From 9192785c452ce2cfa0f58984d3aebdcaf841113a Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Sat, 27 Jul 2013 13:38:27 -0400 Subject: make it possible to opt out of MailOnlyOnError This combines all files into one template. It should make maintenance easier. --- templates/50unattended-upgrades.erb | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 templates/50unattended-upgrades.erb (limited to 'templates/50unattended-upgrades.erb') diff --git a/templates/50unattended-upgrades.erb b/templates/50unattended-upgrades.erb new file mode 100644 index 0000000..0ba0d7e --- /dev/null +++ b/templates/50unattended-upgrades.erb @@ -0,0 +1,26 @@ +// this file is managed by puppet ! + +Unattended-Upgrade::Allowed-Origins { +<% if scope.lookupvar('::operatingsystem') == 'Ubuntu' -%> + "${distro_id}:${distro_codename}-security"; + "${distro_id}:${distro_codename}-updates"; + "${distro_id}:${distro_codename}-backports"; +<% else -%> +<% if scope.lookupvar('::lsbdistcodename') == 'squeeze' -%> + "${distro-id} ${distro-codename}-security"; + "${distro-id} ${distro-codename}-lts"; +<% else -%> + # See Debian bug #704087 + "o=Debian,a=oldstable,l=Debian-Security"; + "o=Debian,a=stable,l=Debian-Security"; +<% end -%> +}; + +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Download-Upgradeable-Packages "1"; +APT::Periodic::Unattended-Upgrade "1"; + +Unattended-Upgrade::Mail "root"; +<% if mailonlyonerror -%> +Unattended-Upgrade::MailOnlyOnError "true"; +<% end -%> -- cgit v1.2.3 From d24ca3314fadd7836ed0d6345359eb7ccfad6419 Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Sat, 27 Jul 2013 13:42:54 -0400 Subject: Parametrize unattended-upgrades mail recipient --- manifests/unattended_upgrades.pp | 1 + templates/50unattended-upgrades.erb | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'templates/50unattended-upgrades.erb') diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp index b63b483..7e17333 100644 --- a/manifests/unattended_upgrades.pp +++ b/manifests/unattended_upgrades.pp @@ -1,6 +1,7 @@ class apt::unattended_upgrades ( $config_content = undef, $mailonlyonerror = true, + $mail_recipient = 'root', ) { package { 'unattended-upgrades': diff --git a/templates/50unattended-upgrades.erb b/templates/50unattended-upgrades.erb index 0ba0d7e..41bac87 100644 --- a/templates/50unattended-upgrades.erb +++ b/templates/50unattended-upgrades.erb @@ -20,7 +20,7 @@ APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Download-Upgradeable-Packages "1"; APT::Periodic::Unattended-Upgrade "1"; -Unattended-Upgrade::Mail "root"; +Unattended-Upgrade::Mail "<%= mail_recipient -%>"; <% if mailonlyonerror -%> Unattended-Upgrade::MailOnlyOnError "true"; <% end -%> -- cgit v1.2.3 From 0389b1126164bf8e884f5951d734d725bc718a66 Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Fri, 17 Apr 2015 16:42:22 -0400 Subject: unattended-upgrades: use an @ prefix for template variables --- templates/50unattended-upgrades.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'templates/50unattended-upgrades.erb') diff --git a/templates/50unattended-upgrades.erb b/templates/50unattended-upgrades.erb index 41bac87..318b69d 100644 --- a/templates/50unattended-upgrades.erb +++ b/templates/50unattended-upgrades.erb @@ -20,7 +20,7 @@ APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Download-Upgradeable-Packages "1"; APT::Periodic::Unattended-Upgrade "1"; -Unattended-Upgrade::Mail "<%= mail_recipient -%>"; -<% if mailonlyonerror -%> +Unattended-Upgrade::Mail "<%= @mail_recipient -%>"; +<% if @mailonlyonerror -%> Unattended-Upgrade::MailOnlyOnError "true"; <% end -%> -- cgit v1.2.3 From 6f6e725e60f05a232ba6053cfc49ce1b219be7c7 Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Fri, 17 Apr 2015 16:43:26 -0400 Subject: Add parameter for blacklisting a list of packages. This functionality was lost because we stopped using a source file for the 50unattended-upgrades file that would previously let one override the configuration per release or per host. --- README | 4 ++++ manifests/unattended_upgrades.pp | 1 + templates/50unattended-upgrades.erb | 8 ++++++++ 3 files changed, 13 insertions(+) (limited to 'templates/50unattended-upgrades.erb') diff --git a/README b/README index 87b303a..9cf17d1 100644 --- a/README +++ b/README @@ -17,6 +17,10 @@ Ubuntu support is lagging behind but not absent either. ! Upgrade Notice ! + * If you were using custom 50unattended-upgrades.${::lsbdistcodename} in your + site_apt, these are no longer supported. You should migrate to passing + $blacklisted_packages to the apt::unattended_upgrades class. + * the apt class has been moved to a paramterized class. if you were including this class before, after passing some variables, you will need to move to instantiating the class with those variables instead. For example, if you diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp index 7e17333..9f74bbd 100644 --- a/manifests/unattended_upgrades.pp +++ b/manifests/unattended_upgrades.pp @@ -2,6 +2,7 @@ class apt::unattended_upgrades ( $config_content = undef, $mailonlyonerror = true, $mail_recipient = 'root', + $blacklisted_packages = [], ) { package { 'unattended-upgrades': diff --git a/templates/50unattended-upgrades.erb b/templates/50unattended-upgrades.erb index 318b69d..4492c2d 100644 --- a/templates/50unattended-upgrades.erb +++ b/templates/50unattended-upgrades.erb @@ -16,6 +16,14 @@ Unattended-Upgrade::Allowed-Origins { <% end -%> }; +<% if not @blacklisted_packages.empty? -%> +Unattended-Upgrade::Package-Blacklist { +<% @blacklisted_packages.each do |pkg| -%> + "<%= pkg %>"; +<% end -%> +} +<% end -%> + APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Download-Upgradeable-Packages "1"; APT::Periodic::Unattended-Upgrade "1"; -- cgit v1.2.3 From f1a53bcfa7702f3bd1f86486d10b1f10cd0f2663 Mon Sep 17 00:00:00 2001 From: Jerome Charaoui Date: Wed, 6 May 2015 13:31:07 -0400 Subject: Fix error in 50unattended-upgrades.erb syntax, remove lsb fact --- templates/50unattended-upgrades.erb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'templates/50unattended-upgrades.erb') diff --git a/templates/50unattended-upgrades.erb b/templates/50unattended-upgrades.erb index 4492c2d..94059d5 100644 --- a/templates/50unattended-upgrades.erb +++ b/templates/50unattended-upgrades.erb @@ -5,8 +5,7 @@ Unattended-Upgrade::Allowed-Origins { "${distro_id}:${distro_codename}-security"; "${distro_id}:${distro_codename}-updates"; "${distro_id}:${distro_codename}-backports"; -<% else -%> -<% if scope.lookupvar('::lsbdistcodename') == 'squeeze' -%> +<% elsif scope.lookupvar('::operatingsystem') == 'Debian' and scope.lookupvar('::operatingsystemmajrelease') == 6 -%> "${distro-id} ${distro-codename}-security"; "${distro-id} ${distro-codename}-lts"; <% else -%> -- cgit v1.2.3 From 90a51c3ef89689e0659574336db20f4a2d014f53 Mon Sep 17 00:00:00 2001 From: Jerome Charaoui Date: Wed, 6 May 2015 17:14:53 -0400 Subject: Fix 50unattended-upgrades template for squeeze, better pattern for later release --- templates/50unattended-upgrades.erb | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'templates/50unattended-upgrades.erb') diff --git a/templates/50unattended-upgrades.erb b/templates/50unattended-upgrades.erb index 94059d5..2bcfab0 100644 --- a/templates/50unattended-upgrades.erb +++ b/templates/50unattended-upgrades.erb @@ -1,17 +1,18 @@ // this file is managed by puppet ! -Unattended-Upgrade::Allowed-Origins { <% if scope.lookupvar('::operatingsystem') == 'Ubuntu' -%> +Unattended-Upgrade::Allowed-Origins { "${distro_id}:${distro_codename}-security"; "${distro_id}:${distro_codename}-updates"; "${distro_id}:${distro_codename}-backports"; <% elsif scope.lookupvar('::operatingsystem') == 'Debian' and scope.lookupvar('::operatingsystemmajrelease') == 6 -%> - "${distro-id} ${distro-codename}-security"; - "${distro-id} ${distro-codename}-lts"; +Unattended-Upgrade::Allowed-Origins { + "${distro-id}:oldoldstable"; + "${distro-id}:squeeze-lts"; <% else -%> - # See Debian bug #704087 - "o=Debian,a=oldstable,l=Debian-Security"; - "o=Debian,a=stable,l=Debian-Security"; +Unattended-Upgrade::Origins-Pattern { + "o=Debian,l=Debian-Security"; + "o=Debian,a=${distro-id}-lts"; <% end -%> }; -- cgit v1.2.3 From 07424069c2cb66c484e2bfe160a1aba2efd610ce Mon Sep 17 00:00:00 2001 From: Jerome Charaoui Date: Thu, 7 May 2015 12:52:25 -0400 Subject: Fix typos in unattended-upgrades template --- templates/50unattended-upgrades.erb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'templates/50unattended-upgrades.erb') diff --git a/templates/50unattended-upgrades.erb b/templates/50unattended-upgrades.erb index 2bcfab0..73ffa60 100644 --- a/templates/50unattended-upgrades.erb +++ b/templates/50unattended-upgrades.erb @@ -7,12 +7,12 @@ Unattended-Upgrade::Allowed-Origins { "${distro_id}:${distro_codename}-backports"; <% elsif scope.lookupvar('::operatingsystem') == 'Debian' and scope.lookupvar('::operatingsystemmajrelease') == 6 -%> Unattended-Upgrade::Allowed-Origins { - "${distro-id}:oldoldstable"; - "${distro-id}:squeeze-lts"; + "${distro_id}:oldoldstable"; + "${distro_id}:squeeze-lts"; <% else -%> Unattended-Upgrade::Origins-Pattern { "o=Debian,l=Debian-Security"; - "o=Debian,a=${distro-id}-lts"; + "o=Debian,a=${distro_id}-lts"; <% end -%> }; @@ -21,7 +21,7 @@ Unattended-Upgrade::Package-Blacklist { <% @blacklisted_packages.each do |pkg| -%> "<%= pkg %>"; <% end -%> -} +}; <% end -%> APT::Periodic::Update-Package-Lists "1"; -- cgit v1.2.3 From 87bfb868d7625100086a26a81743f5adbabbb988 Mon Sep 17 00:00:00 2001 From: Jerome Charaoui Date: Mon, 11 May 2015 09:55:26 -0400 Subject: Avoid unattended security upgrades from stable if running oldstable --- templates/50unattended-upgrades.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'templates/50unattended-upgrades.erb') diff --git a/templates/50unattended-upgrades.erb b/templates/50unattended-upgrades.erb index 73ffa60..23c5c89 100644 --- a/templates/50unattended-upgrades.erb +++ b/templates/50unattended-upgrades.erb @@ -11,8 +11,8 @@ Unattended-Upgrade::Allowed-Origins { "${distro_id}:squeeze-lts"; <% else -%> Unattended-Upgrade::Origins-Pattern { - "o=Debian,l=Debian-Security"; - "o=Debian,a=${distro_id}-lts"; + "origin=Debian,archive=<%= scope.lookupvar('::apt::release') %>,label=Debian-Security"; + "origin=Debian,archive=${distro_codename}-lts"; <% end -%> }; -- cgit v1.2.3 From d007a403330c553d925b1b4888d93962a5f83f99 Mon Sep 17 00:00:00 2001 From: Jerome Charaoui Date: Mon, 11 May 2015 10:49:27 -0400 Subject: Replace debian_*() parser functions with facts * Removes dependency on lsb-release and/or Facter >1.7 (values are based on $::lsbdistcodename, when available) * Simplifies maintenance: only lib/facter/util/* require updates as new releases are made Caveats: * apt::codename is removed; to override debian_* facts, set the FACTER_debian_codename environment variable for puppet * If tracking unstable, make sure lsb-release is installed, as other methods can't tell between testing and unstable --- README | 22 +++++------- lib/facter/debian_codename.rb | 40 ++++++++++++++++++++++ lib/facter/debian_lts.rb | 14 ++++++++ lib/facter/debian_nextcodename.rb | 22 ++++++++++++ lib/facter/debian_nextrelease.rb | 23 +++++++++++++ lib/facter/debian_release.rb | 36 +++++++++++++++++++ lib/facter/ubuntu_codename.rb | 8 +++++ lib/facter/ubuntu_nextcodename.rb | 18 ++++++++++ lib/facter/util/debian.rb | 18 ++++++++++ lib/facter/util/ubuntu.rb | 20 +++++++++++ lib/puppet/parser/functions/debian_nextcodename.rb | 12 ------- lib/puppet/parser/functions/debian_nextrelease.rb | 11 ------ lib/puppet/parser/functions/debian_release.rb | 13 ------- .../parser/functions/debian_release_version.rb | 12 ------- manifests/apticron.pp | 2 +- manifests/init.pp | 16 --------- manifests/listchanges.pp | 2 +- manifests/params.pp | 3 +- manifests/preferences.pp | 4 +-- manifests/preseeded_package.pp | 2 +- templates/50unattended-upgrades.erb | 4 +-- templates/Debian/preferences_jessie.erb | 2 +- templates/Debian/preferences_lenny.erb | 6 ++-- templates/Debian/preferences_squeeze.erb | 4 +-- templates/Debian/preferences_wheezy.erb | 2 +- templates/Debian/sources.list.erb | 8 ++--- templates/Ubuntu/preferences_maverick.erb | 4 +-- templates/Ubuntu/sources.list.erb | 2 +- 28 files changed, 229 insertions(+), 101 deletions(-) create mode 100644 lib/facter/debian_codename.rb create mode 100644 lib/facter/debian_lts.rb create mode 100644 lib/facter/debian_nextcodename.rb create mode 100644 lib/facter/debian_nextrelease.rb create mode 100644 lib/facter/debian_release.rb create mode 100644 lib/facter/ubuntu_codename.rb create mode 100644 lib/facter/ubuntu_nextcodename.rb create mode 100644 lib/facter/util/debian.rb create mode 100644 lib/facter/util/ubuntu.rb delete mode 100644 lib/puppet/parser/functions/debian_nextcodename.rb delete mode 100644 lib/puppet/parser/functions/debian_nextrelease.rb delete mode 100644 lib/puppet/parser/functions/debian_release.rb delete mode 100644 lib/puppet/parser/functions/debian_release_version.rb (limited to 'templates/50unattended-upgrades.erb') diff --git a/README b/README index 8333be2..e554837 100644 --- a/README +++ b/README @@ -17,9 +17,11 @@ Ubuntu support is lagging behind but not absent either. ! Upgrade Notice ! - * Several parser functions have been updated: you need to restart your puppet - master, otherwise some nodes may keep on using an old, cached version! - (https://docs.puppetlabs.com/guides/custom_functions.html#gotchas) + * The apt::codename parameter has been removed. In its place, the + debian_codename fact may be overridden via an environment variable. This + will affect all other debian_* facts, and achieve the same result. + + FACTER_debian_codename=jessie puppet agent -t * If you were using custom 50unattended-upgrades.${::lsbdistcodename} in your site_apt, these are no longer supported. You should migrate to passing @@ -97,8 +99,9 @@ Requirements This module needs: -- the lsb module: git://labs.riseup.net/shared-lsb -- the common module: git://labs.riseup.net/shared-common +- the common module: https://gitlab.com/shared-puppet-modules-group/common +- the lsb module: https://gitlab.com/shared-puppet-modules-group/lsb + (optional but recommended, required on Ubuntu) By default, on normal hosts, this module sets the configuration option DSelect::Clean to 'auto'. On virtual servers, the value is set by default to @@ -225,15 +228,6 @@ Class parameters: class { 'apt': custom_sources_list => template('site_apt/sources.list') } -* codename - - Contains the codename ("squeeze", "wheezy", ...) of the client's release. While - these values come from lsb-release by default, this parameter can be set - manually, e.g. to enable forced upgrades. For example: - - include apt::dist_upgrade - class { 'apt': codename => 'wheezy', notify => Exec['apt_dist-upgrade'] } - * custom_key_dir If you have different apt-key files that you want to get added to your diff --git a/lib/facter/debian_codename.rb b/lib/facter/debian_codename.rb new file mode 100644 index 0000000..73eeea2 --- /dev/null +++ b/lib/facter/debian_codename.rb @@ -0,0 +1,40 @@ +begin + require 'facter/util/debian' +end + +def version_to_codename(version) + if Facter::Util::Debian::CODENAMES.has_key?(version) + return Facter::Util::Debian::CODENAMES[version] + else + Facter.warn("Could not determine codename from version '#{version}'") + end +end + +Facter.add(:debian_codename) do + has_weight 99 + confine :operatingsystem => 'Debian' + setcode do + Facter.value('lsbdistcodename') + end +end + +Facter.add(:debian_codename) do + has_weight 66 + confine :operatingsystem => 'Debian' + setcode do + version_to_codename(Facter.value('operatingsystemmajrelease')) + end +end + +Facter.add(:debian_codename) do + has_weight 33 + confine :operatingsystem => 'Debian' + setcode do + debian_version = File.open('/etc/debian_version', &:readline) + if debian_version.match(/^\d+/) + version_to_codename(version_to_codename.scan(/^(\d+)/)[0][0]) + elsif debian_version.match(/^[a-z]+\/(sid|unstable)/) + debian_version.scan(/^([a-z]+)\//)[0][0] + end + end +end diff --git a/lib/facter/debian_lts.rb b/lib/facter/debian_lts.rb new file mode 100644 index 0000000..1c137e1 --- /dev/null +++ b/lib/facter/debian_lts.rb @@ -0,0 +1,14 @@ +begin + require 'facter/util/debian' +end + +Facter.add(:debian_lts) do + confine :operatingsystem => 'Debian' + setcode do + if Facter::Util::Debian::LTS.include? Facter.value('debian_codename') + true + else + false + end + end +end diff --git a/lib/facter/debian_nextcodename.rb b/lib/facter/debian_nextcodename.rb new file mode 100644 index 0000000..755a0e5 --- /dev/null +++ b/lib/facter/debian_nextcodename.rb @@ -0,0 +1,22 @@ +begin + require 'facter/util/debian' +end + +def debian_codename_to_next(codename) + if codename == "sid" + return "experimental" + else + codenames = Facter::Util::Debian::CODENAMES.values.reverse + i = codenames.index(codename) + if i and i+1 < codenames.count + return codenames[i+1] + end + end +end + +Facter.add(:debian_nextcodename) do + confine :operatingsystem => 'Debian' + setcode do + debian_codename_to_next(Facter.value('debian_codename')) + end +end diff --git a/lib/facter/debian_nextrelease.rb b/lib/facter/debian_nextrelease.rb new file mode 100644 index 0000000..2a9c4f5 --- /dev/null +++ b/lib/facter/debian_nextrelease.rb @@ -0,0 +1,23 @@ +def debian_release_to_next(release) + releases = [ + 'oldoldoldstable', + 'oldoldstable', + 'oldstable', + 'stable', + 'testing', + 'unstable', + 'experimental', + ] + if releases.include? release + if releases.index(release)+1 < releases.count + return releases[releases.index(release)+1] + end + end +end + +Facter.add(:debian_nextrelease) do + confine :operatingsystem => 'Debian' + setcode do + debian_release_to_next(Facter.value('debian_release')) + end +end diff --git a/lib/facter/debian_release.rb b/lib/facter/debian_release.rb new file mode 100644 index 0000000..09e8eef --- /dev/null +++ b/lib/facter/debian_release.rb @@ -0,0 +1,36 @@ +begin + require 'facter/util/debian' +end + +def debian_codename_to_release(codename) + stable = Facter::Util::Debian::STABLE + versions = Facter::Util::Debian::CODENAMES.invert + release = nil + if codename == "sid" + release = "unstable" + elsif versions.has_key? codename + version = versions[codename].to_i + if version == stable + release = "stable" + elsif version < stable + release = "stable" + for i in version..stable - 1 + release = "old" + release + end + elsif version == stable + 1 + release = "testing" + end + end + if release.nil? + Facter.warn("Could not determine release from codename #{codename}!") + end + return release +end + +Facter.add(:debian_release) do + has_weight 99 + confine :operatingsystem => 'Debian' + setcode do + debian_codename_to_release(Facter.value('debian_codename')) + end +end diff --git a/lib/facter/ubuntu_codename.rb b/lib/facter/ubuntu_codename.rb new file mode 100644 index 0000000..814fd94 --- /dev/null +++ b/lib/facter/ubuntu_codename.rb @@ -0,0 +1,8 @@ +Facter.add(:ubuntu_codename) do + confine :operatingsystem => 'Ubuntu' + setcode do + Facter.value('lsbdistcodename') + end +end + + diff --git a/lib/facter/ubuntu_nextcodename.rb b/lib/facter/ubuntu_nextcodename.rb new file mode 100644 index 0000000..38b64ad --- /dev/null +++ b/lib/facter/ubuntu_nextcodename.rb @@ -0,0 +1,18 @@ +begin + require 'facter/util/ubuntu' +end + +def ubuntu_codename_to_next(codename) + codenames = Facter::Util::Ubuntu::CODENAMES + i = codenames.index(codename) + if i and i+1 < codenames.count + return codenames[i+1] + end +end + +Facter.add(:ubuntu_nextcodename) do + confine :operatingsystem => 'Ubuntu' + setcode do + ubuntu_codename_to_next(Facter.value('ubuntu_codename')) + end +end diff --git a/lib/facter/util/debian.rb b/lib/facter/util/debian.rb new file mode 100644 index 0000000..290c17b --- /dev/null +++ b/lib/facter/util/debian.rb @@ -0,0 +1,18 @@ +module Facter + module Util + module Debian + STABLE = 8 + CODENAMES = { + "5" => "lenny", + "6" => "squeeze", + "7" => "wheezy", + "8" => "jessie", + "9" => "stretch", + "10" => "buster", + } + LTS = [ + "squeeze", + ] + end + end +end diff --git a/lib/facter/util/ubuntu.rb b/lib/facter/util/ubuntu.rb new file mode 100644 index 0000000..1b2411a --- /dev/null +++ b/lib/facter/util/ubuntu.rb @@ -0,0 +1,20 @@ +module Facter + module Util + module Ubuntu + CODENAMES = [ + "lucid", + "maverick", + "natty", + "oneiric", + "precise", + "quantal", + "raring", + "saucy", + "trusty", + "utopic", + "vivid", + "wily", + ] + end + end +end diff --git a/lib/puppet/parser/functions/debian_nextcodename.rb b/lib/puppet/parser/functions/debian_nextcodename.rb deleted file mode 100644 index ee59612..0000000 --- a/lib/puppet/parser/functions/debian_nextcodename.rb +++ /dev/null @@ -1,12 +0,0 @@ -module Puppet::Parser::Functions - newfunction(:debian_nextcodename, :type => :rvalue) do |args| - case args[0] - when "squeeze" then "wheezy" - when "wheezy" then "jessie" - when "jessie" then "stretch" - when "stretch" then "sid" - when "sid" then "experimental" - else "sid" - end - end -end diff --git a/lib/puppet/parser/functions/debian_nextrelease.rb b/lib/puppet/parser/functions/debian_nextrelease.rb deleted file mode 100644 index 76c3e0d..0000000 --- a/lib/puppet/parser/functions/debian_nextrelease.rb +++ /dev/null @@ -1,11 +0,0 @@ -module Puppet::Parser::Functions - newfunction(:debian_nextrelease, :type => :rvalue) do |args| - case args[0] - when 'oldstable' then 'stable' - when 'stable' then 'testing' - when 'testing' then 'unstable' - when 'unstable' then 'experimental' - else 'unstable' - end - end -end diff --git a/lib/puppet/parser/functions/debian_release.rb b/lib/puppet/parser/functions/debian_release.rb deleted file mode 100644 index 3f24ad0..0000000 --- a/lib/puppet/parser/functions/debian_release.rb +++ /dev/null @@ -1,13 +0,0 @@ -module Puppet::Parser::Functions - newfunction(:debian_release, :type => :rvalue) do |args| - case args[0] - when 'squeeze' then 'oldoldstable' - when 'wheezy' then 'oldstable' - when 'jessie' then 'stable' - when 'stretch' then 'testing' - when 'sid' then 'unstable' - when 'experimental' then 'experimental' - else 'testing' - end - end -end diff --git a/lib/puppet/parser/functions/debian_release_version.rb b/lib/puppet/parser/functions/debian_release_version.rb deleted file mode 100644 index 32cafcb..0000000 --- a/lib/puppet/parser/functions/debian_release_version.rb +++ /dev/null @@ -1,12 +0,0 @@ -module Puppet::Parser::Functions - newfunction(:debian_release_version, :type => :rvalue) do |args| - case args[0] - when 'squeeze' then '6.0' - when 'wheezy' then '7.0' - when 'jessie' then '8.0' - when 'stretch' then '9.0' - when 'buster' then '10.0' - else '' - end - end -end diff --git a/manifests/apticron.pp b/manifests/apticron.pp index 54d7b71..9c94f9c 100644 --- a/manifests/apticron.pp +++ b/manifests/apticron.pp @@ -1,6 +1,6 @@ class apt::apticron( $ensure_version = 'installed', - $config = "apt/${::operatingsystem}/apticron_${::lsbdistcodename}.erb", + $config = "apt/${::operatingsystem}/apticron_${::debian_codename}.erb", $email = 'root', $diff_only = '1', $listchanges_profile = 'apticron', diff --git a/manifests/init.pp b/manifests/init.pp index 68856cc..5aaa13a 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -4,7 +4,6 @@ # See LICENSE for the full license granted to you. class apt( - $codename = $apt::params::codename, $use_lts = $apt::params::use_lts, $use_volatile = $apt::params::use_volatile, $include_src = $apt::params::include_src, @@ -41,21 +40,6 @@ class apt( require => undef, } - include lsb - - # init $release, $next_release, $next_codename, $release_version - case $codename { - 'n/a': { - fail("Unknown lsbdistcodename reported by facter: '$::lsbdistcodename', please fix this by setting this variable in your manifest.") - } - default: { - $release = debian_release($codename) - } - } - $release_version = debian_release_version($codename) - $next_codename = debian_nextcodename($codename) - $next_release = debian_nextrelease($release) - $sources_content = $custom_sources_list ? { '' => template( "apt/${::operatingsystem}/sources.list.erb"), default => $custom_sources_list diff --git a/manifests/listchanges.pp b/manifests/listchanges.pp index 0c163ae..e64bb1b 100644 --- a/manifests/listchanges.pp +++ b/manifests/listchanges.pp @@ -1,6 +1,6 @@ class apt::listchanges( $ensure_version = 'installed', - $config = "apt/${::operatingsystem}/listchanges_${::lsbdistcodename}.erb", + $config = "apt/${::operatingsystem}/listchanges_${::debian_codename}.erb", $frontend = 'mail', $email = 'root', $confirm = '0', diff --git a/manifests/params.pp b/manifests/params.pp index f977c27..da531db 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -1,12 +1,11 @@ class apt::params () { - $codename = $::lsbdistcodename $use_lts = false $use_volatile = false $include_src = false $use_next_release = false $debian_url = 'http://httpredir.debian.org/debian/' $security_url = 'http://security.debian.org/' - $backports_url = $::lsbdistcodename ? { + $backports_url = $::debian_codename ? { 'squeeze' => 'http://backports.debian.org/debian-backports/', default => $debian_url } diff --git a/manifests/preferences.pp b/manifests/preferences.pp index 9ed24c1..6982ca0 100644 --- a/manifests/preferences.pp +++ b/manifests/preferences.pp @@ -2,8 +2,8 @@ class apt::preferences { $pref_contents = $apt::custom_preferences ? { '' => $::operatingsystem ? { - 'debian' => template("apt/${::operatingsystem}/preferences_${apt::codename}.erb"), - 'ubuntu' => template("apt/${::operatingsystem}/preferences_${apt::codename}.erb"), + 'debian' => template("apt/${::operatingsystem}/preferences_${::debian_codename}.erb"), + 'ubuntu' => template("apt/${::operatingsystem}/preferences_${::ubuntu_codename}.erb"), }, default => $apt::custom_preferences } diff --git a/manifests/preseeded_package.pp b/manifests/preseeded_package.pp index 9bca8b1..3ef0687 100644 --- a/manifests/preseeded_package.pp +++ b/manifests/preseeded_package.pp @@ -4,7 +4,7 @@ define apt::preseeded_package ( ) { $seedfile = "/var/cache/local/preseeding/${name}.seeds" $real_content = $content ? { - '' => template ( "site_apt/${::lsbdistcodename}/${name}.seeds" ), + '' => template ( "site_apt/${::debian_codename}/${name}.seeds" ), default => $content } diff --git a/templates/50unattended-upgrades.erb b/templates/50unattended-upgrades.erb index 23c5c89..2afebfe 100644 --- a/templates/50unattended-upgrades.erb +++ b/templates/50unattended-upgrades.erb @@ -5,13 +5,13 @@ Unattended-Upgrade::Allowed-Origins { "${distro_id}:${distro_codename}-security"; "${distro_id}:${distro_codename}-updates"; "${distro_id}:${distro_codename}-backports"; -<% elsif scope.lookupvar('::operatingsystem') == 'Debian' and scope.lookupvar('::operatingsystemmajrelease') == 6 -%> +<% elsif scope.lookupvar('::operatingsystem') == 'Debian' and scope.lookupvar('::debian_codename') == 'squeeze' -%> Unattended-Upgrade::Allowed-Origins { "${distro_id}:oldoldstable"; "${distro_id}:squeeze-lts"; <% else -%> Unattended-Upgrade::Origins-Pattern { - "origin=Debian,archive=<%= scope.lookupvar('::apt::release') %>,label=Debian-Security"; + "origin=Debian,archive=<%= scope.lookupvar('::debian_release') %>,label=Debian-Security"; "origin=Debian,archive=${distro_codename}-lts"; <% end -%> }; diff --git a/templates/Debian/preferences_jessie.erb b/templates/Debian/preferences_jessie.erb index 4f8e95c..0888abe 100644 --- a/templates/Debian/preferences_jessie.erb +++ b/templates/Debian/preferences_jessie.erb @@ -1,4 +1,4 @@ -Explanation: Debian <%= codename=scope.lookupvar('apt::codename') %> +Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %> Package: * Pin: release o=Debian,n=<%= codename %> Pin-Priority: 990 diff --git a/templates/Debian/preferences_lenny.erb b/templates/Debian/preferences_lenny.erb index 5c3c829..6500168 100644 --- a/templates/Debian/preferences_lenny.erb +++ b/templates/Debian/preferences_lenny.erb @@ -1,6 +1,6 @@ -Explanation: Debian <%= codename=scope.lookupvar('apt::codename') %> +Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %> Package: * -Pin: release o=Debian,a=<%= scope.lookupvar('apt::release') %>,v=<%= scope.lookupvar('apt::release_version') %>* +Pin: release o=Debian,a=<%= scope.lookupvar('::debian_release') %>,v=5* Pin-Priority: 990 Explanation: Debian backports @@ -8,7 +8,7 @@ Package: * Pin: origin backports.debian.org Pin-Priority: 200 -Explanation: Debian <%= next_release=scope.lookupvar('apt::next_release') %> +Explanation: Debian <%= next_release=scope.lookupvar('::debian_nextrelease') %> Package: * Pin: release o=Debian,a=<%= next_release %> Pin-Priority: 2 diff --git a/templates/Debian/preferences_squeeze.erb b/templates/Debian/preferences_squeeze.erb index 838b3a1..885edc7 100644 --- a/templates/Debian/preferences_squeeze.erb +++ b/templates/Debian/preferences_squeeze.erb @@ -1,4 +1,4 @@ -Explanation: Debian <%= codename=scope.lookupvar('apt::codename') %> +Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %> Package: * Pin: release o=Debian,n=<%= codename %> Pin-Priority: 990 @@ -13,7 +13,7 @@ Package: * Pin: release o=Debian,n=<%= codename %>-lts Pin-Priority: 990 -Explanation: Debian <%= next_codename=scope.lookupvar('apt::next_codename') %> +Explanation: Debian <%= next_codename=scope.lookupvar('::debian_nextcodename') %> Package: * Pin: release o=Debian,n=<%= next_codename %> Pin-Priority: 2 diff --git a/templates/Debian/preferences_wheezy.erb b/templates/Debian/preferences_wheezy.erb index 0cc0e5c..106108d 100644 --- a/templates/Debian/preferences_wheezy.erb +++ b/templates/Debian/preferences_wheezy.erb @@ -1,4 +1,4 @@ -Explanation: Debian <%= codename=scope.lookupvar('apt::codename') %> +Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %> Package: * Pin: release o=Debian,n=<%= codename %> Pin-Priority: 990 diff --git a/templates/Debian/sources.list.erb b/templates/Debian/sources.list.erb index d043b70..8629626 100644 --- a/templates/Debian/sources.list.erb +++ b/templates/Debian/sources.list.erb @@ -1,7 +1,7 @@ # This file is managed by puppet # all local modifications will be overwritten -### Debian current: <%= codename=scope.lookupvar('apt::codename') %> +### Debian current: <%= codename=scope.lookupvar('::debian_codename') %> # basic deb <%= debian_url=scope.lookupvar('apt::debian_url') %> <%= codename %> <%= lrepos=scope.lookupvar('apt::real_repos') %> @@ -10,7 +10,7 @@ deb-src <%= debian_url %> <%= codename %> <%= lrepos %> <% end -%> # security -<% if ((release=scope.lookupvar('apt::release')) == "stable" || release == "oldstable") -%> +<% if ((release=scope.lookupvar('::debian_release')) == "stable" || release == "oldstable") -%> deb <%= security_url=scope.lookupvar('apt::security_url') %> <%= codename %>/updates <%= lrepos %> <% if include_src -%> deb-src <%= security_url %> <%= codename %>/updates <%= lrepos %> @@ -43,7 +43,7 @@ deb-src <%= debian_url %> <%= codename %>-updates <%= lrepos %> <% if use_lts=scope.lookupvar('apt::use_lts') -%> # LTS -<% if release != "oldoldstable" -%> +<% if release_lts=scope.lookupvar('::debian_lts') == "false" -%> # There is no LTS archive for <%= release %> <% else -%> deb <%= debian_url %> <%= codename %>-lts <%= lrepos %> @@ -54,7 +54,7 @@ deb-src <%= debian_url %> <%= codename %>-lts <%= lrepos %> <% end -%> <% if next_release=scope.lookupvar('apt::use_next_release') -%> -### Debian next: <%= next_release=scope.lookupvar('apt::next_release') ; next_codename=scope.lookupvar('apt::next_codename') %> +### Debian next: <%= next_release=scope.lookupvar('::debian_nextrelease') ; next_codename=scope.lookupvar('::debian_nextcodename') %> # basic deb <%= debian_url %> <%= next_codename %> <%= lrepos %> diff --git a/templates/Ubuntu/preferences_maverick.erb b/templates/Ubuntu/preferences_maverick.erb index 801ddd4..8e5481d 100644 --- a/templates/Ubuntu/preferences_maverick.erb +++ b/templates/Ubuntu/preferences_maverick.erb @@ -1,4 +1,4 @@ -Explanation: Ubuntu <%= codename=scope.lookupvar('apt::codename') %> security +Explanation: Ubuntu <%= codename=scope.lookupvar('::ubuntu_codename') %> security Package: * Pin: release o=Ubuntu,a=<%= codename %>-security Pin-Priority: 990 @@ -18,7 +18,7 @@ Package: * Pin: release a=<%= codename %>-backports Pin-Priority: 200 -Explanation: Ubuntu <%= next_release=scope.lookupvar('apt::next_release') %> +Explanation: Ubuntu <%= next_release=scope.lookupvar('::ubuntu_nextcodename') %> Package: * Pin: release o=Ubuntu,a=<%= next_release %> Pin-Priority: 2 diff --git a/templates/Ubuntu/sources.list.erb b/templates/Ubuntu/sources.list.erb index 8d2585d..e68399b 100644 --- a/templates/Ubuntu/sources.list.erb +++ b/templates/Ubuntu/sources.list.erb @@ -1,7 +1,7 @@ # This file is managed by puppet # all local modifications will be overwritten -# basic <%= codename=scope.lookupvar('apt::codename') %> +# basic <%= codename=scope.lookupvar('::ubuntu_codename') %> deb <%= ubuntu_url=scope.lookupvar('apt::ubuntu_url') %> <%= codename %> <%= lrepos=scope.lookupvar('apt::real_repos') %> <% if include_src=scope.lookupvar('apt::include_src') -%> deb-src <%= ubuntu_url %> <%= codename %> <%= lrepos %> -- cgit v1.2.3 From f8980538c1e27335d23e971e10487962091c5bb4 Mon Sep 17 00:00:00 2001 From: Jerome Charaoui Date: Fri, 9 Oct 2015 16:39:19 -0400 Subject: Improve unattended-upgrades origin selectors * On squeeze, use release fact instead of hardcoded release name * On wheezy, special-case because codename selector is not available * On jessie and up, start pulling in point-release updates. The codename selector ensures that we won't be upgrading to a new release automatically. --- templates/50unattended-upgrades.erb | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'templates/50unattended-upgrades.erb') diff --git a/templates/50unattended-upgrades.erb b/templates/50unattended-upgrades.erb index 2afebfe..7c65d10 100644 --- a/templates/50unattended-upgrades.erb +++ b/templates/50unattended-upgrades.erb @@ -7,12 +7,16 @@ Unattended-Upgrade::Allowed-Origins { "${distro_id}:${distro_codename}-backports"; <% elsif scope.lookupvar('::operatingsystem') == 'Debian' and scope.lookupvar('::debian_codename') == 'squeeze' -%> Unattended-Upgrade::Allowed-Origins { - "${distro_id}:oldoldstable"; + "${distro_id}:<%= scope.lookupvar('::debian_release') %>"; "${distro_id}:squeeze-lts"; -<% else -%> +<% elsif scope.lookupvar('::operatingsystem') == 'Debian' and scope.lookupvar('::debian_codename') == 'wheezy' -%> Unattended-Upgrade::Origins-Pattern { "origin=Debian,archive=<%= scope.lookupvar('::debian_release') %>,label=Debian-Security"; "origin=Debian,archive=${distro_codename}-lts"; +<% else -%> +Unattended-Upgrade::Origins-Pattern { + "origin=Debian,codename=${distro_codename},label=Debian"; + "origin=Debian,codename=${distro_codename},label=Debian-Security"; <% end -%> }; -- cgit v1.2.3