The problem I'm facing is that the sanity checks prevent one from
using a simple:
apt::preferences_snippet { "bla": ensure => absent }
So, first set a default value for the `priority' parameter, so
that it's not required anymore. Second, add a sanity check to
error out when priority is not set, to get the safe old behaviour.
Then, wrap all sanity checks about arguments within
a "if $ensure == 'present'" block.
Before, including apt::unattended_upgrades on a host without
the unattended-upgrades package would fail on the first run,
because the module tries to install the package before apt is
finally configured.
This commit does:
- introduce the option $refresh_apt for apt::apt_conf
(Defaults to true). Can be used to not trigger Exec['refresh_apt']
- install the unattended-upgrades package after a final
Exec['refresh_apt']. To not run into a loop, it calls
Apt_conf['50unattended-upgrades'] with the option
refresh_apt => false, which is also not needed for the configuration
looks for a template based on the $lsbdistcodename, so you get this error:
Could not find template 'apt/Debian/preferences_n/a.erb'
The slash in 'n/a' appears to be a path (confusing!)
So I've set an error message when 'n/a' is encountered, encouraging the user to set the $lsbdistcodename.
I was not confident in the idea of pointing any occurrence of 'n/a' to the sid
templates, as I could imagine a case where this might occur on a non-sid system
where the lsbdistcodename isn't properly detected
What happened here was the $codename = $::lsbdistcodename was removed from
init.pp and replaced with just $::lsbdistcodename whereever $codename was
used. Then in the sources.list.erb and preferences files things were changed
like this:
<pre>+### Debian current: <%= codename = scope.lookupvar('::lsbdistcodename') %>
...
-deb <%= debian_url %> <%= codename %> <%= repos %>
...
+deb <%= debian_url=scope.lookupvar('apt::debian_url') %> <%= codename %> <%= repos=scope.lookupvar('apt::repos') %>
</pre>
This meant that the codename was always set to lsbdistcodename, and you because
in newer puppet versions you cannot assign a value to a top-level facter
variable, it is not possible to change this.
Because we cannot change $lsbdistcodename, we have to fix this by allowing the
user to pass a different, non-top-level scoped variable to the class as a
parameter, which defaults to $::lsbdistcodename, so that upgrades can be
triggered.
This is documented in the README in an upgrade notice
This ensures that resources that set a dependecy on the
"File['apt_config']" file, as mentioned in the README, can always
resolve.
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
Since Debian Squeeze, apt supports a .d directory for preferences
(pinning). Simplify management by just placing files inside this .d
directory.
This removes the need for concat and concat::fragment resources, so
removes the dependency on the concat module. It also removes the need
for a moduledir that was needed for the concat module magic, so we also
get rid of the dependency on the common module.
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
This define doesn't add much of a shortcut and imposes a dependency on
the "common" module. We'll be better off with the small repetition but
less tightly coupled modules.
Sadly, the "common" module is still required, but that is going to be
the focus of the commit that follows this one.
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
This is implemented by adding a "package" parameter to apt::preferences_snippet,
so that define names can be kept unique while the package names are
not necessarily.
Closes: Redmine#3468.
sources_list doesn't currently force puppet to run 'apt-get update'
after creating/modifying/removing files in sources.list.d.
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
The .d directories are only managed by the main 'apt' class. However,
both 'sources_list' and 'apt_conf' defines depend on those directories.
So in practice, the defines have an implicit need for those directories
to be somehow managed.
Let's turn this into an explicit relation, and include the directories
in the defines.
This makes it possible to use both defines without having to include the
main 'apt' class. (maybe when using puppet apply?)
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
as we use $lsbdistcodename as source we cannot name the sources
which should be used to update "stable". -> Fix it by deploying
a per lsbdistcodename configfile. This can also be used as a pre-
work for the #2681 shared modules bug.
This implements the "update initiator" pattern suggested by
http://projects.puppetlabs.com/projects/puppet/wiki/Debian_Patterns.
This feature is useful when one does not want to setup a fully automated upgrade
process but still needs a way to manually trigger full upgrades of any number of
systems at scheduled times.
Move this Exec to a dedicated class that is not included by default i.e. we
default not to "apt-get update" on every Puppet run.
We now make use of this class in the apt::upgrade_package define to make sure
APT indexes are up-to-date before attempting package upgrades.
One may now use the following to ensure current packages are installed by
Package resources:
include apt::update
Package { require => Exec[apt_updated] }
... because Exec[update_apt] is currently never run since we set it refreshonly.
Better solutions are being thought of, but in the meantime the least we can do
is somehow repair apt::upgrade_package.
Lenny's APT does not support pinning like this:
Pin: release o=Debian,n=<%= codename %>
We therefore switched (in commit ef2ebdffd) to:
Pin: release o=Debian,a=<%= release %>
With such a pinning setup, when Squeeze is released, systems using this module
with $apt_use_next_release set to true would immediately switch to prefer
packages from Squeeze. If an automated upgrade process is setup, they would be
automatically upgraded to Squeeze.
This does not sound safe to me, so let's use the release version number as an
additional selection criterion to prevent upgrades to Squeeze to happen behind
our back:
Pin: release o=Debian,a=<%= release %>,v=<%= release_version %>*
Note that the trailing '*' is intentional and necessary to match stable
point-releases.
This class installs a daily cronjob that checks if a package upgrade
requires the system to be rebooted; if so, cron sends a notification
email to root.
Why apticron, when we have cron-apt already? Some people have different preferences, we use apticron along with the upgrade_package functionality in this module. I know someone who uses cron-apt to run the upgrades, but apticron for notifications, because apticron's notifications are much nicer (cron-apt just gives you the output of apt-get upgrade)
The CDN checks your IP and uses the Max-Mind geoIP DB to determine your location and then uses your local country Debian Mirror, or if your local country doesn't have a debian mirror, it uses the local continent. It automatically checks and prunes dead mirrors. the technology for the Debian CDN setup is still improving, I believe that ASN-number associations are the next step to attempt to make more informed, finer-grained choices.
This is more useful than using ftp.debian.org because that is just a round-robin DNS entry that could get you any mirror anywhere.
Before you only had the choice of setting a 03clean apt configuration for either
all hosts, or every single host. Setting it to have the recommended settings for
vservers for all hosts meant that you were setting it for non-vservers as well
as vservers. The other option you had was to set it per host. This was a bit
annoying if you have any more than one vserver because you would need to create
a 03clean for every single vserver guest.
This change auto-detects if the node is a vserver, and if it is it automatically
installs the 03clean_vserver file, with the recommended DSelect::Clean settings,
and allows you to override this for all of your vservers, or for specific hosts.
Current mode (600) makes it impossible to use apt-cache to search for
package names and info, since it tries to read all configuration files
in /etc/apt/apt.conf.d before executing.
Change configuration file mode to 644 so that search tasks can be made
without root priviledge.
