Merge remote branch 'immerda/master'

Conflicts:
	manifests/init.pp
This commit is contained in:
Micah Anderson 2010-09-02 19:12:58 -04:00
commit a5e4ab40d8
8 changed files with 215 additions and 212 deletions

8
README
View file

@ -35,7 +35,6 @@ From apt.conf(5), 0.7.2:
instance). pre-auto performs this action before downloading new
packages."
$lsbdistcodename
----------------
Contains the codename ("etch", "lenny", ...) of the client's
@ -70,6 +69,13 @@ apt keyring, you can set this variable to a path in your fileserver
where individual key files can be placed. If this is set and keys
exist there, this module will apt-key add each key
$apt_unattended_upgrades
------------------------
If this variable is set to true apt::unattended_upgrades is included,
which will install the package unattended-upgrades and configure it to
daily upgrade the system.
Classes
=======

View file

@ -0,0 +1,16 @@
class apt::default_preferences {
config_file {
# this just pins unstable and testing to very low values
"/etc/apt/preferences":
content => template("apt/preferences.erb"),
# use File[apt_config] to reference a completed configuration
# See "The Puppet Semaphor" 2007-06-25 on the puppet-users ML
alias => apt_config,
# only update together
require => File["/etc/apt/sources.list"];
# little default settings which keep the system sane
"/etc/apt/apt.conf.d/from_puppet":
content => "APT::Get::Show-Upgraded true;\nDSelect::Clean $real_apt_clean;\n",
before => Config_file[apt_config];
}
}

View file

@ -0,0 +1,11 @@
class apt::default_sources_list {
include lsb
config_file {
# include main, security and backports
# additional sources could be included via an array
"/etc/apt/sources.list":
content => template("apt/sources.list.erb"),
require => Package['lsb'];
}
}

10
manifests/dselect.pp Normal file
View file

@ -0,0 +1,10 @@
class apt::dselect {
# suppress annoying help texts of dselect
line { dselect_expert:
file => "/etc/dpkg/dselect.cfg",
line => "expert",
ensure => present,
}
package { dselect: ensure => installed }
}

View file

@ -5,224 +5,132 @@
class apt {
# See README
$real_apt_clean = $apt_clean ? {
'' => 'auto',
default => $apt_clean,
}
# See README
$real_apt_clean = $apt_clean ? {
'' => 'auto',
default => $apt_clean,
}
$backports_enabled = $backports_enabled ? {
'' => 'false',
default => $backports_enabled,
}
package { apt:
ensure => installed,
require => undef,
}
package { apt: ensure => installed }
case $custom_sources_list {
'': {
include apt::default_sources_list
}
default: {
include lsb
config_file { "/etc/apt/sources.list":
content => $custom_sources_list,
require => Package['lsb'];
}
}
}
# a few templates need lsbdistcodename
include assert_lsbdistcodename
case $custom_preferences {
'': {
include apt::default_preferences
}
default: {
config_file { "/etc/apt/preferences":
content => $custom_preferences,
alias => apt_config,
require => File["/etc/apt/sources.list"];
}
}
}
case $custom_sources_list {
'': {
include default_sources_list
}
default: {
config_file { "/etc/apt/sources.list":
content => $custom_sources_list,
require => Exec[assert_lsbdistcodename];
}
}
}
if $apt_unattended_upgrades {
include apt::unattended_upgrades
}
class default_sources_list {
config_file {
# include main, security and backports
# additional sources could be included via an array
"/etc/apt/sources.list":
content => template("apt/sources.list.erb"),
require => Exec[assert_lsbdistcodename];
}
}
include common::moduledir
$apt_base_dir = "${common::moduledir::module_dir_path}/apt"
modules_dir { apt: }
# watch apt.conf.d
file { "/etc/apt/apt.conf.d": ensure => directory, checksum => mtime; }
case $custom_preferences {
'': {
include default_preferences
}
default: {
config_file { "/etc/apt/preferences":
content => $custom_preferences,
alias => apt_config,
require => File["/etc/apt/sources.list"];
}
}
}
class default_preferences {
config_file {
# this just pins unstable and testing to very low values
"/etc/apt/preferences":
content => template("apt/preferences.erb"),
# use File[apt_config] to reference a completed configuration
# See "The Puppet Semaphor" 2007-06-25 on the puppet-users ML
alias => apt_config,
# only update together
require => File["/etc/apt/sources.list"];
# little default settings which keep the system sane
"/etc/apt/apt.conf.d/from_puppet":
content => "APT::Get::Show-Upgraded true;\nDSelect::Clean $real_apt_clean;\n",
before => File[apt_config];
}
}
exec {
# "&& sleep 1" is workaround for older(?) clients
'refresh_apt':
command => '/usr/bin/apt-get update && sleep 1',
refreshonly => true,
subscribe => [ File["/etc/apt/sources.list"],
File["/etc/apt/preferences"],
File["/etc/apt/apt.conf.d"],
Config_file[apt_config] ];
'update_apt':
command => '/usr/bin/apt-get update && /usr/bin/apt-get autoclean',
require => [ File["/etc/apt/sources.list"],
File["/etc/apt/preferences"], Config_file[apt_config] ],
loglevel => info,
# Another Semaphor for all packages to reference
alias => apt_updated;
}
$apt_base_dir = "${module_dir_path}/apt"
module_dir { apt: }
# watch apt.conf.d
file { "/etc/apt/apt.conf.d": ensure => directory, checksum => mtime; }
## This package should really always be current
package { "debian-archive-keyring": ensure => latest }
case $lsbdistcodename {
etch: {
package { "debian-backports-keyring": ensure => latest }
# This key was downloaded from
# http://backports.org/debian/archive.key
# and is needed to bootstrap the backports trustpath
file { "${apt_base_dir}/backports.org.key":
source => "puppet:///modules/apt/backports.org.key",
mode => 0444, owner => root, group => root,
}
exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update":
alias => "backports_key",
refreshonly => true,
subscribe => File["${apt_base_dir}/backports.org.key"],
before => [ File[apt_config], Package["debian-backports-keyring"] ]
}
}
lenny: {
package { "debian-backports-keyring": ensure => latest }
exec {
# "&& sleep 1" is workaround for older(?) clients
"/usr/bin/apt-get update && sleep 1 #on refresh":
refreshonly => true,
subscribe => [ File["/etc/apt/sources.list"],
File["/etc/apt/preferences"], File["/etc/apt/apt.conf.d"],
File[apt_config] ];
"/usr/bin/apt-get update && /usr/bin/apt-get autoclean #hourly":
require => [ File["/etc/apt/sources.list"],
File["/etc/apt/preferences"], File[apt_config] ],
# Another Semaphor for all packages to reference
alias => apt_updated;
}
## This package should really always be current
package { "debian-archive-keyring":
ensure => latest,
}
# This key was downloaded from
# http://backports.org/debian/archive.key
# and is needed to bootstrap the backports trustpath
file { "${apt_base_dir}/backports.org.key":
source => "puppet:///modules/apt/backports.org.key",
mode => 0444, owner => root, group => root,
}
exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update":
alias => "backports_key",
refreshonly => true,
subscribe => File["${apt_base_dir}/backports.org.key"],
before => [ Config_file[apt_config], Package["debian-backports-keyring"] ]
}
}
}
case $backports_enabled {
'true': {
config_file {
# backports
"/etc/apt/sources.list.d/debian-backports.list":
content => template("apt/sources.list.backports.erb"),
require => Exec[assert_lsbdistcodename];
}
case $lsbdistcodename {
etch: {
package { "debian-backports-keyring":
ensure => latest,
}
# This key was downloaded from
# http://backports.org/debian/archive.key
# and is needed to bootstrap the backports trustpath
file { "${apt_base_dir}/backports.org.key":
source => "puppet://$server/modules/apt/backports.org.key",
mode => 0444, owner => root, group => root,
}
exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update":
alias => "backports_key",
refreshonly => true,
subscribe => File["${apt_base_dir}/backports.org.key"],
before => [ File[apt_config], Package["debian-backports-keyring"] ]
}
}
lenny: {
package { "debian-backports-keyring":
ensure => latest,
}
case $custom_key_dir {
'': {
exec { "/bin/true # no_custom_keydir": }
}
default: {
file { "${apt_base_dir}/keys.d":
source => "$custom_key_dir",
recurse => true,
mode => 0755, owner => root, group => root,
}
exec { "find ${apt_base_dir}/keys.d -type f -exec apt-key add '{}' \\; && apt-get update":
alias => "custom_keys",
subscribe => File["${apt_base_dir}/keys.d"],
refreshonly => true,
before => Config_file[apt_config];
}
}
}
# This key was downloaded from
# http://backports.org/debian/archive.key
# and is needed to bootstrap the backports trustpath
file { "${apt_base_dir}/backports.org.key":
source => "puppet://$server/modules/apt/backports.org.key",
mode => 0444, owner => root, group => root,
}
exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update":
alias => "backports_key",
refreshonly => true,
subscribe => File["${apt_base_dir}/backports.org.key"],
before => [ File[apt_config], Package["debian-backports-keyring"] ]
}
}
}
}
default: { }
}
case $custom_key_dir {
'': {
exec { "/bin/true # no_custom_keydir": }
}
default: {
file { "${apt_base_dir}/keys.d":
source => "$custom_key_dir",
recurse => true,
mode => 0755, owner => root, group => root,
}
exec { "find ${apt_base_dir}/keys.d -type f -exec apt-key add '{}' \\; && apt-get update":
alias => "custom_keys",
subscribe => File["${apt_base_dir}/keys.d"],
refreshonly => true,
before => File[apt_config];
}
}
}
# workaround for preseeded_package component
file { "/var/cache": ensure => directory }
file { "/var/cache/local": ensure => directory }
file { "/var/cache/local/preseeding/": ensure => directory }
define preseeded_package ($content = "", $ensure = "installed") {
$seedfile = "/var/cache/local/preseeding/$name.seeds"
$real_content = $content ? {
"" => template ( "$debian_version/$name.seeds" ),
Default => $content
}
file{ $seedfile:
content => $real_content,
mode => 0600, owner => root, group => root,
}
package { $name:
ensure => $ensure,
responsefile => $seedfile,
require => File[$seedfile],
}
}
define upgrade_package ($version = "") {
case $version {
'': {
exec { "aptitude -y install $name":
onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ],
}
}
'latest': {
exec { "aptitude -y install $name":
onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ],
}
}
default: {
exec { "aptitude -y install $name=$version":
onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ],
}
}
}
}
}
class dselect {
# suppress annoying help texts of dselect
line { dselect_expert:
file => "/etc/dpkg/dselect.cfg",
line => "expert",
ensure => present,
}
package { dselect: ensure => installed }
}
# workaround for preseeded_package component
file { "/var/cache": ensure => directory }
file { "/var/cache/local": ensure => directory }
file { "/var/cache/local/preseeding": ensure => directory }
}

View file

@ -0,0 +1,18 @@
define apt::preseeded_package ($content = "", $ensure = "installed") {
$seedfile = "/var/cache/local/preseeding/$name.seeds"
$real_content = $content ? {
"" => template ( "$debian_version/$name.seeds" ),
Default => $content
}
file{ $seedfile:
content => $real_content,
mode => 0600, owner => root, group => root,
}
package { $name:
ensure => $ensure,
responsefile => $seedfile,
require => File[$seedfile],
}
}

View file

@ -0,0 +1,15 @@
class apt::unattended_upgrades {
package{'unattended-upgrades':
ensure => present,
require => undef,
}
config_file {
"/etc/apt/apt.conf.d/unattended_upgrades":
content => 'APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
',
before => Config_file[apt_config],
require => Package['unattended-upgrades'],
}
}

View file

@ -0,0 +1,19 @@
define apt::upgrade_package ($version = "") {
case $version {
'': {
exec { "aptitude -y install $name":
onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ],
}
}
'latest': {
exec { "aptitude -y install $name":
onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ],
}
}
default: {
exec { "aptitude -y install $name=$version":
onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ],
}
}
}
}