summaryrefslogtreecommitdiff
path: root/puppet/modules/site_apt/manifests
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules/site_apt/manifests')
-rw-r--r--puppet/modules/site_apt/manifests/dist_upgrade.pp10
-rw-r--r--puppet/modules/site_apt/manifests/init.pp45
-rw-r--r--puppet/modules/site_apt/manifests/leap_repo.pp9
-rw-r--r--puppet/modules/site_apt/manifests/preferences/obfsproxy.pp9
-rw-r--r--puppet/modules/site_apt/manifests/preferences/openvpn.pp9
-rw-r--r--puppet/modules/site_apt/manifests/preferences/twisted.pp9
-rw-r--r--puppet/modules/site_apt/manifests/preferences/unbound.pp10
-rw-r--r--puppet/modules/site_apt/manifests/unattended_upgrades.pp13
8 files changed, 46 insertions, 68 deletions
diff --git a/puppet/modules/site_apt/manifests/dist_upgrade.pp b/puppet/modules/site_apt/manifests/dist_upgrade.pp
index 08de31bb..0eb98cea 100644
--- a/puppet/modules/site_apt/manifests/dist_upgrade.pp
+++ b/puppet/modules/site_apt/manifests/dist_upgrade.pp
@@ -1,17 +1,17 @@
+# upgrade all packages
class site_apt::dist_upgrade {
+ # facter returns 'true' as string
+ # lint:ignore:quoted_booleans
if $::apt_running == 'true' {
+ # lint:endignore
fail ('apt-get is running in background - Please wait until it finishes. Exiting.')
} else {
- exec{'initial_apt_update':
- command => '/usr/bin/apt-get update',
- refreshonly => false,
- timeout => 360,
- }
exec{'initial_apt_dist_upgrade':
command => "/usr/bin/apt-get -q -y -o 'DPkg::Options::=--force-confold' dist-upgrade",
refreshonly => false,
timeout => 1200,
+ require => Exec['apt_updated']
}
}
}
diff --git a/puppet/modules/site_apt/manifests/init.pp b/puppet/modules/site_apt/manifests/init.pp
index cf49f870..455425c1 100644
--- a/puppet/modules/site_apt/manifests/init.pp
+++ b/puppet/modules/site_apt/manifests/init.pp
@@ -3,15 +3,29 @@ class site_apt {
$sources = hiera('sources')
$apt_config = $sources['apt']
+
+ # debian repo urls
$apt_url_basic = $apt_config['basic']
$apt_url_security = $apt_config['security']
$apt_url_backports = $apt_config['backports']
+ # leap repo url
+ $platform_sources = $sources['platform']
+ $apt_url_platform_basic = $platform_sources['apt']['basic']
+
+ # needed on jessie hosts for getting pnp4nagios from testing
+ if ( $::operatingsystemmajrelease == '8' ) {
+ $use_next_release = true
+ } else {
+ $use_next_release = false
+ }
+
class { 'apt':
- custom_key_dir => 'puppet:///modules/site_apt/keys',
- debian_url => $apt_url_basic,
- security_url => $apt_url_security,
- backports_url => $apt_url_backports
+ custom_key_dir => 'puppet:///modules/site_apt/keys',
+ debian_url => $apt_url_basic,
+ security_url => $apt_url_security,
+ backports_url => $apt_url_backports,
+ use_next_release => $use_next_release
}
# enable http://deb.leap.se debian package repository
@@ -23,14 +37,10 @@ class site_apt {
include ::site_apt::unattended_upgrades
- apt::sources_list { 'secondary.list.disabled':
- content => template('site_apt/secondary.list');
- }
-
- apt::preferences_snippet { 'facter':
- release => "${::lsbdistcodename}-backports",
- priority => 999
- }
+ # not currently used
+ #apt::sources_list { 'secondary.list':
+ # content => template('site_apt/secondary.list');
+ #}
apt::preferences_snippet { 'leap':
priority => 999,
@@ -38,13 +48,8 @@ class site_apt {
pin => 'origin "deb.leap.se"'
}
- # All packages should be installed _after_ refresh_apt is called,
- # which does an apt-get update.
- # There is one exception:
- # The creation of sources.list depends on the lsb package
+ # All packages should be installed after 'update_apt' is called,
+ # which does an 'apt-get update'.
+ Exec['update_apt'] -> Package <||>
- File['/etc/apt/preferences'] ->
- Apt::Preferences_snippet <| |> ->
- Exec['refresh_apt'] ->
- Package <| ( title != 'lsb' ) |>
}
diff --git a/puppet/modules/site_apt/manifests/leap_repo.pp b/puppet/modules/site_apt/manifests/leap_repo.pp
index 2d4ba0e1..5eedce45 100644
--- a/puppet/modules/site_apt/manifests/leap_repo.pp
+++ b/puppet/modules/site_apt/manifests/leap_repo.pp
@@ -1,17 +1,16 @@
+# install leap deb repo together with leap-keyring package
+# containing the apt signing key
class site_apt::leap_repo {
$platform = hiera_hash('platform')
$major_version = $platform['major_version']
apt::sources_list { 'leap.list':
- content => "deb http://deb.leap.se/${major_version} wheezy main\n",
+ content => "deb ${::site_apt::apt_url_platform_basic} ${::lsbdistcodename} main\n",
before => Exec[refresh_apt]
}
- package { 'leap-keyring':
+ package { 'leap-archive-keyring':
ensure => latest
}
- # We wont be able to install the leap-keyring package unless the leap apt
- # source has been added and apt has been refreshed
- Exec['refresh_apt'] -> Package['leap-keyring']
}
diff --git a/puppet/modules/site_apt/manifests/preferences/obfsproxy.pp b/puppet/modules/site_apt/manifests/preferences/obfsproxy.pp
deleted file mode 100644
index 75b01956..00000000
--- a/puppet/modules/site_apt/manifests/preferences/obfsproxy.pp
+++ /dev/null
@@ -1,9 +0,0 @@
-class site_apt::preferences::obfsproxy {
-
- apt::preferences_snippet { 'obfsproxy':
- package => 'obfsproxy',
- release => 'wheezy-backports',
- priority => 999;
- }
-
-}
diff --git a/puppet/modules/site_apt/manifests/preferences/openvpn.pp b/puppet/modules/site_apt/manifests/preferences/openvpn.pp
deleted file mode 100644
index c7ddae25..00000000
--- a/puppet/modules/site_apt/manifests/preferences/openvpn.pp
+++ /dev/null
@@ -1,9 +0,0 @@
-class site_apt::preferences::openvpn {
-
- apt::preferences_snippet { 'openvpn':
- package => 'openvpn',
- release => "${::lsbdistcodename}-backports",
- priority => 999;
- }
-
-}
diff --git a/puppet/modules/site_apt/manifests/preferences/twisted.pp b/puppet/modules/site_apt/manifests/preferences/twisted.pp
deleted file mode 100644
index abff6838..00000000
--- a/puppet/modules/site_apt/manifests/preferences/twisted.pp
+++ /dev/null
@@ -1,9 +0,0 @@
-class site_apt::preferences::twisted {
-
- apt::preferences_snippet { 'python-twisted':
- package => 'python-twisted*',
- release => "${::lsbdistcodename}-backports",
- priority => 999;
- }
-
-}
diff --git a/puppet/modules/site_apt/manifests/preferences/unbound.pp b/puppet/modules/site_apt/manifests/preferences/unbound.pp
deleted file mode 100644
index 6da964f9..00000000
--- a/puppet/modules/site_apt/manifests/preferences/unbound.pp
+++ /dev/null
@@ -1,10 +0,0 @@
-class site_apt::preferences::unbound {
-
- apt::preferences_snippet { 'unbound':
- package => 'libunbound* unbound*',
- release => "${::lsbdistcodename}-backports",
- priority => 999,
- before => Class['unbound::package'];
- }
-
-}
diff --git a/puppet/modules/site_apt/manifests/unattended_upgrades.pp b/puppet/modules/site_apt/manifests/unattended_upgrades.pp
index 40111deb..42f1f4c6 100644
--- a/puppet/modules/site_apt/manifests/unattended_upgrades.pp
+++ b/puppet/modules/site_apt/manifests/unattended_upgrades.pp
@@ -1,9 +1,20 @@
+# configute unattended upgrades so packages from both Debian and LEAP
+# repos get upgraded unattended
class site_apt::unattended_upgrades {
# override unattended-upgrades package resource to make sure
# that it is upgraded on every deploy (#6245)
+ # configure upgrades for Debian
class { 'apt::unattended_upgrades':
- config_content => template('site_apt/50unattended-upgrades'),
ensure_version => latest
}
+
+ # configure LEAP upgrades
+ apt::apt_conf { '51unattended-upgrades-leap':
+ source => [
+ "puppet:///modules/site_apt/${::lsbdistid}/51unattended-upgrades-leap"],
+ require => Package['unattended-upgrades'],
+ refresh_apt => false,
+ }
+
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-28 06:13:15 +0000