sources_list doesn't currently force puppet to run 'apt-get update'
after creating/modifying/removing files in sources.list.d.
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
The .d directories are only managed by the main 'apt' class. However,
both 'sources_list' and 'apt_conf' defines depend on those directories.
So in practice, the defines have an implicit need for those directories
to be somehow managed.
Let's turn this into an explicit relation, and include the directories
in the defines.
This makes it possible to use both defines without having to include the
main 'apt' class. (maybe when using puppet apply?)
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
as we use $lsbdistcodename as source we cannot name the sources
which should be used to update "stable". -> Fix it by deploying
a per lsbdistcodename configfile. This can also be used as a pre-
work for the #2681 shared modules bug.
This implements the "update initiator" pattern suggested by
http://projects.puppetlabs.com/projects/puppet/wiki/Debian_Patterns.
This feature is useful when one does not want to setup a fully automated upgrade
process but still needs a way to manually trigger full upgrades of any number of
systems at scheduled times.
Move this Exec to a dedicated class that is not included by default i.e. we
default not to "apt-get update" on every Puppet run.
We now make use of this class in the apt::upgrade_package define to make sure
APT indexes are up-to-date before attempting package upgrades.
One may now use the following to ensure current packages are installed by
Package resources:
include apt::update
Package { require => Exec[apt_updated] }
... because Exec[update_apt] is currently never run since we set it refreshonly.
Better solutions are being thought of, but in the meantime the least we can do
is somehow repair apt::upgrade_package.
Lenny's APT does not support pinning like this:
Pin: release o=Debian,n=<%= codename %>
We therefore switched (in commit ef2ebdffd) to:
Pin: release o=Debian,a=<%= release %>
With such a pinning setup, when Squeeze is released, systems using this module
with $apt_use_next_release set to true would immediately switch to prefer
packages from Squeeze. If an automated upgrade process is setup, they would be
automatically upgraded to Squeeze.
This does not sound safe to me, so let's use the release version number as an
additional selection criterion to prevent upgrades to Squeeze to happen behind
our back:
Pin: release o=Debian,a=<%= release %>,v=<%= release_version %>*
Note that the trailing '*' is intentional and necessary to match stable
point-releases.
This class installs a daily cronjob that checks if a package upgrade
requires the system to be rebooted; if so, cron sends a notification
email to root.
Why apticron, when we have cron-apt already? Some people have different preferences, we use apticron along with the upgrade_package functionality in this module. I know someone who uses cron-apt to run the upgrades, but apticron for notifications, because apticron's notifications are much nicer (cron-apt just gives you the output of apt-get upgrade)
