diff options
author | Micah <micah@leap.se> | 2016-05-10 14:48:26 -0400 |
---|---|---|
committer | Micah <micah@leap.se> | 2016-05-10 14:48:26 -0400 |
commit | 86c85582065c391aa13c0b9b397dfd1aa2e2ac7b (patch) | |
tree | 7c027409a517d862864bf3650f4a8a66f615162d /puppet/modules/site_apt/manifests | |
parent | 70b1c648b94e6c007b9241a4661f33881e74485f (diff) | |
parent | 66b4c6b5ec6fe2f242020845fe92715ae2cdcc1e (diff) |
Merge tag '0.8.0'
Release 0.8.0
Diffstat (limited to 'puppet/modules/site_apt/manifests')
8 files changed, 46 insertions, 68 deletions
diff --git a/puppet/modules/site_apt/manifests/dist_upgrade.pp b/puppet/modules/site_apt/manifests/dist_upgrade.pp index 08de31bb..0eb98cea 100644 --- a/puppet/modules/site_apt/manifests/dist_upgrade.pp +++ b/puppet/modules/site_apt/manifests/dist_upgrade.pp @@ -1,17 +1,17 @@ +# upgrade all packages class site_apt::dist_upgrade { + # facter returns 'true' as string + # lint:ignore:quoted_booleans if $::apt_running == 'true' { + # lint:endignore fail ('apt-get is running in background - Please wait until it finishes. Exiting.') } else { - exec{'initial_apt_update': - command => '/usr/bin/apt-get update', - refreshonly => false, - timeout => 360, - } exec{'initial_apt_dist_upgrade': command => "/usr/bin/apt-get -q -y -o 'DPkg::Options::=--force-confold' dist-upgrade", refreshonly => false, timeout => 1200, + require => Exec['apt_updated'] } } } diff --git a/puppet/modules/site_apt/manifests/init.pp b/puppet/modules/site_apt/manifests/init.pp index cf49f870..455425c1 100644 --- a/puppet/modules/site_apt/manifests/init.pp +++ b/puppet/modules/site_apt/manifests/init.pp @@ -3,15 +3,29 @@ class site_apt { $sources = hiera('sources') $apt_config = $sources['apt'] + + # debian repo urls $apt_url_basic = $apt_config['basic'] $apt_url_security = $apt_config['security'] $apt_url_backports = $apt_config['backports'] + # leap repo url + $platform_sources = $sources['platform'] + $apt_url_platform_basic = $platform_sources['apt']['basic'] + + # needed on jessie hosts for getting pnp4nagios from testing + if ( $::operatingsystemmajrelease == '8' ) { + $use_next_release = true + } else { + $use_next_release = false + } + class { 'apt': - custom_key_dir => 'puppet:///modules/site_apt/keys', - debian_url => $apt_url_basic, - security_url => $apt_url_security, - backports_url => $apt_url_backports + custom_key_dir => 'puppet:///modules/site_apt/keys', + debian_url => $apt_url_basic, + security_url => $apt_url_security, + backports_url => $apt_url_backports, + use_next_release => $use_next_release } # enable http://deb.leap.se debian package repository @@ -23,14 +37,10 @@ class site_apt { include ::site_apt::unattended_upgrades - apt::sources_list { 'secondary.list.disabled': - content => template('site_apt/secondary.list'); - } - - apt::preferences_snippet { 'facter': - release => "${::lsbdistcodename}-backports", - priority => 999 - } + # not currently used + #apt::sources_list { 'secondary.list': + # content => template('site_apt/secondary.list'); + #} apt::preferences_snippet { 'leap': priority => 999, @@ -38,13 +48,8 @@ class site_apt { pin => 'origin "deb.leap.se"' } - # All packages should be installed _after_ refresh_apt is called, - # which does an apt-get update. - # There is one exception: - # The creation of sources.list depends on the lsb package + # All packages should be installed after 'update_apt' is called, + # which does an 'apt-get update'. + Exec['update_apt'] -> Package <||> - File['/etc/apt/preferences'] -> - Apt::Preferences_snippet <| |> -> - Exec['refresh_apt'] -> - Package <| ( title != 'lsb' ) |> } diff --git a/puppet/modules/site_apt/manifests/leap_repo.pp b/puppet/modules/site_apt/manifests/leap_repo.pp index 2d4ba0e1..5eedce45 100644 --- a/puppet/modules/site_apt/manifests/leap_repo.pp +++ b/puppet/modules/site_apt/manifests/leap_repo.pp @@ -1,17 +1,16 @@ +# install leap deb repo together with leap-keyring package +# containing the apt signing key class site_apt::leap_repo { $platform = hiera_hash('platform') $major_version = $platform['major_version'] apt::sources_list { 'leap.list': - content => "deb http://deb.leap.se/${major_version} wheezy main\n", + content => "deb ${::site_apt::apt_url_platform_basic} ${::lsbdistcodename} main\n", before => Exec[refresh_apt] } - package { 'leap-keyring': + package { 'leap-archive-keyring': ensure => latest } - # We wont be able to install the leap-keyring package unless the leap apt - # source has been added and apt has been refreshed - Exec['refresh_apt'] -> Package['leap-keyring'] } diff --git a/puppet/modules/site_apt/manifests/preferences/obfsproxy.pp b/puppet/modules/site_apt/manifests/preferences/obfsproxy.pp deleted file mode 100644 index 75b01956..00000000 --- a/puppet/modules/site_apt/manifests/preferences/obfsproxy.pp +++ /dev/null @@ -1,9 +0,0 @@ -class site_apt::preferences::obfsproxy { - - apt::preferences_snippet { 'obfsproxy': - package => 'obfsproxy', - release => 'wheezy-backports', - priority => 999; - } - -} diff --git a/puppet/modules/site_apt/manifests/preferences/openvpn.pp b/puppet/modules/site_apt/manifests/preferences/openvpn.pp deleted file mode 100644 index c7ddae25..00000000 --- a/puppet/modules/site_apt/manifests/preferences/openvpn.pp +++ /dev/null @@ -1,9 +0,0 @@ -class site_apt::preferences::openvpn { - - apt::preferences_snippet { 'openvpn': - package => 'openvpn', - release => "${::lsbdistcodename}-backports", - priority => 999; - } - -} diff --git a/puppet/modules/site_apt/manifests/preferences/twisted.pp b/puppet/modules/site_apt/manifests/preferences/twisted.pp deleted file mode 100644 index abff6838..00000000 --- a/puppet/modules/site_apt/manifests/preferences/twisted.pp +++ /dev/null @@ -1,9 +0,0 @@ -class site_apt::preferences::twisted { - - apt::preferences_snippet { 'python-twisted': - package => 'python-twisted*', - release => "${::lsbdistcodename}-backports", - priority => 999; - } - -} diff --git a/puppet/modules/site_apt/manifests/preferences/unbound.pp b/puppet/modules/site_apt/manifests/preferences/unbound.pp deleted file mode 100644 index 6da964f9..00000000 --- a/puppet/modules/site_apt/manifests/preferences/unbound.pp +++ /dev/null @@ -1,10 +0,0 @@ -class site_apt::preferences::unbound { - - apt::preferences_snippet { 'unbound': - package => 'libunbound* unbound*', - release => "${::lsbdistcodename}-backports", - priority => 999, - before => Class['unbound::package']; - } - -} diff --git a/puppet/modules/site_apt/manifests/unattended_upgrades.pp b/puppet/modules/site_apt/manifests/unattended_upgrades.pp index 40111deb..42f1f4c6 100644 --- a/puppet/modules/site_apt/manifests/unattended_upgrades.pp +++ b/puppet/modules/site_apt/manifests/unattended_upgrades.pp @@ -1,9 +1,20 @@ +# configute unattended upgrades so packages from both Debian and LEAP +# repos get upgraded unattended class site_apt::unattended_upgrades { # override unattended-upgrades package resource to make sure # that it is upgraded on every deploy (#6245) + # configure upgrades for Debian class { 'apt::unattended_upgrades': - config_content => template('site_apt/50unattended-upgrades'), ensure_version => latest } + + # configure LEAP upgrades + apt::apt_conf { '51unattended-upgrades-leap': + source => [ + "puppet:///modules/site_apt/${::lsbdistid}/51unattended-upgrades-leap"], + require => Package['unattended-upgrades'], + refresh_apt => false, + } + } |