opuppet/module-apt
4
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

merged with immerda/master

Browse source
This commit is contained in:
nadir 2010-10-22 19:17:57 +02:00
commit 851d20a7b6
9 changed files with 118 additions and 108 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
README
View file

@ -7,7 +7,7 @@ This module manages apt on Debian.
It keeps dpkg's and apt's databases as well as the keyrings for securing It keeps dpkg's and apt's databases as well as the keyrings for securing
package download current. package download current.
backports.org is added and an archive key is provided[1]. backports.debian.org is added.
dselect is switched to expert mode to suppress superfluous help screens. dselect is switched to expert mode to suppress superfluous help screens.
@ -62,6 +62,10 @@ example, setting the following variable before including this class
will pull in the templates/apt/preferences file: will pull in the templates/apt/preferences file:
$custom_preferences = 'template("apt/preferences")' $custom_preferences = 'template("apt/preferences")'
Also, if you need the preferences file to be absent, set this variable to false:
$custom_preferences = false
$custom_key_dir $custom_key_dir
--------------- ---------------
If you have different apt-key files that you want to get added to your If you have different apt-key files that you want to get added to your
@ -82,12 +86,27 @@ Classes
This module contains only the apt class, which sets up all described This module contains only the apt class, which sets up all described
functionality. functionality.
Defines
=======
apt::preferences_snippet
------------------------
A way to add pinning information to /etc/apt/preferences
Example:
apt::preferences_snippet{
'irssi-plugin-otr':
release => 'lenny-backports',
priority => 999;
}
Resources Resources
========= =========
File[apt_config] Concatenated_file[apt_config]
---------------- -----------------------------
Use this resource to depend on or add to a completed apt configuration Use this resource to depend on or add to a completed apt configuration
Exec[apt_updated] Exec[apt_updated]
@ -139,7 +158,3 @@ Sometimes -- especially when initially starting management or deploying new
packages -- a immediate update is really needed to be able to install the right packages -- a immediate update is really needed to be able to install the right
packages without errors. Thus a method should be devised to be able to specify packages without errors. Thus a method should be devised to be able to specify
with high fidelity when a update should be run and when it is not needed. with high fidelity when a update should be run and when it is not needed.
[1] Of course, you should check the validity of _this_ key yourself.

33
files/backports.org.key
View file

@ -1,33 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.3 (GNU/Linux)
mQGiBEMIgw4RBADueqAzlq+rQT9JYSSWnNzo6C+9crI8lzW/fcl2Q3PO97MOQTOx
Qsf/lOh0Ku7O+VdBa+BwVPuUkSw6wTY5Ku1y/6r1BQzJ9oHkryDDJXsHzKhpdyFc
/lD4hNGqRkiNg5ulwAI0O1eqffPWDmeR9ZzSsqM40f1U4TNLfPAu1viWxwCgnbWz
onY6RqSYlRsDQaPsNTwieVEEAJeX2FGgNepD1SvfEremAkWCrYYlSZI76iTIf6bd
kGkWqIT0vJyE2MNenhDJ2ebbHJVFmL9x8S3m1daC4Zwnacm7aoCY/QgMJ+Js1Fex
Acev48W9KHgpVbFMd1t8KAwRbmFcQf0C/FZUbE7xScpTxS4z3SsMOuRyfnGpDOi6
m/SnA/9wpquf3pPwbPykzKWNJEDouiJgt0zaFLauKDPeyTWeJ6htaAPDglArewdq
bJ9M8QgLFtzjhg/fBQlRRUk7YP4OYtp1OdPkg2D/1rPQNySWlDf21T3N/K8ydKhR
bYi+AsPuJLQUi3d+lVTFOebaL9felePvDC2/Eod7PSD1/rnkZ7Q0QmFja3BvcnRz
Lm9yZyBBcmNoaXZlIEtleSA8ZnRwLW1hc3RlckBiYWNrcG9ydHMub3JnPohGBBAR
AgAGBQJDgImkAAoJEHFe1qB+e4rJ2x4An2oI4xJpDvOx8uDIo9ihG1M0MpUqAJ9S
cqVUmiyYSPtu8MwcZecy9kmOIYheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD
FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AniaEBvlr4oVFMrGgPiye7iE/jv68AJ48
OkIfwcKJt7N8ImPAboeimFvWgIheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD
FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AnjdB14rGa/rzz1ohwsi1oEnDRYuyAJ44
Nv8MTPjOaeEZArQ0flg8OXwF37kCDQRDCIMREAgAzXu6DGSDAz4JH+mlthtiQwNZ
FU8bjWanGT3DL6zubxwc3ZQmRaMOiVuvJUuaJv8fdGRSvp09dP2/x5mzq2rACiEn
DwZssNSK5sigxgy2W9zeO9bOtg6bhqZLwlsL8Y2xZhyGL3qGeP4zL1QbXZ1QdJuO
90Xu7GWYS6Wsj+Y6dUsZFYvTZwSiLkEmgFUTxkNue3DQtZ/KNkwoKc+aqU+S7gDN
StQDvTNtR6IV11KbKcY1iQ0B2bkh4zShWwloIr83V6huAhfH8GA7UW6saRJAof5D
JWUb+PRmU2TAOOlyZoM4nMH+sFFDPOeG8fbecwlox5BRTMqcCB5ELbQXoVZT+wAD
BQf/ffI9R53f9USQkhsSak+k82JjRo9hqKAvPwBv3fDhMYqX3XRmwgNeax2y6Ub0
AQkDhIC6eJILP5hTb2gjpmYYP7YE/7F1h37lUg7dDYeyPQF54mUXPnIg3uQ/V9HB
TY+ZW8rsVe1KRvPAuVFU77FfCvIFdLSXVi1HSUcGv9Y7Kk4Tkr7vzKshlcIp6zZr
O0Y3t/+ekBwTTQqEoUylVYkCSt3z6bjpVWbepkL88rbqJnPueTATw9shjbFYaND8
cXZox9tQmlOIZ6gDeH1YvFf7ObRLxULm7C6hwik6agtXWkNABVXSxM6MB4hcP9QC
+FEhK6y/7wC3SyNRBuFujDG1aohJBBgRAgAJBQJDCIMRAhsMAAoJEOqOiyEWuhNs
VVMAoJ1gbL0PHVf7yDwMjO3HuJBErxLdAJ4v9ojJnvJu2yUl4W586soBm+wsLg==
=fBrI
-----END PGP PUBLIC KEY BLOCK-----

16
manifests/default_preferences.pp
View file

@ -1,16 +0,0 @@
class apt::default_preferences {
config_file {
# this just pins unstable and testing to very low values
"/etc/apt/preferences":
content => template("apt/preferences.erb"),
# use File[apt_config] to reference a completed configuration
# See "The Puppet Semaphor" 2007-06-25 on the puppet-users ML
alias => apt_config,
# only update together
require => File["/etc/apt/sources.list"];
# little default settings which keep the system sane
"/etc/apt/apt.conf.d/99from_puppet":
content => "APT::Get::Show-Upgraded true;\nDSelect::Clean $real_apt_clean;\n",
before => Config_file[apt_config];
}
}

70
manifests/init.pp
View file

@ -31,16 +31,19 @@ class apt {
} }
} }
config_file {
# little default settings which keep the system sane
"/etc/apt/apt.conf.d/from_puppet":
content => "APT::Get::Show-Upgraded true;\nDSelect::Clean $real_apt_clean;\n",
before => Concatenated_file['/etc/apt/preferences'];
}
case $custom_preferences { case $custom_preferences {
'': { false: {
include apt::default_preferences include apt::preferences::absent
} }
default: { default: {
config_file { "/etc/apt/preferences": include apt::preferences
content => $custom_preferences,
alias => apt_config,
require => File["/etc/apt/sources.list"];
}
} }
} }
@ -59,58 +62,23 @@ class apt {
'refresh_apt': 'refresh_apt':
command => '/usr/bin/apt-get update && sleep 1', command => '/usr/bin/apt-get update && sleep 1',
refreshonly => true, refreshonly => true,
subscribe => [ File["/etc/apt/sources.list"], subscribe => File['/etc/apt/sources.list',
File["/etc/apt/preferences"], '/etc/apt/apt.conf.d',
File["/etc/apt/apt.conf.d"], '/etc/apt/preferences'];
Config_file[apt_config] ];
'update_apt': 'update_apt':
command => '/usr/bin/apt-get update && /usr/bin/apt-get autoclean', command => '/usr/bin/apt-get update && /usr/bin/apt-get autoclean',
require => [ File["/etc/apt/sources.list"], require => File['/etc/apt/sources.list',
File["/etc/apt/preferences"], Config_file[apt_config] ], '/etc/apt/preferences'],
loglevel => info, loglevel => info,
# Another Semaphor for all packages to reference # Another Semaphor for all packages to reference
alias => apt_updated; alias => "apt_updated";
} }
## This package should really always be current ## This package should really always be current
package { "debian-archive-keyring": ensure => latest } package { "debian-archive-keyring": ensure => latest }
case $lsbdistcodename { # backports uses the normal archive key now
etch: { package { "debian-backports-keyring": ensure => absent }
package { "debian-backports-keyring": ensure => latest }
# This key was downloaded from
# http://backports.org/debian/archive.key
# and is needed to bootstrap the backports trustpath
file { "${apt_base_dir}/backports.org.key":
source => "puppet:///modules/apt/backports.org.key",
mode => 0444, owner => root, group => root,
}
exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update":
alias => "backports_key",
refreshonly => true,
subscribe => File["${apt_base_dir}/backports.org.key"],
before => [ File[apt_config], Package["debian-backports-keyring"] ]
}
}
lenny: {
package { "debian-backports-keyring": ensure => latest }
# This key was downloaded from
# http://backports.org/debian/archive.key
# and is needed to bootstrap the backports trustpath
file { "${apt_base_dir}/backports.org.key":
source => "puppet:///modules/apt/backports.org.key",
mode => 0444, owner => root, group => root,
}
exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update":
alias => "backports_key",
refreshonly => true,
subscribe => File["${apt_base_dir}/backports.org.key"],
before => [ Config_file[apt_config], Package["debian-backports-keyring"] ]
}
}
}
if $custom_key_dir { if $custom_key_dir {
file { "${apt_base_dir}/keys.d": file { "${apt_base_dir}/keys.d":
@ -122,7 +90,7 @@ class apt {
alias => "custom_keys", alias => "custom_keys",
subscribe => File["${apt_base_dir}/keys.d"], subscribe => File["${apt_base_dir}/keys.d"],
refreshonly => true, refreshonly => true,
before => Config_file[apt_config]; before => Concatenated_file[apt_config];
} }
} }

31
manifests/preferences.pp Normal file
View file

@ -0,0 +1,31 @@
class apt::preferences {
include common::moduledir
$apt_preferences_dir = "${common::moduledir::module_dir_path}/apt/preferences"
module_dir{'apt/preferences': }
file{"${apt_preferences_dir}_header":
content => $custom_preferences ? {
'' => 'Package: *
Pin: release a=unstable
Pin-Priority: 1
Package: *
Pin: release a=testing
Pin-Priority: 2
',
default => $custom_preferences
},
}
concatenated_file{'/etc/apt/preferences':
dir => $apt_preferences_dir,
header => "${apt_preferences_dir}_header",
# use Concatenated_file[apt_config] to reference a completed configuration
# See "The Puppet Semaphor" 2007-06-25 on the puppet-users ML
alias => apt_config,
# only update together
require => File["/etc/apt/sources.list"];
}
}

8
manifests/preferences/absent.pp Normal file
View file

@ -0,0 +1,8 @@
class apt::preferences::absent {
include common::moduledir
$apt_preferences_dir = "${common::moduledir::module_dir_path}/apt/preferences"
concatenated_file{'/etc/apt/preferences':
dir => $apt_preferences_dir,
ensure => absent,
}
}

17
manifests/preferences_snippet.pp Normal file
View file

@ -0,0 +1,17 @@
define apt::preferences_snippet(
$ensure = 'present',
$release,
$priority
){
include apt::preferences
file { "${apt::preferences::apt_preferences_dir}/${name}":
ensure => $ensure,
content => "Package: ${name}
Pin: release a=${release}
Pin-Priority: ${priority}
",
notify => Exec["concat_${apt::preferences::apt_preferences_dir}"],
owner => root, group => 0, mode => 0600;
}
}

18
manifests/proxy-client.pp Normal file
View file

@ -0,0 +1,18 @@
class apt::proxy-client {
$real_apt_proxy = $apt_proxy ? {
"" => "localhost",
default => $apt_proxy
}
$real_apt_proxy_port = $apt_proxy_port ? {
"" => "3142",
default => $apt_proxy_port
}
file { "/etc/apt/apt.conf.d/20proxy":
ensure => present,
content => "Acquire::http { Proxy \"http://$real_apt_proxy:$real_apt_proxy_port\"; };\n",
owner => root, group => 0, mode => 0644;
}
}

4
manifests/unattended_upgrades.pp
View file

@ -9,7 +9,9 @@ class apt::unattended_upgrades {
source => ["puppet:///modules/site-apt/50unattended-upgrades", source => ["puppet:///modules/site-apt/50unattended-upgrades",
"puppet:///modules/apt/50unattended-upgrades" ], "puppet:///modules/apt/50unattended-upgrades" ],
before => Config_file[apt_config], # err: Could not run Puppet configuration client: Could not find dependent Config_file[apt_config] for Config_file[/etc/apt/apt.conf.d/50unattended-upgrades] at /etc/puppet/modules/apt/manifests/unattended_upgrades.pp:14
#before => Config_file[apt_config],
require => Package['unattended-upgrades'], require => Package['unattended-upgrades'],
} }
} }