This implements the "update initiator" pattern suggested by
http://projects.puppetlabs.com/projects/puppet/wiki/Debian_Patterns.
This feature is useful when one does not want to setup a fully automated upgrade
process but still needs a way to manually trigger full upgrades of any number of
systems at scheduled times.
Move this Exec to a dedicated class that is not included by default i.e. we
default not to "apt-get update" on every Puppet run.
We now make use of this class in the apt::upgrade_package define to make sure
APT indexes are up-to-date before attempting package upgrades.
One may now use the following to ensure current packages are installed by
Package resources:
include apt::update
Package { require => Exec[apt_updated] }
... because Exec[update_apt] is currently never run since we set it refreshonly.
Better solutions are being thought of, but in the meantime the least we can do
is somehow repair apt::upgrade_package.
Lenny's APT does not support pinning like this:
Pin: release o=Debian,n=<%= codename %>
We therefore switched (in commit ef2ebdffd) to:
Pin: release o=Debian,a=<%= release %>
With such a pinning setup, when Squeeze is released, systems using this module
with $apt_use_next_release set to true would immediately switch to prefer
packages from Squeeze. If an automated upgrade process is setup, they would be
automatically upgraded to Squeeze.
This does not sound safe to me, so let's use the release version number as an
additional selection criterion to prevent upgrades to Squeeze to happen behind
our back:
Pin: release o=Debian,a=<%= release %>,v=<%= release_version %>*
Note that the trailing '*' is intentional and necessary to match stable
point-releases.
This class installs a daily cronjob that checks if a package upgrade
requires the system to be rebooted; if so, cron sends a notification
email to root.
Why apticron, when we have cron-apt already? Some people have different preferences, we use apticron along with the upgrade_package functionality in this module. I know someone who uses cron-apt to run the upgrades, but apticron for notifications, because apticron's notifications are much nicer (cron-apt just gives you the output of apt-get upgrade)
The CDN checks your IP and uses the Max-Mind geoIP DB to determine your location and then uses your local country Debian Mirror, or if your local country doesn't have a debian mirror, it uses the local continent. It automatically checks and prunes dead mirrors. the technology for the Debian CDN setup is still improving, I believe that ASN-number associations are the next step to attempt to make more informed, finer-grained choices.
This is more useful than using ftp.debian.org because that is just a round-robin DNS entry that could get you any mirror anywhere.
Before you only had the choice of setting a 03clean apt configuration for either
all hosts, or every single host. Setting it to have the recommended settings for
vservers for all hosts meant that you were setting it for non-vservers as well
as vservers. The other option you had was to set it per host. This was a bit
annoying if you have any more than one vserver because you would need to create
a 03clean for every single vserver guest.
This change auto-detects if the node is a vserver, and if it is it automatically
installs the 03clean_vserver file, with the recommended DSelect::Clean settings,
and allows you to override this for all of your vservers, or for specific hosts.
Current mode (600) makes it impossible to use apt-cache to search for
package names and info, since it tries to read all configuration files
in /etc/apt/apt.conf.d before executing.
Change configuration file mode to 644 so that search tasks can be made
without root priviledge.
Going on merging immerda changes.
Incompatible change: I do prefer my own generic apt/preferences template to
shipping a static file that only supports Lenny. My own template supports
security, backports, volatile, next release etc.
Conflicts:
files/preferences
manifests/init.pp
manifests/preferences.pp
Let's set refreshonly on the 'update_apt' Exec (aliased to 'apt_updated')
instead of removing it for backward compatibility: it may be in use at some
places to trigger updates.
Add a file resource on the apt/sources.list.d directory to ensure that
it is created as a directory and watch it for modifications to
automatically refresh the apt cache.
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
Unattended upgrades are not always necessary. Including the
apt::unattended_upgrades class through the main apt class is not
appropriate. It is better to make nodes include the
apt::unattended_upgrades class explicitly.
Remove the $apt_unattended_upgrades variable along with the include in
the 'apt' class.
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
Currently, setting the $custom_preferences variable to false fails
because of the /etc/apt/preferences concatenated_file being re-defined.
Fix this by setting dependencies on the resource only when we expect to
create the /etc/apt/preferences file. Also, since there is no "ensure"
parameter to concatenated_file, use a simple file resource to ensure
that it is removed.
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
The current proxy_client template makes it possible to communicate with
the proxy only via HTTP. Add the protocol to the variable so that it's
possible to change the protocol.
Signed-off-by: Gabriel Filion <lelutin@gmail.com>