modularised apt

git-svn-id: http://club.black.co.at:82/svn/manifests/trunk@58 f03ff2f1-f02d-0410-970d-b9634babeaa1
2007-06-25 09:50:19 +00:00 · 2007-06-25 09:50:19 +00:00 · f0c91f753a
commit f0c91f753a
5 changed files with 164 additions and 0 deletions
--- a/19
+++ b/19
@ -0,0 +1,19 @@
 Variables:
 	$apt_clean: Sets DSelect::Clean, defaults to 'auto' on normal hosts and
 		'pre-auto' in vservers, since the latter are usually more space-bound and
 		have better recovery mechanisms via the host
 		From apt.conf(5), 0.7.2: "Cache Clean mode; this value may be one of
 			always, prompt, auto, pre-auto and never. always and prompt will
 			remove all packages from the cache after upgrading, prompt (the
 			default) does so conditionally.  auto removes only those packages
 			which are no longer downloadable (replaced with a new version for
 			instance). pre-auto performs this action before downloading new
 			packages."
 Provided Resources:
 	File[apt_config]: Use this resource to depend on or add to a completed apt
 		configuration
 	Exec[apt_updated]: After this point, current packages can installed via apt,
 		usually used like this:
 		Package { require => Exec[apt_updated] }
--- a/files/backports.org.key
+++ b/files/backports.org.key
@ -0,0 +1,33 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 Version: GnuPG v1.4.3 (GNU/Linux)
 mQGiBEMIgw4RBADueqAzlq+rQT9JYSSWnNzo6C+9crI8lzW/fcl2Q3PO97MOQTOx
 Qsf/lOh0Ku7O+VdBa+BwVPuUkSw6wTY5Ku1y/6r1BQzJ9oHkryDDJXsHzKhpdyFc
 /lD4hNGqRkiNg5ulwAI0O1eqffPWDmeR9ZzSsqM40f1U4TNLfPAu1viWxwCgnbWz
 onY6RqSYlRsDQaPsNTwieVEEAJeX2FGgNepD1SvfEremAkWCrYYlSZI76iTIf6bd
 kGkWqIT0vJyE2MNenhDJ2ebbHJVFmL9x8S3m1daC4Zwnacm7aoCY/QgMJ+Js1Fex
 Acev48W9KHgpVbFMd1t8KAwRbmFcQf0C/FZUbE7xScpTxS4z3SsMOuRyfnGpDOi6
 m/SnA/9wpquf3pPwbPykzKWNJEDouiJgt0zaFLauKDPeyTWeJ6htaAPDglArewdq
 bJ9M8QgLFtzjhg/fBQlRRUk7YP4OYtp1OdPkg2D/1rPQNySWlDf21T3N/K8ydKhR
 bYi+AsPuJLQUi3d+lVTFOebaL9felePvDC2/Eod7PSD1/rnkZ7Q0QmFja3BvcnRz
 Lm9yZyBBcmNoaXZlIEtleSA8ZnRwLW1hc3RlckBiYWNrcG9ydHMub3JnPohGBBAR
 AgAGBQJDgImkAAoJEHFe1qB+e4rJ2x4An2oI4xJpDvOx8uDIo9ihG1M0MpUqAJ9S
 cqVUmiyYSPtu8MwcZecy9kmOIYheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD
 FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AniaEBvlr4oVFMrGgPiye7iE/jv68AJ48
 OkIfwcKJt7N8ImPAboeimFvWgIheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD
 FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AnjdB14rGa/rzz1ohwsi1oEnDRYuyAJ44
 Nv8MTPjOaeEZArQ0flg8OXwF37kCDQRDCIMREAgAzXu6DGSDAz4JH+mlthtiQwNZ
 FU8bjWanGT3DL6zubxwc3ZQmRaMOiVuvJUuaJv8fdGRSvp09dP2/x5mzq2rACiEn
 DwZssNSK5sigxgy2W9zeO9bOtg6bhqZLwlsL8Y2xZhyGL3qGeP4zL1QbXZ1QdJuO
 90Xu7GWYS6Wsj+Y6dUsZFYvTZwSiLkEmgFUTxkNue3DQtZ/KNkwoKc+aqU+S7gDN
 StQDvTNtR6IV11KbKcY1iQ0B2bkh4zShWwloIr83V6huAhfH8GA7UW6saRJAof5D
 JWUb+PRmU2TAOOlyZoM4nMH+sFFDPOeG8fbecwlox5BRTMqcCB5ELbQXoVZT+wAD
 BQf/ffI9R53f9USQkhsSak+k82JjRo9hqKAvPwBv3fDhMYqX3XRmwgNeax2y6Ub0
 AQkDhIC6eJILP5hTb2gjpmYYP7YE/7F1h37lUg7dDYeyPQF54mUXPnIg3uQ/V9HB
 TY+ZW8rsVe1KRvPAuVFU77FfCvIFdLSXVi1HSUcGv9Y7Kk4Tkr7vzKshlcIp6zZr
 O0Y3t/+ekBwTTQqEoUylVYkCSt3z6bjpVWbepkL88rbqJnPueTATw9shjbFYaND8
 cXZox9tQmlOIZ6gDeH1YvFf7ObRLxULm7C6hwik6agtXWkNABVXSxM6MB4hcP9QC
 +FEhK6y/7wC3SyNRBuFujDG1aohJBBgRAgAJBQJDCIMRAhsMAAoJEOqOiyEWuhNs
 VVMAoJ1gbL0PHVf7yDwMjO3HuJBErxLdAJ4v9ojJnvJu2yUl4W586soBm+wsLg==
 =fBrI
 -----END PGP PUBLIC KEY BLOCK-----
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -0,0 +1,91 @@
 # apt.pp - common components and defaults for handling apt
 # Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at>
 # See LICENSE for the full license granted to you.
 #
 # With hints from
 #  Micah Anderson <micah@riseup.net>
 #  * backports key
 class apt {
 	# See README
 	$real_apt_clean = $apt_clean ? {
 		'' => 'auto',
 		default => $apt_clean,
 	}
 	# a few templates need lsbdistcodename
 	include assert_lsbdistcodename
 	config_file {
 		# include main, security and backports
 		# additional sources could be included via an array
 		"/etc/apt/sources.list":
 			content => template("apt/sources.list.erb"),
 			require => Exec[assert_lsbdistcodename];
 		# this just pins unstable and testing to very low values
 		"/etc/apt/preferences":
 			content => template("apt/preferences.erb"),
 			# use File[apt_config] to reference a completed configuration
 			# See "The Puppet Semaphor" 2007-06-25 on the puppet-users ML
 			alias => apt_config,
 			# only update together
 			require => File["/etc/apt/sources.list"];
 		# little default settings which keep the system sane
 		"/etc/apt/apt.conf.d/from_puppet":
 			content => "APT::Get::Show-Upgraded true;\nDSelect::Clean $real_apt_clean;\n",
 			before => File[apt_config];
 	}
 	$base_dir = "/var/lib/puppet/modules/apt"
 	file {
 		# remove my legacy files
 		[ "/etc/apt/backports.key", "/etc/apt/apt.conf.d/local-conf" ]:
 			ensure => removed;
 		# create new modules dir
 		$base_dir: ensure => directory;
 		# watch apt.conf.d
 		"/etc/apt/apt.conf.d": ensure => directory, checksum => mtime;
 	}
 	# suppress annoying help texts of dselect
 	line { dselect_expert:
 		file => "/etc/dpkg/dselect.cfg",
 		line => "expert",
 		ensure => present,
 	}
 	exec {
 		"/usr/bin/apt-get -y update #on refresh":
 			refreshonly => true,
 			subscribe => [ File["/etc/apt/sources.list"],
 				File["/etc/apt/preferences"], File["/etc/apt/apt.conf.d"],
 				File[apt_config] ];
 		"/usr/bin/apt-get -y update && /usr/bin/apt-get autoclean #hourly":
 			require => [ File["/etc/apt/sources.list"],
 				File["/etc/apt/preferences"], File[apt_config] ],
 			# Another Semaphor for all packages to reference
 			alias => apt_updated;
 	}
 	case $lsbdistcodename {
 		etch: {
 			## This package should really always be current
 			package { "debian-archive-keyring": ensure => latest, }
 			# This key was downloaded from
 			# http://backports.org/debian/archive.key
 			# and is needed to verify the backports
 			file { "${base_dir}/backports.org.key":
 				source => "puppet://$servername/apt/backports.org.key",
 				mode => 0444, owner => root, group => root,
 				before => File[apt_config],
 			}
 			exec { "/usr/bin/apt-key add ${base_dir}/backports.org.key":
 				refreshonly => true,
 				subscribe => File["${base_dir}/backports.org.key"],
 				before => File[apt_config],
 			}
 		}
 	}
 }
--- a/templates/preferences.erb
+++ b/templates/preferences.erb
@ -0,0 +1,7 @@
 Package: *
 Pin: release a=unstable
 Pin-Priority: 1
 Package: *
 Pin: release a=testing
 Pin-Priority: 2
--- a/templates/sources.list.erb
+++ b/templates/sources.list.erb
@ -0,0 +1,14 @@
 # This file is brought to you by puppet
 # basic <%= dv %>
 deb http://ftp.at.debian.org/debian <%= dv %> main
 # security suppport
 deb http://security.debian.org/ <%= dv %>/updates main
 # local packages
 #deb http://puppetmaster:81/ /
 # additional packages, see preferences
 #deb http://ftp.at.debian.org/debian sid main
 # backports
 deb http://www.backports.org/debian/ <%= dv %>-backports main