Merge remote branch 'riseup/master'

README

@@ -20,10 +20,10 @@ This module needs:
 - lsb-release installed
 - the common module: git://labs.riseup.net/shared-common
 
-By default, this module sets the configuration option DSelect::Clean to 'auto'.
-It is the recommended value on normal hosts.  On virtual servers, the
-recommended value is 'pre-auto', since virtual servers are usually more
-space-bound and have better recovery mechanisms via the host:
+By default, on normal hosts, this module sets the configuration option
+DSelect::Clean to 'auto'. On virtual servers, the value is set by default to
+'pre-auto', because virtual servers are usually more space-bound and have better
+recovery mechanisms via the host:
 
 From apt.conf(5), 0.7.2:
      "Cache Clean mode; this value may be one of always, prompt, auto,
@@ -35,10 +35,11 @@ From apt.conf(5), 0.7.2:
      packages."
 
 To change the default setting for DSelect::Clean, you can create a file named
-"03clean" in a site-apt module's files directory. You can also define this for
-a specific host by creating a file in a subdirectory of the site-apt modules'
-files directory that is named the same as the host. (example:
-site-apt/files/some.host.com/03clean)
+"03clean" or "03clean_vserver" in your site-apt module's files directory. You
+can also define this for a specific host by creating a file in a subdirectory of
+the site-apt modules' files directory that is named the same as the
+host. (example: site-apt/files/some.host.com/03clean, or
+site-apt/files/some.host.com/03clean_vserver)
 
 Variables
 =========
@@ -74,15 +75,9 @@ installation will not accidentally pull in packages from those suites
 unless you explicitly specify the version number. This file will be
 complemented with all of the preferences_snippet calls (see below).
 
-If the default preferences template doesn't suit your needs, you can
-create a file named 'preferences' in a site-apt module's files
-directory. You can also create a host-specific file:
-
-  site-apt
-   - files/
-     - server.domain.com/
-       - preferences
-       preferences
+If the default preferences template doesn't suit your needs, you can create a
+template located in your site-apt module, and set $custom_preferences with the
+location (eg. $custom_preferences = "puppet:///modules/site-apt/preferences")
 
 Setting this variable to false before including this class will force the
 apt/preferences file to be absent:
@@ -97,6 +92,9 @@ apt keyring, you can set this variable to a path in your fileserver
 where individual key files can be placed. If this is set and keys
 exist there, this module will 'apt-key add' each key.
 
+The debian-archive-keyring package is installed and kept current up to the
+latest revision (this includes the backports archive keyring).
+
 $apt_proxy / $apt_proxy_port
 ----------------------------
 
@@ -161,9 +159,27 @@ apt
 ---
 
 The apt class sets up most of the documented functionality. To use
-functionality that is not enabled by default, you must inlucde one of
+functionality that is not enabled by default, you must include one of
 the following classes.
 
+apt::apticron
+-------------
+
+When you include this class, apticron will be installed, with the following
+defaults, which you are free to change before you include the class:
+
+ $apticron_ensure_version = "present"
+ $apticron_email = "root" 
+ $apticron_config = "apt/${operatingsystem}/apticron_${lsbrelease}.erb"
+ $apticron_diff_only = "1"
+ $apticron_listchanges_profile = "apticron"
+ $apticron_system = false 
+ $apticron_ipaddressnum = false 
+ $apticron_ipaddresses = false 
+ $apticron_notifyholds = "0"
+ $apticron_notifynew = "0"
+ $apticron_customsubject = ""
+
 apt::cron::download
 -------------------
 
@@ -182,6 +198,19 @@ apt::dselect
 This class, when included, installs dselect and switches it to expert mode to
 suppress superfluous help screens.
 
+apt::listchanges
+
+This class, when included, installs apt-listchanges and configures it using the
+following variables, the defaults are below:
+
+ $listchanges_version = "present"
+ $listchanges_config = "apt/${operatingsystem}/listchanges_${lsbrelease}.erb" 
+ $listchanges_frontend = "pager" 
+ $listchanges_email = "root" 
+ $listchanges_confirm = "0" 
+ $listchanges_saveseen = "/var/lib/apt/listchanges.db" 
+ $listchanges_which = "both" 
+
 apt::proxy_client
 -----------------
 
@@ -228,18 +257,18 @@ apt::preseeded_package
 ----------------------
 
 This simplifies installation of packages for which you wish to preseed the
-answers to debconf. For example, if you wish to provide a preseed file
-for the locales package, you would place the locales.seed file in
-'templates/$debian_version/locales.seeds' and then include the following
-in your manifest:
+answers to debconf. For example, if you wish to provide a preseed file for the
+locales package, you would place the locales.seed file in
+'site-apt/templates/$lsbdistcodename/locales.seeds' and then include the
+following in your manifest:
 
   apt::preseeded_package { locales: }
 
-You can also specify 'content' to define this file via a template. Here's an
-example for preseeding installation of the 'mysql' package with a template:
+You can also specify the content of the seed via the content parameter, 
+for example:
 
-  apt::preseeded_package { "mysql":
-    content => template("site-apt/mysql.seed.erb"),
+  apt::preseeded_package { "apticron":
+    content => "apticron   apticron/notification   string  root@example.com",
   }
 
 apt::sources_list
@@ -296,10 +325,6 @@ Package { require => Exec[apt_updated] }
 TODO
 ====
 
-Currently this module updates the caches on every run. Running apt-get update is
-an expensive operation and should be done only on schedule by using
-apticron or cron-apt.
-
 Sometimes -- especially when initially starting management or deploying new
 packages -- a immediate update is really needed to be able to install the right
 packages without errors. Thus a method should be devised to be able to specify

files/03clean_vserver

@@ -0,0 +1,4 @@
+// This file is managed by Puppet
+// all local modifications will be overwritten
+
+DSelect::Clean pre-auto;

manifests/apt_conf.pp

@@ -1,11 +1,13 @@
 define apt::apt_conf(
   $ensure = 'present',
   $source = '',
-  $content = undef
-){
+  $content = undef )
+{
+
   if $source == '' and $content == undef {
     fail("One of \$source or \$content must be specified for apt_conf ${name}")
   }
+
   if $source != '' and $content != undef {
     fail("Only one of \$source or \$content must specified for apt_conf ${name}")
   }
@@ -13,7 +15,7 @@ define apt::apt_conf(
   file { "/etc/apt/apt.conf.d/${name}":
     ensure => $ensure,
     notify => Exec["refresh_apt"],
-    owner => root, group => 0, mode => 0600;
+    owner => root, group => 0, mode => 0644;
   }
 
   if $source {

manifests/apticron.pp

@@ -0,0 +1,54 @@
+class apt::apticron {
+
+  case $apticron_ensure_version {
+    '': { $apticron_ensure_version = "present" }
+  }
+
+  case $apticron_config {
+    '': { $apticron_config = "apt/${operatingsystem}/apticron_${lsbdistcodename}.erb" }
+  }
+
+  case $apticron_email {
+    '': { $apticron_email = "root" }
+  }
+
+  case $apticron_diff_only {
+    '': { $apticron_diff_only = "1" }
+  }
+
+  case $apticron_listchanges_profile {
+    '': { $apticron_listchanges_profile = "apticron" }
+  }
+
+  case $apticron_system {
+    '': { $apticron_system = false }
+  }
+
+  case $apticron_ipaddressnum {
+    '': { $apticron_ipaddressnum = false }
+  }
+
+  case $apticron_ipaddresses {
+    '': { $apticron_ipaddresses = false }
+  }
+
+  case $apticron_notifyholds {
+    '': { $apticron_notifyholds = "0" }
+  }
+
+  case $apticron_notifynew {
+    '': { $apticron_notifynew = "0" }
+  }
+
+  case $apticron_customsubject {
+    '': { $apticron_customsubject = "" }
+  }
+  
+  package { apticron: ensure => $apticron_ensure_version }
+
+  file { "/etc/apticron/apticron.conf":
+    content => template($apticron_config),
+    mode => 0644, owner => root, group => root,
+    require => Package["apticron"];  
+  }
+}

manifests/cron/base.pp

@@ -1,3 +1,4 @@
 class apt::cron::base {
-	package { cron-apt: ensure => installed }
+
+  package { cron-apt: ensure => installed }
 }

manifests/dselect.pp

@@ -1,4 +1,5 @@
 class apt::dselect {
+
   # suppress annoying help texts of dselect
   append_if_no_such_line { dselect_expert:
       file => "/etc/dpkg/dselect.cfg",

manifests/init.pp

@@ -21,7 +21,7 @@ class apt {
   }
 
   $debian_url = $apt_debian_url ? {
-    ''      => 'http://ftp.debian.org/debian/',
+    ''      => 'http://cdn.debian.net/debian/',
     default => "${apt_debian_url}",
   }
   $security_url = $apt_security_url ? {
@@ -88,17 +88,27 @@ class apt {
   }
 
   apt_conf { "02show_upgraded":
-    source => ["puppet:///modules/site-apt/${fqdn}/02show_upgraded",
-               "puppet:///modules/site-apt/02show_upgraded",
-               "puppet:///modules/apt/02show_upgraded"]
+    source => [ "puppet:///modules/site-apt/${fqdn}/02show_upgraded",
+                "puppet:///modules/site-apt/02show_upgraded",
+                "puppet:///modules/apt/02show_upgraded" ]
   }
 
-  apt_conf { "03clean":
-    source => ["puppet:///modules/site-apt/${fqdn}/03clean",
-               "puppet:///modules/site-apt/03clean",
-               "puppet:///modules/apt/03clean"]
+  if ( $virtual == "vserver" ) {
+    apt_conf { "03clean_vserver":
+      source => [ "puppet:///modules/site-apt/${fqdn}/03clean_vserver",
+                  "puppet:///modules/site-apt/03clean_vserver",
+                  "puppet:///modules/apt/03clean_vserver" ],
+      alias => "03clean";
+    }
   }
-
+  else {
+    apt_conf { "03clean":
+      source => [ "puppet:///modules/site-apt/${fqdn}/03clean",
+                  "puppet:///modules/site-apt/03clean",
+                  "puppet:///modules/apt/03clean" ]
+    }
+  }
+    
   case $custom_preferences {
     false: {
       include apt::preferences::absent
@@ -112,13 +122,9 @@ class apt {
 
   # backward compatibility: upgrade from previous versions of this module.
   file {
-    ["/etc/apt/apt.conf.d/from_puppet",
-     "/etc/apt/apt.conf.d/99from_puppet"
-    ]:
+    [ "/etc/apt/apt.conf.d/from_puppet", "/etc/apt/apt.conf.d/99from_puppet" ]:
       ensure  => 'absent',
-      require => [ Apt_conf['02show_upgraded'],
-                   Apt_conf['03clean'],
-                 ],
+      require => [ Apt_conf['02show_upgraded'], Apt_conf['03clean'] ];
   }
 
   # watch .d directories and ensure they are present
@@ -134,13 +140,12 @@ class apt {
     'refresh_apt':
       command => '/usr/bin/apt-get update && sleep 1',
       refreshonly => true,
-      subscribe => [ File['/etc/apt/apt.conf.d'],
-                     Config_file['/etc/apt/sources.list'] ];
+      subscribe => [ File['/etc/apt/apt.conf.d'], Config_file['/etc/apt/sources.list'] ];
+
     'update_apt':
       command => '/usr/bin/apt-get update && /usr/bin/apt-get autoclean',
       refreshonly => true,
-      require => [ File['/etc/apt/apt.conf.d',
-                        '/etc/apt/preferences'],
+      require => [ File['/etc/apt/apt.conf.d', '/etc/apt/preferences' ],
                    Config_file['/etc/apt/sources.list'] ],
       loglevel => info,
       # Another Semaphor for all packages to reference
@@ -163,8 +168,8 @@ class apt {
       recurse => true,
       mode => 0755, owner => root, group => root,
     }
-    exec { "find ${apt_base_dir}/keys.d -type f -exec apt-key add '{}' \\; && apt-get update":
-      alias => "custom_keys",
+    exec { "custom_keys":
+      command => "find ${apt_base_dir}/keys.d -type f -exec apt-key add '{}' \\; && apt-get update",
       subscribe => File["${apt_base_dir}/keys.d"],
       refreshonly => true,
     }

manifests/listchanges.pp

@@ -0,0 +1,38 @@
+class apt::listchanges {
+
+  case $listchanges_version {
+    '': { $listchanges_version = "present" }
+  }
+
+  case $listchanges_config {
+    '': { $listchanges_config = "apt/${operatingsystem}/listchanges_${lsbdistcodename}.erb" }
+  }
+
+  case $listchanges_frontend {
+    '': { $listchanges_frontend = "pager" }
+  }
+
+  case $listchanges_email {
+    '': { $listchanges_email = "root" }
+  }
+
+  case $listchanges_confirm {
+    '': { $listchanges_confirm = "0" }
+  }
+
+  case $listchanges_saveseen {
+    '': { $listchanges_saveseen = "/var/lib/apt/listchanges.db" }
+  }
+
+  case $listchanges_which {
+    '': { $listchanges_which = "both" }
+  }
+
+  package { apt-listchanges: ensure => $listchanges_ensure_version }
+  
+  file { "/etc/apt/listchanges.conf":
+    content => template($listchanges_config),
+    mode => 0644, owner => root, group => root,
+    require => Package["apt-listchanges"];
+  }
+}

manifests/preferences.pp

@@ -3,7 +3,7 @@ class apt::preferences {
   include common::moduledir
   $apt_preferences_dir = "${common::moduledir::module_dir_path}/apt/preferences"
   module_dir{'apt/preferences': }
-  file{"${apt_preferences_dir}_header":
+  file { "${apt_preferences_dir}_header":
     content => $custom_preferences ? {
       '' => $operatingsystem ? {
         'debian' => template("apt/${operatingsystem}/preferences_${codename}.erb"),
@@ -13,7 +13,7 @@ class apt::preferences {
     },
   }
 
-  concatenated_file{'/etc/apt/preferences':
+  concatenated_file { '/etc/apt/preferences':
     dir => $apt_preferences_dir,
     header => "${apt_preferences_dir}_header",
     # use Concatenated_file[apt_config] to reference a completed configuration

manifests/preferences/absent.pp

@@ -1,5 +1,6 @@
 class apt::preferences::absent {
-  file {'/etc/apt/preferences':
+
+  file { '/etc/apt/preferences':
     ensure => absent,
   }
 }

manifests/preferences_snippet.pp

@@ -2,8 +2,9 @@ define apt::preferences_snippet(
   $ensure = 'present',
   $source = '',
   $release,
-  $priority
-){
+  $priority )
+{
+
   if $custom_preferences == false {
     fail("Trying to define a preferences_snippet with \$custom_preferences set to false.")
   }

manifests/preseeded_package.pp

@@ -1,11 +1,11 @@
 define apt::preseeded_package ($content = "", $ensure = "installed") {
   $seedfile = "/var/cache/local/preseeding/$name.seeds"
   $real_content = $content ? { 
-    ""      => template ( "$name.seeds", "$debian_version/$name.seeds" ),
+    ""      => template ( "site-apt/$lsbdistcodename/$name.seeds" ),
     default => $content
   }   
 
-  file{ $seedfile:
+  file { $seedfile:
     content => $real_content,
     mode => 0600, owner => root, group => root,
   }   

manifests/sources_list.pp

@@ -1,8 +1,9 @@
 define apt::sources_list (
   $ensure = 'present',
   $source = '',
-  $content = undef
-) {
+  $content = undef )
+{
+
   if $source == '' and $content == undef {
     fail("One of \$source or \$content must be specified for apt_sources_snippet ${name}")
   }

manifests/unattended_upgrades.pp

@@ -1,5 +1,6 @@
 class apt::unattended_upgrades {
-  package{'unattended-upgrades':
+
+  package { 'unattended-upgrades':
     ensure => present,
     require => undef,
   }

manifests/upgrade_package.pp

@@ -1,4 +1,5 @@
 define apt::upgrade_package ($version = "") {
+
   case $version {
     '': {
       exec { "aptitude -y install $name":

templates/Debian/apticron_lenny.erb

@@ -0,0 +1,49 @@
+# apticron.conf
+#
+# set EMAIL to a list of addresses which will be notified of impending updates
+#
+EMAIL="<%= apticron_email %>"
+
+#
+# Set DIFF_ONLY to "1" to only output the difference of the current run
+# compared to the last run (ie. only new upgrades since the last run). If there
+# are no differences, no output/email will be generated. By default, apticron
+# will output everything that needs to be upgraded.
+#
+DIFF_ONLY="<%= apticron_diff_only %>"
+
+#
+# Set LISTCHANGES_PROFILE if you would like apticron to invoke apt-listchanges
+# with the --profile option. You should add a corresponding profile to
+# /etc/apt/listchanges.conf
+#
+LISTCHANGES_PROFILE="<%= apticron_listchanges_profile %>"
+
+#
+# Set SYSTEM if you would like apticron to use something other than the output
+# of "hostname -f" for the system name in the mails it generates
+#
+# SYSTEM="foobar.example.com"
+<%- if has_variable?(apticron_system) and instance_variable_get("@#{apticron_system}").to_s != "false" -%>
+<%= 'SYSTEM="' + instance_variable_get("@#{apticron_system}").to_s + '"' %>
+<%- end -%>
+
+#
+# Set IPADDRESSNUM if you would like to configure the maximal number of IP
+# addresses apticron displays. The default is to display 1 address of each
+# family type (inet, inet6), if available.
+#
+# IPADDRESSNUM="1"
+<%- if has_variable?(apticron_ipaddressnum) and instance_variable_get("@#{apticron_ipaddressnum}").to_s != "false" -%>
+<%= 'IPADDRESSNUM="' + instance_variable_get("@#{apticron_ipaddressnum}").to_s + '"' %>
+<%- end -%>
+
+#
+# Set IPADDRESSES to a whitespace seperated list of reachable addresses for
+# this system. By default, apticron will try to work these out using the
+# "ip" command
+#
+# IPADDRESSES="192.0.2.1 2001:db8:1:2:3::1"
+<%- if has_variable?(apticron_ipaddresses) and instance_variable_get("@#{apticron_ipaddresses}").to_s != "false" -%>
+<%= 'IPADDRESSES="' + instance_variable_get("@#{apticron_ipaddresses}").to_s + '"' %>
+<%- end -%>

templates/Debian/apticron_squeeze.erb

@@ -0,0 +1,78 @@
+# apticron.conf
+#
+# set EMAIL to a space separated list of addresses which will be notified of
+# impending updates
+#
+EMAIL="<%= apticron_email %>"
+
+#
+# Set DIFF_ONLY to "1" to only output the difference of the current run
+# compared to the last run (ie. only new upgrades since the last run). If there
+# are no differences, no output/email will be generated. By default, apticron
+# will output everything that needs to be upgraded.
+#
+DIFF_ONLY="<%= apticron_diff_only %>"
+
+#
+# Set LISTCHANGES_PROFILE if you would like apticron to invoke apt-listchanges
+# with the --profile option. You should add a corresponding profile to
+# /etc/apt/listchanges.conf
+#
+LISTCHANGES_PROFILE="<%= apticron_listchanges_profile %>"
+
+#
+# Set SYSTEM if you would like apticron to use something other than the output
+# of "hostname -f" for the system name in the mails it generates
+#
+# SYSTEM="foobar.example.com"
+<%- if has_variable?(apticron_system) and instance_variable_get("@#{apticron_system}").to_s != "false" -%>
+<%= 'SYSTEM="' + instance_variable_get("@#{apticron_system}").to_s + '"' %>
+<%- end %>
+
+#
+# Set IPADDRESSNUM if you would like to configure the maximal number of IP
+# addresses apticron displays. The default is to display 1 address of each
+# family type (inet, inet6), if available.
+#
+# IPADDRESSNUM="1"
+<%- if has_variable?(apticron_ipaddressnum) and instance_variable_get("@#{apticron_ipaddressnum}").to_s != "false" -%>
+<%= 'IPADDRESSNUM="' + instance_variable_get("@#{apticron_ipaddressnum}").to_s + '"' %>
+<%- end -%>
+
+#
+# Set IPADDRESSES to a whitespace separated list of reachable addresses for
+# this system. By default, apticron will try to work these out using the
+# "ip" command
+#
+# IPADDRESSES="192.0.2.1 2001:db8:1:2:3::1"
+<%- if has_variable?(apticron_ipaddresses) and instance_variable_get("@#{apticron_ipaddresses}").to_s != "false" -%>
+<%= 'IPADDRESSES="' + instance_variable_get("@#{apticron_ipaddresses}").to_s + '"' %>
+<%- end -%>
+
+#
+# Set NOTIFY_HOLDS="0" if you don't want to be notified about new versions of
+# packages on hold in your system. The default behavior is downloading and
+# listing them as any other package.
+#
+# NOTIFY_HOLDS="0"
+NOTIFY_HOLDS="<%= apticron_notifyholds %>"
+
+#
+# Set NOTIFY_NEW="0" if you don't want to be notified about packages which
+# are not installed in your system. Yes, it's possible! There are some issues
+# related to systems which have mixed stable/unstable sources. In these cases
+# apt-get will consider for example that packages with "Priority:
+# required"/"Essential: yes" in unstable but not in stable should be installed,
+# so they will be listed in dist-upgrade output. Please take a look at
+# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531002#44
+#
+# NOTIFY_NEW="0"
+NOTIFY_NEW="<%= apticron_notifynew %>"
+
+#
+# Set CUSTOM_SUBJECT if you want to replace the default subject used in
+# the notification e-mails. This may help filtering/sorting client-side e-mail.
+#
+# CUSTOM_SUBJECT=""
+CUSTOM_SUBJECT="<%= apticron_customsubject %>"
+

templates/Debian/listchanges_lenny.erb

@@ -0,0 +1,7 @@
+[apt]
+frontend=<%= listchanges_frontend %>
+email_address=<%= listchanges_email %>
+confirm=<%= listchanges_confirm %>
+save_seen=<%= listchanges_saveseen %>
+which=<%= listchanges_which %>
+

templates/Debian/listchanges_squeeze.erb

@@ -0,0 +1 @@
+listchanges_lenny.erb

templates/Debian/preferences_lenny.erb

@@ -1,6 +1,6 @@
 Explanation: Debian <%= codename %>
 Package: *
-Pin: release o=Debian,n=<%= codename %>
+Pin: release o=Debian,a=<%= release %>
 Pin-Priority: 990
 
 Explanation: Debian backports
@@ -8,14 +8,14 @@ Package: *
 Pin: origin backports.debian.org
 Pin-Priority: 200
 
-Explanation: Debian <%= next_codename %>
+Explanation: Debian <%= next_release %>
 Package: *
-Pin: release o=Debian,n=<%= next_codename %>
+Pin: release o=Debian,a=<%= next_release %>
 Pin-Priority: 2
 
 Explanation: Debian sid
 Package: *
-Pin: release o=Debian,n=sid
+Pin: release o=Debian,a=unstable
 Pin-Priority: 1
 
 Explanation: Debian fallback

templates/Ubuntu/sources.list.erb

@@ -22,5 +22,5 @@ deb-src <%= ubuntu_url %> <%= lsbdistcodename %>-security <%= repos %>
 # backports
 deb <%= ubuntu_url %> <%= lsbdistcodename %>-backports main <%= repos %>
 <% if include_src then -%>
-deb-src <%= ubuntu_url %> <%= lsbdistcodename %>-backports <%= repos >
+deb-src <%= ubuntu_url %> <%= lsbdistcodename %>-backports <%= repos %>
 <% end -%>