summaryrefslogtreecommitdiff
path: root/puppet/modules/site_apt
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules/site_apt')
-rw-r--r--puppet/modules/site_apt/files/Debian/50unattended-upgrades16
-rw-r--r--puppet/modules/site_apt/manifests/init.pp4
-rw-r--r--puppet/modules/site_apt/manifests/leap_repo.pp5
-rw-r--r--puppet/modules/site_apt/manifests/preferences/obfsproxy.pp9
-rw-r--r--puppet/modules/site_apt/manifests/preferences/rsyslog.pp14
-rw-r--r--puppet/modules/site_apt/manifests/unattended_upgrades.pp10
6 files changed, 50 insertions, 8 deletions
diff --git a/puppet/modules/site_apt/files/Debian/50unattended-upgrades b/puppet/modules/site_apt/files/Debian/50unattended-upgrades
new file mode 100644
index 00000000..f2f574fc
--- /dev/null
+++ b/puppet/modules/site_apt/files/Debian/50unattended-upgrades
@@ -0,0 +1,16 @@
+// this file is managed by puppet !
+
+Unattended-Upgrade::Allowed-Origins {
+ "${distro_id}:stable";
+ "${distro_id}:${distro_codename}-security";
+ "${distro_id}:${distro_codename}-updates";
+ "${distro_id} Backports:${distro_codename}-backports";
+ "leap.se:stable";
+};
+
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Download-Upgradeable-Packages "1";
+APT::Periodic::Unattended-Upgrade "1";
+
+Unattended-Upgrade::Mail "root";
+Unattended-Upgrade::MailOnlyOnError "true";
diff --git a/puppet/modules/site_apt/manifests/init.pp b/puppet/modules/site_apt/manifests/init.pp
index 9facf4cc..633ccf1e 100644
--- a/puppet/modules/site_apt/manifests/init.pp
+++ b/puppet/modules/site_apt/manifests/init.pp
@@ -1,4 +1,4 @@
-class site_apt {
+class site_apt {
class { 'apt':
custom_key_dir => 'puppet:///modules/site_apt/keys'
@@ -11,7 +11,7 @@ class site_apt {
content => 'Acquire::PDiffs "false";';
}
- include ::apt::unattended_upgrades
+ include ::site_apt::unattended_upgrades
apt::sources_list { 'secondary.list.disabled':
content => template('site_apt/secondary.list');
diff --git a/puppet/modules/site_apt/manifests/leap_repo.pp b/puppet/modules/site_apt/manifests/leap_repo.pp
index 6b3d9919..2d4ba0e1 100644
--- a/puppet/modules/site_apt/manifests/leap_repo.pp
+++ b/puppet/modules/site_apt/manifests/leap_repo.pp
@@ -1,6 +1,9 @@
class site_apt::leap_repo {
+ $platform = hiera_hash('platform')
+ $major_version = $platform['major_version']
+
apt::sources_list { 'leap.list':
- content => 'deb http://deb.leap.se/debian stable main',
+ content => "deb http://deb.leap.se/${major_version} wheezy main\n",
before => Exec[refresh_apt]
}
diff --git a/puppet/modules/site_apt/manifests/preferences/obfsproxy.pp b/puppet/modules/site_apt/manifests/preferences/obfsproxy.pp
new file mode 100644
index 00000000..75b01956
--- /dev/null
+++ b/puppet/modules/site_apt/manifests/preferences/obfsproxy.pp
@@ -0,0 +1,9 @@
+class site_apt::preferences::obfsproxy {
+
+ apt::preferences_snippet { 'obfsproxy':
+ package => 'obfsproxy',
+ release => 'wheezy-backports',
+ priority => 999;
+ }
+
+}
diff --git a/puppet/modules/site_apt/manifests/preferences/rsyslog.pp b/puppet/modules/site_apt/manifests/preferences/rsyslog.pp
index 132a6e24..bfeaa7da 100644
--- a/puppet/modules/site_apt/manifests/preferences/rsyslog.pp
+++ b/puppet/modules/site_apt/manifests/preferences/rsyslog.pp
@@ -1,9 +1,13 @@
class site_apt::preferences::rsyslog {
- apt::preferences_snippet { 'rsyslog_anon_depends':
- package => 'libestr0 librelp0 rsyslog*',
- priority => '999',
- pin => 'release a=wheezy-backports',
- before => Class['rsyslog::install']
+ apt::preferences_snippet {
+ 'rsyslog_anon_depends':
+ package => 'libestr0 librelp0 rsyslog*',
+ priority => '999',
+ pin => 'release a=wheezy-backports',
+ before => Class['rsyslog::install'];
+
+ 'fixed_rsyslog_anon_package':
+ ensure => absent;
}
}
diff --git a/puppet/modules/site_apt/manifests/unattended_upgrades.pp b/puppet/modules/site_apt/manifests/unattended_upgrades.pp
new file mode 100644
index 00000000..daebffab
--- /dev/null
+++ b/puppet/modules/site_apt/manifests/unattended_upgrades.pp
@@ -0,0 +1,10 @@
+class site_apt::unattended_upgrades inherits apt::unattended_upgrades {
+ # override unattended-upgrades package resource to make sure
+ # that it is upgraded on every deploy (#6245)
+
+ include ::apt::unattended_upgrades
+
+ Package['unattended-upgrades'] {
+ ensure => latest
+ }
+}