Added apt::unattended_upgrades class, and extra template for "deb-src"
This commit is contained in:
root
parent
2b2950b20e
commit
854f3c10b0
4 changed files with 107 additions and 3 deletions
23
README
23
README
|
|
@ -72,11 +72,30 @@ apt keyring, you can set this variable to a path in your fileserver
|
|||
where individual key files can be placed. If this is set and keys
|
||||
exist there, this module will apt-key add each key
|
||||
|
||||
$backports_enabled
|
||||
------------------
|
||||
If set to true, the debian backports repository is enabled through a
|
||||
file in /etc/apt/sources.d/. Defaults to false.
|
||||
|
||||
$apt_deb_src_enabled
|
||||
--------------------
|
||||
If set to true, the debian sources repository is enabled through a
|
||||
file in /etc/apt/sources.d/. Defaults to false.
|
||||
|
||||
|
||||
Classes
|
||||
=======
|
||||
apt
|
||||
---
|
||||
Sets up the basic apt package management.
|
||||
|
||||
This module contains only the apt class, which sets up all described
|
||||
functionality.
|
||||
apt::unattended_upgrades
|
||||
------------------------
|
||||
Sets up the unattended-upgrades package, and configures it mostly through
|
||||
the file /etc/apt/apt.conf.d/50unattended-upgrades.
|
||||
Unfortunately there seems to be a bug in unattended-upgrades <= 0.25.1 that
|
||||
wildcards aren't recognized, so use it with care !
|
||||
http://packages.debian.org/de/lenny/unattended-upgrades
|
||||
|
||||
|
||||
Resources
|
||||
|
|
|
|||
43
files/50unattended-upgrades
Normal file
43
files/50unattended-upgrades
Normal file
|
|
@ -0,0 +1,43 @@
|
|||
// this file is managed by puppet !
|
||||
//
|
||||
//See https://wiki.ubuntu.com/AutomaticUpdates for more details about this feature.
|
||||
|
||||
// allowed (origin, archive) pairs
|
||||
Unattended-Upgrade::Allowed-Origins {
|
||||
"Debian stable";
|
||||
"Debian-Security stable";
|
||||
// "Debian testing";
|
||||
};
|
||||
|
||||
APT::Periodic::Update-Package-Lists "1";
|
||||
APT::Periodic::Unattended-Upgrade "1";
|
||||
Unattended-Upgrade::Mail "root";
|
||||
|
||||
APT::UnattendedUpgrades::LogDir "/var/log/";
|
||||
APT::UnattendedUpgrades::LogFile "unattended_upgrades.log";
|
||||
|
||||
Unattended-Upgrade::Package-Blacklist {
|
||||
// we don't want the kernel to be updated so nagios still can give a warnig if there is
|
||||
// a manual update (and reboot) left
|
||||
|
||||
"linux-image-*";
|
||||
|
||||
// unfortunately there seems to be a bug in unattended-upgrades <= 0.25.1 that wildcards aren't recognized:
|
||||
//2009-12-11 13:41:43,267 INFO Initial blacklisted packages: linux-image-*
|
||||
//2009-12-11 13:41:43,267 INFO Starting unattended upgrades script
|
||||
//2009-12-11 13:41:43,267 INFO Allowed origins are: ["['Debian', 'stable']", "['Debian-Security', 'stable']"]
|
||||
//2009-12-11 13:41:45,233 INFO Packages that are upgraded: linux-image-2.6.26-2-amd64
|
||||
//2009-12-11 13:41:45,233 INFO Writing dpkg log to '/var/log/unattended-upgrades-dpkg_2009-12-11_13:41:45.233713.log'
|
||||
//2009-12-11 13:42:11,988 INFO All upgrades installed
|
||||
|
||||
"linux-image-2.6.18-5-vserver-686";
|
||||
"linux-image-2.6.18-5-xen-vserver-686";
|
||||
"linux-image-2.6.18-6-vserver-686";
|
||||
"linux-image-2.6.18-6-xen-vserver-686";
|
||||
"linux-image-2.6.24.3";
|
||||
"linux-image-2.6.26-1-686";
|
||||
"linux-image-2.6.26-2-xen-amd64";
|
||||
"linux-image-2.6.26-2-xen-686";
|
||||
"linux-image-2.6.26-2-amd64";
|
||||
};
|
||||
|
||||
|
|
@ -3,6 +3,7 @@
|
|||
# Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at>
|
||||
# See LICENSE for the full license granted to you.
|
||||
|
||||
|
||||
class apt {
|
||||
|
||||
# See README
|
||||
|
|
@ -16,6 +17,11 @@ class apt {
|
|||
default => $backports_enabled,
|
||||
}
|
||||
|
||||
$apt_deb_src_enabled = $apt_deb_src_enabled ? {
|
||||
'true' => 'true',
|
||||
default => $apt_deb_src_enabled,
|
||||
}
|
||||
|
||||
package { apt: ensure => installed }
|
||||
|
||||
# a few templates need lsbdistcodename
|
||||
|
|
@ -150,7 +156,17 @@ class apt {
|
|||
default: { }
|
||||
}
|
||||
|
||||
|
||||
case $apt_deb_src_enabled {
|
||||
'true': {
|
||||
config_file {
|
||||
# deb-src
|
||||
"/etc/apt/sources.list.d/debian-sources.list":
|
||||
content => template("apt/sources.list.deb-src.erb"),
|
||||
require => Exec[assert_lsbdistcodename];
|
||||
}
|
||||
}
|
||||
default: {}
|
||||
}
|
||||
|
||||
case $custom_key_dir {
|
||||
'': {
|
||||
|
|
@ -226,3 +242,18 @@ class dselect {
|
|||
|
||||
package { dselect: ensure => installed }
|
||||
}
|
||||
|
||||
|
||||
class apt::unattended_upgrades {
|
||||
case $operatingsystem {
|
||||
debian,ubuntu: {
|
||||
package { unattended-upgrades : ensure => latest; }
|
||||
file { "/etc/apt/apt.conf.d/50unattended-upgrades":
|
||||
source => "puppet://$server/modules/apt/50unattended-upgrades" }
|
||||
}
|
||||
|
||||
default: { notice "unknown operatingsystem: $operatingsystem for class apt::unattended_upgrades" }
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
|
|
|||
11
templates/sources.list.deb-src.erb
Normal file
11
templates/sources.list.deb-src.erb
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
# This file is brought to you by puppet
|
||||
|
||||
# basic <%= lsbdistcodename %>
|
||||
deb-src http://ftp.debian.org/debian/ <%= lsbdistcodename %> main contrib non-free
|
||||
# security suppport
|
||||
<% if (lsbdistcodename == "sid" || lsbdistcodename == "unstable") -%>
|
||||
# There is no security mirror for <%= lsbdistcodename %>
|
||||
<% else -%>
|
||||
deb-src http://security.debian.org/ <%= lsbdistcodename %>/updates main contrib non-free
|
||||
<% end -%>
|
||||
|
||||
Loading…
Reference in a new issue