modularised apt

git-svn-id: http://club.black.co.at:82/svn/manifests/trunk@58 f03ff2f1-f02d-0410-970d-b9634babeaa1
2007-06-25 09:50:19 +00:00 · 2007-06-25 09:50:19 +00:00 · f0c91f753a
commit f0c91f753a
5 changed files with 164 additions and 0 deletions
--- a/19
+++ b/19
@ -0,0 +1,19 @@
+Variables:
+	$apt_clean: Sets DSelect::Clean, defaults to 'auto' on normal hosts and
+		'pre-auto' in vservers, since the latter are usually more space-bound and
+		have better recovery mechanisms via the host
+		From apt.conf(5), 0.7.2: "Cache Clean mode; this value may be one of
+			always, prompt, auto, pre-auto and never. always and prompt will
+			remove all packages from the cache after upgrading, prompt (the
+			default) does so conditionally.  auto removes only those packages
+			which are no longer downloadable (replaced with a new version for
+			instance). pre-auto performs this action before downloading new
+			packages."
+
+Provided Resources:
+	File[apt_config]: Use this resource to depend on or add to a completed apt
+		configuration
+	Exec[apt_updated]: After this point, current packages can installed via apt,
+		usually used like this:
+		Package { require => Exec[apt_updated] }
+
--- a/files/backports.org.key
+++ b/files/backports.org.key
@ -0,0 +1,33 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.3 (GNU/Linux)
+
+mQGiBEMIgw4RBADueqAzlq+rQT9JYSSWnNzo6C+9crI8lzW/fcl2Q3PO97MOQTOx
+Qsf/lOh0Ku7O+VdBa+BwVPuUkSw6wTY5Ku1y/6r1BQzJ9oHkryDDJXsHzKhpdyFc
+/lD4hNGqRkiNg5ulwAI0O1eqffPWDmeR9ZzSsqM40f1U4TNLfPAu1viWxwCgnbWz
+onY6RqSYlRsDQaPsNTwieVEEAJeX2FGgNepD1SvfEremAkWCrYYlSZI76iTIf6bd
+kGkWqIT0vJyE2MNenhDJ2ebbHJVFmL9x8S3m1daC4Zwnacm7aoCY/QgMJ+Js1Fex
+Acev48W9KHgpVbFMd1t8KAwRbmFcQf0C/FZUbE7xScpTxS4z3SsMOuRyfnGpDOi6
+m/SnA/9wpquf3pPwbPykzKWNJEDouiJgt0zaFLauKDPeyTWeJ6htaAPDglArewdq
+bJ9M8QgLFtzjhg/fBQlRRUk7YP4OYtp1OdPkg2D/1rPQNySWlDf21T3N/K8ydKhR
+bYi+AsPuJLQUi3d+lVTFOebaL9felePvDC2/Eod7PSD1/rnkZ7Q0QmFja3BvcnRz
+Lm9yZyBBcmNoaXZlIEtleSA8ZnRwLW1hc3RlckBiYWNrcG9ydHMub3JnPohGBBAR
+AgAGBQJDgImkAAoJEHFe1qB+e4rJ2x4An2oI4xJpDvOx8uDIo9ihG1M0MpUqAJ9S
+cqVUmiyYSPtu8MwcZecy9kmOIYheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD
+FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AniaEBvlr4oVFMrGgPiye7iE/jv68AJ48
+OkIfwcKJt7N8ImPAboeimFvWgIheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD
+FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AnjdB14rGa/rzz1ohwsi1oEnDRYuyAJ44
+Nv8MTPjOaeEZArQ0flg8OXwF37kCDQRDCIMREAgAzXu6DGSDAz4JH+mlthtiQwNZ
+FU8bjWanGT3DL6zubxwc3ZQmRaMOiVuvJUuaJv8fdGRSvp09dP2/x5mzq2rACiEn
+DwZssNSK5sigxgy2W9zeO9bOtg6bhqZLwlsL8Y2xZhyGL3qGeP4zL1QbXZ1QdJuO
+90Xu7GWYS6Wsj+Y6dUsZFYvTZwSiLkEmgFUTxkNue3DQtZ/KNkwoKc+aqU+S7gDN
+StQDvTNtR6IV11KbKcY1iQ0B2bkh4zShWwloIr83V6huAhfH8GA7UW6saRJAof5D
+JWUb+PRmU2TAOOlyZoM4nMH+sFFDPOeG8fbecwlox5BRTMqcCB5ELbQXoVZT+wAD
+BQf/ffI9R53f9USQkhsSak+k82JjRo9hqKAvPwBv3fDhMYqX3XRmwgNeax2y6Ub0
+AQkDhIC6eJILP5hTb2gjpmYYP7YE/7F1h37lUg7dDYeyPQF54mUXPnIg3uQ/V9HB
+TY+ZW8rsVe1KRvPAuVFU77FfCvIFdLSXVi1HSUcGv9Y7Kk4Tkr7vzKshlcIp6zZr
+O0Y3t/+ekBwTTQqEoUylVYkCSt3z6bjpVWbepkL88rbqJnPueTATw9shjbFYaND8
+cXZox9tQmlOIZ6gDeH1YvFf7ObRLxULm7C6hwik6agtXWkNABVXSxM6MB4hcP9QC
+FEhK6y/7wC3SyNRBuFujDG1aohJBBgRAgAJBQJDCIMRAhsMAAoJEOqOiyEWuhNs
+VVMAoJ1gbL0PHVf7yDwMjO3HuJBErxLdAJ4v9ojJnvJu2yUl4W586soBm+wsLg==
+=fBrI
+-----END PGP PUBLIC KEY BLOCK-----
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -0,0 +1,91 @@
+# apt.pp - common components and defaults for handling apt
+# Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at>
+# See LICENSE for the full license granted to you.
+#
+# With hints from
+#  Micah Anderson <micah@riseup.net>
+#  * backports key
+
+class apt {
+
+	# See README
+	$real_apt_clean = $apt_clean ? {
+		'' => 'auto',
+		default => $apt_clean,
+	}
+
+	# a few templates need lsbdistcodename
+	include assert_lsbdistcodename
+
+	config_file {
+		# include main, security and backports
+		# additional sources could be included via an array
+		"/etc/apt/sources.list":
+			content => template("apt/sources.list.erb"),
+			require => Exec[assert_lsbdistcodename];
+		# this just pins unstable and testing to very low values
+		"/etc/apt/preferences":
+			content => template("apt/preferences.erb"),
+			# use File[apt_config] to reference a completed configuration
+			# See "The Puppet Semaphor" 2007-06-25 on the puppet-users ML
+			alias => apt_config,
+			# only update together
+			require => File["/etc/apt/sources.list"];
+		# little default settings which keep the system sane
+		"/etc/apt/apt.conf.d/from_puppet":
+			content => "APT::Get::Show-Upgraded true;\nDSelect::Clean $real_apt_clean;\n",
+			before => File[apt_config];
+	}
+
+	$base_dir = "/var/lib/puppet/modules/apt"
+	file {
+		# remove my legacy files
+		[ "/etc/apt/backports.key", "/etc/apt/apt.conf.d/local-conf" ]:
+			ensure => removed;
+		# create new modules dir
+		$base_dir: ensure => directory;
+		# watch apt.conf.d
+		"/etc/apt/apt.conf.d": ensure => directory, checksum => mtime;
+	}
+
+	# suppress annoying help texts of dselect
+	line { dselect_expert:
+		file => "/etc/dpkg/dselect.cfg",
+		line => "expert",
+		ensure => present,
+	}
+
+	exec {
+		"/usr/bin/apt-get -y update #on refresh":
+			refreshonly => true,
+			subscribe => [ File["/etc/apt/sources.list"],
+				File["/etc/apt/preferences"], File["/etc/apt/apt.conf.d"],
+				File[apt_config] ];
+		"/usr/bin/apt-get -y update && /usr/bin/apt-get autoclean #hourly":
+			require => [ File["/etc/apt/sources.list"],
+				File["/etc/apt/preferences"], File[apt_config] ],
+			# Another Semaphor for all packages to reference
+			alias => apt_updated;
+	}
+
+	case $lsbdistcodename {
+		etch: {
+			## This package should really always be current
+			package { "debian-archive-keyring": ensure => latest, }
+
+			# This key was downloaded from
+			# http://backports.org/debian/archive.key
+			# and is needed to verify the backports
+			file { "${base_dir}/backports.org.key":
+				source => "puppet://$servername/apt/backports.org.key",
+				mode => 0444, owner => root, group => root,
+				before => File[apt_config],
+			}
+			exec { "/usr/bin/apt-key add ${base_dir}/backports.org.key":
+				refreshonly => true,
+				subscribe => File["${base_dir}/backports.org.key"],
+				before => File[apt_config],
+			}
+		}
+	}
+}
--- a/templates/preferences.erb
+++ b/templates/preferences.erb
@ -0,0 +1,7 @@
+Package: *
+Pin: release a=unstable
+Pin-Priority: 1
+
+Package: *
+Pin: release a=testing
+Pin-Priority: 2
--- a/templates/sources.list.erb
+++ b/templates/sources.list.erb
@ -0,0 +1,14 @@
+# This file is brought to you by puppet
+
+# basic <%= dv %>
+deb http://ftp.at.debian.org/debian <%= dv %> main
+# security suppport
+deb http://security.debian.org/ <%= dv %>/updates main
+# local packages
+#deb http://puppetmaster:81/ /
+
+# additional packages, see preferences
+#deb http://ftp.at.debian.org/debian sid main
+
+# backports
+deb http://www.backports.org/debian/ <%= dv %>-backports main