summaryrefslogtreecommitdiff
path: root/puppet/modules/site_apt/manifests
AgeCommit message (Collapse)Author
2017-06-27Pin python-cryptography to jessie-backportsVarac
Needed to satisfy leap-mx dependency (>=17.0) - Resolves: #8837
2017-06-27Install python-treq from strech on jessie nodesVarac
New soledad-common depends on `python-treq`, which is only available in debian stretch. We pin all stretch packages to 1 (same as for sid), which means (from `man apt_preferences`): "causes a version to be installed only if there is no installed version of the package" - Resolves: #8836
2017-06-24Add configured apt component to the unattended-upgrades whitelistVarac
Resolves: #8792
2017-05-02Add signed-by option to sources.list (Closes: #8425)Micah Anderson
This gets us a simple apt repository privilege separation: (a) our key can't be used to forge other repos (b) other keys can't be used to forge our repo. From sources.list(5): · Signed-By (signed-by) is either an absolute path to a keyring file (has to be accessible and readable for the _apt user, so ensure everyone has read-permissions on the file) or one or more fingerprints of keys either in the trusted.gpg keyring or in the keyrings in the trusted.gpg.d/ directory (see apt-key fingerprint). If the option is set, only the key(s) in this keyring or only the keys with these fingerprints are used for the apt-secure(8) verification of this repository. Defaults to the value of the option with the same name if set in the previously acquired Release file. Otherwise all keys in the trusted keyrings are considered valid signers for this repository.
2017-03-16Make platform apt dist/component configurablevarac
2017-02-23[feat] dont use backports for rsyslog anymorevarac
2017-02-23[feat] dont use backports for passenger anymorevarac
2016-08-30[feat] Use twisted 16.2 from jessie-backportsvarac
New soledad packages now depend on Twisted 16.2.0 (see https://leap.se/code/issues/8412), so we need to pin twisted to get installed from jessie-backports. - Resolves: #8418
2016-07-19Only use the 'main' repository for apt (#8253)Micah
Change-Id: If39222dc9ec68d1786c70c4b82b740e0a06773c4
2016-03-10[jessie] Remove obsolete backports pinningvarac
2016-03-08change name of leap-keyring package to leap-archive-keyring (#7950)Micah
Change-Id: I5f04e31e49642597c69895b5aca3ff5326dfd6ec
2016-02-16remove pinning of openvpn package to backportselijah
2016-02-02[refactor] Dont duplicate Package resource overridevarac
`site_apt` aready ensures for installing packages after Exec[update_apt] is run, so we don't need to duplicate this in `site_config::default.pp`.
2016-02-02[refactor] Use Exec[apt_updated] instead of Exec[refresh_apt]varac
Because this is the recommended way of depnending in the apt README.
2016-02-02[refactor] Remove atomic apt package dependecyvarac
`site_config::default.pp` takes care the all packages are installed before `Exec['refresh_apt']`, so we don't need to add it here for a single package.
2016-02-02[refactor] Don't declare dependencies for apt resourcesvarac
The apt module now takes care of all the dependencies removed from `site_apt`. Also, the dependency to install the `lsb` package after `refresh_apt` is unnesseccary because lsb facts won't work anyway on the first run if `lsb` is not installed before, so we can safely remove it.
2016-01-26[bug] Fix unattended-upgrades on jessievarac
- Resolves: #7842
2016-01-05[style] Lint site_apt::dist_upgradevarac
2016-01-05[feat] Remove double run of apt-get updatevarac
2015-12-10[bug] Configure default sources.platform.apt.basicvarac
Providing a custom sources.platform.apt.basic value worked with the last commit, but without that the platform would fail. So we provide a default value now in provider_base/common.json, which can get overridden.
2015-12-10[feat] Make leap apt sources url configurablevarac
So we can use the experimental-0.8 repo instead of 0.8 i.e. Use this to customize the main LEAP deb url: "sources": { "apt": { "leap": { "basic": "http://deb.leap.se/experimental-0.9" } } }
2015-11-30Revert "[feat] install couchdb from unstable on jessie"varac
This reverts commit 02b1b484ad9a5d065ceac72b8263b7bcc112c923. Now that we have a proper couchdb jessie package we don't need to install it from Debian unstable.
2015-11-24[bug] [jessie] Install pnp4nagios deb from stretchvarac
Configure the apt class together with "use_next_release => true", so pnp4nagios* packages can get installed from strech. No other package will be upgraded as the apt module pins stretch very low, so that only packages are installed if there are no other sources available. - Resolves: #7604
2015-11-17[feat] install couchdb from unstable on jessievarac
- Related: #6920
2015-11-17[feat] Release-specific apt sources file for leapvarac
- Related: #6920
2015-06-24remove static site circular dependency (closes #7145)elijah
2015-06-06Configure apt preferences before installing any packagesvarac
Change-Id: Iac4dc8428ff5e663870ed4dd6a2b840e0904e5be
2015-06-04add preferences snippet for leap repository (#7090)Micah Anderson
Change-Id: Ia7a35c8613350ad75ff1ebbdda0a09efa0960ba6
2015-05-26Revert "remove old leap_mx logfile location from check_mk logwatch state ↵varac
file #6964" This reverts commit 984684f56f15d9d89ea78ffe6ed67dabf3d63208. Needed because: Augeas fails after upgrading augeas packages during same puppetrun, but only on first deploy - https://leap.se/code/issues/6997
2015-05-14remove old leap_mx logfile location from check_mk logwatch state file #6964varac
Change-Id: I385c639e5c096deef4f81691a85c1b83cbab9421
2015-05-06fix unattended-upgrades now that jessie has been releasedMicah Anderson
Change-Id: I69e6a0f8e676be72bce492af32fef76c9167f5ee
2015-02-04consolidate sources into common.jsonelijah
2015-01-27provide way to customize all three apt sources urls (basic, security, backports)varac
Change-Id: I5542b320bb1edb52c63350b5e4fd2af681991fb5
2015-01-27use apt.url hiera value for customizing apt sources urlvarac
Change-Id: Ib18c9031df13dab3187e0bb0f2202ffddd0d228d
2014-10-28upgrade unattended-upgrades on deploy (#6245)Micah Anderson
unattended-upgrades is not able to upgrade itself in certain situations, such as when the conffile prompt is generated due to the config being changed. We want to set this package as latest in the platform so that it is upgraded on every deploy (we deploy the config anyway). Change-Id: I8c99bfb1b001079f0e1a4ffbf048e0e867633335
2014-10-21modify the leap repository contents so they pick the correct repository,Micah Anderson
based on the hiera value 'major_version' (#6251) Change-Id: I10532ef83e3aa2d35d9c0be241952a35e366bba4
2014-09-25remove /etc/apt/preferences.d/fixed_rsyslog_anon_package (#6138)varac
This was a leftover from earlier versions, where we installed rsyslog from the leap debian package repo. Change-Id: I88a852f08b5aff3bd7b591b6220ac354463a9786
2014-07-01Explicitly set apt preferences for obfsproxy to wheezy-backportsirregulator
2014-07-01Initial commit for obfsproxy server feature in platformirregulator
2014-06-02static site: added rack support, added custom apache configelijah
2014-05-22lint cleanup of site_config::caching_resolverMicah Anderson
Change-Id: I3f6a4db26e064a520a08822cf23fc3288b31af62
2014-05-22Install wheezy-backports version of unbound, this is necessary to solve #2328Micah Anderson
Change-Id: Ie28de8d3f7a8c8cf52ce30365379a476d48dc88b
2014-05-22Move rsyslog preferences snippet to site_apt::preferences::rsyslog, toMicah Anderson
group it with the other preferences snippets Change-Id: I83928c6b82cd6218a80c95475729cb57f146ff85
2014-05-06install openvpn from wheezy-backports, this will bring in openvpn 2.3,Micah Anderson
which will provide us with proper ipv6 support Change-Id: I0188732aae6cbc64ab57e95bf805d6158fa17e07
2014-02-12added apt::preferences file for check-mk-\* to install from backportsvarac
2013-10-16/etc/apt/preferences is changed twice on every puppetrun on couch nodes ↵varac
(Feature #3962) this will fix the alteration of the preferences file. we now use the apt module default preferences, and pin the depending packages from squeeze that are dependencies for the bigcouch package in the couchdb module, class couchdb::bigcouch::package::cloudant.
2013-09-05Some packages are installed before refresh_apt is called (Bug #2988)varac
2013-08-27now that soledad has been split we can better organize things (#3579)Micah Anderson
. create a soledad::common class . leap-mx now only needs to include soledad-common . move the site_apt::preferences::twisted to a preferences block inside the soledad server class . make sure that the packages are doing 'ensure => latest' instead of installed Change-Id: Ifa978e831cdc8835666b27322a6e068d67251f5d
2013-08-15Because both soledad and leap-mx do not function with twisted 12, we had to ↵Micah Anderson
backport twisted 13. In order to install the backported dependencies we need an apt preferences_snippet installed for the backported twisted packages Change-Id: I886bb735eeb3abe7955c7cf054b749554ab84746
2013-06-27update the apt submodule in order to get the fix for unattended_upgrades ↵Micah Anderson
(#2984) and the custom_key_dir as a class parameter remove the global variable from setup.pp and site.pp and instead pass it into the apt class declaration as a parameter Change-Id: I24806f2fd22b5a066b951c5f76f3dd748481b5b6