module-apt/README

304 lines
9.8 KiB
Text

Overview
========
This module manages apt on Debian.
It keeps dpkg's and apt's databases as well as the keyrings for securing
package download current.
backports.debian.org is added.
/etc/apt/sources.list and /etc/apt/preferences are managed. More
recent Debian releases are pinned to very low values by default to
prevent accidental upgrades.
Ubuntu support is lagging behind but not absent either.
This module needs:
- lsb-release installed
- the common module: git://labs.riseup.net/shared-common
By default, on normal hosts, this module sets the configuration option
DSelect::Clean to 'auto'. On virtual servers, the value is set by default to
'pre-auto', because virtual servers are usually more space-bound and have better
recovery mechanisms via the host:
From apt.conf(5), 0.7.2:
"Cache Clean mode; this value may be one of always, prompt, auto,
pre-auto and never. always and prompt will remove all packages
from the cache after upgrading, prompt (the default) does so
conditionally. auto removes only those packages which are no
longer downloadable (replaced with a new version for
instance). pre-auto performs this action before downloading new
packages."
To change the default setting for DSelect::Clean, you can create a file named
"03clean" or "03clean_vserver" in your site-apt module's files directory. You
can also define this for a specific host by creating a file in a subdirectory of
the site-apt modules' files directory that is named the same as the
host. (example: site-apt/files/some.host.com/03clean, or
site-apt/files/some.host.com/03clean_vserver)
Variables
=========
$lsbdistcodename
----------------
Contains the codename ("etch", "lenny", ...) of the client's
release. While these values come from lsb-release by default, this
value can be set manually too, e.g. to enable forced upgrades.
$custom_sources_list
--------------------
By default this module will use a basic apt/sources.list template with
a generic Debian mirror. If you need to set more specific sources,
e.g. changing the sections included in the source, etc. you can set
this variable to the content that you desire to use instead.
For example, setting the following variable before including this class will
pull in the templates/site-apt/sources.list file:
$custom_sources_list = template("site-apt/sources.list")
$custom_preferences
-------------------
Since Debian Lenny's version of APT doesn't support the use of the
preferences.d directory for putting fragments of 'preferences', this
module will manage a default generic apt/preferences file with more
recent releases pinned to very low values so that any package
installation will not accidentally pull in packages from those suites
unless you explicitly specify the version number. This file will be
complemented with all of the preferences_snippet calls (see below).
If the default preferences template doesn't suit your needs, you can create a
template located in your site-apt module, and set $custom_preferences with the
location (eg. $custom_preferences = "puppet:///modules/site-apt/preferences")
Setting this variable to false before including this class will force the
apt/preferences file to be absent:
$custom_preferences = false
$custom_key_dir
---------------
If you have different apt-key files that you want to get added to your
apt keyring, you can set this variable to a path in your fileserver
where individual key files can be placed. If this is set and keys
exist there, this module will 'apt-key add' each key.
The debian-archive-keyring package is installed and kept current up to the
latest revision (this includes the backports archive keyring).
$apt_proxy / $apt_proxy_port
----------------------------
When you include the apt::proxy_client class in your nodes, you can set the
$apt_proxy variable to the URL of the proxy that will be used.
By default, the proxy will be queried on port 3142, but you can change the port
number by setting the $apt_proxy_port variable.
Here's an example of setting the proxy to 'http://proxy.domain' at port 666:
$apt_proxy = 'http://proxy.domain'
$apt_proxy_port = 666
include apt::proxy_client
$apt_volatile_enabled
-----------------
If this variable is set to true the Debian Volatile sources are added.
By default this is false for backward compatibility with older
versions of this module.
$apt_include_src
----------------
If this variable is set to true a deb-src source is added for every
added binary archive source.
By default this is false for backward compatibility with older
versions of this module.
$apt_use_next_release
---------------------
If this variable is set to true the sources for the next Debian
release are added. The default pinning configuration pins it to very
low values.
By default this is false for backward compatibility with older
versions of this module.
$apt_debian_url, $apt_security_url, $apt_backports_url, $apt_volatile_url
-------------------------------------------------------------------------
These variables allow to override the default APT mirrors respectively
used for the standard Debian archives, the Debian security archive,
the Debian official backports and the Debian Volatile archive.
$apt_ubuntu_url
---------------
These variables allows to override the default APT mirror used for all
standard Ubuntu archives (including updates, security, backports).
$apt_repos
----------
If this variable is set the default repositories list ("main contrib non-free")
is overriden.
Classes
=======
apt
---
The apt class sets up most of the documented functionality. To use
functionality that is not enabled by default, you must include one of
the following classes.
apt::cron::download
-------------------
This class sets up cron-apt so that it downloads upgradable packages, does not
actually do any upgrade and emails when the output changes.
apt::cron::dist-upgrade
-----------------------
This class sets up cron-apt so that it dist-upgrades the system and
emails when upgrades are performed.
apt::dselect
------------
This class, when included, installs dselect and switches it to expert mode to
suppress superfluous help screens.
apt::proxy_client
-----------------
This class adds the right configuration to apt to make it fetch packages via a
proxy. The variables $apt_proxy and $apt_proxy_port need to be set (see above).
apt::unattended_upgrades
------------------------
If this class is included, it will install the package 'unattended-upgrades'
and configure it to daily upgrade the system.
Defines
=======
apt::apt_conf
-------------
Creates a file in the apt/apt.conf.d directory to easily add configuration
components. One can use either the 'source' meta-parameter to specify a list of
static files to include from the puppet fileserver or the 'content'
meta-parameter to define content inline or with the help of a template.
Example:
apt::apt_conf { "80download-only":
source => "puppet:///modules/site-apt/80download-only",
}
apt::preferences_snippet
------------------------
A way to add pinning information to /etc/apt/preferences
Example:
apt::preferences_snippet{
'irssi-plugin-otr':
release => 'lenny-backports',
priority => 999;
}
apt::preseeded_package
----------------------
This simplifies installation of packages for which you wish to preseed the
answers to debconf. For example, if you wish to provide a preseed file for the
locales package, you would place the locales.seed file in
'site-apt/templates/$lsbdistcodename/locales.seeds' and then include the
following in your manifest:
apt::preseeded_package { locales: }
You can also specify 'content' to define this file via a template. Here's an
example for preseeding installation of the 'mysql' package with a template:
apt::preseeded_package { "mysql":
content => template("site-apt/mysql.seed.erb"),
}
apt::sources_list
-------------
Creates a file in the apt/sources.list.d directory to easily add additional apt
sources. One can use either the 'source' meta-parameter to specify a list of
static files to include from the puppet fileserver or the 'content'
meta-parameter to define content inline or with the help of a template.
Example:
apt::sources_list { "company_internals.list":
source => ["puppet:///modules/site-apt/${fqdn}/company_internals.list",
"puppet:///modules/site-apt/company_internals.list"],
}
apt::upgrade_package
--------------------
This simplifies upgrades for DSA security announcements or point-releases. This
will ensure that the named package is upgraded to the version specified, only if
the package is installed, otherwise nothing happens. If the specified version
is 'latest' (the default), then the package is ensured to be upgraded to the
latest package revision when it becomes available.
For example, the following upgrades the perl package to version 5.8.8-7etch1
(if it is installed), it also upgrades the syslog-ng and perl-modules packages
to their latest (also, only if they are installed):
upgrade_package { "perl":
version => '5.8.8-7etch1';
"syslog-ng":
version => latest;
"perl-modules":
}
Resources
=========
Concatenated_file[apt_config]
-----------------------------
Use this resource to depend on or add to a completed apt configuration
Exec[apt_updated]
-----------------
After this point, current packages can be installed via apt. It is usually used
like this:
Package { require => Exec[apt_updated] }
TODO
====
Currently this module updates the caches on every run. Running apt-get update is
an expensive operation and should be done only on schedule by using
apticron or cron-apt.
Sometimes -- especially when initially starting management or deploying new
packages -- a immediate update is really needed to be able to install the right
packages without errors. Thus a method should be devised to be able to specify
with high fidelity when a update should be run and when it is not needed.