false { - include apt::update - } - - $req = $apt::disable_update ? { - true => undef, - default => Exec['apt_updated'], - } - exec { 'apt_dist-upgrade': command => '/usr/bin/apt-get -q -y -o \'DPkg::Options::=--force-confold\' dist-upgrade', refreshonly => true, - require => $req + before => Exec['apt_updated'] } } diff --git a/manifests/dot_d_directories.pp b/manifests/dot_d_directories.pp index 37c3fc8..0ace863 100644 --- a/manifests/dot_d_directories.pp +++ b/manifests/dot_d_directories.pp @@ -5,18 +5,11 @@ class apt::dot_d_directories { '/etc/apt/apt.conf.d': ensure => directory, checksum => mtime, - notify => Exec['refresh_apt']; + notify => Exec['apt_updated']; '/etc/apt/sources.list.d': ensure => directory, checksum => mtime, - notify => Exec['refresh_apt']; - } - - exec { - # "&& sleep 1" is workaround for older(?) clients - 'refresh_apt': - command => '/usr/bin/apt-get update && sleep 1', - refreshonly => true, + notify => Exec['apt_updated']; } } diff --git a/manifests/init.pp b/manifests/init.pp index 1e7ddd7..f9f9357 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -50,7 +50,7 @@ class apt( # additional sources should be included via the apt::sources_list define '/etc/apt/sources.list': content => $sources_content, - notify => Exec['refresh_apt'], + notify => Exec['apt_updated'], owner => root, group => 0, mode => '0644'; @@ -137,4 +137,16 @@ class apt( # workaround for preseeded_package component file { [ '/var/cache', '/var/cache/local', '/var/cache/local/preseeding' ]: ensure => directory } + + exec { 'update_apt': + command => '/usr/bin/apt-get update && /usr/bin/apt-get autoclean', + require => [ + File['/etc/apt/apt.conf.d', '/etc/apt/preferences' ], + File['/etc/apt/sources.list'] ], + loglevel => 'info', + refreshonly => true, + # Another Semaphor for all packages to reference + alias => [ 'apt_updated', 'refresh_apt'] + } + } diff --git a/manifests/key.pp b/manifests/key.pp index 65b62e9..cb70ec6 100644 --- a/manifests/key.pp +++ b/manifests/key.pp @@ -8,6 +8,6 @@ define apt::key ($source, $ensure = 'present') { "/etc/apt/trusted.gpg.d/${name}": ensure => $ensure, source => $source, - notify => Exec['refresh_apt'], + notify => Exec['apt_updated'], } } diff --git a/manifests/key/plain.pp b/manifests/key/plain.pp index e4a2f89..dff8b51 100644 --- a/manifests/key/plain.pp +++ b/manifests/key/plain.pp @@ -8,6 +8,6 @@ define apt::key::plain ($source) { exec { "apt-key add '${apt::apt_base_dir}/keys/${name}'": subscribe => File["${apt::apt_base_dir}/keys/${name}"], refreshonly => true, - notify => Exec['refresh_apt'], + notify => Exec['apt_updated'], } } diff --git a/manifests/preferences_snippet.pp b/manifests/preferences_snippet.pp index 99feac4..b7dba0d 100644 --- a/manifests/preferences_snippet.pp +++ b/manifests/preferences_snippet.pp @@ -32,7 +32,7 @@ define apt::preferences_snippet ( file { "/etc/apt/preferences.d/${name}": ensure => $ensure, owner => root, group => 0, mode => '0644', - before => Exec['refresh_apt']; + before => Exec['apt_updated']; } case $source { diff --git a/manifests/sources_list.pp b/manifests/sources_list.pp index aefad2d..0ee068d 100644 --- a/manifests/sources_list.pp +++ b/manifests/sources_list.pp @@ -23,7 +23,7 @@ define apt::sources_list ( file { "/etc/apt/sources.list.d/${realname}.list": ensure => $ensure, owner => root, group => 0, mode => '0644', - notify => Exec['refresh_apt'], + notify => Exec['apt_updated'], } if $source { diff --git a/manifests/update.pp b/manifests/update.pp index 3f45125..dde8320 100644 --- a/manifests/update.pp +++ b/manifests/update.pp @@ -1,13 +1,7 @@ -class apt::update { +class apt::update inherits ::apt { - exec { 'update_apt': - command => '/usr/bin/apt-get update && /usr/bin/apt-get autoclean', - require => [ - File['/etc/apt/apt.conf.d', '/etc/apt/preferences' ], - File['/etc/apt/sources.list'] ], - loglevel => info, - # Another Semaphor for all packages to reference - alias => 'apt_updated' + Exec['update_apt'] { + refreshonly => false } } -- cgit v1.2.3 From d2ae98e89b4f1a552eb7464f217aa809ac68666b Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 26 Jan 2016 14:52:53 +0100 Subject: [feat] Remove `apt-get autoclean` from apt::update `apt-get autoclean` should not be run on every puppetrun when including `apt::update`, but rather be configured as a `APT::Periodic` task that is run by cron, see https://wiki.debian.org/UnattendedUpgrades. --- manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/init.pp b/manifests/init.pp index f9f9357..d6e75cc 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -139,7 +139,7 @@ class apt( file { [ '/var/cache', '/var/cache/local', '/var/cache/local/preseeding' ]: ensure => directory } exec { 'update_apt': - command => '/usr/bin/apt-get update && /usr/bin/apt-get autoclean', + command => '/usr/bin/apt-get update', require => [ File['/etc/apt/apt.conf.d', '/etc/apt/preferences' ], File['/etc/apt/sources.list'] ], -- cgit v1.2.3 From 207218cee80ae99845cb567737f14a5eaafc136d Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 26 Jan 2016 15:18:22 +0100 Subject: [refactor] Get rid of the disable_update parameter The `disable_update` parameter has been removed. The main apt class defaults to *not* run an `apt-get update` on every run anyway so this parameter seems useless. You can include the `apt::update` class if you want it to be run every time. --- manifests/init.pp | 1 - manifests/params.pp | 1 - manifests/upgrade_package.pp | 15 ++------------- 3 files changed, 2 insertions(+), 15 deletions(-) (limited to 'manifests') diff --git a/manifests/init.pp b/manifests/init.pp index d6e75cc..85f44f0 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -18,7 +18,6 @@ class apt( $repos = $apt::params::repos, $custom_preferences = $apt::params::custom_preferences, $custom_sources_list = '', - $disable_update = $apt::params::disable_update, $custom_key_dir = $apt::params::custom_key_dir ) inherits apt::params { case $::operatingsystem { diff --git a/manifests/params.pp b/manifests/params.pp index 28da13e..28af06e 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -18,6 +18,5 @@ class apt::params () { $volatile_url = 'http://volatile.debian.org/debian-volatile/' $repos = 'auto' $custom_preferences = '' - $disable_update = false $custom_key_dir = false } diff --git a/manifests/upgrade_package.pp b/manifests/upgrade_package.pp index d607150..30572c9 100644 --- a/manifests/upgrade_package.pp +++ b/manifests/upgrade_package.pp @@ -2,10 +2,6 @@ define apt::upgrade_package ( $version = '' ) { - if $apt::disable_update == false { - include apt::update - } - $version_suffix = $version ? { '' => '', 'latest' => '', @@ -26,17 +22,10 @@ define apt::upgrade_package ( } } - $req = $apt::disable_update ? { - true => Package['apt-show-versions', 'dctrl-tools'], - default => [ - Exec['apt_updated'], - Package['apt-show-versions', 'dctrl-tools'] - ], - } - exec { "apt-get -q -y -o 'DPkg::Options::=--force-confold' install ${name}${version_suffix}": onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ], - require => $req + require => Package['apt-show-versions', 'dctrl-tools'], + before => Exec['apt_updated'] } } -- cgit v1.2.3 From c4a0aff2af47d48ca1b41110274ebb3879c4b758 Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Tue, 2 Feb 2016 17:07:21 -0500 Subject: Manage unattended-upgrades log directory In some situations, the log directory for unattended-upgrades might not exist. In those cases, packages will not get upgraded! unattended-upgrades crashes with a python backtrace because the log dir is not present. --- manifests/unattended_upgrades.pp | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'manifests') diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp index ffb5fad..52d7542 100644 --- a/manifests/unattended_upgrades.pp +++ b/manifests/unattended_upgrades.pp @@ -11,6 +11,16 @@ class apt::unattended_upgrades ( ensure => $ensure_version } + # For some reason, this directory is sometimes absent, which causes + # unattended-upgrades to crash. + file { '/var/log/unattended-upgrades': + ensure => directory, + owner => 'root', + group => 0, + mode => '0755', + require => Package['unattended-upgrades'], + } + $file_content = $config_content ? { undef => template($config_template), default => $config_content -- cgit v1.2.3 From 7714aa0436b8cd62982dc6c4f990aec5d33ec852 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 25 Feb 2016 19:59:58 +0100 Subject: Remove loglevel directive from Exec[update_apt] When using puppet apply (v 3.7), loglevel 'info' won't show the output on error. This is bad for debugging. --- manifests/init.pp | 1 - 1 file changed, 1 deletion(-) (limited to 'manifests') diff --git a/manifests/init.pp b/manifests/init.pp index 85f44f0..4c44af2 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -142,7 +142,6 @@ class apt( require => [ File['/etc/apt/apt.conf.d', '/etc/apt/preferences' ], File['/etc/apt/sources.list'] ], - loglevel => 'info', refreshonly => true, # Another Semaphor for all packages to reference alias => [ 'apt_updated', 'refresh_apt'] -- cgit v1.2.3