opuppet/module-apt
4
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Compare commits

base: opuppet:99fe7db72135c8bca025a5870e693689b8803d94
Branches Tags
opuppet:master
opuppet:ortiche
...
compare: opuppet:a18c940b0195e76a7640818a7c7d92d289380c36
Branches Tags
opuppet:master
opuppet:ortiche

78 commits
99fe7db721 ... a18c940b01

Author SHA1 Message Date
intrigeri
a18c940b01 Merge remote-tracking branch 'shared/master' into drop_lenny_squeeze_support 2016-07-01 12:28:51 +00:00
Jérôme Charaoui
328a6215a3 Take out comment referencing squeeze, see issue #14 2016-06-30 21:20:51 +02:00
Jérôme Charaoui
78e07815bc Remove squeeze special-case from unattended-upgrades template. 2016-06-30 21:20:05 +02:00
Jérôme Charaoui
e55da5b7b8 Remove backports_url parameter. 
For jessie and later releases, backports use debian_url.
 2016-06-30 21:19:01 +02:00
Jérôme Charaoui
f86963aab1 Remove references to backports_url parameter and squeeze from README. 2016-06-30 21:17:49 +02:00
Jérôme Charaoui
98b4be5570 Drop Debian lenny and squeeze support. 2016-06-29 21:49:21 +02:00
Jerome Charaoui
1a87e2f7d4 Merge branch 'bugfix/reboot-required-jessie' into 'master' 
Bugfix/reboot required jessie

I've mistakenly marked !40 as merged :/

See merge request !46
 2016-06-29 19:47:42 +00:00
LeLutin
6277c3ba14 Merge branch 'feature/8-make_dist-upgrade_timeout_configurable' into 'master' 
apt::dist_upgrade: add a timeout parameter (#8).



See merge request !45
 2016-06-29 19:35:11 +00:00
LeLutin
05c2603e5e Merge branch 'bugfix/drop-obsolete-code-and-global-variable-in-apt-cron' into 'master' 
Drop apt::cron::download, and turn $apt_cron_hours into a class parameter for ap…

…t::cron::dist_upgrade.

I've introduced apt::cron::download, am not using it anymore, and have
never seen anyone else submit a bug or a merge request for it. Thus,
I feel pretty confident in dropping it.

And this allows me to trivially get rid of the $apt_cron_hours global
variable noticed by LeLutin in #13.

(I've mistakenly marked !44 as merged)

See merge request !47
 2016-06-29 19:32:57 +00:00
Jérôme Charaoui
5fd6c96c42 Fix missing quote in IPADDRESSES assignment in apticron config 2016-06-29 20:55:59 +02:00
Jérôme Charaoui
6c0c1f4a16 Remove redundant symlinks for the Debian apticron template, fixes #2 2016-06-29 20:55:59 +02:00
Jérôme Charaoui
e876cd25b5 Remove redundant symlinks for the Debian listchanges template, fixes #2 2016-06-29 20:55:59 +02:00
intrigeri
13cb9fb485 Move documentation to README, and expand a bit on it. 2016-06-29 18:49:23 +00:00
intrigeri
92e7d506c0 Merge remote-tracking branch 'shared/master' into feature/8-make_dist-upgrade_timeout_configurable 2016-06-29 18:47:14 +00:00
intrigeri
c439b8a524 Remove documentation for apt::cron::download, and document the new parameter to apt::cron::dist_upgrade. 2016-06-29 18:45:32 +00:00
intrigeri
f035fd1621 Merge remote-tracking branch 'shared/master' into bugfix/drop-obsolete-code-and-global-variable-in-apt-cron 2016-06-29 18:42:02 +00:00
intrigeri
bc73809d7b Try to fix rendering of Markdown pre-formatted sections in bullet lists. 2016-06-29 18:21:30 +00:00
intrigeri
8723519f0f Fix newly introduced white-space issues. 2016-06-29 18:21:19 +00:00
intrigeri
70118955f6 apt::reboot_required_notify: get rid of temporary variable. 2016-06-29 18:02:16 +00:00
Tech SOGEECOM
05ca5b0a05 ident the upgrade notices correctly 2016-06-29 13:59:51 -04:00
Tech SOGEECOM
5a7336ad47 fix formatting errors 2016-06-29 13:55:29 -04:00
intrigeri
89a024678e apt::reboot_required_notify::jessie: explicitly check that $apt::use_backports is true when running Jessie. 
Otherwise, it would fail anyway when trying to install reboot-notifier,
but in a way less user-friendly.

Thanks to lavamind for the suggestion!
 2016-06-29 17:54:16 +00:00
intrigeri
2ab9739d5a Merge remote-tracking branch 'shared/master' into bugfix/reboot-required-jessie 2016-06-29 17:48:14 +00:00
Tech SOGEECOM
419f9e4601 add back the parts of the README that were lost 2016-06-29 13:42:41 -04:00
intrigeri
195ed5d31b apt::dist_upgrade: add a timeout parameter (#8). 2016-06-29 17:39:14 +00:00
Tech SOGEECOM
eedc5eef88 fix 🔑 in Gitlab markdown 2016-06-29 12:01:18 -04:00
Tech SOGEECOM
0250f57b82 use the same style for all the examples 2016-06-29 12:00:21 -04:00
intrigeri
5102b7863b Drop apt::cron::download, and turn $apt_cron_hours into a class parameter for apt::cron::dist_upgrade. 
I've introduced apt::cron::download, am not using it anymore, and have
never seen anyone else submit a bug or a merge request for it. Thus,
I feel pretty confident in dropping it.

And this allows me to trivially get rid of the $apt_cron_hours global
variable noticed by LeLutin in #13.
 2016-06-29 15:59:20 +00:00
Gabriel Filion
2bbfe8cab9 Fix some minor lint issues 
This was shown by the testing that was added in merge request !34
 2016-06-29 17:31:14 +02:00
Gabriel Filion
354bada721 Merge remote-tracking branch 'varac/beaker' into blah 
The README file has been changed, use the new syntax to match the rest
of the file.
 2016-06-29 17:05:54 +02:00
intrigeri
a875536532 Merge remote-tracking branch 'lelutin-gitlab/backports_follow_debian_url' into shared-master 2016-06-29 14:53:57 +00:00
Gabriel Filion
8859eba152 add an upgrade notice about the change of default value for $repos 2016-06-29 16:45:22 +02:00
Gabriel Filion
8727cf7b8b Merge branch 'master' into backports_follow_debian_url 
The README file was changed on the master branch and we'd like to change
it to add an upgrade notice.
 2016-06-29 16:41:29 +02:00
Jérôme Charaoui
53c49fe2ae Merge branch 'merge_debian_preferences_templates' 
Conflicts:
	manifests/preferences.pp
	templates/Debian/preferences_jessie.erb
	templates/Debian/preferences_squeeze.erb
	templates/Debian/preferences_wheezy.erb
 2016-06-29 16:35:17 +02:00
Gabriel Filion
5d95c3f5e7 README: make examples more compact 
also, use commas instead of semi-colon at the end of resources to use a
coding style that makes things more extensible.
 2016-06-27 23:47:43 +02:00
Gabriel Filion
bb823a23f8 extraneous space in subsection title 2016-06-27 23:47:14 +02:00
LeLutin
e18dfe91a3 Merge branch 'master' into 'master' 
Update the README to use markdown

This module's documentation is pretty good, but god plain text is awful when a document gets this long.

I _really_ dislike Gitlab's markdown flavor, but IMHO bad markdown is better than no markdown.

You can see the result here: https://gitlab.com/sogeecom/apt/blob/master/README.md

--
pollo

See merge request !41
 2016-06-27 21:39:02 +00:00
Gabriel Filion
0752201ce4 push logic behind apt::repos back in apt::params 
The logic in specifying the default value for apt::repos is in the wrong
place: it should be in apt::params since this is exactly what this
latter class is for.

There's no special case that can involve making default the value follow
the value of another parameter so there's no point in having that logic
in the main class.
 2016-06-27 15:41:19 +02:00
Gabriel Filion
770f8fb5da make backports_url follow debian_url by default 
backports_url was already set to the same value than debian_url by
default, but it was set to the default value of debian_url. this meant
that when giving a url to the debian_url parameter to the apt class, the
backports_url would not follow and would still be using the default
value for debian_url.

with this change, when backports_url is not specified, but debian_url
is, then both of them take on the value given to the debian_url. of
course if backports_url is also given a value, then it keeps the value
given by the user.
 2016-06-27 15:39:51 +02:00
Louis-Philippe Véronneau
3abd96bb65 use the same code indenting (Puppet's code guideline one) everywhere to uniform 2016-04-27 15:12:19 -04:00
Louis-Philippe Véronneau
ec3bceff10 syntax highlighting 2016-04-27 15:00:35 -04:00
Louis-Philippe Véronneau
b45d09561e typo (tris?) 2016-04-27 14:38:47 -04:00
Louis-Philippe Véronneau
cfb1eefa1d typo (bis) 2016-04-27 14:33:08 -04:00
Louis-Philippe Véronneau
511cd83922 typo 2016-04-27 14:31:20 -04:00
Louis-Philippe Véronneau
fca9b745ea README is now markdown 2016-04-27 14:29:00 -04:00
Louis-Philippe Véronneau
d7c9feda05 README is now markdown 2016-04-27 14:28:47 -04:00
intrigeri
e70a6712d3 apt::reboot_required_notify::jessie: manage APT pinning to fetch reboot-notifier from jessie-backports, when running on Jessie. 2016-03-16 14:26:52 +00:00
intrigeri
46b2f3d2e8 Merge remote-tracking branch 'shared/master' into bugfix/reboot-required-jessie 2016-03-16 14:23:08 +00:00
Micah
8c8bd7bb1e Merge branch 'remove_loglevel_info' into 'master' 
Remove loglevel directive from Exec[update_apt]

When using puppet apply (v 3.7), loglevel 'info'
won't show the output on error. This is bad for
debugging.

micah, assigning to you because this has already bitten me while debugging a failed `apt-get update` for the leap_platform.

See merge request !39
 2016-02-26 09:39:42 +00:00
varac
7714aa0436 Remove loglevel directive from Exec[update_apt] 
When using puppet apply (v 3.7), loglevel 'info'
won't show the output on error. This is bad for
debugging.
 2016-02-25 19:59:58 +01:00
varac
6ba1b097c2 Merge branch 'unatt_upg_logdir' into 'master' 
Manage unattended-upgrades log directory

In some situations, the log directory for unattended-upgrades might not
exist. In those cases, packages will not get upgraded!

unattended-upgrades crashes with a python backtrace because the log dir
is not present.

See merge request !38
 2016-02-02 22:22:47 +00:00
Gabriel Filion
c4a0aff2af Manage unattended-upgrades log directory 
In some situations, the log directory for unattended-upgrades might not
exist. In those cases, packages will not get upgraded!

unattended-upgrades crashes with a python backtrace because the log dir
is not present.
 2016-02-02 17:07:21 -05:00
varac
207218cee8 [refactor] Get rid of the disable_update parameter 
The `disable_update` parameter has been removed. The main apt class
defaults to *not* run an `apt-get update` on every run anyway so
this parameter seems useless.
You can include the `apt::update` class if you want it to be
run every time.
 2016-02-01 20:42:37 +01:00
varac
d2ae98e89b [feat] Remove apt-get autoclean from apt::update 
`apt-get autoclean` should not be run on every puppetrun when
including `apt::update`, but rather be configured as a `APT::Periodic`
task that is run by cron, see
https://wiki.debian.org/UnattendedUpgrades.
 2016-02-01 20:25:50 +01:00
varac
f12b007edd [refactor] Unify apt-get update into one resource 
Before, there were two Execs that did an `apt-get update`,
`Exec[refresh_apt]` and `Exec[apt_updated]`, which were triggered
by different resources.
This changes gets rid of the first one, and all resources now depend
on `Exec[apt_updated]`.
 2016-02-01 20:25:46 +01:00
varac
fa1751c4de [bug] Deploy preferene snippets before apt_refresh 
When pinning packages with apt::preferences_snippet,
we need to make sure these get deployed before an
`apt-get update` is triggered, so pinned packages can
get installed in the right way with a single puppetrun.
 2016-01-05 20:04:10 +01:00
varac
005f06f3dd [tests] Use beaker+docker for acceptance tests 
Beaker together with docker is a very fast way to do
acceptance testing.
This commit adds basic beaker/docker support:

- Add a debian jessie nodeset
- Test if the module applies idempotentially, so it doesn't
  change resources on a second run with the same parameters.

https://github.com/puppetlabs/beaker/blob/master/docs/Docker-Support.md
 2015-12-20 22:46:54 +01:00
Micah
185ac30062 Merge branch 'gitlab_ci' into 'master' 
[feat] Enable gitlab CI builds, simplify Gemfile

Test this module using existing rspec test, using gitlab CI on gitlab.com shared runners.

See https://gitlab.com/varac/apt/builds/473836 for the CI build of this merge req.

See merge request !33
 2015-12-20 21:36:20 +00:00
varac
275ca2e4cf [feat] Enable gitlab CI builds, simplify Gemfile 2015-12-19 00:25:05 +01:00
ng
c410b5c8de Merge branch 'remove_double_apt_get_update' into 'master' 
[feat] Don't run an additional apt-get update

When adding custom keys, an additional `apt-get update` would
be run before the Exec['refresh_apt'], which don't make sense.

See merge request !31
 2015-12-16 07:39:12 +00:00
varac
d67dfe4beb [feat] Don't run an additional apt-get update 
When adding custom keys, an additional `apt-get update` would
be run before the Exec['refresh_apt'], which don't make sense.
 2015-12-13 17:56:17 +01:00
varac
abe5212b01 Fix require path for ubuntu_nextcodename.rb 2015-12-07 22:09:42 +01:00
varac
2c656517bd [rspec] extend test for custom facts 2015-12-07 21:54:49 +01:00
varac
5381cb7b61 [bug] Fix debian_nextcodename on wheezy hosts 
I noticed this behaviour because $::debian_nextcodename was
"squeeze" on a wheezy host.
For debugging, i inserted a "puts codenames" in
lib/facter/debian_nextcodename.rb, and it turned out that it
was sorted differently on wheezy and jessie hosts:

On wheezy:

    buster
    stretch
    jessie
    wheezy
    squeeze
    lenny

On jessie:

    lenny
    squeeze
    wheezy
    jessie
    stretch
    buster

So i decided to rewrite this so this doesn't happen again.
 2015-12-07 19:43:31 +01:00
varac
bf4daa73b1 [docs] Add test docs how to use custom facter/puppet version 2015-12-07 14:36:48 +01:00
varac
a70c52c1d4 Fix loading of util/debian.rb for custom facts 
requirering the facter/util/debian.rb module causes
puppet warnings on wheezy hosts, and custom facts like
`$::debian_codename` cannot be evaluated.

    warning: Could not load fact file
      /srv/dev/projects/puppet/shared-modules//apt/lib/facter/debian_nextcodename.rb:
      no such file to load -- facter/util/debian

Removing the require line solves this.
 2015-12-07 14:27:04 +01:00
varac
6b27efb434 Add inital puppet rspec test for custom facts 2015-12-07 13:29:41 +01:00
Micah
d372562329 Merge branch 'support_missing_ubuntu_releases' into 'master' 
[feat] Support vivid, wily, xenial ubuntu release



See merge request !27
 2015-12-04 21:27:26 +00:00
Gabriel Filion
2942cd0dd8 remove requirement on lsb package for sources.list file 
Managing requirements for installing the lsb package has proven over
time to make no sense. The best approach to this is to require
lsb-release to be installed alongside puppet, since otherwise there are
so much facts that get no value during the run and you end up needing to
run puppet twice to get the real end result.

Also, since we're not including a class that is actually installing the
'lsb' package, that require line makes it so that including the apt
module doesn't work, and there's no documentation in the README about
needing to provide a package{'lsb':} resource with the apt class.

Because of all that, it makes more sense to just get rid of that require
line and mark lsb as a pre-requirement in the README file.
 2015-12-04 14:35:27 -05:00
Jerome Charaoui
4d3b720308 Simplify conditional expressions 2015-12-04 12:36:25 -05:00
Jerome Charaoui
f492e5840b Switch old $release and $codename local variables to new debian_* facts 2015-12-04 12:36:25 -05:00
Antoine Beaupré
e4a9222d86 move backports to snippets 
this allows for third party modules to enable this on the fly
 2015-12-04 12:36:25 -05:00
Gabriel Filion
bfa973a668 Use $ubuntu_url as default value of $backports_url on Ubuntu 
Ubuntu shouldn't be using debian backports by default.

This was written by Anoine Beaupré, but split from the commit "move
backports to snippets" since the change is unrelated and needs to be
more visible in the commit history.
 2015-12-04 12:36:25 -05:00
varac
b5c65e29f1 [feat] Support vivid, wily, xenial ubuntu release 2015-11-02 23:50:08 +01:00
Jerome Charaoui
48bf4a390e Merge Debian squeeze, wheezy, jessie and sid preferences templates into one 2015-10-07 10:36:12 -04:00
intrigeri
3630285006 reboot_required_notify: add initial support for Jessie and newer. 
Note that reboot-notifier is only in stretch/sid at the moment,
so to use this one needs to configure APT pinning themselves
to make this package installable.
 2015-08-31 20:03:40 +00:00
intrigeri
a82e3ae272 reboot_required_notify::wheezy: add an "ensure" parameter, defaulting to "present". 2015-08-31 19:56:16 +00:00
intrigeri
e2ea89aa7a reboot_required_notify: move all code to a ::wheezy class. 
It doesn't work on Jessie and newer (#1).
 2015-08-31 19:55:17 +00:00
61 changed files with 1089 additions and 982 deletions
Show stats Expand all files Collapse all files

13
.gitignore vendored Normal file
View file

@ -0,0 +1,13 @@
/pkg/
/Gemfile.lock
/vendor/
/spec/fixtures/manifests/*
/spec/fixtures/modules/*
!/spec/fixtures/modules/apt
!/spec/fixtures/modules/apt/*
/log
/.vagrant/
/.bundle/
/coverage/
/.idea/
*.iml

12
.gitlab-ci.yml Normal file
View file

@ -0,0 +1,12 @@
before_script:
- ruby -v
- gem install bundler --no-ri --no-rdoc
- bundle install --jobs $(nproc) "${FLAGS[@]}"
# don't fail on lint warnings
rspec:
script:
- bundle exec rake lint || /bin/true
- bundle exec rake syntax
- bundle exec rake validate
- bundle exec rake spec

20
Gemfile Normal file
View file

@ -0,0 +1,20 @@
source "https://rubygems.org"
group :test do
gem "rake"
gem "rspec", '< 3.2.0'
gem "puppet", ENV['PUPPET_VERSION'] || ENV['GEM_PUPPET_VERSION'] || ENV['PUPPET_GEM_VERSION'] || '~> 3.7.0'
gem "facter", ENV['FACTER_VERSION'] || ENV['GEM_FACTER_VERSION'] || ENV['FACTER_GEM_VERSION'] || '~> 2.2.0'
gem "rspec-puppet"
gem "puppetlabs_spec_helper"
gem "metadata-json-lint"
gem "rspec-puppet-facts"
gem "mocha"
end
group :system_tests do
gem 'beaker', :require => false
gem 'beaker-rspec', :require => false
gem 'beaker_spec_helper', :require => false
gem 'serverspec', :require => false
end

581
README
View file

@ -1,581 +0,0 @@
Overview
========
This module manages apt on Debian.
It keeps dpkg's and apt's databases as well as the keyrings for securing
package download current.
backports.debian.org is added.
/etc/apt/sources.list and /etc/apt/preferences are managed. More
recent Debian releases are pinned to very low values by default to
prevent accidental upgrades.
Ubuntu support is lagging behind but not absent either.
! Upgrade Notice !
* The apt::codename parameter has been removed. In its place, the
debian_codename fact may be overridden via an environment variable. This
will affect all other debian_* facts, and achieve the same result.
FACTER_debian_codename=jessie puppet agent -t
* If you were using custom 50unattended-upgrades.${::lsbdistcodename} in your
site_apt, these are no longer supported. You should migrate to passing
$blacklisted_packages to the apt::unattended_upgrades class.
* the apt class has been moved to a paramterized class. if you were including
this class before, after passing some variables, you will need to move to
instantiating the class with those variables instead. For example, if you
had the following in your manifests:
$apt_debian_url = 'http://localhost:9999/debian/'
$apt_use_next_release = true
include apt
you will need to remove the variables, and the include and instead do
the following:
class { 'apt': debian_url => 'http://localhost:9999/debian/', use_next_release => true }
previously, you could manually set $lsbdistcodename which would enable forced
upgrades, but because this is a top-level facter variable, and newer puppet
versions do not let you assign variables to other namespaces, this is no
longer possible. However, there is a way to obtain this functionality, and
that is to pass the 'codename' parameter to the apt class, which will change
the sources.list and preferences files to be the codename you set, allowing
you to trigger upgrades:
include apt::dist_upgrade
class { 'apt': codename => 'wheezy', notify => Exec['apt_dist-upgrade'] }
* the apticron class has been moved to a parameterized class. if you were
including this class before, you will need to move to instantiating the
class instead. For example, if you had the following in your manifests:
$apticron_email = 'foo@example.com'
$apticron_notifynew = '1'
... any $apticron_* variables
include apticron
you will need to remove the variables, and the include and instead do the
following:
class { 'apt::apticron': email => 'foo@example.com', notifynew => '1' }
* the apt::listchanges class has been moved to a paramterized class. if you
were including this class before, after passing some variables, you will need
to move to instantiating the class with those variables instead. For example,
if you had the following in your manifests:
$apt_listchanges_email = 'foo@example.com'
... any $apt_listchanges_* variables
include apt::listchanges
you will need to remove the variables, and the include and instead do the
following:
class { 'apt::listchanges': email => 'foo@example.com' }
* the apt::proxy_client class has been moved to a paramterized class. if you
were including this class before, after passing some variables, you will need
to move to instantiating the class with those variables instead. For example,
if you had the following in your manifests:
$apt_proxy = 'http://proxy.domain'
$apt_proxy_port = 666
include apt::proxy_client
you will need to remove the variables, and the include and instead do the
following:
class { 'apt::proxy_client': proxy => 'http://proxy.domain', port => '666' }
Requirements
============
This module needs:
- the common module: https://gitlab.com/shared-puppet-modules-group/common
- the lsb module: https://gitlab.com/shared-puppet-modules-group/lsb
(optional but recommended, required on Ubuntu)
By default, on normal hosts, this module sets the configuration option
DSelect::Clean to 'auto'. On virtual servers, the value is set by default to
'pre-auto', because virtual servers are usually more space-bound and have better
recovery mechanisms via the host:
From apt.conf(5), 0.7.2:
"Cache Clean mode; this value may be one of always, prompt, auto,
pre-auto and never. always and prompt will remove all packages
from the cache after upgrading, prompt (the default) does so
conditionally. auto removes only those packages which are no
longer downloadable (replaced with a new version for
instance). pre-auto performs this action before downloading new
packages."
To change the default setting for DSelect::Clean, you can create a file named
"03clean" or "03clean_vserver" in your site_apt module's files directory. You
can also define this for a specific host by creating a file in a subdirectory of
the site_apt modules' files directory that is named the same as the
host. (example: site_apt/files/some.host.com/03clean, or
site_apt/files/some.host.com/03clean_vserver)
Classes
=======
apt
---
The apt class sets up most of the documented functionality. To use functionality
that is not enabled by default, you must set one of the following parameters.
Example usage:
class { 'apt': use_next_release => true, debian_url => 'http://localhost:9999/debian/' }
Class parameters:
* use_lts
If this variable is set to true the CODENAME-lts sources (such as
squeeze-lts) are added.
By default this is false for backward compatibility with older
versions of this module.
* use_volatile
If this variable is set to true the CODENAME-updates sources (such as
squeeze-updates) are added.
By default this is false for backward compatibility with older
versions of this module.
* include_src
If this variable is set to true a deb-src source is added for every
added binary archive source.
By default this is false for backward compatibility with older
versions of this module.
* use_next_release
If this variable is set to true the sources for the next Debian
release are added. The default pinning configuration pins it to very
low values.
By default this is false for backward compatibility with older
versions of this module.
* debian_url, security_url, backports_url, volatile_url
These variables allow to override the default APT mirrors respectively
used for the standard Debian archives, the Debian security archive,
the Debian official backports and the Debian Volatile archive.
* ubuntu_url
These variables allows to override the default APT mirror used for all
standard Ubuntu archives (including updates, security, backports).
* repos
If this variable is set the default repositories list ("main contrib non-free")
is overriden.
* disable_update
Disable "apt-get update" which is normally triggered by apt::upgrade_package
and apt::dist_upgrade.
Note that nodes can be updated once a day by using
APT::Periodic::Update-Package-Lists "1";
in i.e. /etc/apt/apt.conf.d/80_apt_update_daily.
* custom_preferences
For historical reasons (Debian Lenny's version of APT did not support the use
of the preferences.d directory for putting fragments of 'preferences'), this
module will manage a default generic apt/preferences file with more
recent releases pinned to very low values so that any package
installation will not accidentally pull in packages from those suites
unless you explicitly specify the version number. This file will be
complemented with all of the preferences_snippet calls (see below).
If the default preferences template doesn't suit your needs, you can create a
template located in your site_apt module, and set custom_preferences with the
content (eg. custom_preferences => template('site_apt/preferences') )
Setting this variable to false before including this class will force the
apt/preferences file to be absent:
class { 'apt': custom_preferences => false }
* custom_sources_list
By default this module will use a basic apt/sources.list template with
a generic Debian mirror. If you need to set more specific sources,
e.g. changing the sections included in the source, etc. you can set
this variable to the content that you desire to use instead.
For example, setting this variable will pull in the
templates/site_apt/sources.list file:
class { 'apt': custom_sources_list => template('site_apt/sources.list') }
* custom_key_dir
If you have different apt-key files that you want to get added to your
apt keyring, you can set this variable to a path in your fileserver
where individual key files can be placed. If this is set and keys
exist there, this module will 'apt-key add' each key.
The debian-archive-keyring package is installed and kept current up to the
latest revision (this includes the backports archive keyring).
apt::apticron
-------------
When you instantiate this class, apticron will be installed, with the following
defaults, which you are free to change:
$ensure_version = 'installed',
$config = "apt/${::operatingsystem}/apticron_${::lsbdistcodename}.erb",
$email = 'root',
$diff_only = '1',
$listchanges_profile = 'apticron',
$system = false,
$ipaddressnum = false,
$ipaddresses = false,
$notifyholds = '0',
$notifynew = '0',
$customsubject = ''
Example usage:
class { 'apt::apticron': email => 'foo@example.com', notifynew => '1' }
apt::cron::download
-------------------
This class sets up cron-apt so that it downloads upgradable packages, does not
actually do any upgrade and emails when the output changes.
cron-apt defaults to run at 4 AM. You may want to set the
$apt_cron_hours variable before you include the class: its value will
be passed as the "hours" parameter of a cronjob. Example:
# Run cron-apt every three hours
$apt_cron_hours = '*/3'
Note that the default 4 AM cronjob won't be disabled.
apt::cron::dist_upgrade
-----------------------
This class sets up cron-apt so that it dist-upgrades the system and
emails when upgrades are performed.
See apt::cron::download above if you need to run cron-apt more often
than once a day.
apt::dist_upgrade
-----------------
This class provides the Exec['apt_dist-upgrade'] resource that
dist-upgrade's the system.
This exec is set as refreshonly so including this class does not
trigger any action per-se: other resources may notify it, other
classes may inherit from this one and add to its subscription list
using the plusignment ('+>') operator. A real-world example can be
seen in the apt::dist_upgrade::initiator source.
When this class is included the APT indexes are updated on every
Puppet run due to the author's lack of Puppet wizardry.
apt::dist_upgrade::initiator
----------------------------
This class automatically dist-upgrade's the system when an initiator
file's content changes. The initiator file is copied from the first
available source amongst the following ones, in decreasing priority
order:
- puppet:///modules/site_apt/${::fqdn}/upgrade_initiator
- puppet:///modules/site_apt/upgrade_initiator
- puppet:///modules/apt/upgrade_initiator
This is useful when one does not want to setup a fully automated
upgrade process but still needs a way to manually trigger full
upgrades of any number of systems at scheduled times.
Beware: a dist-upgrade is triggered the first time Puppet runs after
this class has been included. This is actually the single reason why
this class is not enabled by default.
When this class is included the APT indexes are updated on every
Puppet run due to the author's lack of Puppet wizardry.
apt::dselect
------------
This class, when included, installs dselect and switches it to expert mode to
suppress superfluous help screens.
apt::listchanges
----------------
This class, when instantiated, installs apt-listchanges and configures it using
the following parameterized variables, which can be changed:
version = 'present'
config = "apt/${::operatingsystem}/listchanges_${::lsbrelease}.erb"
frontend = 'pager'
email = 'root'
confirm = 0
saveseen = '/var/lib/apt/listchanges.db'
which = 'both'
Example usage:
class { 'apt::listchanges': email => 'foo@example.com' }
apt::proxy_client
-----------------
This class adds the right configuration to apt to make it fetch packages via a
proxy. The class parameters apt_proxy and apt_proxy_port need to be set:
You can set the 'proxy' class parameter variable to the URL of the proxy that
will be used. By default, the proxy will be queried on port 3142, but you can
change the port number by setting the 'port' class parameter.
Example:
class { 'apt::proxy_client': proxy => 'http://proxy.domain', port => '666' }
apt::reboot_required_notify
---------------------------
This class installs a daily cronjob that checks if a package upgrade
requires the system to be rebooted; if so, cron sends a notification
email to root.
apt::unattended_upgrades
------------------------
If this class is included, it will install the package 'unattended-upgrades'
and configure it to daily upgrade the system.
The class has the following parameters that you can use to change the contents
of the configuration file. The values shown here are the default values:
* $config_content = undef
* $config_template = 'apt/50unattended-upgrades.erb'
* $mailonlyonerror = true
* $mail_recipient = 'root'
* $blacklisted_packages = []
Note that using $config_content actually specifies all of the configuration
contents and thus makes the other parameters useless.
example:
class { 'apt::unattended_upgrades':
config_template => 'site_apt/50unattended-upgrades.jessie',
blacklisted_packages => [
'libc6', 'libc6-dev', 'libc6-i686', 'mysql-server', 'redmine', 'nodejs',
'bird'
],
}
Defines
=======
apt::apt_conf
-------------
Creates a file in the apt/apt.conf.d directory to easily add configuration
components. One can use either the 'source' meta-parameter to specify a list of
static files to include from the puppet fileserver or the 'content'
meta-parameter to define content inline or with the help of a template.
Example:
apt::apt_conf { '80download-only':
source => 'puppet:///modules/site_apt/80download-only',
}
apt::preferences_snippet
------------------------
A way to add pinning information to files in /etc/apt/preferences.d/
Example:
apt::preferences_snippet {
'irssi-plugin-otr':
release => 'squeeze-backports',
priority => 999;
}
apt::preferences_snippet {
'unstable_fallback':
package => '*',
release => 'unstable',
priority => 1;
}
apt::preferences_snippet {
'ttdnsd':
pin => 'origin deb.torproject.org',
priority => 999;
}
The names of the resources will be used as the names of the files in the
preferences.d directory, so you should ensure that resource names follow the
prescribed naming scheme.
From apt_preferences(5):
Note that the files in the /etc/apt/preferences.d directory are parsed in
alphanumeric ascending order and need to obey the following naming
convention: The files have no or "pref" as filename extension and which
only contain alphanumeric, hyphen (-), underscore (_) and period (.)
characters - otherwise they will be silently ignored.
apt::preseeded_package
----------------------
This simplifies installation of packages for which you wish to preseed the
answers to debconf. For example, if you wish to provide a preseed file for the
locales package, you would place the locales.seed file in
'site_apt/templates/${::lsbdistcodename}/locales.seeds' and then include the
following in your manifest:
apt::preseeded_package { locales: }
You can also specify the content of the seed via the content parameter,
for example:
apt::preseeded_package { 'apticron':
content => 'apticron apticron/notification string root@example.com',
}
apt::sources_list
-----------------
Creates a file in the apt/sources.list.d directory to easily add additional apt
sources. One can use either the 'source' meta-parameter to specify a list of
static files to include from the puppet fileserver or the 'content'
meta-parameter to define content inline or with the help of a template. Ending
the resource name in '.list' is optional: it will be automatically added to the
file name if not present in the resource name.
Example:
apt::sources_list { 'company_internals':
source => [ "puppet:///modules/site_apt/${::fqdn}/company_internals.list",
'puppet:///modules/site_apt/company_internals.list' ],
}
apt::key
--------
Deploys a secure apt OpenPGP key. This usually accompanies the
sources.list snippets above for third party repositories. For example,
you would do:
apt::key { 'neurodebian.gpg':
ensure => present,
source => 'puppet:///modules/site_apt/neurodebian.gpg',
}
This deploys the key in the `/etc/apt/trusted.gpg.d` directory, which
is assumed by secure apt to be binary OpenPGP keys and *not*
"ascii-armored" or "plain text" OpenPGP key material. For the latter,
use `apt::key::plain`.
The `.gpg` extension is compulsory for `apt` to pickup the key properly.
apt::key::plain
---------------
Deploys a secure apt OpenPGP key. This usually accompanies the
sources.list snippets above for third party repositories. For example,
you would do:
apt::key::plain { 'neurodebian.asc':
source => 'puppet:///modules/site_apt/neurodebian.asc',
}
This deploys the key in the `${apt_base_dir}/keys` directory (as
opposed to `$custom_key_dir` which deploys it in `keys.d`). The reason
this exists on top of `$custom_key_dir` is to allow a more
decentralised distribution of those keys, without having all modules
throw their keys in the same directory in the manifests.
Note that this model does *not* currently allow keys to be removed!
Use `apt::key` instead for a more practical, revokable approach, but
that needs binary keys.
apt::upgrade_package
--------------------
This simplifies upgrades for DSA security announcements or point-releases. This
will ensure that the named package is upgraded to the version specified, only if
the package is installed, otherwise nothing happens. If the specified version
is 'latest' (the default), then the package is ensured to be upgraded to the
latest package revision when it becomes available.
For example, the following upgrades the perl package to version 5.8.8-7etch1
(if it is installed), it also upgrades the syslog-ng and perl-modules packages
to their latest (also, only if they are installed):
upgrade_package { 'perl':
version => '5.8.8-7etch1';
'syslog-ng':
version => latest;
'perl-modules':
}
Resources
=========
File['apt_config']
------------------
Use this resource to depend on or add to a completed apt configuration
Exec['apt_updated']
-------------------
After this point the APT indexes are up-to-date.
This resource is usually used like this to ensure current packages are
installed by Package resources:
include apt::update
Package { require => Exec['apt_updated'] }
Please note that the apt::upgrade_package define automatically uses
this resource so you don't have to manage this yourself if you need to
make sure APT indexes are up-to-date before a package upgrade is
attempted, but don't want "apt-get update" to happen on every Puppet
run.
Licensing
=========
This puppet module is licensed under the GPL version 3 or later. Redistribution
and modification is encouraged.
The GPL version 3 license text can be found in the "LICENSE" file accompanying
this puppet module, or at the following URL:
http://www.gnu.org/licenses/gpl-3.0.html

676
README.md Normal file
View file

@ -0,0 +1,676 @@
# apt module
#### Table of Contents
* [Overview](#overview)
* [Upgrade Notice](#upgrade-notice)
* [Requirements](#requirements)
* [Classes](#classes)
* [apt](#apt)
* [apt::apticron](#apt-apticron)
* [apt::cron::dist_upgrade](#apt-cron-dist_upgrade)
* [apt::dist_upgrade](#apt-dist_upgrade)
* [apt::dist_upgrade::initiator](#apt-dist_upgrade-initiator)
* [apt::dselect](#apt-dselect)
* [apt::listchanges](#apt-listchanges)
* [apt::proxy_client](#apt-proxy_client)
* [apt::reboot_required_notify](#apt-reboot_required_notify)
* [apt::unattended_upgrades](#apt-unattended_upgrades)
* [Defines](#defines)
* [apt::apt_conf](#apt-apt_conf)
* [apt::preferences_snippet](#apt-preferences_snippet)
* [apt::preseeded_package](#apt-preseeded_package)
* [apt::sources_list](#apt-sources_list)
* [apt::key](#apt-key)
* [`apt::key::plain`](#apt-key-plain)
* [apt::upgrade_package](#apt-upgrade_package)
* [Resources](#ressources)
* [File\['apt_config'\]](#fileapt_config)
* [Exec\['apt_updated'\]](#execapt_updated)
* [Tests](#tests)
* [Acceptance Tests](#acceptance-tests)
* [Licensing](#licensing)
# Overview<a name="overview"></a>
This module manages apt on Debian.
It keeps dpkg's and apt's databases as well as the keyrings for securing
package download current.
backports.debian.org is added.
`/etc/apt/sources.list` and `/etc/apt/preferences` are managed. More
recent Debian releases are pinned to very low values by default to
prevent accidental upgrades.
Ubuntu support is lagging behind but not absent either.
## Upgrade Notice<a name="upgrade-notice"></a>
* The `$apt_cron_hours` global variable is deprecated.
Use `apt::cron::dist_upgrade`'s `cron_hours` parameter instead.
* The default value of the `$repos` parameter was removed since the logic is
now in the `apt::params` class. If you have explicitly set `$repos` to
'auto' in your manifests, you should remove this.
* The `disable_update` parameter has been removed. The main apt class
defaults to *not* run an `apt-get update` on every run anyway so this
parameter seems useless.
You can include the `apt::update` class if you want it to be run every time.
* The `apt::upgrade_package` now doesn't automatically call an `Exec['apt_updated']`
anymore, so you would need to include `apt::update` now by hand.
* The `apt::codename` parameter has been removed. In its place, the
`debian_codename` fact may be overridden via an environment variable. This
will affect all other `debian_*` facts, and achieve the same result.
FACTER_debian_codename=jessie puppet agent -t
* If you were using custom `50unattended-upgrades.${::lsbdistcodename}` in your
`site_apt`, these are no longer supported. You should migrate to passing
`$blacklisted_packages` to the `apt::unattended_upgrades` class.
* the apt class has been moved to a paramterized class. if you were including
this class before, after passing some variables, you will need to move to
instantiating the class with those variables instead. For example, if you
had the following in your manifests:
$apt_debian_url = 'http://localhost:9999/debian/'
$apt_use_next_release = true
include apt
you will need to remove the variables, and the include and instead do
the following:
class { 'apt':
debian_url => 'http://localhost:9999/debian/',
use_next_release => true;
}
previously, you could manually set `$lsbdistcodename` which would enable forced
upgrades, but because this is a top-level facter variable, and newer puppet
versions do not let you assign variables to other namespaces, this is no
longer possible. However, there is a way to obtain this functionality, and
that is to pass the 'codename' parameter to the apt class, which will change
the `sources.list` and `preferences` files to be the codename you set, allowing
you to trigger upgrades:
include apt::dist_upgrade
class { 'apt':
codename => 'wheezy',
notify => Exec['apt_dist-upgrade'];
}
* the `apticron` class has been moved to a parameterized class. if you were
including this class before, you will need to move to instantiating the
class instead. For example, if you had the following in your manifests:
$apticron_email = 'foo@example.com'
$apticron_notifynew = '1'
... any $apticron_* variables
include apticron
you will need to remove the variables, and the include and instead do the
following:
class { 'apt::apticron':
email => 'foo@example.com',
notifynew => '1';
}
* the `apt::listchanges` class has been moved to a paramterized class. if you
were including this class before, after passing some variables, you will need
to move to instantiating the class with those variables instead. For example,
if you had the following in your manifests:
$apt_listchanges_email = 'foo@example.com'
... any $apt_listchanges_* variables
include apt::listchanges
you will need to remove the variables, and the include and instead do the
following:
class { 'apt::listchanges':
email => 'foo@example.com';
}
* the `apt::proxy_client` class has been moved to a paramterized class. if you
were including this class before, after passing some variables, you will need
to move to instantiating the class with those variables instead. For example,
if you had the following in your manifests:
$apt_proxy = 'http://proxy.domain'
$apt_proxy_port = 666
include apt::proxy_client
you will need to remove the variables, and the include and instead do the
following:
class { 'apt::proxy_client':
proxy => 'http://proxy.domain',
port => '666';
}
# Requirements<a name="requirements"></a>
This module needs:
* the `lsb-release` package should be installed on the server prior to running
puppet. otherwise, all of the `$::lsb*` facts will be empty during runs.
* the [common module](https://gitlab.com/shared-puppet-modules-group/common)
By default, on normal hosts, this module sets the configuration option
`DSelect::Clean` to 'auto'. On virtual servers, the value is set by default to
'pre-auto', because virtual servers are usually more space-bound and have better
recovery mechanisms via the host:
From apt.conf(5), 0.7.2:
"Cache Clean mode; this value may be one of always, prompt, auto,
pre-auto and never. always and prompt will remove all packages
from the cache after upgrading, prompt (the default) does so
conditionally. auto removes only those packages which are no
longer downloadable (replaced with a new version for
instance). pre-auto performs this action before downloading new
packages."
To change the default setting for `DSelect::Clean`, you can create a file named
"03clean" or "03clean_vserver" in your `site_apt` module's files directory. You
can also define this for a specific host by creating a file in a subdirectory of
the `site_apt` modules' files directory that is named the same as the
host. (example: site_apt/files/some.host.com/03clean, or
site_apt/files/some.host.com/03clean_vserver)
# Classes<a name="classes"></a>
## apt<a name="apt"></a>
The apt class sets up most of the documented functionality. To use functionality
that is not enabled by default, you must set one of the following parameters.
Example usage:
class { 'apt':
use_next_release => true,
debian_url => 'http://localhost:9999/debian/',
}
**Class parameters:**
### use_lts
If this variable is set to true the CODENAME-lts sources (such as
wheezy-lts) are added.
By default this is false for backward compatibility with older
versions of this module.
### use_volatile
If this variable is set to true the CODENAME-updates sources (such as
wheezy-updates) are added.
By default this is false for backward compatibility with older
versions of this module.
### include_src
If this variable is set to true a deb-src source is added for every
added binary archive source.
By default this is false for backward compatibility with older
versions of this module.
### use_next_release
If this variable is set to true the sources for the next Debian
release are added. The default pinning configuration pins it to very
low values.
By default this is false for backward compatibility with older
versions of this module.
### debian_url, security_url, volatile_url
These variables allow to override the default APT mirrors respectively
used for the standard Debian archives, the Debian security archive,
and the Debian Volatile archive.
### ubuntu_url
These variables allows to override the default APT mirror used for all
standard Ubuntu archives (including updates, security, backports).
### repos
If this variable is set the default repositories list ("main contrib non-free")
is overriden.
### custom_preferences
For historical reasons (Debian Lenny's version of APT did not support the use
of the `preferences.d` directory for putting fragments of 'preferences'), this
module will manage a default generic apt/preferences file with more
recent releases pinned to very low values so that any package
installation will not accidentally pull in packages from those suites
unless you explicitly specify the version number. This file will be
complemented with all of the preferences_snippet calls (see below).
If the default preferences template doesn't suit your needs, you can create a
template located in your `site_apt` module, and set custom_preferences with the
content (eg. custom_preferences => template('site_apt/preferences') )
Setting this variable to false before including this class will force the
`apt/preferences` file to be absent:
class { 'apt':
custom_preferences => false,
}
### custom_sources_list
By default this module will use a basic `apt/sources.list` template with
a generic Debian mirror. If you need to set more specific sources,
e.g. changing the sections included in the source, etc. you can set
this variable to the content that you desire to use instead.
For example, setting this variable will pull in the
`templates/site_apt/sources.list` file:
class { 'apt':
custom_sources_list => template('site_apt/sources.list'),
}
### custom_key_dir
If you have different apt-key files that you want to get added to your
apt keyring, you can set this variable to a path in your fileserver
where individual key files can be placed. If this is set and keys
exist there, this module will `apt-key add` each key.
The debian-archive-keyring package is installed and kept current up to the
latest revision (this includes the backports archive keyring).
## apt::apticron<a name="apt-apticron"></a>
When you instantiate this class, apticron will be installed, with the following
defaults, which you are free to change:
$ensure_version = 'installed',
$config = "apt/${::operatingsystem}/apticron_${::lsbdistcodename}.erb",
$email = 'root',
$diff_only = '1',
$listchanges_profile = 'apticron',
$system = false,
$ipaddressnum = false,
$ipaddresses = false,
$notifyholds = '0',
$notifynew = '0',
$customsubject = ''
Example usage:
class { 'apt::apticron':
email => 'foo@example.com',
notifynew => '1',
}
## apt::cron::dist_upgrade<a name="apt-cron-dist_upgrade"></a>
This class sets up cron-apt so that it dist-upgrades the system and
emails when upgrades are performed.
`cron-apt` defaults to run at 4 AM. You may want to set the
`$cron_hours` class parameter before you include the class: its value will
be passed as the "hours" parameter of a cronjob. Example:
# Run cron-apt every three hours
class { 'apt::cron::dist_upgrade': cron_hours => '*/3' }
Note that the default 4 AM cronjob won't be disabled.
## apt::dist_upgrade<a name="apt-dist_upgrade"></a>
This class provides the `Exec['apt_dist-upgrade']` resource that
dist-upgrade's the system.
This exec is set as refreshonly so including this class does not
trigger any action per-se: other resources may notify it, other
classes may inherit from this one and add to its subscription list
using the plusignment (`+>`) operator. A real-world example can be
seen in the `apt::dist_upgrade::initiator` source.
Parameters:
* timeout: specified in seconds; the maximum time the `dist-upgrade`
command should take. If the command takes longer than the timeout,
the command is considered to have failed and will be stopped.
## apt::dist_upgrade::initiator<a name="apt-dist_upgrade-initiator"></a>
This class automatically dist-upgrade's the system when an initiator
file's content changes. The initiator file is copied from the first
available source amongst the following ones, in decreasing priority
order:
* `puppet:///modules/site_apt/${::fqdn}/upgrade_initiator`
* `puppet:///modules/site_apt/upgrade_initiator`
* `puppet:///modules/apt/upgrade_initiator`
This is useful when one does not want to setup a fully automated
upgrade process but still needs a way to manually trigger full
upgrades of any number of systems at scheduled times.
**Beware:** a `dist-upgrade` is triggered the first time Puppet runs after
this class has been included. This is actually the single reason why
this class is not enabled by default.
When this class is included the APT indexes are updated on every
Puppet run due to the author's lack of Puppet wizardry.
## apt::dselect<a name="apt-dselect"></a>
This class, when included, installs dselect and switches it to expert mode to
suppress superfluous help screens.
## apt::listchanges<a name="apt-listchanges"></a>
This class, when instantiated, installs `apt-listchanges` and configures it using
the following parameterized variables, which can be changed:
version = 'present'
config = "apt/${::operatingsystem}/listchanges_${::lsbrelease}.erb"
frontend = 'pager'
email = 'root'
confirm = 0
saveseen = '/var/lib/apt/listchanges.db'
which = 'both'
Example usage:
class { 'apt::listchanges':
email => 'foo@example.com',
}
## apt::proxy_client<a name="apt-proxy_client"></a>
This class adds the right configuration to apt to make it fetch packages via a
proxy. The class parameters `apt_proxy` and `apt_proxy_port` need to be set:
You can set the `proxy` class parameter variable to the URL of the proxy that
will be used. By default, the proxy will be queried on port 3142, but you can
change the port number by setting the `port` class parameter.
Example usage:
class { 'apt::proxy_client':
proxy => 'http://proxy.domain',
port => '666',
}
## apt::reboot_required_notify<a name="apt-reboot_required_notify"></a>
This class installs a daily cronjob that checks if a package upgrade
requires the system to be rebooted; if so, cron sends a notification
email to root.
## apt::unattended_upgrades<a name="apt-unattended_upgrades"></a>
If this class is included, it will install the package `unattended-upgrades`
and configure it to daily upgrade the system.
The class has the following parameters that you can use to change the contents
of the configuration file. The values shown here are the default values:
$config_content = undef
$config_template = 'apt/50unattended-upgrades.erb'
$mailonlyonerror = true
$mail_recipient = 'root'
$blacklisted_packages = []
Note that using `$config_content` actually specifies all of the configuration
contents and thus makes the other parameters useless.
Example usage:
class { 'apt::unattended_upgrades':
config_template => 'site_apt/50unattended-upgrades.jessie',
blacklisted_packages => [ 'libc6', 'libc6-dev', 'libc6-i686',
'mysql-server', 'redmine', 'nodejs', 'bird' ],
}
# Defines<a name="defines"></a>
## apt::apt_conf<a name="apt-apt_conf"></a>
Creates a file in the `apt/apt.conf.d` directory to easily add configuration
components. One can use either the `source` meta-parameter to specify a list of
static files to include from the puppet fileserver or the `content`
meta-parameter to define content inline or with the help of a template.
Example usage:
apt::apt_conf { '80download-only':
source => 'puppet:///modules/site_apt/80download-only',
}
## apt::preferences_snippet<a name="apt-preferences_snippet"></a>
A way to add pinning information to files in `/etc/apt/preferences.d/`
Examples:
apt::preferences_snippet { 'irssi-plugin-otr':
release => 'jessie-backports',
priority => 999,
}
apt::preferences_snippet { 'unstable_fallback':
package => '*',
release => 'unstable',
priority => 1,
}
apt::preferences_snippet { 'ttdnsd':
pin => 'origin deb.torproject.org',
priority => 999,
}
The names of the resources will be used as the names of the files in the
preferences.d directory, so you should ensure that resource names follow the
prescribed naming scheme.
From apt_preferences(5):
Note that the files in the /etc/apt/preferences.d directory are parsed in
alphanumeric ascending order and need to obey the following naming
convention: The files have no or "pref" as filename extension and which
only contain alphanumeric, hyphen (-), underscore (_) and period (.)
characters - otherwise they will be silently ignored.
## apt::preseeded_package<a name="apt-preseeded_package"></a>
This simplifies installation of packages for which you wish to preseed the
answers to debconf. For example, if you wish to provide a preseed file for the
locales package, you would place the `locales.seed` file in
`site_apt/templates/${::lsbdistcodename}/locales.seeds` and then include the
following in your manifest:
apt::preseeded_package { locales: }
You can also specify the content of the seed via the content parameter,
for example:
apt::preseeded_package { 'apticron':
content => 'apticron apticron/notification string root@example.com',
}
## apt::sources_list<a name="apt-sources_list"></a>
Creates a file in the `apt/sources.list.d` directory to easily add additional apt
sources. One can use either the `source` meta-parameter to specify a list of
static files to include from the puppet fileserver or the `content`
meta-parameter to define content inline or with the help of a template. Ending
the resource name in `.list` is optional: it will be automatically added to the
file name if not present in the resource name.
Example usage:
apt::sources_list { 'company_internals':
source => [ "puppet:///modules/site_apt/${::fqdn}/company_internals.list",
'puppet:///modules/site_apt/company_internals.list' ];
}
## apt::key<a name="apt-key"></a>
Deploys a secure apt OpenPGP key. This usually accompanies the
sources.list snippets above for third party repositories. For example,
you would do:
apt::key {
'neurodebian.gpg':
ensure => present,
source => 'puppet:///modules/site_apt/neurodebian.gpg';
}
This deploys the key in the `/etc/apt/trusted.gpg.d` directory, which
is assumed by secure apt to be binary OpenPGP keys and *not*
"ascii-armored" or "plain text" OpenPGP key material. For the latter,
use `apt::key::plain`.
The `.gpg` extension is compulsory for `apt` to pickup the key properly.
## `apt::key::plain`<a name="apt-key-plain"></a>
Deploys a secure apt OpenPGP key. This usually accompanies the
sources.list snippets above for third party repositories. For example,
you would do:
apt::key::plain { 'neurodebian.asc':
source => 'puppet:///modules/site_apt/neurodebian.asc';
}
This deploys the key in the `${apt_base_dir}/keys` directory (as
opposed to `$custom_key_dir` which deploys it in `keys.d`). The reason
this exists on top of `$custom_key_dir` is to allow a more
decentralised distribution of those keys, without having all modules
throw their keys in the same directory in the manifests.
Note that this model does *not* currently allow keys to be removed!
Use `apt::key` instead for a more practical, revokable approach, but
that needs binary keys.
## apt::upgrade_package<a name="apt-upgrade_package"></a>
This simplifies upgrades for DSA security announcements or point-releases. This
will ensure that the named package is upgraded to the version specified, only if
the package is installed, otherwise nothing happens. If the specified version
is 'latest' (the default), then the package is ensured to be upgraded to the
latest package revision when it becomes available.
For example, the following upgrades the perl package to version 5.8.8-7etch1
(if it is installed), it also upgrades the syslog-ng and perl-modules packages
to their latest (also, only if they are installed):
upgrade_package {
'perl':
version => '5.8.8-7etch1';
'syslog-ng':
version => latest;
'perl-modules':
}
# Resources<a name="ressources"></a>
## File['apt_config']<a name="file-apt-config"></a>
Use this resource to depend on or add to a completed apt configuration
## Exec['apt_updated']<a name="exec-apt-updated"></a>
After this point the APT indexes are up-to-date.
This resource is set to `refreshonly => true` so it is not run on
every puppetrun. To run this every time, you can include the `apt::update`
class.
This resource is usually used like this to ensure current packages are
installed by Package resources:
include apt::update
Package {
require => Exec['apt_updated']
}
Note that nodes can be updated once a day by using
APT::Periodic::Update-Package-Lists "1";
in i.e. `/etc/apt/apt.conf.d/80_apt_update_daily`.
# Tests<a name="test"></a>
To run pupept rspec tests:
bundle install --path vendor/bundle
bundle exec rake spec
Verbose Output:
bundle exec rake spec SPEC_OPTS='--format documentation'
Using different facter/puppet versions:
FACTER_GEM_VERSION=1.6.10 PUPPET_GEM_VERSION=2.7.23 bundle install --path vendor/bundle
bundle exec rake spec
## Acceptance Tests<a name="acceptance-tests"></a>
At the moment, we use [beaker together with docker](https://github.com/puppetlabs/beaker/blob/master/docs/Docker-Support.md)
to do acceptance testing.
Be sure to have a recent docker version installed.
List configured nodesets:
bundle exec rake beaker_nodes
Run tests on default node (Debian Jessie):
bundle exec rake beaker
Run different nodeset:
BEAKER_set="debian-8-x86_64-docker" bundle exec rspec spec/acceptance/*_spec.rb
# Licensing<a name="licensing"></a>
This puppet module is licensed under the GPL version 3 or later. Redistribution
and modification is encouraged.
The GPL version 3 license text can be found in the "LICENSE" file accompanying
this puppet module, or at the following URL:
http://www.gnu.org/licenses/gpl-3.0.html

19
Rakefile Normal file
View file

@ -0,0 +1,19 @@
require 'puppetlabs_spec_helper/rake_tasks'
require 'puppet-lint/tasks/puppet-lint'
PuppetLint.configuration.send('disable_80chars')
PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"]
desc "Validate manifests, templates, and ruby files"
task :validate do
Dir['manifests/**/*.pp'].each do |manifest|
sh "puppet parser validate --noop #{manifest}"
end
Dir['spec/**/*.rb','lib/**/*.rb'].each do |ruby_file|
sh "ruby -c #{ruby_file}" unless ruby_file =~ /spec\/fixtures/
end
Dir['templates/**/*.erb'].each do |template|
sh "erb -P -x -T '-' #{template} | ruby -c"
end
end
task :test => [:lint, :syntax , :validate, :spec]

2
lib/facter/debian_codename.rb
View file

@ -1,5 +1,7 @@
begin
require 'facter/util/debian'
rescue LoadError
require "#{File.dirname(__FILE__)}/util/debian"
end
def version_to_codename(version)

2
lib/facter/debian_lts.rb
View file

@ -1,5 +1,7 @@
begin
require 'facter/util/debian'
rescue LoadError
require "#{File.dirname(__FILE__)}/util/debian"
end
Facter.add(:debian_lts) do

11
lib/facter/debian_nextcodename.rb
View file

@ -1,16 +1,17 @@
begin
require 'facter/util/debian'
rescue LoadError
require "#{File.dirname(__FILE__)}/util/debian"
end
def debian_codename_to_next(codename)
if codename == "sid"
return "experimental"
else
codenames = Facter::Util::Debian::CODENAMES.values
i = codenames.index(codename)
if i and i+1 < codenames.count
return codenames[i+1]
end
codenames = Facter::Util::Debian::CODENAMES
versions = Facter::Util::Debian::CODENAMES.invert
current_version = versions[codename]
return codenames[(current_version.to_i + 1).to_s]
end
end

2
lib/facter/debian_release.rb
View file

@ -1,5 +1,7 @@
begin
require 'facter/util/debian'
rescue LoadError
require "#{File.dirname(__FILE__)}/util/debian"
end
def debian_codename_to_release(codename)

2
lib/facter/ubuntu_nextcodename.rb
View file

@ -1,5 +1,7 @@
begin
require 'facter/util/ubuntu'
rescue LoadError
require "#{File.dirname(__FILE__)}/util/ubuntu"
end
def ubuntu_codename_to_next(codename)

1
lib/facter/util/ubuntu.rb
View file

@ -14,6 +14,7 @@ module Facter
"utopic",
"vivid",
"wily",
"xenial"
]
end
end

2
manifests/apt_conf.pp
View file

@ -38,7 +38,7 @@ define apt::apt_conf(
if $refresh_apt {
File["/etc/apt/apt.conf.d/${name}"] {
notify => Exec['refresh_apt'],
notify => Exec['apt_updated'],
}
}

2
manifests/apticron.pp
View file

@ -1,6 +1,6 @@
class apt::apticron(
$ensure_version = 'installed',
$config = "apt/${::operatingsystem}/apticron_${::debian_codename}.erb",
$config = "apt/${::operatingsystem}/apticron.erb",
$email = 'root',
$diff_only = '1',
$listchanges_profile = 'apticron',

20
manifests/cron/base.pp
View file

@ -1,20 +0,0 @@
class apt::cron::base {
package { 'cron-apt': ensure => installed }
case $apt_cron_hours {
'': {}
default: {
# cron-apt defaults to run every night at 4 o'clock
# so we try not to run at the same time.
cron { 'apt_cron_every_N_hours':
command => 'test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt',
user => root,
hour => "${apt_cron_hours}",
minute => 10,
require => Package['cron-apt'],
}
}
}
}

21
manifests/cron/dist_upgrade.pp
View file

@ -1,4 +1,23 @@
class apt::cron::dist_upgrade inherits apt::cron::base {
class apt::cron::dist_upgrade (
$cron_hours = '',
) {
package { 'cron-apt': ensure => installed }
case $cron_hours {
'': {}
default: {
# cron-apt defaults to run every night at 4 o'clock
# so we try not to run at the same time.
cron { 'apt_cron_every_N_hours':
command => 'test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt',
user => root,
hour => "${cron_hours}",
minute => 10,
require => Package['cron-apt'],
}
}
}
$action = "autoclean -y
dist-upgrade -y -o APT::Get::Show-Upgraded=true -o 'DPkg::Options::=--force-confold'

27
manifests/cron/download.pp
View file

@ -1,27 +0,0 @@
class apt::cron::download inherits apt::cron::base {
$action = "autoclean -y
dist-upgrade -d -y -o APT::Get::Show-Upgraded=true
"
file { '/etc/cron-apt/action.d/4-dist-upgrade':
ensure => absent,
}
file { '/etc/cron-apt/action.d/3-download':
content => $action,
require => Package[cron-apt],
owner => root,
group => 0,
mode => '0644';
}
file { '/etc/cron-apt/config.d/MAILON':
content => "MAILON=changes\n",
require => Package[cron-apt],
owner => root,
group => 0,
mode => '0644';
}
}

16
manifests/dist_upgrade.pp
View file

@ -1,18 +1,12 @@
class apt::dist_upgrade {
if $apt::disable_update == false {
include apt::update
}
$req = $apt::disable_update ? {
true => undef,
default => Exec['apt_updated'],
}
class apt::dist_upgrade (
$timeout = 300,
) {
exec { 'apt_dist-upgrade':
command => '/usr/bin/apt-get -q -y -o \'DPkg::Options::=--force-confold\' dist-upgrade',
refreshonly => true,
require => $req
timeout => $timeout,
before => Exec['apt_updated']
}
}

11
manifests/dot_d_directories.pp
View file

@ -5,18 +5,11 @@ class apt::dot_d_directories {
'/etc/apt/apt.conf.d':
ensure => directory,
checksum => mtime,
notify => Exec['refresh_apt'];
notify => Exec['apt_updated'];
'/etc/apt/sources.list.d':
ensure => directory,
checksum => mtime,
notify => Exec['refresh_apt'];
}
exec {
# "&& sleep 1" is workaround for older(?) clients
'refresh_apt':
command => '/usr/bin/apt-get update && sleep 1',
refreshonly => true,
notify => Exec['apt_updated'];
}
}

57
manifests/init.pp
View file

@ -11,30 +11,14 @@ class apt(
$use_next_release = $apt::params::use_next_release,
$debian_url = $apt::params::debian_url,
$security_url = $apt::params::security_url,
$backports_url = $apt::params::backports_url,
$lts_url = $apt::params::lts_url,
$volatile_url = $apt::params::volatile_url,
$ubuntu_url = $apt::params::ubuntu_url,
$repos = $apt::params::repos,
$custom_preferences = $apt::params::custom_preferences,
$custom_sources_list = '',
$disable_update = $apt::params::disable_update,
$custom_key_dir = $apt::params::custom_key_dir
) inherits apt::params {
case $::operatingsystem {
'debian': {
$real_repos = $repos ? {
'auto' => 'main contrib non-free',
default => $repos,
}
}
'ubuntu': {
$real_repos = $repos ? {
'auto' => 'main restricted universe multiverse',
default => $repos,
}
}
}
package { 'apt':
ensure => installed,
@ -46,12 +30,11 @@ class apt(
default => $custom_sources_list
}
file {
# include main, security and backports
# include main and security
# additional sources should be included via the apt::sources_list define
'/etc/apt/sources.list':
content => $sources_content,
require => Package['lsb'],
notify => Exec['refresh_apt'],
notify => Exec['apt_updated'],
owner => root,
group => 0,
mode => '0644';
@ -84,8 +67,6 @@ class apt(
include apt::preferences::absent
}
default: {
# When squeeze becomes the stable branch, transform this file's header
# into a preferences.d file
include apt::preferences
}
}
@ -95,8 +76,18 @@ class apt(
## This package should really always be current
package { 'debian-archive-keyring': ensure => latest }
# backports uses the normal archive key now
package { 'debian-backports-keyring': ensure => absent }
if ($use_backports and !($::debian_release in ['testing', 'unstable', 'experimental'])) {
apt::sources_list {
'backports':
content => "deb ${debian_url} ${::debian_codename}-backports ${apt::repos}",
}
if $include_src {
apt::sources_list {
'backports-src':
content => "deb-src ${debian_url} ${::debian_codename}-backports ${apt::repos}",
}
}
}
include common::moduledir
common::module_dir { 'apt': }
@ -111,21 +102,29 @@ class apt(
mode => '0755',
}
exec { 'custom_keys':
command => "find ${apt_base_dir}/keys.d -type f -exec apt-key add '{}' \\; && /usr/bin/apt-get update",
command => "find ${apt_base_dir}/keys.d -type f -exec apt-key add '{}' \\;",
subscribe => File["${apt_base_dir}/keys.d"],
refreshonly => true,
notify => Exec[refresh_apt]
}
if $custom_preferences != false {
Exec['custom_keys'] {
before => [ Exec[refresh_apt], File['apt_config'] ]
}
} else {
Exec['custom_keys'] {
before => Exec[refresh_apt]
before => File['apt_config']
}
}
}
# workaround for preseeded_package component
file { [ '/var/cache', '/var/cache/local', '/var/cache/local/preseeding' ]: ensure => directory }
exec { 'update_apt':
command => '/usr/bin/apt-get update',
require => [
File['/etc/apt/apt.conf.d', '/etc/apt/preferences' ],
File['/etc/apt/sources.list'] ],
refreshonly => true,
# Another Semaphor for all packages to reference
alias => [ 'apt_updated', 'refresh_apt']
}
}

2
manifests/key.pp
View file

@ -8,6 +8,6 @@ define apt::key ($source, $ensure = 'present') {
"/etc/apt/trusted.gpg.d/${name}":
ensure => $ensure,
source => $source,
notify => Exec['refresh_apt'],
notify => Exec['apt_updated'],
}
}

2
manifests/key/plain.pp
View file

@ -8,6 +8,6 @@ define apt::key::plain ($source) {
exec { "apt-key add '${apt::apt_base_dir}/keys/${name}'":
subscribe => File["${apt::apt_base_dir}/keys/${name}"],
refreshonly => true,
notify => Exec['refresh_apt'],
notify => Exec['apt_updated'],
}
}

2
manifests/listchanges.pp
View file

@ -1,6 +1,6 @@
class apt::listchanges(
$ensure_version = 'installed',
$config = "apt/${::operatingsystem}/listchanges_${::debian_codename}.erb",
$config = "apt/${::operatingsystem}/listchanges.erb",
$frontend = 'mail',
$email = 'root',
$confirm = '0',

19
manifests/params.pp
View file

@ -6,15 +6,20 @@ class apt::params () {
$use_next_release = false
$debian_url = 'http://httpredir.debian.org/debian/'
$security_url = 'http://security.debian.org/'
$backports_url = $::debian_codename ? {
'squeeze' => 'http://backports.debian.org/debian-backports/',
default => $debian_url
}
$ubuntu_url = 'http://archive.ubuntu.com/ubuntu'
$lts_url = $debian_url
$volatile_url = 'http://volatile.debian.org/debian-volatile/'
$ubuntu_url = 'http://archive.ubuntu.com/ubuntu'
$repos = 'auto'
case $::operatingsystem {
'debian': {
$repos = 'main contrib non-free'
}
'ubuntu': {
$repos = 'main restricted universe multiverse'
}
default: {
fail("Unsupported system '${::operatingsystem}'.")
}
}
$custom_preferences = ''
$disable_update = false
$custom_key_dir = false
}

4
manifests/preferences.pp
View file

@ -2,8 +2,8 @@ class apt::preferences {
$pref_contents = $apt::custom_preferences ? {
'' => $::operatingsystem ? {
'debian' => template("apt/${::operatingsystem}/preferences_${::debian_codename}.erb"),
'ubuntu' => template("apt/${::operatingsystem}/preferences_${::ubuntu_codename}.erb"),
'debian' => template("apt/${::operatingsystem}/preferences.erb"),
'ubuntu' => template("apt/${::operatingsystem}/preferences_${apt::codename}.erb"),
},
default => $apt::custom_preferences
}

3
manifests/preferences_snippet.pp
View file

@ -31,7 +31,8 @@ define apt::preferences_snippet (
file { "/etc/apt/preferences.d/${name}":
ensure => $ensure,
owner => root, group => 0, mode => '0644';
owner => root, group => 0, mode => '0644',
before => Exec['apt_updated'];
}
case $source {

5
manifests/preseeded_package.pp
View file

@ -1,3 +1,4 @@
# Install a package with a preseed file to automatically answer some questions.
define apt::preseeded_package (
$ensure = 'installed',
$content = ''
@ -10,7 +11,9 @@ define apt::preseeded_package (
file { $seedfile:
content => $real_content,
mode => '0600', owner => root, group => root,
mode => '0600',
owner => 'root',
group => 0,
}
package { $name:

22
manifests/reboot_required_notify.pp
View file

@ -1,21 +1,11 @@
class apt::reboot_required_notify {
# This package installs the script that created /var/run/reboot-required*.
# This script (/usr/share/update-notifier/notify-reboot-required) is
# triggered e.g. by kernel packages.
package { 'update-notifier-common':
ensure => installed,
}
# cron-apt defaults to run every night at 4 o'clock
# plus some random time <1h.
# so we check if a reboot is required a bit later.
cron { 'apt_reboot_required_notify':
command => 'if [ -f /var/run/reboot-required ]; then echo "Reboot required\n" ; cat /var/run/reboot-required.pkgs ; fi',
user => root,
hour => 5,
minute => 20,
require => Package['update-notifier-common'],
if versioncmp($::operatingsystemmajrelease, 8) >= 0 {
class { 'apt::reboot_required_notify::jessie': }
# Clean up systems that were upgraded from Wheezy or earlier:
class { 'apt::reboot_required_notify::wheezy': ensure => absent }
} else {
class { 'apt::reboot_required_notify::wheezy': }
}
}

28
manifests/reboot_required_notify/jessie.pp Normal file
View file

@ -0,0 +1,28 @@
class apt::reboot_required_notify::jessie ($ensure = present) {
if $::operatingsystemmajrelease == 8 and ! $::apt::use_backports {
fail('apt::reboot_required_notify requires $apt::use_backports on Jessie')
}
$pinning_ensure = $::operatingsystemmajrelease ? {
8 => present,
default => absent,
}
apt::preferences_snippet { 'reboot-notifier':
ensure => $pinning_ensure,
pin => 'release o=Debian Backports,a=jessie-backports',
priority => 991,
}
# On Jessie and newer, this package installs the script that created
# /var/run/reboot-required*.
# This script (/usr/share/update-notifier/notify-reboot-required) is
# triggered e.g. by kernel packages.
# This package also sends a daily email to the administrator when a system
# reboot is required, e.g. due to a kernel update.
package { 'reboot-notifier':
ensure => $ensure,
require => Apt::Preferences_snippet['reboot-notifier'],
}
}

23
manifests/reboot_required_notify/wheezy.pp Normal file
View file

@ -0,0 +1,23 @@
class apt::reboot_required_notify::wheezy ($ensure = present) {
# On Wheezy and older, this package installs the script that created
# /var/run/reboot-required*.
# This script (/usr/share/update-notifier/notify-reboot-required) is
# triggered e.g. by kernel packages.
package { 'update-notifier-common':
ensure => $ensure,
}
# cron-apt defaults to run every night at 4 o'clock
# plus some random time <1h.
# so we check if a reboot is required a bit later.
cron { 'apt_reboot_required_notify':
ensure => $ensure,
command => 'if [ -f /var/run/reboot-required ]; then echo "Reboot required\n" ; cat /var/run/reboot-required.pkgs ; fi',
user => root,
hour => 5,
minute => 20,
require => Package['update-notifier-common'],
}
}

7
manifests/sources_list.pp
View file

@ -1,3 +1,4 @@
# Configure an apt source
define apt::sources_list (
$ensure = 'present',
$source = '',
@ -22,8 +23,10 @@ define apt::sources_list (
# apparently doesn't.
file { "/etc/apt/sources.list.d/${realname}.list":
ensure => $ensure,
owner => root, group => 0, mode => '0644',
notify => Exec['refresh_apt'],
mode => '0644',
owner => 'root',
group => 0,
notify => Exec['apt_updated'],
}
if $source {

10
manifests/unattended_upgrades.pp
View file

@ -11,6 +11,16 @@ class apt::unattended_upgrades (
ensure => $ensure_version
}
# For some reason, this directory is sometimes absent, which causes
# unattended-upgrades to crash.
file { '/var/log/unattended-upgrades':
ensure => directory,
owner => 'root',
group => 0,
mode => '0755',
require => Package['unattended-upgrades'],
}
$file_content = $config_content ? {
undef => template($config_template),
default => $config_content

12
manifests/update.pp
View file

@ -1,13 +1,7 @@
class apt::update {
class apt::update inherits ::apt {
exec { 'update_apt':
command => '/usr/bin/apt-get update && /usr/bin/apt-get autoclean',
require => [
File['/etc/apt/apt.conf.d', '/etc/apt/preferences' ],
File['/etc/apt/sources.list'] ],
loglevel => info,
# Another Semaphor for all packages to reference
alias => 'apt_updated'
Exec['update_apt'] {
refreshonly => false
}
}

19
manifests/upgrade_package.pp
View file

@ -1,11 +1,9 @@
# Install a package either to a certain version, or while making sure that it's
# always the latest version that's installed.
define apt::upgrade_package (
$version = ''
) {
if $apt::disable_update == false {
include apt::update
}
$version_suffix = $version ? {
'' => '',
'latest' => '',
@ -26,17 +24,10 @@ define apt::upgrade_package (
}
}
$req = $apt::disable_update ? {
true => Package['apt-show-versions', 'dctrl-tools'],
default => [
Exec['apt_updated'],
Package['apt-show-versions', 'dctrl-tools']
],
}
exec { "apt-get -q -y -o 'DPkg::Options::=--force-confold' install ${name}${version_suffix}":
onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ],
require => $req
onlyif => [ "grep-status -F Status installed -a -P ${name} -q", "apt-show-versions -u ${name} | grep -q upgradeable" ],
require => Package['apt-show-versions', 'dctrl-tools'],
before => Exec['apt_updated']
}
}

21
spec/acceptance/apt_spec.rb Normal file
View file

@ -0,0 +1,21 @@
require 'spec_helper_acceptance'
describe 'apt class' do
context 'default parameters' do
it 'should work idempotently with no errors' do
pp = <<-EOS
class { 'apt': }
EOS
# Run it twice and test for idempotency
apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :catch_changes => true)
end
describe package('apt') do
it { is_expected.to be_installed }
end
end
end

19
spec/acceptance/nodesets/debian-8-x86_64-docker.yml Normal file
View file

@ -0,0 +1,19 @@
HOSTS:
debian-8-x64:
platform: debian-8-amd64
image: debian:8
hypervisor: docker
docker_preserve_image: true
docker_cmd: '["/sbin/init"]'
docker_image_commands:
- 'apt-get install -y wget locales-all puppet git'
- 'rm -f /usr/sbin/policy-rc.d'
CONFIG:
type: foss
#log_level: verbose
#log_level: debug
ssh:
password: root
auth_methods: ["password"]

1
spec/acceptance/nodesets/default.yml Symbolic link
View file

@ -0,0 +1 @@
debian-8-x86_64-docker.yml

12
spec/spec_helper.rb Normal file
View file

@ -0,0 +1,12 @@
# https://puppetlabs.com/blog/testing-modules-in-the-puppet-forge
require 'rspec-puppet'
require 'mocha/api'
RSpec.configure do |c|
c.module_path = File.expand_path(File.join(File.dirname(__FILE__), '..', '..'))
c.color = true
#Puppet.features.stubs(:root? => true)
end

18
spec/spec_helper_acceptance.rb Normal file
View file

@ -0,0 +1,18 @@
require 'beaker-rspec'
RSpec.configure do |c|
module_root = File.expand_path(File.join(File.dirname(__FILE__), '..'))
module_name = module_root.split('-').last
# Readable test descriptions
c.formatter = :documentation
# Configure all nodes in nodeset
c.before :suite do
# Install module and dependencies
puppet_module_install(:source => module_root, :module_name => module_name)
hosts.each do |host|
shell('git clone https://gitlab.com/shared-puppet-modules-group/common.git /etc/puppet/modules/common')
end
end
end

86
spec/unit/custom_facts_spec.rb Normal file
View file

@ -0,0 +1,86 @@
require "spec_helper"
describe "Facter::Util::Fact" do
before {
Facter.clear
}
describe 'custom facts' do
context 'Debian 7' do
before do
Facter.fact(:operatingsystem).stubs(:value).returns("Debian")
Facter.fact(:operatingsystemrelease).stubs(:value).returns("7.8")
Facter.fact(:lsbdistcodename).stubs(:value).returns("wheezy")
end
it "debian_release = oldstable" do
expect(Facter.fact(:debian_release).value).to eq('oldstable')
end
it "debian_codename = wheezy" do
expect(Facter.fact(:debian_codename).value).to eq('wheezy')
end
it "debian_nextcodename = jessie" do
expect(Facter.fact(:debian_nextcodename).value).to eq('jessie')
end
it "debian_nextrelease = stable" do
expect(Facter.fact(:debian_nextrelease).value).to eq('stable')
end
end
context 'Debian 8' do
before do
Facter.fact(:operatingsystem).stubs(:value).returns("Debian")
Facter.fact(:operatingsystemrelease).stubs(:value).returns("8.0")
Facter.fact(:lsbdistcodename).stubs(:value).returns("jessie")
end
it "debian_release = stable" do
expect(Facter.fact(:debian_release).value).to eq('stable')
end
it "debian_codename = jessie" do
expect(Facter.fact(:debian_codename).value).to eq('jessie')
end
it "debian_nextcodename = stretch" do
expect(Facter.fact(:debian_nextcodename).value).to eq('stretch')
end
it "debian_nextrelease = testing" do
expect(Facter.fact(:debian_nextrelease).value).to eq('testing')
end
end
context 'Ubuntu 15.10' do
before do
Facter.fact(:operatingsystem).stubs(:value).returns("Ubuntu")
Facter.fact(:operatingsystemrelease).stubs(:value).returns("15.10")
Facter.fact(:lsbdistcodename).stubs(:value).returns("wily")
end
it "ubuntu_codename = wily" do
expect(Facter.fact(:ubuntu_codename).value).to eq('wily')
end
it "ubuntu_nextcodename = xenial" do
expect(Facter.fact(:ubuntu_nextcodename).value).to eq('xenial')
end
end
end
describe "Test 'apt_running' fact" do
it "should return true when apt-get is running" do
Facter::Util::Resolution.stubs(:exec).with("pgrep apt-get >/dev/null 2>&1 && echo true || echo false").returns("true")
expect(Facter.fact(:apt_running).value).to eq('true')
end
it "should return false when apt-get is not running" do
Facter::Util::Resolution.stubs(:exec).with("pgrep apt-get >/dev/null 2>&1 && echo true || echo false").returns("false")
expect(Facter.fact(:apt_running).value).to eq('false')
end
end
end

4
templates/50unattended-upgrades.erb
View file

@ -5,10 +5,6 @@ Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}-security";
"${distro_id}:${distro_codename}-updates";
"${distro_id}:${distro_codename}-backports";
<% elsif scope.lookupvar('::operatingsystem') == 'Debian' and scope.lookupvar('::debian_codename') == 'squeeze' -%>
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:<%= scope.lookupvar('::debian_release') %>";
"${distro_id}:squeeze-lts";
<% elsif scope.lookupvar('::operatingsystem') == 'Debian' and scope.lookupvar('::debian_codename') == 'wheezy' -%>
Unattended-Upgrade::Origins-Pattern {
"origin=Debian,archive=<%= scope.lookupvar('::debian_release') %>,label=Debian-Security";

2
templates/Debian/apticron_wheezy.erb → templates/Debian/apticron.erb
View file

@ -46,7 +46,7 @@ IPADDRESSNUM="<%= v %>"
#
# IPADDRESSES="192.0.2.1 2001:db8:1:2:3::1"
<% unless (v=scope.lookupvar('apt::apticron::ipaddresses')).to_s == "false" -%>
IPADDRESSES=<%= v %>"
IPADDRESSES="<%= v %>"
<% end -%>
#

1
templates/Debian/apticron_jessie.erb
View file

@ -1 +0,0 @@
apticron_wheezy.erb

50
templates/Debian/apticron_lenny.erb
View file

@ -1,50 +0,0 @@
# apticron.conf
#
# set EMAIL to a list of addresses which will be notified of impending updates
#
EMAIL="<%= scope.lookupvar('apt::apticron::email') %>"
#
# Set DIFF_ONLY to "1" to only output the difference of the current run
# compared to the last run (ie. only new upgrades since the last run). If there
# are no differences, no output/email will be generated. By default, apticron
# will output everything that needs to be upgraded.
#
DIFF_ONLY="<%= scope.lookupvar('apt::apticron::diff_only') %>"
#
# Set LISTCHANGES_PROFILE if you would like apticron to invoke apt-listchanges
# with the --profile option. You should add a corresponding profile to
# /etc/apt/listchanges.conf
#
LISTCHANGES_PROFILE="<%= scope.lookupvar('apt::apticron::listchanges_profile') %>"
#
# Set SYSTEM if you would like apticron to use something other than the output
# of "hostname -f" for the system name in the mails it generates
#
# SYSTEM="foobar.example.com"
<% unless (v=scope.lookupvar('apt::apticron::system')).to_s == "false" -%>
SYSTEM="<%= v %>"
<% end -%>
#
# Set IPADDRESSNUM if you would like to configure the maximal number of IP
# addresses apticron displays. The default is to display 1 address of each
# family type (inet, inet6), if available.
#
# IPADDRESSNUM="1"
<% unless (v=scope.lookupvar('apt::apticron::ipaddressnum')).to_s == "false" -%>
IPADDRESSNUM="<%= v %>"
<% end -%>
#
# Set IPADDRESSES to a whitespace seperated list of reachable addresses for
# this system. By default, apticron will try to work these out using the
# "ip" command
#
# IPADDRESSES="192.0.2.1 2001:db8:1:2:3::1"
<% unless (v=scope.lookupvar('apt::apticron::ipaddresses')).to_s == "false" -%>
IPADDRESSES="<%= v %>"
<% end -%>

1
templates/Debian/apticron_sid.erb
View file

@ -1 +0,0 @@
apticron_wheezy.erb

82
templates/Debian/apticron_squeeze.erb
View file

@ -1,82 +0,0 @@
# apticron.conf
#
# set EMAIL to a space separated list of addresses which will be notified of
# impending updates
#
EMAIL="<%= scope.lookupvar('apt::apticron::email') %>"
#
# Set DIFF_ONLY to "1" to only output the difference of the current run
# compared to the last run (ie. only new upgrades since the last run). If there
# are no differences, no output/email will be generated. By default, apticron
# will output everything that needs to be upgraded.
#
DIFF_ONLY="<%= scope.lookupvar('apt::apticron::diff_only') %>"
#
# Set LISTCHANGES_PROFILE if you would like apticron to invoke apt-listchanges
# with the --profile option. You should add a corresponding profile to
# /etc/apt/listchanges.conf
#
LISTCHANGES_PROFILE="<%= scope.lookupvar('apt::apticron::listchanges_profile') %>"
#
# Set SYSTEM if you would like apticron to use something other than the output
# of "hostname -f" for the system name in the mails it generates
#
# SYSTEM="foobar.example.com"
<% unless (v=scope.lookupvar('apt::apticron::system')).to_s == "false" -%>
SYSTEM="<%= v %>"
<% end -%>
#
# Set IPADDRESSNUM if you would like to configure the maximal number of IP
# addresses apticron displays. The default is to display 1 address of each
# family type (inet, inet6), if available.
#
# IPADDRESSNUM="1"
<% unless (v=scope.lookupvar('apt::apticron::ipaddressnum')).to_s == "false" -%>
IPADDRESSNUM="<%= v %>"
<% end -%>
#
# Set IPADDRESSES to a whitespace separated list of reachable addresses for
# this system. By default, apticron will try to work these out using the
# "ip" command
#
# IPADDRESSES="192.0.2.1 2001:db8:1:2:3::1"
<% unless (v=scope.lookupvar('apt::apticron::ipaddresses')).to_s == "false" -%>
IPADDRESSES="<%= v %>"
<% end -%>
#
# Set NOTIFY_HOLDS="0" if you don't want to be notified about new versions of
# packages on hold in your system. The default behavior is downloading and
# listing them as any other package.
#
# NOTIFY_HOLDS="0"
NOTIFY_HOLDS="<%= scope.lookupvar('apt::apticron::notifyholds') %>"
#
# Set NOTIFY_NEW="0" if you don't want to be notified about packages which
# are not installed in your system. Yes, it's possible! There are some issues
# related to systems which have mixed stable/unstable sources. In these cases
# apt-get will consider for example that packages with "Priority:
# required"/"Essential: yes" in unstable but not in stable should be installed,
# so they will be listed in dist-upgrade output. Please take a look at
# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531002#44
#
# NOTIFY_NEW="0"
NOTIFY_NEW="<%= scope.lookupvar('apt::apticron::notifynew') %>"
#
# Set CUSTOM_SUBJECT if you want to replace the default subject used in
# the notification e-mails. This may help filtering/sorting client-side e-mail.
#
# CUSTOM_SUBJECT=""
CUSTOM_SUBJECT="<%= scope.lookupvar('apt::apticron::customsubject') %>"

0
templates/Debian/listchanges_lenny.erb → templates/Debian/listchanges.erb
View file

1
templates/Debian/listchanges_jessie.erb
View file

@ -1 +0,0 @@
listchanges_lenny.erb

1
templates/Debian/listchanges_sid.erb
View file

@ -1 +0,0 @@
listchanges_lenny.erb

1
templates/Debian/listchanges_squeeze.erb
View file

@ -1 +0,0 @@
listchanges_lenny.erb

1
templates/Debian/listchanges_wheezy.erb
View file

@ -1 +0,0 @@
listchanges_lenny.erb

17
templates/Debian/preferences_squeeze.erb → templates/Debian/preferences.erb
View file

@ -1,30 +1,33 @@
# This file is managed by puppet
# all local modifications will be overwritten
Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %>
Package: *
Pin: release o=Debian,n=<%= codename %>
Pin-Priority: 990
<% if use_volatile=scope.lookupvar('apt::use_volatile') -%>
Explanation: Debian <%= codename %>-updates
Package: *
Pin: release o=Debian,n=<%= codename %>-updates
Pin-Priority: 990
<%- end -%>
<% if (use_lts=scope.lookupvar('apt::use_lts')) && (scope.lookupvar('::debian_lts') == "true") -%>
Explanation: Debian <%= codename %>-lts
Package: *
Pin: release o=Debian,n=<%= codename %>-lts
Pin-Priority: 990
<%- end -%>
Explanation: Debian <%= next_codename=scope.lookupvar('::debian_nextcodename') %>
<% if (next_codename=scope.lookupvar('::debian_nextcodename')) && (next_codename != "experimental") -%>
Explanation: Debian <%= next_codename %>
Package: *
Pin: release o=Debian,n=<%= next_codename %>
Pin-Priority: 2
Explanation: Debian sid
Package: *
Pin: release o=Debian,n=sid
Pin-Priority: 1
<%- end -%>
Explanation: Debian fallback
Package: *
Pin: release o=Debian
Pin-Priority: -10

14
templates/Debian/preferences_jessie.erb
View file

@ -1,14 +0,0 @@
Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %>
Package: *
Pin: release o=Debian,n=<%= codename %>
Pin-Priority: 990
Explanation: Debian sid
Package: *
Pin: release o=Debian,n=sid
Pin-Priority: 1
Explanation: Debian fallback
Package: *
Pin: release o=Debian
Pin-Priority: -10

25
templates/Debian/preferences_lenny.erb
View file

@ -1,25 +0,0 @@
Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %>
Package: *
Pin: release o=Debian,a=<%= scope.lookupvar('::debian_release') %>,v=5*
Pin-Priority: 990
Explanation: Debian backports
Package: *
Pin: origin backports.debian.org
Pin-Priority: 200
Explanation: Debian <%= next_release=scope.lookupvar('::debian_nextrelease') %>
Package: *
Pin: release o=Debian,a=<%= next_release %>
Pin-Priority: 2
Explanation: Debian sid
Package: *
Pin: release o=Debian,a=unstable
Pin-Priority: 1
Explanation: Debian fallback
Package: *
Pin: release o=Debian
Pin-Priority: -10

10
templates/Debian/preferences_sid.erb
View file

@ -1,10 +0,0 @@
Explanation: Debian sid
Package: *
Pin: release o=Debian,n=sid
Pin-Priority: 990
Explanation: Debian fallback
Package: *
Pin: release o=Debian
Pin-Priority: -10

20
templates/Debian/preferences_wheezy.erb
View file

@ -1,20 +0,0 @@
Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %>
Package: *
Pin: release o=Debian,n=<%= codename %>
Pin-Priority: 990
Explanation: Debian <%= codename %>-updates
Package: *
Pin: release o=Debian,n=<%= codename %>-updates
Pin-Priority: 990
Explanation: Debian sid
Package: *
Pin: release o=Debian,n=sid
Pin-Priority: 1
Explanation: Debian fallback
Package: *
Pin: release o=Debian
Pin-Priority: -10

14
templates/Debian/sources.list.erb
View file

@ -4,7 +4,7 @@
### Debian current: <%= codename=scope.lookupvar('::debian_codename') %>
# basic
deb <%= debian_url=scope.lookupvar('apt::debian_url') %> <%= codename %> <%= lrepos=scope.lookupvar('apt::real_repos') %>
deb <%= debian_url=scope.lookupvar('apt::debian_url') %> <%= codename %> <%= lrepos=scope.lookupvar('apt::repos') %>
<% if include_src=scope.lookupvar('apt::include_src') -%>
deb-src <%= debian_url %> <%= codename %> <%= lrepos %>
<% end -%>
@ -19,18 +19,6 @@ deb-src <%= security_url %> <%= codename %>/updates <%= lrepos %>
# There is no security support for <%= release %>
<% end -%>
<% if use_backports=scope.lookupvar('apt::use_backports') -%>
# backports
<% if (release == "testing" || release == "unstable" || release == "experimental") -%>
# There is no backports archive for <%= release %>
<% else -%>
deb <%= backports_url=scope.lookupvar('apt::backports_url') %> <%= codename %>-backports <%= lrepos %>
<% if include_src -%>
deb-src <%= backports_url %> <%= codename %>-backports <%= lrepos %>
<% end
end
end -%>
<% if use_volatile=scope.lookupvar('apt::use_volatile') -%>
# volatile
<% if (release == "testing" || release == "unstable" || release == "experimental") -%>

1
templates/Ubuntu/preferences_vivid.erb Symbolic link
View file

@ -0,0 +1 @@
preferences_maverick.erb

1
templates/Ubuntu/preferences_wily.erb Symbolic link
View file

@ -0,0 +1 @@
preferences_maverick.erb

1
templates/Ubuntu/preferences_xenial.erb Symbolic link
View file

@ -0,0 +1 @@
preferences_maverick.erb

12
templates/Ubuntu/sources.list.erb
View file

@ -1,8 +1,8 @@
# This file is managed by puppet
# all local modifications will be overwritten
# basic <%= codename=scope.lookupvar('::ubuntu_codename') %>
deb <%= ubuntu_url=scope.lookupvar('apt::ubuntu_url') %> <%= codename %> <%= lrepos=scope.lookupvar('apt::real_repos') %>
# basic <%= codename=scope.lookupvar('apt::codename') %>
deb <%= ubuntu_url=scope.lookupvar('apt::ubuntu_url') %> <%= codename %> <%= lrepos=scope.lookupvar('apt::repos') %>
<% if include_src=scope.lookupvar('apt::include_src') -%>
deb-src <%= ubuntu_url %> <%= codename %> <%= lrepos %>
<% end -%>
@ -20,11 +20,3 @@ deb <%= ubuntu_url %> <%= codename %>-security <%= lrepos %>
<% if include_src -%>
deb-src <%= ubuntu_url %> <%= codename %>-security <%= lrepos %>
<% end -%>
<% if use_backports=scope.lookupvar('apt::use_backports') -%>
# backports
deb <%= ubuntu_url %> <%= codename %>-backports <%= lrepos %>
<% if include_src -%>
deb-src <%= ubuntu_url %> <%= codename %>-backports <%= lrepos %>
<% end
end -%>