`apt-get autoclean` should not be run on every puppetrun when
including `apt::update`, but rather be configured as a `APT::Periodic`
task that is run by cron, see
https://wiki.debian.org/UnattendedUpgrades.
Before, there were two Execs that did an `apt-get update`,
`Exec[refresh_apt]` and `Exec[apt_updated]`, which were triggered
by different resources.
This changes gets rid of the first one, and all resources now depend
on `Exec[apt_updated]`.
Managing requirements for installing the lsb package has proven over
time to make no sense. The best approach to this is to require
lsb-release to be installed alongside puppet, since otherwise there are
so much facts that get no value during the run and you end up needing to
run puppet twice to get the real end result.
Also, since we're not including a class that is actually installing the
'lsb' package, that require line makes it so that including the apt
module doesn't work, and there's no documentation in the README about
needing to provide a package{'lsb':} resource with the apt class.
Because of all that, it makes more sense to just get rid of that require
line and mark lsb as a pre-requirement in the README file.
* Removes dependency on lsb-release and/or Facter >1.7
(values are based on $::lsbdistcodename, when available)
* Simplifies maintenance: only lib/facter/util/* require updates as new
releases are made
Caveats:
* apt::codename is removed; to override debian_* facts, set the
FACTER_debian_codename environment variable for puppet
* If tracking unstable, make sure lsb-release is installed, as other
methods can't tell between testing and unstable
This gets us fixes for the unattended_upgrades in wheezy, as well as the custom_key_dir class parameter replacement of the global variable
Conflicts:
manifests/unattended_upgrades.pp
looks for a template based on the $lsbdistcodename, so you get this error:
Could not find template 'apt/Debian/preferences_n/a.erb'
The slash in 'n/a' appears to be a path (confusing!)
So I've set an error message when 'n/a' is encountered, encouraging the user to set the $lsbdistcodename.
I was not confident in the idea of pointing any occurrence of 'n/a' to the sid
templates, as I could imagine a case where this might occur on a non-sid system
where the lsbdistcodename isn't properly detected
What happened here was the $codename = $::lsbdistcodename was removed from
init.pp and replaced with just $::lsbdistcodename whereever $codename was
used. Then in the sources.list.erb and preferences files things were changed
like this:
<pre>+### Debian current: <%= codename = scope.lookupvar('::lsbdistcodename') %>
...
-deb <%= debian_url %> <%= codename %> <%= repos %>
...
+deb <%= debian_url=scope.lookupvar('apt::debian_url') %> <%= codename %> <%= repos=scope.lookupvar('apt::repos') %>
</pre>
This meant that the codename was always set to lsbdistcodename, and you because
in newer puppet versions you cannot assign a value to a top-level facter
variable, it is not possible to change this.
Because we cannot change $lsbdistcodename, we have to fix this by allowing the
user to pass a different, non-top-level scoped variable to the class as a
parameter, which defaults to $::lsbdistcodename, so that upgrades can be
triggered.
This is documented in the README in an upgrade notice
Since Debian Squeeze, apt supports a .d directory for preferences
(pinning). Simplify management by just placing files inside this .d
directory.
This removes the need for concat and concat::fragment resources, so
removes the dependency on the concat module. It also removes the need
for a moduledir that was needed for the concat module magic, so we also
get rid of the dependency on the common module.
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
This define doesn't add much of a shortcut and imposes a dependency on
the "common" module. We'll be better off with the small repetition but
less tightly coupled modules.
Sadly, the "common" module is still required, but that is going to be
the focus of the commit that follows this one.
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
sources_list doesn't currently force puppet to run 'apt-get update'
after creating/modifying/removing files in sources.list.d.
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
The .d directories are only managed by the main 'apt' class. However,
both 'sources_list' and 'apt_conf' defines depend on those directories.
So in practice, the defines have an implicit need for those directories
to be somehow managed.
Let's turn this into an explicit relation, and include the directories
in the defines.
This makes it possible to use both defines without having to include the
main 'apt' class. (maybe when using puppet apply?)
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
Move this Exec to a dedicated class that is not included by default i.e. we
default not to "apt-get update" on every Puppet run.
We now make use of this class in the apt::upgrade_package define to make sure
APT indexes are up-to-date before attempting package upgrades.
One may now use the following to ensure current packages are installed by
Package resources:
include apt::update
Package { require => Exec[apt_updated] }
Lenny's APT does not support pinning like this:
Pin: release o=Debian,n=<%= codename %>
We therefore switched (in commit ef2ebdffd) to:
Pin: release o=Debian,a=<%= release %>
With such a pinning setup, when Squeeze is released, systems using this module
with $apt_use_next_release set to true would immediately switch to prefer
packages from Squeeze. If an automated upgrade process is setup, they would be
automatically upgraded to Squeeze.
This does not sound safe to me, so let's use the release version number as an
additional selection criterion to prevent upgrades to Squeeze to happen behind
our back:
Pin: release o=Debian,a=<%= release %>,v=<%= release_version %>*
Note that the trailing '*' is intentional and necessary to match stable
point-releases.