diff options
author | varac <varacanero@zeromail.org> | 2016-11-04 14:39:23 +0100 |
---|---|---|
committer | varac <varacanero@zeromail.org> | 2016-11-04 14:39:23 +0100 |
commit | 5d001efb65f4ac2afa39d17b7b62d4f861f450a3 (patch) | |
tree | 88b282297150f4890fce19182206dc9bfa0f3a9d | |
parent | 33c61e8df59db1abbed379a9e9790946060a8f1e (diff) | |
parent | 584b7aad338206026d62d846122e6bef532a2d2a (diff) |
Merge remote-tracking branch 'shared/master' into leap_master
51 files changed, 752 insertions, 608 deletions
diff --git a/.fixtures.yml b/.fixtures.yml new file mode 100644 index 0000000..99efd66 --- /dev/null +++ b/.fixtures.yml @@ -0,0 +1,6 @@ +fixtures: + repositories: + "common": + "repo": "https://gitlab.com/shared-puppet-modules-group/common.git" + symlinks: + "apt": "#{source_dir}" @@ -1,10 +1,8 @@ /pkg/ /Gemfile.lock /vendor/ -/spec/fixtures/manifests/* -/spec/fixtures/modules/* -!/spec/fixtures/modules/apt -!/spec/fixtures/modules/apt/* +/spec/fixtures +/log /.vagrant/ /.bundle/ /coverage/ diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f7b8eca..49bf2e3 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,12 +1,42 @@ +image: leapcode/ruby before_script: - - ruby -v - - gem install bundler --no-ri --no-rdoc - - bundle install --jobs $(nproc) "${FLAGS[@]}" + - "[ -d /var/cache/gitlab-runner ] || sudo mkdir /var/cache/gitlab-runner" + - sudo chown cirunner:cirunner -R /var/cache/gitlab-runner + - bundle install --jobs $(nproc) --without system_tests --path=/var/cache/gitlab-runner/ "${FLAGS[@]}" -# don't fail on lint warnings -rspec: +.job_template: &job_definition script: + # don't fail on lint warnings - bundle exec rake lint || /bin/true - bundle exec rake syntax - bundle exec rake validate - bundle exec rake spec + +# Default debian jessie versions +test:puppet37: + variables: + PUPPET_VERSION: "~> 3.7.2" + FACTER_VERSION: '~> 2.2.0' + <<: *job_definition + +test:puppet38_future_parser: + variables: + PUPPET_VERSION: '~> 3.8' + FACTER_VERSION: '~> 2.2.0' + FUTURE_PARSER: 'yes' + <<: *job_definition + +# Default debia stretch versions +test:puppet45: + variables: + PUPPET_VERSION: "~> 4.5.2" + FACTER_VERSION: '~> 2.4.6' + <<: *job_definition + +# Latest greatest +test:puppet4x: + variables: + PUPPET_VERSION: "> 4" + FACTER_VERSION: '> 2' + <<: *job_definition + @@ -1,13 +1,22 @@ source "https://rubygems.org" -group :test do +group :development, :unit_tests do gem "rake" - gem "rspec", '< 3.2.0' - gem "puppet", ENV['PUPPET_VERSION'] || ENV['GEM_PUPPET_VERSION'] || ENV['PUPPET_GEM_VERSION'] || '~> 3.7.0' - gem "facter", ENV['FACTER_VERSION'] || ENV['GEM_FACTER_VERSION'] || ENV['FACTER_GEM_VERSION'] || '~> 2.2.0' - gem "rspec-puppet" + gem "rspec-puppet", "~> 2.1", :require => false + gem "rspec-core", "3.1.7", :require => false gem "puppetlabs_spec_helper" gem "metadata-json-lint" gem "rspec-puppet-facts" gem "mocha" end + +group :system_tests do + gem 'beaker' + gem 'beaker-rspec' + gem 'beaker_spec_helper' + gem 'serverspec' +end + +gem "puppet", ENV['PUPPET_VERSION'] || ENV['GEM_PUPPET_VERSION'] || ENV['PUPPET_GEM_VERSION'] || '~> 3.7.0' +gem "facter", ENV['FACTER_VERSION'] || ENV['GEM_FACTER_VERSION'] || ENV['FACTER_GEM_VERSION'] || '~> 2.2.0' + @@ -1,6 +1,38 @@ - -Overview -======== +# apt module + +#### Table of Contents + +* [Overview](#overview) + * [Upgrade Notice](#upgrade-notice) +* [Requirements](#requirements) +* [Classes](#classes) + * [apt](#apt) + * [apt::apticron](#apt-apticron) + * [apt::cron::dist_upgrade](#apt-cron-dist_upgrade) + * [apt::dist_upgrade](#apt-dist_upgrade) + * [apt::dist_upgrade::initiator](#apt-dist_upgrade-initiator) + * [apt::dselect](#apt-dselect) + * [apt::listchanges](#apt-listchanges) + * [apt::proxy_client](#apt-proxy_client) + * [apt::reboot_required_notify](#apt-reboot_required_notify) + * [apt::unattended_upgrades](#apt-unattended_upgrades) +* [Defines](#defines) + * [apt::apt_conf](#apt-apt_conf) + * [apt::preferences_snippet](#apt-preferences_snippet) + * [apt::preseeded_package](#apt-preseeded_package) + * [apt::sources_list](#apt-sources_list) + * [apt::key](#apt-key) + * [`apt::key::plain`](#apt-key-plain) + * [apt::upgrade_package](#apt-upgrade_package) +* [Resources](#ressources) + * [File\['apt_config'\]](#fileapt_config) + * [Exec\['apt_updated'\]](#execapt_updated) +* [Tests](#tests) + * [Acceptance Tests](#acceptance-tests) +* [Licensing](#licensing) + + +# Overview<a name="overview"></a> This module manages apt on Debian. @@ -9,110 +41,132 @@ package download current. backports.debian.org is added. -/etc/apt/sources.list and /etc/apt/preferences are managed. More +`/etc/apt/sources.list` and `/etc/apt/preferences` are managed. More recent Debian releases are pinned to very low values by default to prevent accidental upgrades. Ubuntu support is lagging behind but not absent either. -! Upgrade Notice ! +## Upgrade Notice<a name="upgrade-notice"></a> + + * The `$apt_cron_hours` global variable is deprecated. + Use `apt::cron::dist_upgrade`'s `cron_hours` parameter instead. + + * The default value of the `$repos` parameter was removed since the logic is + now in the `apt::params` class. If you have explicitly set `$repos` to + 'auto' in your manifests, you should remove this. * The `disable_update` parameter has been removed. The main apt class defaults to *not* run an `apt-get update` on every run anyway so this parameter seems useless. You can include the `apt::update` class if you want it to be run every time. - * The `apt::upgrade_package` now doesn't automatically call an Exec['apt_updated'] + * The `apt::upgrade_package` now doesn't automatically call an `Exec['apt_updated']` anymore, so you would need to include `apt::update` now by hand. - * The apt::codename parameter has been removed. In its place, the - debian_codename fact may be overridden via an environment variable. This - will affect all other debian_* facts, and achieve the same result. + * The `apt::codename` parameter has been removed. In its place, the + `debian_codename` fact may be overridden via an environment variable. This + will affect all other `debian_*` facts, and achieve the same result. - FACTER_debian_codename=jessie puppet agent -t + FACTER_debian_codename=jessie puppet agent -t - * If you were using custom 50unattended-upgrades.${::lsbdistcodename} in your - site_apt, these are no longer supported. You should migrate to passing - $blacklisted_packages to the apt::unattended_upgrades class. + * If you were using custom `50unattended-upgrades.${::lsbdistcodename}` in your + `site_apt`, these are no longer supported. You should migrate to passing + `$blacklisted_packages` to the `apt::unattended_upgrades` class. * the apt class has been moved to a paramterized class. if you were including this class before, after passing some variables, you will need to move to - instantiating the class with those variables instead. For example, if you + instantiating the class with those variables instead. For example, if you had the following in your manifests: - $apt_debian_url = 'http://localhost:9999/debian/' - $apt_use_next_release = true - include apt - + $apt_debian_url = 'http://localhost:9999/debian/' + $apt_use_next_release = true + include apt + you will need to remove the variables, and the include and instead do the following: - class { 'apt': debian_url => 'http://localhost:9999/debian/', use_next_release => true } + class { 'apt': + debian_url => 'http://localhost:9999/debian/', + use_next_release => true; + } - previously, you could manually set $lsbdistcodename which would enable forced + previously, you could manually set `$lsbdistcodename` which would enable forced upgrades, but because this is a top-level facter variable, and newer puppet versions do not let you assign variables to other namespaces, this is no longer possible. However, there is a way to obtain this functionality, and that is to pass the 'codename' parameter to the apt class, which will change - the sources.list and preferences files to be the codename you set, allowing + the `sources.list` and `preferences` files to be the codename you set, allowing you to trigger upgrades: - include apt::dist_upgrade - class { 'apt': codename => 'wheezy', notify => Exec['apt_dist-upgrade'] } + include apt::dist_upgrade + class { 'apt': + codename => 'wheezy', + notify => Exec['apt_dist-upgrade']; + } - * the apticron class has been moved to a parameterized class. if you were + * the `apticron` class has been moved to a parameterized class. if you were including this class before, you will need to move to instantiating the class instead. For example, if you had the following in your manifests: - $apticron_email = 'foo@example.com' - $apticron_notifynew = '1' - ... any $apticron_* variables - include apticron + $apticron_email = 'foo@example.com' + $apticron_notifynew = '1' + ... any $apticron_* variables + include apticron you will need to remove the variables, and the include and instead do the following: - class { 'apt::apticron': email => 'foo@example.com', notifynew => '1' } + class { 'apt::apticron': + email => 'foo@example.com', + notifynew => '1'; + } - * the apt::listchanges class has been moved to a paramterized class. if you + * the `apt::listchanges` class has been moved to a paramterized class. if you were including this class before, after passing some variables, you will need to move to instantiating the class with those variables instead. For example, if you had the following in your manifests: - $apt_listchanges_email = 'foo@example.com' - ... any $apt_listchanges_* variables - include apt::listchanges + $apt_listchanges_email = 'foo@example.com' + ... any $apt_listchanges_* variables + include apt::listchanges you will need to remove the variables, and the include and instead do the following: - - class { 'apt::listchanges': email => 'foo@example.com' } - - * the apt::proxy_client class has been moved to a paramterized class. if you + + class { 'apt::listchanges': + email => 'foo@example.com'; + } + + * the `apt::proxy_client` class has been moved to a paramterized class. if you were including this class before, after passing some variables, you will need to move to instantiating the class with those variables instead. For example, if you had the following in your manifests: - $apt_proxy = 'http://proxy.domain' - $apt_proxy_port = 666 - include apt::proxy_client + $apt_proxy = 'http://proxy.domain' + $apt_proxy_port = 666 + include apt::proxy_client you will need to remove the variables, and the include and instead do the following: - class { 'apt::proxy_client': proxy => 'http://proxy.domain', port => '666' } + class { 'apt::proxy_client': + proxy => 'http://proxy.domain', + port => '666'; + } -Requirements -============ + +# Requirements<a name="requirements"></a> This module needs: -- the lsb-release package should be installed on the server prior to running - puppet. otherwise, all of the $::lsb* facts will be empty during runs. -- the common module: https://gitlab.com/shared-puppet-modules-group/common + * the `lsb-release` package should be installed on the server prior to running + puppet. otherwise, all of the `$::lsb*` facts will be empty during runs. + + * the [common module](https://gitlab.com/shared-puppet-modules-group/common) By default, on normal hosts, this module sets the configuration option -DSelect::Clean to 'auto'. On virtual servers, the value is set by default to +`DSelect::Clean` to 'auto'. On virtual servers, the value is set by default to 'pre-auto', because virtual servers are usually more space-bound and have better recovery mechanisms via the host: @@ -125,45 +179,47 @@ From apt.conf(5), 0.7.2: instance). pre-auto performs this action before downloading new packages." -To change the default setting for DSelect::Clean, you can create a file named -"03clean" or "03clean_vserver" in your site_apt module's files directory. You +To change the default setting for `DSelect::Clean`, you can create a file named +"03clean" or "03clean_vserver" in your `site_apt` module's files directory. You can also define this for a specific host by creating a file in a subdirectory of -the site_apt modules' files directory that is named the same as the +the `site_apt` modules' files directory that is named the same as the host. (example: site_apt/files/some.host.com/03clean, or site_apt/files/some.host.com/03clean_vserver) -Classes -======= -apt ---- +# Classes<a name="classes"></a> + +## apt<a name="apt"></a> The apt class sets up most of the documented functionality. To use functionality that is not enabled by default, you must set one of the following parameters. Example usage: - class { 'apt': use_next_release => true, debian_url => 'http://localhost:9999/debian/' } + class { 'apt': + use_next_release => true, + debian_url => 'http://localhost:9999/debian/', + } -Class parameters: +**Class parameters:** -* use_lts +### use_lts If this variable is set to true the CODENAME-lts sources (such as - squeeze-lts) are added. + wheezy-lts) are added. By default this is false for backward compatibility with older versions of this module. -* use_volatile +### use_volatile If this variable is set to true the CODENAME-updates sources (such as - squeeze-updates) are added. + wheezy-updates) are added. By default this is false for backward compatibility with older versions of this module. -* include_src +### include_src If this variable is set to true a deb-src source is added for every added binary archive source. @@ -171,7 +227,7 @@ Class parameters: By default this is false for backward compatibility with older versions of this module. -* use_next_release +### use_next_release If this variable is set to true the sources for the next Debian release are added. The default pinning configuration pins it to very @@ -180,35 +236,35 @@ Class parameters: By default this is false for backward compatibility with older versions of this module. -* debian_url, security_url, backports_url, volatile_url +### debian_url, security_url, volatile_url These variables allow to override the default APT mirrors respectively used for the standard Debian archives, the Debian security archive, - the Debian official backports and the Debian Volatile archive. + and the Debian Volatile archive. -* ubuntu_url +### ubuntu_url These variables allows to override the default APT mirror used for all standard Ubuntu archives (including updates, security, backports). -* repos +### repos If this variable is set the default repositories list ("main contrib non-free") is overriden. -* disable_update +### disable_update - Disable "apt-get update" which is normally triggered by apt::upgrade_package - and apt::dist_upgrade. + Disable "apt-get update" which is normally triggered by apt::upgrade_package + and apt::dist_upgrade. - Note that nodes can be updated once a day by using + Note that nodes can be updated once a day by using APT::Periodic::Update-Package-Lists "1"; in i.e. /etc/apt/apt.conf.d/80_apt_update_daily. -* custom_preferences +### custom_preferences For historical reasons (Debian Lenny's version of APT did not support the use - of the preferences.d directory for putting fragments of 'preferences'), this + of the `preferences.d` directory for putting fragments of 'preferences'), this module will manage a default generic apt/preferences file with more recent releases pinned to very low values so that any package installation will not accidentally pull in packages from those suites @@ -216,231 +272,235 @@ Class parameters: complemented with all of the preferences_snippet calls (see below). If the default preferences template doesn't suit your needs, you can create a - template located in your site_apt module, and set custom_preferences with the + template located in your `site_apt` module, and set custom_preferences with the content (eg. custom_preferences => template('site_apt/preferences') ) Setting this variable to false before including this class will force the - apt/preferences file to be absent: + `apt/preferences` file to be absent: - class { 'apt': custom_preferences => false } - -* custom_sources_list + class { 'apt': + custom_preferences => false, + } - By default this module will use a basic apt/sources.list template with +### custom_sources_list + + By default this module will use a basic `apt/sources.list` template with a generic Debian mirror. If you need to set more specific sources, e.g. changing the sections included in the source, etc. you can set this variable to the content that you desire to use instead. For example, setting this variable will pull in the - templates/site_apt/sources.list file: + `templates/site_apt/sources.list` file: - class { 'apt': custom_sources_list => template('site_apt/sources.list') } + class { 'apt': + custom_sources_list => template('site_apt/sources.list'), + } -* custom_key_dir +### custom_key_dir If you have different apt-key files that you want to get added to your apt keyring, you can set this variable to a path in your fileserver where individual key files can be placed. If this is set and keys - exist there, this module will 'apt-key add' each key. + exist there, this module will `apt-key add` each key. The debian-archive-keyring package is installed and kept current up to the latest revision (this includes the backports archive keyring). -apt::apticron -------------- + +## apt::apticron<a name="apt-apticron"></a> When you instantiate this class, apticron will be installed, with the following defaults, which you are free to change: - $ensure_version = 'installed', - $config = "apt/${::operatingsystem}/apticron_${::lsbdistcodename}.erb", - $email = 'root', - $diff_only = '1', - $listchanges_profile = 'apticron', - $system = false, - $ipaddressnum = false, - $ipaddresses = false, - $notifyholds = '0', - $notifynew = '0', - $customsubject = '' + $ensure_version = 'installed', + $config = "apt/${::operatingsystem}/apticron_${::lsbdistcodename}.erb", + $email = 'root', + $diff_only = '1', + $listchanges_profile = 'apticron', + $system = false, + $ipaddressnum = false, + $ipaddresses = false, + $notifyholds = '0', + $notifynew = '0', + $customsubject = '' Example usage: - class { 'apt::apticron': email => 'foo@example.com', notifynew => '1' } + class { 'apt::apticron': + email => 'foo@example.com', + notifynew => '1', + } -apt::cron::download -------------------- -This class sets up cron-apt so that it downloads upgradable packages, does not -actually do any upgrade and emails when the output changes. +## apt::cron::dist_upgrade<a name="apt-cron-dist_upgrade"></a> -cron-apt defaults to run at 4 AM. You may want to set the -$apt_cron_hours variable before you include the class: its value will +This class sets up cron-apt so that it dist-upgrades the system and +emails when upgrades are performed. + +`cron-apt` defaults to run at 4 AM. You may want to set the +`$cron_hours` class parameter before you include the class: its value will be passed as the "hours" parameter of a cronjob. Example: - # Run cron-apt every three hours - $apt_cron_hours = '*/3' + # Run cron-apt every three hours + class { 'apt::cron::dist_upgrade': cron_hours => '*/3' } Note that the default 4 AM cronjob won't be disabled. -apt::cron::dist_upgrade ------------------------ +## apt::dist_upgrade<a name="apt-dist_upgrade"></a> -This class sets up cron-apt so that it dist-upgrades the system and -emails when upgrades are performed. - -See apt::cron::download above if you need to run cron-apt more often -than once a day. - -apt::dist_upgrade ------------------ - -This class provides the Exec['apt_dist-upgrade'] resource that +This class provides the `Exec['apt_dist-upgrade']` resource that dist-upgrade's the system. This exec is set as refreshonly so including this class does not trigger any action per-se: other resources may notify it, other classes may inherit from this one and add to its subscription list -using the plusignment ('+>') operator. A real-world example can be -seen in the apt::dist_upgrade::initiator source. +using the plusignment (`+>`) operator. A real-world example can be +seen in the `apt::dist_upgrade::initiator` source. + +Parameters: -apt::dist_upgrade::initiator ----------------------------- + * timeout: specified in seconds; the maximum time the `dist-upgrade` + command should take. If the command takes longer than the timeout, + the command is considered to have failed and will be stopped. + +## apt::dist_upgrade::initiator<a name="apt-dist_upgrade-initiator"></a> This class automatically dist-upgrade's the system when an initiator file's content changes. The initiator file is copied from the first available source amongst the following ones, in decreasing priority order: -- puppet:///modules/site_apt/${::fqdn}/upgrade_initiator -- puppet:///modules/site_apt/upgrade_initiator -- puppet:///modules/apt/upgrade_initiator + * `puppet:///modules/site_apt/${::fqdn}/upgrade_initiator` + + * `puppet:///modules/site_apt/upgrade_initiator` + + * `puppet:///modules/apt/upgrade_initiator` This is useful when one does not want to setup a fully automated upgrade process but still needs a way to manually trigger full upgrades of any number of systems at scheduled times. -Beware: a dist-upgrade is triggered the first time Puppet runs after +**Beware:** a `dist-upgrade` is triggered the first time Puppet runs after this class has been included. This is actually the single reason why this class is not enabled by default. When this class is included the APT indexes are updated on every Puppet run due to the author's lack of Puppet wizardry. -apt::dselect ------------- + +## apt::dselect<a name="apt-dselect"></a> This class, when included, installs dselect and switches it to expert mode to suppress superfluous help screens. -apt::listchanges ----------------- -This class, when instantiated, installs apt-listchanges and configures it using +## apt::listchanges<a name="apt-listchanges"></a> + +This class, when instantiated, installs `apt-listchanges` and configures it using the following parameterized variables, which can be changed: - version = 'present' - config = "apt/${::operatingsystem}/listchanges_${::lsbrelease}.erb" - frontend = 'pager' - email = 'root' - confirm = 0 - saveseen = '/var/lib/apt/listchanges.db' - which = 'both' + version = 'present' + config = "apt/${::operatingsystem}/listchanges_${::lsbrelease}.erb" + frontend = 'pager' + email = 'root' + confirm = 0 + saveseen = '/var/lib/apt/listchanges.db' + which = 'both' + +Example usage: + + class { 'apt::listchanges': + email => 'foo@example.com', + } + - Example usage: - class { 'apt::listchanges': email => 'foo@example.com' } - -apt::proxy_client ------------------ +## apt::proxy_client<a name="apt-proxy_client"></a> This class adds the right configuration to apt to make it fetch packages via a -proxy. The class parameters apt_proxy and apt_proxy_port need to be set: +proxy. The class parameters `apt_proxy` and `apt_proxy_port` need to be set: -You can set the 'proxy' class parameter variable to the URL of the proxy that +You can set the `proxy` class parameter variable to the URL of the proxy that will be used. By default, the proxy will be queried on port 3142, but you can -change the port number by setting the 'port' class parameter. +change the port number by setting the `port` class parameter. -Example: +Example usage: - class { 'apt::proxy_client': proxy => 'http://proxy.domain', port => '666' } + class { 'apt::proxy_client': + proxy => 'http://proxy.domain', + port => '666', + } -apt::reboot_required_notify ---------------------------- + +## apt::reboot_required_notify<a name="apt-reboot_required_notify"></a> This class installs a daily cronjob that checks if a package upgrade requires the system to be rebooted; if so, cron sends a notification email to root. -apt::unattended_upgrades ------------------------- -If this class is included, it will install the package 'unattended-upgrades' +## apt::unattended_upgrades<a name="apt-unattended_upgrades"></a> + +If this class is included, it will install the package `unattended-upgrades` and configure it to daily upgrade the system. The class has the following parameters that you can use to change the contents of the configuration file. The values shown here are the default values: - * $config_content = undef - * $config_template = 'apt/50unattended-upgrades.erb' - * $mailonlyonerror = true - * $mail_recipient = 'root' - * $blacklisted_packages = [] + $config_content = undef + $config_template = 'apt/50unattended-upgrades.erb' + $mailonlyonerror = true + $mail_recipient = 'root' + $blacklisted_packages = [] -Note that using $config_content actually specifies all of the configuration +Note that using `$config_content` actually specifies all of the configuration contents and thus makes the other parameters useless. -example: +Example usage: class { 'apt::unattended_upgrades': config_template => 'site_apt/50unattended-upgrades.jessie', - blacklisted_packages => [ - 'libc6', 'libc6-dev', 'libc6-i686', 'mysql-server', 'redmine', 'nodejs', - 'bird' - ], + blacklisted_packages => [ 'libc6', 'libc6-dev', 'libc6-i686', + 'mysql-server', 'redmine', 'nodejs', 'bird' ], } -Defines -======= -apt::apt_conf -------------- +# Defines<a name="defines"></a> + +## apt::apt_conf<a name="apt-apt_conf"></a> -Creates a file in the apt/apt.conf.d directory to easily add configuration -components. One can use either the 'source' meta-parameter to specify a list of -static files to include from the puppet fileserver or the 'content' +Creates a file in the `apt/apt.conf.d` directory to easily add configuration +components. One can use either the `source` meta-parameter to specify a list of +static files to include from the puppet fileserver or the `content` meta-parameter to define content inline or with the help of a template. -Example: +Example usage: - apt::apt_conf { '80download-only': - source => 'puppet:///modules/site_apt/80download-only', - } + apt::apt_conf { '80download-only': + source => 'puppet:///modules/site_apt/80download-only', + } -apt::preferences_snippet ------------------------- -A way to add pinning information to files in /etc/apt/preferences.d/ +## apt::preferences_snippet<a name="apt-preferences_snippet"></a> -Example: +A way to add pinning information to files in `/etc/apt/preferences.d/` - apt::preferences_snippet { - 'irssi-plugin-otr': - release => 'squeeze-backports', - priority => 999; - } +Examples: - apt::preferences_snippet { - 'unstable_fallback': - package => '*', - release => 'unstable', - priority => 1; - } + apt::preferences_snippet { 'irssi-plugin-otr': + release => 'jessie-backports', + priority => 999, + } - apt::preferences_snippet { - 'ttdnsd': - pin => 'origin deb.torproject.org', - priority => 999; - } + apt::preferences_snippet { 'unstable_fallback': + package => '*', + release => 'unstable', + priority => 1, + } + + apt::preferences_snippet { 'ttdnsd': + pin => 'origin deb.torproject.org', + priority => 999, + } The names of the resources will be used as the names of the files in the preferences.d directory, so you should ensure that resource names follow the @@ -453,52 +513,53 @@ From apt_preferences(5): only contain alphanumeric, hyphen (-), underscore (_) and period (.) characters - otherwise they will be silently ignored. -apt::preseeded_package ----------------------- + +## apt::preseeded_package<a name="apt-preseeded_package"></a> This simplifies installation of packages for which you wish to preseed the answers to debconf. For example, if you wish to provide a preseed file for the -locales package, you would place the locales.seed file in -'site_apt/templates/${::lsbdistcodename}/locales.seeds' and then include the +locales package, you would place the `locales.seed` file in +`site_apt/templates/${::lsbdistcodename}/locales.seeds` and then include the following in your manifest: - apt::preseeded_package { locales: } + apt::preseeded_package { locales: } -You can also specify the content of the seed via the content parameter, +You can also specify the content of the seed via the content parameter, for example: - apt::preseeded_package { 'apticron': - content => 'apticron apticron/notification string root@example.com', - } + apt::preseeded_package { 'apticron': + content => 'apticron apticron/notification string root@example.com', + } -apt::sources_list ------------------ -Creates a file in the apt/sources.list.d directory to easily add additional apt -sources. One can use either the 'source' meta-parameter to specify a list of -static files to include from the puppet fileserver or the 'content' +## apt::sources_list<a name="apt-sources_list"></a> + +Creates a file in the `apt/sources.list.d` directory to easily add additional apt +sources. One can use either the `source` meta-parameter to specify a list of +static files to include from the puppet fileserver or the `content` meta-parameter to define content inline or with the help of a template. Ending -the resource name in '.list' is optional: it will be automatically added to the +the resource name in `.list` is optional: it will be automatically added to the file name if not present in the resource name. -Example: +Example usage: + + apt::sources_list { 'company_internals': + source => [ "puppet:///modules/site_apt/${::fqdn}/company_internals.list", + 'puppet:///modules/site_apt/company_internals.list' ]; + } - apt::sources_list { 'company_internals': - source => [ "puppet:///modules/site_apt/${::fqdn}/company_internals.list", - 'puppet:///modules/site_apt/company_internals.list' ], - } -apt::key --------- +## apt::key<a name="apt-key"></a> Deploys a secure apt OpenPGP key. This usually accompanies the sources.list snippets above for third party repositories. For example, you would do: - apt::key { 'neurodebian.gpg': - ensure => present, - source => 'puppet:///modules/site_apt/neurodebian.gpg', - } + apt::key { + 'neurodebian.gpg': + ensure => present, + source => 'puppet:///modules/site_apt/neurodebian.gpg'; + } This deploys the key in the `/etc/apt/trusted.gpg.d` directory, which is assumed by secure apt to be binary OpenPGP keys and *not* @@ -507,16 +568,16 @@ use `apt::key::plain`. The `.gpg` extension is compulsory for `apt` to pickup the key properly. -apt::key::plain ---------------- + +## `apt::key::plain`<a name="apt-key-plain"></a> Deploys a secure apt OpenPGP key. This usually accompanies the sources.list snippets above for third party repositories. For example, you would do: - apt::key::plain { 'neurodebian.asc': - source => 'puppet:///modules/site_apt/neurodebian.asc', - } + apt::key::plain { 'neurodebian.asc': + source => 'puppet:///modules/site_apt/neurodebian.asc'; + } This deploys the key in the `${apt_base_dir}/keys` directory (as opposed to `$custom_key_dir` which deploys it in `keys.d`). The reason @@ -528,8 +589,8 @@ Note that this model does *not* currently allow keys to be removed! Use `apt::key` instead for a more practical, revokable approach, but that needs binary keys. -apt::upgrade_package --------------------- + +## apt::upgrade_package<a name="apt-upgrade_package"></a> This simplifies upgrades for DSA security announcements or point-releases. This will ensure that the named package is upgraded to the version specified, only if @@ -541,23 +602,22 @@ For example, the following upgrades the perl package to version 5.8.8-7etch1 (if it is installed), it also upgrades the syslog-ng and perl-modules packages to their latest (also, only if they are installed): -upgrade_package { 'perl': - version => '5.8.8-7etch1'; - 'syslog-ng': - version => latest; - 'perl-modules': -} + upgrade_package { + 'perl': + version => '5.8.8-7etch1'; + 'syslog-ng': + version => latest; + 'perl-modules': + } -Resources -========= -File['apt_config'] ------------------- +# Resources<a name="ressources"></a> + +## File['apt_config']<a name="file-apt-config"></a> Use this resource to depend on or add to a completed apt configuration -Exec['apt_updated'] -------------------- +## Exec['apt_updated']<a name="exec-apt-updated"></a> After this point the APT indexes are up-to-date. This resource is set to `refreshonly => true` so it is not run on @@ -568,30 +628,53 @@ This resource is usually used like this to ensure current packages are installed by Package resources: include apt::update - Package { require => Exec['apt_updated'] } + Package { + require => Exec['apt_updated'] + } Note that nodes can be updated once a day by using APT::Periodic::Update-Package-Lists "1"; -in i.e. /etc/apt/apt.conf.d/80_apt_update_daily. +in i.e. `/etc/apt/apt.conf.d/80_apt_update_daily`. -Tests -===== +# Tests<a name="test"></a> To run pupept rspec tests: bundle install --path vendor/bundle bundle exec rake spec +Verbose Output: + + bundle exec rake spec SPEC_OPTS='--format documentation' + Using different facter/puppet versions: FACTER_GEM_VERSION=1.6.10 PUPPET_GEM_VERSION=2.7.23 bundle install --path vendor/bundle bundle exec rake spec -Licensing -========= +## Acceptance Tests<a name="acceptance-tests"></a> + +At the moment, we use [beaker together with docker](https://github.com/puppetlabs/beaker/blob/master/docs/Docker-Support.md) +to do acceptance testing. +Be sure to have a recent docker version installed. + +List configured nodesets: + + bundle exec rake beaker_nodes + +Run tests on default node (Debian Jessie): + + bundle exec rake beaker + +Run different nodeset: + + BEAKER_set="debian-8-x86_64-docker" bundle exec rspec spec/acceptance/*_spec.rb + + +# Licensing<a name="licensing"></a> This puppet module is licensed under the GPL version 3 or later. Redistribution and modification is encouraged. diff --git a/lib/facter/debian_nextcodename.rb b/lib/facter/debian_nextcodename.rb index c4c569b..654fe20 100644 --- a/lib/facter/debian_nextcodename.rb +++ b/lib/facter/debian_nextcodename.rb @@ -4,8 +4,10 @@ rescue LoadError require "#{File.dirname(__FILE__)}/util/debian" end -def debian_codename_to_next(codename) - if codename == "sid" +def debian_codename_to_next(codename, release) + if release == "testing" + return "sid" + elsif release == "unstable" return "experimental" else codenames = Facter::Util::Debian::CODENAMES @@ -18,6 +20,6 @@ end Facter.add(:debian_nextcodename) do confine :operatingsystem => 'Debian' setcode do - debian_codename_to_next(Facter.value('debian_codename')) + debian_codename_to_next(Facter.value('debian_codename'), Facter.value('debian_release')) end end diff --git a/manifests/apt_conf.pp b/manifests/apt_conf.pp index 949f615..fa8cfa3 100644 --- a/manifests/apt_conf.pp +++ b/manifests/apt_conf.pp @@ -1,15 +1,15 @@ define apt::apt_conf( $ensure = 'present', - $source = '', + $source = undef, $content = undef, $refresh_apt = true ) { - if $source == '' and $content == undef { + if $source == undef and $content == undef { fail("One of \$source or \$content must be specified for apt_conf ${name}") } - if $source != '' and $content != undef { + if $source != undef and $content != undef { fail("Only one of \$source or \$content must specified for apt_conf ${name}") } diff --git a/manifests/apticron.pp b/manifests/apticron.pp index 9c94f9c..89709a8 100644 --- a/manifests/apticron.pp +++ b/manifests/apticron.pp @@ -1,6 +1,6 @@ class apt::apticron( $ensure_version = 'installed', - $config = "apt/${::operatingsystem}/apticron_${::debian_codename}.erb", + $config = "apt/${::operatingsystem}/apticron.erb", $email = 'root', $diff_only = '1', $listchanges_profile = 'apticron', diff --git a/manifests/cron/base.pp b/manifests/cron/base.pp deleted file mode 100644 index 39fc306..0000000 --- a/manifests/cron/base.pp +++ /dev/null @@ -1,20 +0,0 @@ -class apt::cron::base { - - package { 'cron-apt': ensure => installed } - - case $apt_cron_hours { - '': {} - default: { - # cron-apt defaults to run every night at 4 o'clock - # so we try not to run at the same time. - cron { 'apt_cron_every_N_hours': - command => 'test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt', - user => root, - hour => "${apt_cron_hours}", - minute => 10, - require => Package['cron-apt'], - } - } - } - -} diff --git a/manifests/cron/dist_upgrade.pp b/manifests/cron/dist_upgrade.pp index 74403bb..e1a03ed 100644 --- a/manifests/cron/dist_upgrade.pp +++ b/manifests/cron/dist_upgrade.pp @@ -1,4 +1,23 @@ -class apt::cron::dist_upgrade inherits apt::cron::base { +class apt::cron::dist_upgrade ( + $cron_hours = '', +) { + + package { 'cron-apt': ensure => installed } + + case $cron_hours { + '': {} + default: { + # cron-apt defaults to run every night at 4 o'clock + # so we try not to run at the same time. + cron { 'apt_cron_every_N_hours': + command => 'test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt', + user => root, + hour => "${cron_hours}", + minute => 10, + require => Package['cron-apt'], + } + } + } $action = "autoclean -y dist-upgrade -y -o APT::Get::Show-Upgraded=true -o 'DPkg::Options::=--force-confold' diff --git a/manifests/cron/download.pp b/manifests/cron/download.pp deleted file mode 100644 index 4a19fec..0000000 --- a/manifests/cron/download.pp +++ /dev/null @@ -1,27 +0,0 @@ -class apt::cron::download inherits apt::cron::base { - - $action = "autoclean -y -dist-upgrade -d -y -o APT::Get::Show-Upgraded=true -" - - file { '/etc/cron-apt/action.d/4-dist-upgrade': - ensure => absent, - } - - file { '/etc/cron-apt/action.d/3-download': - content => $action, - require => Package[cron-apt], - owner => root, - group => 0, - mode => '0644'; - } - - file { '/etc/cron-apt/config.d/MAILON': - content => "MAILON=changes\n", - require => Package[cron-apt], - owner => root, - group => 0, - mode => '0644'; - } - -} diff --git a/manifests/dist_upgrade.pp b/manifests/dist_upgrade.pp index 19c031e..3061fb8 100644 --- a/manifests/dist_upgrade.pp +++ b/manifests/dist_upgrade.pp @@ -1,8 +1,11 @@ -class apt::dist_upgrade { +class apt::dist_upgrade ( + $timeout = 300, +) { exec { 'apt_dist-upgrade': command => '/usr/bin/apt-get -q -y -o \'DPkg::Options::=--force-confold\' dist-upgrade', refreshonly => true, + timeout => $timeout, before => Exec['apt_updated'] } diff --git a/manifests/init.pp b/manifests/init.pp index 4c44af2..3d93d22 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -11,7 +11,6 @@ class apt( $use_next_release = $apt::params::use_next_release, $debian_url = $apt::params::debian_url, $security_url = $apt::params::security_url, - $backports_url = $apt::params::backports_url, $lts_url = $apt::params::lts_url, $volatile_url = $apt::params::volatile_url, $ubuntu_url = $apt::params::ubuntu_url, @@ -20,20 +19,6 @@ class apt( $custom_sources_list = '', $custom_key_dir = $apt::params::custom_key_dir ) inherits apt::params { - case $::operatingsystem { - 'debian': { - $real_repos = $repos ? { - 'auto' => 'main contrib non-free', - default => $repos, - } - } - 'ubuntu': { - $real_repos = $repos ? { - 'auto' => 'main restricted universe multiverse', - default => $repos, - } - } - } package { 'apt': ensure => installed, @@ -55,14 +40,14 @@ class apt( mode => '0644'; } - apt_conf { '02show_upgraded': + ::apt::apt_conf { '02show_upgraded': source => [ "puppet:///modules/site_apt/${::fqdn}/02show_upgraded", 'puppet:///modules/site_apt/02show_upgraded', 'puppet:///modules/apt/02show_upgraded' ] } if ( $::virtual == 'vserver' ) { - apt_conf { '03clean_vserver': + ::apt::apt_conf { '03clean_vserver': source => [ "puppet:///modules/site_apt/${::fqdn}/03clean_vserver", 'puppet:///modules/site_apt/03clean_vserver', 'puppet:///modules/apt/03clean_vserver' ], @@ -70,7 +55,7 @@ class apt( } } else { - apt_conf { '03clean': + ::apt::apt_conf { '03clean': source => [ "puppet:///modules/site_apt/${::fqdn}/03clean", 'puppet:///modules/site_apt/03clean', 'puppet:///modules/apt/03clean' ] @@ -82,8 +67,6 @@ class apt( include apt::preferences::absent } default: { - # When squeeze becomes the stable branch, transform this file's header - # into a preferences.d file include apt::preferences } } @@ -93,18 +76,15 @@ class apt( ## This package should really always be current package { 'debian-archive-keyring': ensure => latest } - # backports uses the normal archive key now - package { 'debian-backports-keyring': ensure => absent } - if ($use_backports and !($::debian_release in ['testing', 'unstable', 'experimental'])) { apt::sources_list { 'backports': - content => "deb $backports_url ${::debian_codename}-backports ${apt::real_repos}", + content => "deb ${debian_url} ${::debian_codename}-backports ${apt::repos}", } if $include_src { apt::sources_list { 'backports-src': - content => "deb-src $backports_url ${::debian_codename}-backports ${apt::real_repos}", + content => "deb-src ${debian_url} ${::debian_codename}-backports ${apt::repos}", } } } diff --git a/manifests/listchanges.pp b/manifests/listchanges.pp index e64bb1b..ecbbe6d 100644 --- a/manifests/listchanges.pp +++ b/manifests/listchanges.pp @@ -1,6 +1,6 @@ class apt::listchanges( $ensure_version = 'installed', - $config = "apt/${::operatingsystem}/listchanges_${::debian_codename}.erb", + $config = "apt/${::operatingsystem}/listchanges.erb", $frontend = 'mail', $email = 'root', $confirm = '0', diff --git a/manifests/params.pp b/manifests/params.pp index 28af06e..2b18eb5 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -7,16 +7,19 @@ class apt::params () { $debian_url = 'http://httpredir.debian.org/debian/' $security_url = 'http://security.debian.org/' $ubuntu_url = 'http://archive.ubuntu.com/ubuntu' - $backports_url = $::debian_codename ? { - 'squeeze' => 'http://backports.debian.org/debian-backports/', - default => $::operatingsystem ? { - 'Ubuntu' => $ubuntu_url, - default => $debian_url, - } - } $lts_url = $debian_url $volatile_url = 'http://volatile.debian.org/debian-volatile/' - $repos = 'auto' + case $::operatingsystem { + 'debian': { + $repos = 'main contrib non-free' + } + 'ubuntu': { + $repos = 'main restricted universe multiverse' + } + default: { + fail("Unsupported system '${::operatingsystem}'.") + } + } $custom_preferences = '' $custom_key_dir = false } diff --git a/manifests/preferences.pp b/manifests/preferences.pp index 6982ca0..aedd56b 100644 --- a/manifests/preferences.pp +++ b/manifests/preferences.pp @@ -2,8 +2,8 @@ class apt::preferences { $pref_contents = $apt::custom_preferences ? { '' => $::operatingsystem ? { - 'debian' => template("apt/${::operatingsystem}/preferences_${::debian_codename}.erb"), - 'ubuntu' => template("apt/${::operatingsystem}/preferences_${::ubuntu_codename}.erb"), + 'debian' => template("apt/${::operatingsystem}/preferences.erb"), + 'ubuntu' => template("apt/${::operatingsystem}/preferences_${apt::codename}.erb"), }, default => $apt::custom_preferences } diff --git a/manifests/preferences_snippet.pp b/manifests/preferences_snippet.pp index b7dba0d..2b2fb74 100644 --- a/manifests/preferences_snippet.pp +++ b/manifests/preferences_snippet.pp @@ -2,9 +2,9 @@ define apt::preferences_snippet ( $priority = undef, $package = false, $ensure = 'present', - $source = '', - $release = '', - $pin = '' + $source = undef, + $release = undef, + $pin = undef ) { $real_package = $package ? { @@ -36,9 +36,9 @@ define apt::preferences_snippet ( } case $source { - '': { + undef: { case $release { - '': { + undef: { File["/etc/apt/preferences.d/${name}"]{ content => template('apt/preferences_snippet.erb') } diff --git a/manifests/preseeded_package.pp b/manifests/preseeded_package.pp index 3ef0687..162ade7 100644 --- a/manifests/preseeded_package.pp +++ b/manifests/preseeded_package.pp @@ -1,3 +1,4 @@ +# Install a package with a preseed file to automatically answer some questions. define apt::preseeded_package ( $ensure = 'installed', $content = '' @@ -10,7 +11,9 @@ define apt::preseeded_package ( file { $seedfile: content => $real_content, - mode => '0600', owner => root, group => root, + mode => '0600', + owner => 'root', + group => 0, } package { $name: diff --git a/manifests/proxy_client.pp b/manifests/proxy_client.pp index 9ba79f2..e7972f7 100644 --- a/manifests/proxy_client.pp +++ b/manifests/proxy_client.pp @@ -3,7 +3,7 @@ class apt::proxy_client( $port = '3142', ){ - apt_conf { '20proxy': + ::apt::apt_conf { '20proxy': content => template('apt/20proxy.erb'), } } diff --git a/manifests/reboot_required_notify.pp b/manifests/reboot_required_notify.pp index 722e8a5..efd8aeb 100644 --- a/manifests/reboot_required_notify.pp +++ b/manifests/reboot_required_notify.pp @@ -1,21 +1,11 @@ class apt::reboot_required_notify { - # This package installs the script that created /var/run/reboot-required*. - # This script (/usr/share/update-notifier/notify-reboot-required) is - # triggered e.g. by kernel packages. - package { 'update-notifier-common': - ensure => installed, - } - - # cron-apt defaults to run every night at 4 o'clock - # plus some random time <1h. - # so we check if a reboot is required a bit later. - cron { 'apt_reboot_required_notify': - command => 'if [ -f /var/run/reboot-required ]; then echo "Reboot required\n" ; cat /var/run/reboot-required.pkgs ; fi', - user => root, - hour => 5, - minute => 20, - require => Package['update-notifier-common'], + if versioncmp($::operatingsystemmajrelease, 8) >= 0 { + class { 'apt::reboot_required_notify::jessie': } + # Clean up systems that were upgraded from Wheezy or earlier: + class { 'apt::reboot_required_notify::wheezy': ensure => absent } + } else { + class { 'apt::reboot_required_notify::wheezy': } } } diff --git a/manifests/reboot_required_notify/jessie.pp b/manifests/reboot_required_notify/jessie.pp new file mode 100644 index 0000000..2de6b62 --- /dev/null +++ b/manifests/reboot_required_notify/jessie.pp @@ -0,0 +1,28 @@ +class apt::reboot_required_notify::jessie ($ensure = present) { + + if $::operatingsystemmajrelease == 8 and ! $::apt::use_backports { + fail('apt::reboot_required_notify requires $apt::use_backports on Jessie') + } + + $pinning_ensure = $::operatingsystemmajrelease ? { + 8 => present, + default => absent, + } + apt::preferences_snippet { 'reboot-notifier': + ensure => $pinning_ensure, + pin => 'release o=Debian Backports,a=jessie-backports', + priority => 991, + } + + # On Jessie and newer, this package installs the script that created + # /var/run/reboot-required*. + # This script (/usr/share/update-notifier/notify-reboot-required) is + # triggered e.g. by kernel packages. + # This package also sends a daily email to the administrator when a system + # reboot is required, e.g. due to a kernel update. + package { 'reboot-notifier': + ensure => $ensure, + require => Apt::Preferences_snippet['reboot-notifier'], + } + +} diff --git a/manifests/reboot_required_notify/wheezy.pp b/manifests/reboot_required_notify/wheezy.pp new file mode 100644 index 0000000..06998ef --- /dev/null +++ b/manifests/reboot_required_notify/wheezy.pp @@ -0,0 +1,23 @@ +class apt::reboot_required_notify::wheezy ($ensure = present) { + + # On Wheezy and older, this package installs the script that created + # /var/run/reboot-required*. + # This script (/usr/share/update-notifier/notify-reboot-required) is + # triggered e.g. by kernel packages. + package { 'update-notifier-common': + ensure => $ensure, + } + + # cron-apt defaults to run every night at 4 o'clock + # plus some random time <1h. + # so we check if a reboot is required a bit later. + cron { 'apt_reboot_required_notify': + ensure => $ensure, + command => 'if [ -f /var/run/reboot-required ]; then echo "Reboot required\n" ; cat /var/run/reboot-required.pkgs ; fi', + user => root, + hour => 5, + minute => 20, + require => Package['update-notifier-common'], + } + +} diff --git a/manifests/sources_list.pp b/manifests/sources_list.pp index 0ee068d..6ff4fc3 100644 --- a/manifests/sources_list.pp +++ b/manifests/sources_list.pp @@ -1,14 +1,15 @@ +# Configure an apt source define apt::sources_list ( - $ensure = 'present', - $source = '', + $ensure = 'present', + $source = undef, $content = undef ) { if $ensure == 'present' { - if $source == '' and $content == undef { + if $source == undef and $content == undef { fail("One of \$source or \$content must be specified for apt_sources_snippet ${name}") } - if $source != '' and $content != undef { + if $source != undef and $content != undef { fail("Only one of \$source or \$content must specified for apt_sources_snippet ${name}") } } @@ -22,7 +23,9 @@ define apt::sources_list ( # apparently doesn't. file { "/etc/apt/sources.list.d/${realname}.list": ensure => $ensure, - owner => root, group => 0, mode => '0644', + mode => '0644', + owner => 'root', + group => 0, notify => Exec['apt_updated'], } diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp index 52d7542..d604125 100644 --- a/manifests/unattended_upgrades.pp +++ b/manifests/unattended_upgrades.pp @@ -26,7 +26,7 @@ class apt::unattended_upgrades ( default => $config_content } - apt_conf { '50unattended-upgrades': + ::apt::apt_conf { '50unattended-upgrades': content => $file_content, require => Package['unattended-upgrades'], refresh_apt => false diff --git a/manifests/upgrade_package.pp b/manifests/upgrade_package.pp index 30572c9..e61b15d 100644 --- a/manifests/upgrade_package.pp +++ b/manifests/upgrade_package.pp @@ -1,3 +1,5 @@ +# Install a package either to a certain version, or while making sure that it's +# always the latest version that's installed. define apt::upgrade_package ( $version = '' ) { @@ -23,7 +25,7 @@ define apt::upgrade_package ( } exec { "apt-get -q -y -o 'DPkg::Options::=--force-confold' install ${name}${version_suffix}": - onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ], + onlyif => [ "grep-status -F Status installed -a -P ${name} -q", "apt-show-versions -u ${name} | grep -q upgradeable" ], require => Package['apt-show-versions', 'dctrl-tools'], before => Exec['apt_updated'] } diff --git a/spec/acceptance/apt_spec.rb b/spec/acceptance/apt_spec.rb new file mode 100644 index 0000000..a976a56 --- /dev/null +++ b/spec/acceptance/apt_spec.rb @@ -0,0 +1,21 @@ +require 'spec_helper_acceptance' + +describe 'apt class' do + + context 'default parameters' do + it 'should work idempotently with no errors' do + pp = <<-EOS + class { 'apt': } + EOS + + # Run it twice and test for idempotency + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) + end + + describe package('apt') do + it { is_expected.to be_installed } + end + + end +end diff --git a/spec/acceptance/nodesets/debian-8-x86_64-docker.yml b/spec/acceptance/nodesets/debian-8-x86_64-docker.yml new file mode 100644 index 0000000..f09ad62 --- /dev/null +++ b/spec/acceptance/nodesets/debian-8-x86_64-docker.yml @@ -0,0 +1,19 @@ +HOSTS: + debian-8-x64: + platform: debian-8-amd64 + image: debian:8 + hypervisor: docker + docker_preserve_image: true + docker_cmd: '["/sbin/init"]' + docker_image_commands: + - 'apt-get install -y wget locales-all puppet git' + - 'rm -f /usr/sbin/policy-rc.d' + +CONFIG: + type: foss + #log_level: verbose + #log_level: debug + +ssh: + password: root + auth_methods: ["password"] diff --git a/spec/acceptance/nodesets/default.yml b/spec/acceptance/nodesets/default.yml new file mode 120000 index 0000000..b125a96 --- /dev/null +++ b/spec/acceptance/nodesets/default.yml @@ -0,0 +1 @@ +debian-8-x86_64-docker.yml
\ No newline at end of file diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb new file mode 100644 index 0000000..9ba554f --- /dev/null +++ b/spec/classes/init_spec.rb @@ -0,0 +1,18 @@ +require 'spec_helper' + +describe 'apt', :type => :class do + let :pre_condition do + 'class { "apt": }' + end + let(:facts) { { + :lsbdistid => 'Debian', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :debian_release => 'jessie', + :debian_codename => 'jessie', + :lsbdistcodename => 'jessie', + :virtual => 'physical', + :puppetversion => Puppet.version, } } + #it { is_expected.to compile.with_all_deps } + it { is_expected.to compile } +end diff --git a/spec/defines/conf_spec.rb b/spec/defines/conf_spec.rb new file mode 100644 index 0000000..cc4fb1f --- /dev/null +++ b/spec/defines/conf_spec.rb @@ -0,0 +1,74 @@ +require 'spec_helper' +describe 'apt::apt_conf', :type => :define do + let :pre_condition do + 'class { "apt": }' + end + let(:facts) { { + :lsbdistid => 'Debian', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :debian_release => 'jessie', + :debian_codename => 'jessie', + :lsbdistcodename => 'jessie', + :virtual => 'physical', + :puppetversion => Puppet.version, } } + let :title do + 'norecommends' + end + + describe "when creating an apt_conf snippet" do + let :default_params do + { + :ensure => 'present', + :content => "Apt::Install-Recommends 0;\nApt::AutoRemove::InstallRecommends 1;\n" + } + end + let :params do + default_params + end + let :filename do + "/etc/apt/apt.conf.d/norecommends" + end + + it { is_expected.to contain_file(filename).with({ + 'ensure' => 'present', + 'content' => /Apt::Install-Recommends 0;\nApt::AutoRemove::InstallRecommends 1;/, + 'owner' => 'root', + # default to '0', not 'root' + #'group' => 'root', + 'mode' => '0644', + }) + } + + end + + describe "when creating a preference without content" do + let :params do + { + :ensure => 'absent', + } + end + + it 'fails' do + expect { subject.call } .to raise_error(Puppet::Error, /One of \$source or \$content must be specified for apt_conf norecommends/) + end + end + + describe "when removing an apt preference" do + let :params do + { + :ensure => 'absent', + :content => "Apt::Install-Recommends 0;\nApt::AutoRemove::InstallRecommends 1;\n", + } + end + + let :filename do + "/etc/apt/apt.conf.d/norecommends" + end + + it { is_expected.to contain_file(filename).with({ + 'ensure' => 'absent', + }) + } + end +end diff --git a/spec/defines/preferences_snippet_spec.rb b/spec/defines/preferences_snippet_spec.rb new file mode 100644 index 0000000..012a5f6 --- /dev/null +++ b/spec/defines/preferences_snippet_spec.rb @@ -0,0 +1,66 @@ +require 'spec_helper' +describe 'apt::preferences_snippet', :type => :define do + let :pre_condition do + 'class { "apt": }' + end + let(:facts) { { + :lsbdistid => 'Debian', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :debian_release => 'jessie', + :debian_codename => 'jessie', + :lsbdistcodename => 'jessie', + :virtual => 'physical', + :puppetversion => Puppet.version, } } + let :title do + 'test' + end + + describe "when creating a preferences_snippet" do + let :default_params do + { + :ensure => 'present', + :release => "jessie-backports", + :priority => '999' + } + end + let :params do + default_params + end + let :filename do + "/etc/apt/preferences.d/test" + end + + it { is_expected.to contain_file(filename).with({ + 'ensure' => 'present', + 'content' => /Package: test\nPin: release a=jessie-backports\nPin-Priority: 999/, + 'owner' => 'root', + 'group' => '0', + 'mode' => '0644', + }) + } + + end + + describe "when using both pin and release parameters" do + let :default_params do + { + :ensure => 'present', + :priority => '999', + :release => "jessie-backports", + :pin => '1.0' + } + end + let :params do + default_params + end + let :filename do + "/etc/apt/preferences.d/test" + end + + it 'fails' do + expect { subject.call } .to raise_error(Puppet::Error, /apt::preferences_snippet requires either a 'pin' or 'release' argument, not both/) + end + end + +end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 21d1a98..3cca63a 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,12 +1,12 @@ # https://puppetlabs.com/blog/testing-modules-in-the-puppet-forge -require 'rspec-puppet' -require 'mocha/api' +require 'puppetlabs_spec_helper/module_spec_helper' -RSpec.configure do |c| +fixture_path = File.expand_path(File.join(__FILE__, '..', 'fixtures')) - c.module_path = File.expand_path(File.join(File.dirname(__FILE__), '..', '..')) - c.color = true +RSpec.configure do |c| - #Puppet.features.stubs(:root? => true) + c.manifest_dir = File.join(fixture_path, 'manifests') + c.module_path = File.join(fixture_path, 'modules') + c.color = true end diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb new file mode 100644 index 0000000..1ccd84d --- /dev/null +++ b/spec/spec_helper_acceptance.rb @@ -0,0 +1,18 @@ +require 'beaker-rspec' + +RSpec.configure do |c| + module_root = File.expand_path(File.join(File.dirname(__FILE__), '..')) + module_name = module_root.split('-').last + + # Readable test descriptions + c.formatter = :documentation + + # Configure all nodes in nodeset + c.before :suite do + # Install module and dependencies + puppet_module_install(:source => module_root, :module_name => module_name) + hosts.each do |host| + shell('git clone https://gitlab.com/shared-puppet-modules-group/common.git /etc/puppet/modules/common') + end + end +end diff --git a/templates/50unattended-upgrades.erb b/templates/50unattended-upgrades.erb index 7c65d10..b271a41 100644 --- a/templates/50unattended-upgrades.erb +++ b/templates/50unattended-upgrades.erb @@ -5,10 +5,6 @@ Unattended-Upgrade::Allowed-Origins { "${distro_id}:${distro_codename}-security"; "${distro_id}:${distro_codename}-updates"; "${distro_id}:${distro_codename}-backports"; -<% elsif scope.lookupvar('::operatingsystem') == 'Debian' and scope.lookupvar('::debian_codename') == 'squeeze' -%> -Unattended-Upgrade::Allowed-Origins { - "${distro_id}:<%= scope.lookupvar('::debian_release') %>"; - "${distro_id}:squeeze-lts"; <% elsif scope.lookupvar('::operatingsystem') == 'Debian' and scope.lookupvar('::debian_codename') == 'wheezy' -%> Unattended-Upgrade::Origins-Pattern { "origin=Debian,archive=<%= scope.lookupvar('::debian_release') %>,label=Debian-Security"; diff --git a/templates/Debian/apticron_wheezy.erb b/templates/Debian/apticron.erb index 655854e..c6d3853 100644 --- a/templates/Debian/apticron_wheezy.erb +++ b/templates/Debian/apticron.erb @@ -46,7 +46,7 @@ IPADDRESSNUM="<%= v %>" # # IPADDRESSES="192.0.2.1 2001:db8:1:2:3::1" <% unless (v=scope.lookupvar('apt::apticron::ipaddresses')).to_s == "false" -%> -IPADDRESSES=<%= v %>" +IPADDRESSES="<%= v %>" <% end -%> # diff --git a/templates/Debian/apticron_jessie.erb b/templates/Debian/apticron_jessie.erb deleted file mode 120000 index a9a3a6f..0000000 --- a/templates/Debian/apticron_jessie.erb +++ /dev/null @@ -1 +0,0 @@ -apticron_wheezy.erb
\ No newline at end of file diff --git a/templates/Debian/apticron_lenny.erb b/templates/Debian/apticron_lenny.erb deleted file mode 100644 index 86b0997..0000000 --- a/templates/Debian/apticron_lenny.erb +++ /dev/null @@ -1,50 +0,0 @@ -# apticron.conf -# -# set EMAIL to a list of addresses which will be notified of impending updates -# -EMAIL="<%= scope.lookupvar('apt::apticron::email') %>" - -# -# Set DIFF_ONLY to "1" to only output the difference of the current run -# compared to the last run (ie. only new upgrades since the last run). If there -# are no differences, no output/email will be generated. By default, apticron -# will output everything that needs to be upgraded. -# -DIFF_ONLY="<%= scope.lookupvar('apt::apticron::diff_only') %>" - -# -# Set LISTCHANGES_PROFILE if you would like apticron to invoke apt-listchanges -# with the --profile option. You should add a corresponding profile to -# /etc/apt/listchanges.conf -# -LISTCHANGES_PROFILE="<%= scope.lookupvar('apt::apticron::listchanges_profile') %>" - -# -# Set SYSTEM if you would like apticron to use something other than the output -# of "hostname -f" for the system name in the mails it generates -# -# SYSTEM="foobar.example.com" -<% unless (v=scope.lookupvar('apt::apticron::system')).to_s == "false" -%> -SYSTEM="<%= v %>" -<% end -%> - -# -# Set IPADDRESSNUM if you would like to configure the maximal number of IP -# addresses apticron displays. The default is to display 1 address of each -# family type (inet, inet6), if available. -# -# IPADDRESSNUM="1" -<% unless (v=scope.lookupvar('apt::apticron::ipaddressnum')).to_s == "false" -%> -IPADDRESSNUM="<%= v %>" -<% end -%> - -# -# Set IPADDRESSES to a whitespace seperated list of reachable addresses for -# this system. By default, apticron will try to work these out using the -# "ip" command -# -# IPADDRESSES="192.0.2.1 2001:db8:1:2:3::1" -<% unless (v=scope.lookupvar('apt::apticron::ipaddresses')).to_s == "false" -%> -IPADDRESSES="<%= v %>" -<% end -%> - diff --git a/templates/Debian/apticron_sid.erb b/templates/Debian/apticron_sid.erb deleted file mode 120000 index a9a3a6f..0000000 --- a/templates/Debian/apticron_sid.erb +++ /dev/null @@ -1 +0,0 @@ -apticron_wheezy.erb
\ No newline at end of file diff --git a/templates/Debian/apticron_squeeze.erb b/templates/Debian/apticron_squeeze.erb deleted file mode 100644 index 05b7c9b..0000000 --- a/templates/Debian/apticron_squeeze.erb +++ /dev/null @@ -1,82 +0,0 @@ -# apticron.conf -# -# set EMAIL to a space separated list of addresses which will be notified of -# impending updates -# -EMAIL="<%= scope.lookupvar('apt::apticron::email') %>" - - -# -# Set DIFF_ONLY to "1" to only output the difference of the current run -# compared to the last run (ie. only new upgrades since the last run). If there -# are no differences, no output/email will be generated. By default, apticron -# will output everything that needs to be upgraded. -# -DIFF_ONLY="<%= scope.lookupvar('apt::apticron::diff_only') %>" - -# -# Set LISTCHANGES_PROFILE if you would like apticron to invoke apt-listchanges -# with the --profile option. You should add a corresponding profile to -# /etc/apt/listchanges.conf -# -LISTCHANGES_PROFILE="<%= scope.lookupvar('apt::apticron::listchanges_profile') %>" - -# -# Set SYSTEM if you would like apticron to use something other than the output -# of "hostname -f" for the system name in the mails it generates -# -# SYSTEM="foobar.example.com" -<% unless (v=scope.lookupvar('apt::apticron::system')).to_s == "false" -%> -SYSTEM="<%= v %>" -<% end -%> - - -# -# Set IPADDRESSNUM if you would like to configure the maximal number of IP -# addresses apticron displays. The default is to display 1 address of each -# family type (inet, inet6), if available. -# -# IPADDRESSNUM="1" -<% unless (v=scope.lookupvar('apt::apticron::ipaddressnum')).to_s == "false" -%> -IPADDRESSNUM="<%= v %>" -<% end -%> - - -# -# Set IPADDRESSES to a whitespace separated list of reachable addresses for -# this system. By default, apticron will try to work these out using the -# "ip" command -# -# IPADDRESSES="192.0.2.1 2001:db8:1:2:3::1" -<% unless (v=scope.lookupvar('apt::apticron::ipaddresses')).to_s == "false" -%> -IPADDRESSES="<%= v %>" -<% end -%> - - -# -# Set NOTIFY_HOLDS="0" if you don't want to be notified about new versions of -# packages on hold in your system. The default behavior is downloading and -# listing them as any other package. -# -# NOTIFY_HOLDS="0" -NOTIFY_HOLDS="<%= scope.lookupvar('apt::apticron::notifyholds') %>" - -# -# Set NOTIFY_NEW="0" if you don't want to be notified about packages which -# are not installed in your system. Yes, it's possible! There are some issues -# related to systems which have mixed stable/unstable sources. In these cases -# apt-get will consider for example that packages with "Priority: -# required"/"Essential: yes" in unstable but not in stable should be installed, -# so they will be listed in dist-upgrade output. Please take a look at -# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531002#44 -# -# NOTIFY_NEW="0" -NOTIFY_NEW="<%= scope.lookupvar('apt::apticron::notifynew') %>" - -# -# Set CUSTOM_SUBJECT if you want to replace the default subject used in -# the notification e-mails. This may help filtering/sorting client-side e-mail. -# -# CUSTOM_SUBJECT="" -CUSTOM_SUBJECT="<%= scope.lookupvar('apt::apticron::customsubject') %>" - diff --git a/templates/Debian/listchanges_lenny.erb b/templates/Debian/listchanges.erb index 1025dd0..1025dd0 100644 --- a/templates/Debian/listchanges_lenny.erb +++ b/templates/Debian/listchanges.erb diff --git a/templates/Debian/listchanges_jessie.erb b/templates/Debian/listchanges_jessie.erb deleted file mode 120000 index 74ab496..0000000 --- a/templates/Debian/listchanges_jessie.erb +++ /dev/null @@ -1 +0,0 @@ -listchanges_lenny.erb
\ No newline at end of file diff --git a/templates/Debian/listchanges_sid.erb b/templates/Debian/listchanges_sid.erb deleted file mode 120000 index 74ab496..0000000 --- a/templates/Debian/listchanges_sid.erb +++ /dev/null @@ -1 +0,0 @@ -listchanges_lenny.erb
\ No newline at end of file diff --git a/templates/Debian/listchanges_squeeze.erb b/templates/Debian/listchanges_squeeze.erb deleted file mode 120000 index 74ab496..0000000 --- a/templates/Debian/listchanges_squeeze.erb +++ /dev/null @@ -1 +0,0 @@ -listchanges_lenny.erb
\ No newline at end of file diff --git a/templates/Debian/listchanges_wheezy.erb b/templates/Debian/listchanges_wheezy.erb deleted file mode 120000 index 74ab496..0000000 --- a/templates/Debian/listchanges_wheezy.erb +++ /dev/null @@ -1 +0,0 @@ -listchanges_lenny.erb
\ No newline at end of file diff --git a/templates/Debian/preferences_squeeze.erb b/templates/Debian/preferences.erb index 885edc7..37cf80d 100644 --- a/templates/Debian/preferences_squeeze.erb +++ b/templates/Debian/preferences.erb @@ -1,30 +1,33 @@ +# This file is managed by puppet +# all local modifications will be overwritten + Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %> Package: * Pin: release o=Debian,n=<%= codename %> Pin-Priority: 990 +<% if use_volatile=scope.lookupvar('apt::use_volatile') -%> Explanation: Debian <%= codename %>-updates Package: * Pin: release o=Debian,n=<%= codename %>-updates Pin-Priority: 990 +<%- end -%> +<% if (use_lts=scope.lookupvar('apt::use_lts')) && (scope.lookupvar('::debian_lts') == "true") -%> Explanation: Debian <%= codename %>-lts Package: * Pin: release o=Debian,n=<%= codename %>-lts Pin-Priority: 990 +<%- end -%> -Explanation: Debian <%= next_codename=scope.lookupvar('::debian_nextcodename') %> +<% if (next_codename=scope.lookupvar('::debian_nextcodename')) && (next_codename != "experimental") -%> +Explanation: Debian <%= next_codename %> Package: * Pin: release o=Debian,n=<%= next_codename %> Pin-Priority: 2 - -Explanation: Debian sid -Package: * -Pin: release o=Debian,n=sid -Pin-Priority: 1 +<%- end -%> Explanation: Debian fallback Package: * Pin: release o=Debian Pin-Priority: -10 - diff --git a/templates/Debian/preferences_jessie.erb b/templates/Debian/preferences_jessie.erb deleted file mode 100644 index 0888abe..0000000 --- a/templates/Debian/preferences_jessie.erb +++ /dev/null @@ -1,14 +0,0 @@ -Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %> -Package: * -Pin: release o=Debian,n=<%= codename %> -Pin-Priority: 990 - -Explanation: Debian sid -Package: * -Pin: release o=Debian,n=sid -Pin-Priority: 1 - -Explanation: Debian fallback -Package: * -Pin: release o=Debian -Pin-Priority: -10 diff --git a/templates/Debian/preferences_lenny.erb b/templates/Debian/preferences_lenny.erb deleted file mode 100644 index 6500168..0000000 --- a/templates/Debian/preferences_lenny.erb +++ /dev/null @@ -1,25 +0,0 @@ -Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %> -Package: * -Pin: release o=Debian,a=<%= scope.lookupvar('::debian_release') %>,v=5* -Pin-Priority: 990 - -Explanation: Debian backports -Package: * -Pin: origin backports.debian.org -Pin-Priority: 200 - -Explanation: Debian <%= next_release=scope.lookupvar('::debian_nextrelease') %> -Package: * -Pin: release o=Debian,a=<%= next_release %> -Pin-Priority: 2 - -Explanation: Debian sid -Package: * -Pin: release o=Debian,a=unstable -Pin-Priority: 1 - -Explanation: Debian fallback -Package: * -Pin: release o=Debian -Pin-Priority: -10 - diff --git a/templates/Debian/preferences_sid.erb b/templates/Debian/preferences_sid.erb deleted file mode 100644 index eb18554..0000000 --- a/templates/Debian/preferences_sid.erb +++ /dev/null @@ -1,10 +0,0 @@ -Explanation: Debian sid -Package: * -Pin: release o=Debian,n=sid -Pin-Priority: 990 - -Explanation: Debian fallback -Package: * -Pin: release o=Debian -Pin-Priority: -10 - diff --git a/templates/Debian/preferences_wheezy.erb b/templates/Debian/preferences_wheezy.erb deleted file mode 100644 index 106108d..0000000 --- a/templates/Debian/preferences_wheezy.erb +++ /dev/null @@ -1,20 +0,0 @@ -Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %> -Package: * -Pin: release o=Debian,n=<%= codename %> -Pin-Priority: 990 - -Explanation: Debian <%= codename %>-updates -Package: * -Pin: release o=Debian,n=<%= codename %>-updates -Pin-Priority: 990 - -Explanation: Debian sid -Package: * -Pin: release o=Debian,n=sid -Pin-Priority: 1 - -Explanation: Debian fallback -Package: * -Pin: release o=Debian -Pin-Priority: -10 - diff --git a/templates/Debian/sources.list.erb b/templates/Debian/sources.list.erb index 44eea53..c7318a2 100644 --- a/templates/Debian/sources.list.erb +++ b/templates/Debian/sources.list.erb @@ -4,7 +4,7 @@ ### Debian current: <%= codename=scope.lookupvar('::debian_codename') %> # basic -deb <%= debian_url=scope.lookupvar('apt::debian_url') %> <%= codename %> <%= lrepos=scope.lookupvar('apt::real_repos') %> +deb <%= debian_url=scope.lookupvar('apt::debian_url') %> <%= codename %> <%= lrepos=scope.lookupvar('apt::repos') %> <% if include_src=scope.lookupvar('apt::include_src') -%> deb-src <%= debian_url %> <%= codename %> <%= lrepos %> <% end -%> diff --git a/templates/Ubuntu/sources.list.erb b/templates/Ubuntu/sources.list.erb index e6d2f64..b90b8c8 100644 --- a/templates/Ubuntu/sources.list.erb +++ b/templates/Ubuntu/sources.list.erb @@ -1,8 +1,8 @@ # This file is managed by puppet # all local modifications will be overwritten -# basic <%= codename=scope.lookupvar('::ubuntu_codename') %> -deb <%= ubuntu_url=scope.lookupvar('apt::ubuntu_url') %> <%= codename %> <%= lrepos=scope.lookupvar('apt::real_repos') %> +# basic <%= codename=scope.lookupvar('apt::codename') %> +deb <%= ubuntu_url=scope.lookupvar('apt::ubuntu_url') %> <%= codename %> <%= lrepos=scope.lookupvar('apt::repos') %> <% if include_src=scope.lookupvar('apt::include_src') -%> deb-src <%= ubuntu_url %> <%= codename %> <%= lrepos %> <% end -%> |