Merge remote branch 'immerda/master'
Conflicts: manifests/init.pp
This commit is contained in:
commit
a5e4ab40d8
8 changed files with 215 additions and 212 deletions
8
README
8
README
|
@ -35,7 +35,6 @@ From apt.conf(5), 0.7.2:
|
|||
instance). pre-auto performs this action before downloading new
|
||||
packages."
|
||||
|
||||
|
||||
$lsbdistcodename
|
||||
----------------
|
||||
Contains the codename ("etch", "lenny", ...) of the client's
|
||||
|
@ -70,6 +69,13 @@ apt keyring, you can set this variable to a path in your fileserver
|
|||
where individual key files can be placed. If this is set and keys
|
||||
exist there, this module will apt-key add each key
|
||||
|
||||
$apt_unattended_upgrades
|
||||
------------------------
|
||||
|
||||
If this variable is set to true apt::unattended_upgrades is included,
|
||||
which will install the package unattended-upgrades and configure it to
|
||||
daily upgrade the system.
|
||||
|
||||
Classes
|
||||
=======
|
||||
|
||||
|
|
16
manifests/default_preferences.pp
Normal file
16
manifests/default_preferences.pp
Normal file
|
@ -0,0 +1,16 @@
|
|||
class apt::default_preferences {
|
||||
config_file {
|
||||
# this just pins unstable and testing to very low values
|
||||
"/etc/apt/preferences":
|
||||
content => template("apt/preferences.erb"),
|
||||
# use File[apt_config] to reference a completed configuration
|
||||
# See "The Puppet Semaphor" 2007-06-25 on the puppet-users ML
|
||||
alias => apt_config,
|
||||
# only update together
|
||||
require => File["/etc/apt/sources.list"];
|
||||
# little default settings which keep the system sane
|
||||
"/etc/apt/apt.conf.d/from_puppet":
|
||||
content => "APT::Get::Show-Upgraded true;\nDSelect::Clean $real_apt_clean;\n",
|
||||
before => Config_file[apt_config];
|
||||
}
|
||||
}
|
11
manifests/default_sources_list.pp
Normal file
11
manifests/default_sources_list.pp
Normal file
|
@ -0,0 +1,11 @@
|
|||
class apt::default_sources_list {
|
||||
include lsb
|
||||
config_file {
|
||||
# include main, security and backports
|
||||
# additional sources could be included via an array
|
||||
"/etc/apt/sources.list":
|
||||
content => template("apt/sources.list.erb"),
|
||||
require => Package['lsb'];
|
||||
}
|
||||
}
|
||||
|
10
manifests/dselect.pp
Normal file
10
manifests/dselect.pp
Normal file
|
@ -0,0 +1,10 @@
|
|||
class apt::dselect {
|
||||
# suppress annoying help texts of dselect
|
||||
line { dselect_expert:
|
||||
file => "/etc/dpkg/dselect.cfg",
|
||||
line => "expert",
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
package { dselect: ensure => installed }
|
||||
}
|
|
@ -5,224 +5,132 @@
|
|||
|
||||
class apt {
|
||||
|
||||
# See README
|
||||
$real_apt_clean = $apt_clean ? {
|
||||
'' => 'auto',
|
||||
default => $apt_clean,
|
||||
}
|
||||
# See README
|
||||
$real_apt_clean = $apt_clean ? {
|
||||
'' => 'auto',
|
||||
default => $apt_clean,
|
||||
}
|
||||
|
||||
$backports_enabled = $backports_enabled ? {
|
||||
'' => 'false',
|
||||
default => $backports_enabled,
|
||||
}
|
||||
package { apt:
|
||||
ensure => installed,
|
||||
require => undef,
|
||||
}
|
||||
|
||||
package { apt: ensure => installed }
|
||||
case $custom_sources_list {
|
||||
'': {
|
||||
include apt::default_sources_list
|
||||
}
|
||||
default: {
|
||||
include lsb
|
||||
config_file { "/etc/apt/sources.list":
|
||||
content => $custom_sources_list,
|
||||
require => Package['lsb'];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# a few templates need lsbdistcodename
|
||||
include assert_lsbdistcodename
|
||||
case $custom_preferences {
|
||||
'': {
|
||||
include apt::default_preferences
|
||||
}
|
||||
default: {
|
||||
config_file { "/etc/apt/preferences":
|
||||
content => $custom_preferences,
|
||||
alias => apt_config,
|
||||
require => File["/etc/apt/sources.list"];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
case $custom_sources_list {
|
||||
'': {
|
||||
include default_sources_list
|
||||
}
|
||||
default: {
|
||||
config_file { "/etc/apt/sources.list":
|
||||
content => $custom_sources_list,
|
||||
require => Exec[assert_lsbdistcodename];
|
||||
}
|
||||
}
|
||||
}
|
||||
if $apt_unattended_upgrades {
|
||||
include apt::unattended_upgrades
|
||||
}
|
||||
|
||||
class default_sources_list {
|
||||
config_file {
|
||||
# include main, security and backports
|
||||
# additional sources could be included via an array
|
||||
"/etc/apt/sources.list":
|
||||
content => template("apt/sources.list.erb"),
|
||||
require => Exec[assert_lsbdistcodename];
|
||||
}
|
||||
}
|
||||
include common::moduledir
|
||||
$apt_base_dir = "${common::moduledir::module_dir_path}/apt"
|
||||
modules_dir { apt: }
|
||||
# watch apt.conf.d
|
||||
file { "/etc/apt/apt.conf.d": ensure => directory, checksum => mtime; }
|
||||
|
||||
case $custom_preferences {
|
||||
'': {
|
||||
include default_preferences
|
||||
}
|
||||
default: {
|
||||
config_file { "/etc/apt/preferences":
|
||||
content => $custom_preferences,
|
||||
alias => apt_config,
|
||||
require => File["/etc/apt/sources.list"];
|
||||
}
|
||||
}
|
||||
}
|
||||
class default_preferences {
|
||||
config_file {
|
||||
# this just pins unstable and testing to very low values
|
||||
"/etc/apt/preferences":
|
||||
content => template("apt/preferences.erb"),
|
||||
# use File[apt_config] to reference a completed configuration
|
||||
# See "The Puppet Semaphor" 2007-06-25 on the puppet-users ML
|
||||
alias => apt_config,
|
||||
# only update together
|
||||
require => File["/etc/apt/sources.list"];
|
||||
# little default settings which keep the system sane
|
||||
"/etc/apt/apt.conf.d/from_puppet":
|
||||
content => "APT::Get::Show-Upgraded true;\nDSelect::Clean $real_apt_clean;\n",
|
||||
before => File[apt_config];
|
||||
}
|
||||
}
|
||||
exec {
|
||||
# "&& sleep 1" is workaround for older(?) clients
|
||||
'refresh_apt':
|
||||
command => '/usr/bin/apt-get update && sleep 1',
|
||||
refreshonly => true,
|
||||
subscribe => [ File["/etc/apt/sources.list"],
|
||||
File["/etc/apt/preferences"],
|
||||
File["/etc/apt/apt.conf.d"],
|
||||
Config_file[apt_config] ];
|
||||
'update_apt':
|
||||
command => '/usr/bin/apt-get update && /usr/bin/apt-get autoclean',
|
||||
require => [ File["/etc/apt/sources.list"],
|
||||
File["/etc/apt/preferences"], Config_file[apt_config] ],
|
||||
loglevel => info,
|
||||
# Another Semaphor for all packages to reference
|
||||
alias => apt_updated;
|
||||
}
|
||||
|
||||
$apt_base_dir = "${module_dir_path}/apt"
|
||||
module_dir { apt: }
|
||||
# watch apt.conf.d
|
||||
file { "/etc/apt/apt.conf.d": ensure => directory, checksum => mtime; }
|
||||
## This package should really always be current
|
||||
package { "debian-archive-keyring": ensure => latest }
|
||||
|
||||
case $lsbdistcodename {
|
||||
etch: {
|
||||
package { "debian-backports-keyring": ensure => latest }
|
||||
|
||||
# This key was downloaded from
|
||||
# http://backports.org/debian/archive.key
|
||||
# and is needed to bootstrap the backports trustpath
|
||||
file { "${apt_base_dir}/backports.org.key":
|
||||
source => "puppet:///modules/apt/backports.org.key",
|
||||
mode => 0444, owner => root, group => root,
|
||||
}
|
||||
exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update":
|
||||
alias => "backports_key",
|
||||
refreshonly => true,
|
||||
subscribe => File["${apt_base_dir}/backports.org.key"],
|
||||
before => [ File[apt_config], Package["debian-backports-keyring"] ]
|
||||
}
|
||||
}
|
||||
lenny: {
|
||||
package { "debian-backports-keyring": ensure => latest }
|
||||
|
||||
exec {
|
||||
# "&& sleep 1" is workaround for older(?) clients
|
||||
"/usr/bin/apt-get update && sleep 1 #on refresh":
|
||||
refreshonly => true,
|
||||
subscribe => [ File["/etc/apt/sources.list"],
|
||||
File["/etc/apt/preferences"], File["/etc/apt/apt.conf.d"],
|
||||
File[apt_config] ];
|
||||
"/usr/bin/apt-get update && /usr/bin/apt-get autoclean #hourly":
|
||||
require => [ File["/etc/apt/sources.list"],
|
||||
File["/etc/apt/preferences"], File[apt_config] ],
|
||||
# Another Semaphor for all packages to reference
|
||||
alias => apt_updated;
|
||||
}
|
||||
|
||||
## This package should really always be current
|
||||
package { "debian-archive-keyring":
|
||||
ensure => latest,
|
||||
}
|
||||
# This key was downloaded from
|
||||
# http://backports.org/debian/archive.key
|
||||
# and is needed to bootstrap the backports trustpath
|
||||
file { "${apt_base_dir}/backports.org.key":
|
||||
source => "puppet:///modules/apt/backports.org.key",
|
||||
mode => 0444, owner => root, group => root,
|
||||
}
|
||||
exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update":
|
||||
alias => "backports_key",
|
||||
refreshonly => true,
|
||||
subscribe => File["${apt_base_dir}/backports.org.key"],
|
||||
before => [ Config_file[apt_config], Package["debian-backports-keyring"] ]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
case $backports_enabled {
|
||||
'true': {
|
||||
config_file {
|
||||
# backports
|
||||
"/etc/apt/sources.list.d/debian-backports.list":
|
||||
content => template("apt/sources.list.backports.erb"),
|
||||
require => Exec[assert_lsbdistcodename];
|
||||
}
|
||||
|
||||
case $lsbdistcodename {
|
||||
etch: {
|
||||
package { "debian-backports-keyring":
|
||||
ensure => latest,
|
||||
}
|
||||
|
||||
# This key was downloaded from
|
||||
# http://backports.org/debian/archive.key
|
||||
# and is needed to bootstrap the backports trustpath
|
||||
file { "${apt_base_dir}/backports.org.key":
|
||||
source => "puppet://$server/modules/apt/backports.org.key",
|
||||
mode => 0444, owner => root, group => root,
|
||||
}
|
||||
exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update":
|
||||
alias => "backports_key",
|
||||
refreshonly => true,
|
||||
subscribe => File["${apt_base_dir}/backports.org.key"],
|
||||
before => [ File[apt_config], Package["debian-backports-keyring"] ]
|
||||
}
|
||||
}
|
||||
lenny: {
|
||||
package { "debian-backports-keyring":
|
||||
ensure => latest,
|
||||
}
|
||||
case $custom_key_dir {
|
||||
'': {
|
||||
exec { "/bin/true # no_custom_keydir": }
|
||||
}
|
||||
default: {
|
||||
file { "${apt_base_dir}/keys.d":
|
||||
source => "$custom_key_dir",
|
||||
recurse => true,
|
||||
mode => 0755, owner => root, group => root,
|
||||
}
|
||||
exec { "find ${apt_base_dir}/keys.d -type f -exec apt-key add '{}' \\; && apt-get update":
|
||||
alias => "custom_keys",
|
||||
subscribe => File["${apt_base_dir}/keys.d"],
|
||||
refreshonly => true,
|
||||
before => Config_file[apt_config];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# This key was downloaded from
|
||||
# http://backports.org/debian/archive.key
|
||||
# and is needed to bootstrap the backports trustpath
|
||||
file { "${apt_base_dir}/backports.org.key":
|
||||
source => "puppet://$server/modules/apt/backports.org.key",
|
||||
mode => 0444, owner => root, group => root,
|
||||
}
|
||||
exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update":
|
||||
alias => "backports_key",
|
||||
refreshonly => true,
|
||||
subscribe => File["${apt_base_dir}/backports.org.key"],
|
||||
before => [ File[apt_config], Package["debian-backports-keyring"] ]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
default: { }
|
||||
}
|
||||
|
||||
|
||||
|
||||
case $custom_key_dir {
|
||||
'': {
|
||||
exec { "/bin/true # no_custom_keydir": }
|
||||
}
|
||||
default: {
|
||||
file { "${apt_base_dir}/keys.d":
|
||||
source => "$custom_key_dir",
|
||||
recurse => true,
|
||||
mode => 0755, owner => root, group => root,
|
||||
}
|
||||
exec { "find ${apt_base_dir}/keys.d -type f -exec apt-key add '{}' \\; && apt-get update":
|
||||
alias => "custom_keys",
|
||||
subscribe => File["${apt_base_dir}/keys.d"],
|
||||
refreshonly => true,
|
||||
before => File[apt_config];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# workaround for preseeded_package component
|
||||
file { "/var/cache": ensure => directory }
|
||||
file { "/var/cache/local": ensure => directory }
|
||||
file { "/var/cache/local/preseeding/": ensure => directory }
|
||||
|
||||
define preseeded_package ($content = "", $ensure = "installed") {
|
||||
$seedfile = "/var/cache/local/preseeding/$name.seeds"
|
||||
$real_content = $content ? {
|
||||
"" => template ( "$debian_version/$name.seeds" ),
|
||||
Default => $content
|
||||
}
|
||||
|
||||
file{ $seedfile:
|
||||
content => $real_content,
|
||||
mode => 0600, owner => root, group => root,
|
||||
}
|
||||
|
||||
package { $name:
|
||||
ensure => $ensure,
|
||||
responsefile => $seedfile,
|
||||
require => File[$seedfile],
|
||||
}
|
||||
}
|
||||
|
||||
define upgrade_package ($version = "") {
|
||||
case $version {
|
||||
'': {
|
||||
exec { "aptitude -y install $name":
|
||||
onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ],
|
||||
}
|
||||
}
|
||||
'latest': {
|
||||
exec { "aptitude -y install $name":
|
||||
onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ],
|
||||
}
|
||||
}
|
||||
default: {
|
||||
exec { "aptitude -y install $name=$version":
|
||||
onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ],
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
class dselect {
|
||||
# suppress annoying help texts of dselect
|
||||
line { dselect_expert:
|
||||
file => "/etc/dpkg/dselect.cfg",
|
||||
line => "expert",
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
package { dselect: ensure => installed }
|
||||
}
|
||||
# workaround for preseeded_package component
|
||||
file { "/var/cache": ensure => directory }
|
||||
file { "/var/cache/local": ensure => directory }
|
||||
file { "/var/cache/local/preseeding": ensure => directory }
|
||||
}
|
||||
|
|
18
manifests/preseeded_package.pp
Normal file
18
manifests/preseeded_package.pp
Normal file
|
@ -0,0 +1,18 @@
|
|||
define apt::preseeded_package ($content = "", $ensure = "installed") {
|
||||
$seedfile = "/var/cache/local/preseeding/$name.seeds"
|
||||
$real_content = $content ? {
|
||||
"" => template ( "$debian_version/$name.seeds" ),
|
||||
Default => $content
|
||||
}
|
||||
|
||||
file{ $seedfile:
|
||||
content => $real_content,
|
||||
mode => 0600, owner => root, group => root,
|
||||
}
|
||||
|
||||
package { $name:
|
||||
ensure => $ensure,
|
||||
responsefile => $seedfile,
|
||||
require => File[$seedfile],
|
||||
}
|
||||
}
|
15
manifests/unattended_upgrades.pp
Normal file
15
manifests/unattended_upgrades.pp
Normal file
|
@ -0,0 +1,15 @@
|
|||
class apt::unattended_upgrades {
|
||||
package{'unattended-upgrades':
|
||||
ensure => present,
|
||||
require => undef,
|
||||
}
|
||||
|
||||
config_file {
|
||||
"/etc/apt/apt.conf.d/unattended_upgrades":
|
||||
content => 'APT::Periodic::Update-Package-Lists "1";
|
||||
APT::Periodic::Unattended-Upgrade "1";
|
||||
',
|
||||
before => Config_file[apt_config],
|
||||
require => Package['unattended-upgrades'],
|
||||
}
|
||||
}
|
19
manifests/upgrade_package.pp
Normal file
19
manifests/upgrade_package.pp
Normal file
|
@ -0,0 +1,19 @@
|
|||
define apt::upgrade_package ($version = "") {
|
||||
case $version {
|
||||
'': {
|
||||
exec { "aptitude -y install $name":
|
||||
onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ],
|
||||
}
|
||||
}
|
||||
'latest': {
|
||||
exec { "aptitude -y install $name":
|
||||
onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ],
|
||||
}
|
||||
}
|
||||
default: {
|
||||
exec { "aptitude -y install $name=$version":
|
||||
onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ],
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue