diff options
| -rw-r--r-- | README | 25 | ||||
| -rw-r--r-- | files/50unattended-upgrades | 43 | ||||
| -rw-r--r-- | manifests/init.pp | 33 | ||||
| -rw-r--r-- | templates/sources.list.deb-src.erb | 11 |
4 files changed, 108 insertions, 4 deletions
@@ -72,11 +72,30 @@ apt keyring, you can set this variable to a path in your fileserver where individual key files can be placed. If this is set and keys exist there, this module will apt-key add each key +$backports_enabled +------------------ +If set to true, the debian backports repository is enabled through a +file in /etc/apt/sources.d/. Defaults to false. + +$apt_deb_src_enabled +-------------------- +If set to true, the debian sources repository is enabled through a +file in /etc/apt/sources.d/. Defaults to false. + + Classes ======= - -This module contains only the apt class, which sets up all described -functionality. +apt +--- +Sets up the basic apt package management. + +apt::unattended_upgrades +------------------------ +Sets up the unattended-upgrades package, and configures it mostly through +the file /etc/apt/apt.conf.d/50unattended-upgrades. +Unfortunately there seems to be a bug in unattended-upgrades <= 0.25.1 that +wildcards aren't recognized, so use it with care ! +http://packages.debian.org/de/lenny/unattended-upgrades Resources diff --git a/files/50unattended-upgrades b/files/50unattended-upgrades new file mode 100644 index 0000000..06036bf --- /dev/null +++ b/files/50unattended-upgrades @@ -0,0 +1,43 @@ +// this file is managed by puppet ! +// +//See https://wiki.ubuntu.com/AutomaticUpdates for more details about this feature. + +// allowed (origin, archive) pairs +Unattended-Upgrade::Allowed-Origins { + "Debian stable"; + "Debian-Security stable"; +// "Debian testing"; +}; + +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Unattended-Upgrade "1"; +Unattended-Upgrade::Mail "root"; + +APT::UnattendedUpgrades::LogDir "/var/log/"; +APT::UnattendedUpgrades::LogFile "unattended_upgrades.log"; + +Unattended-Upgrade::Package-Blacklist { + // we don't want the kernel to be updated so nagios still can give a warnig if there is + // a manual update (and reboot) left + + "linux-image-*"; + + // unfortunately there seems to be a bug in unattended-upgrades <= 0.25.1 that wildcards aren't recognized: + //2009-12-11 13:41:43,267 INFO Initial blacklisted packages: linux-image-* + //2009-12-11 13:41:43,267 INFO Starting unattended upgrades script + //2009-12-11 13:41:43,267 INFO Allowed origins are: ["['Debian', 'stable']", "['Debian-Security', 'stable']"] + //2009-12-11 13:41:45,233 INFO Packages that are upgraded: linux-image-2.6.26-2-amd64 + //2009-12-11 13:41:45,233 INFO Writing dpkg log to '/var/log/unattended-upgrades-dpkg_2009-12-11_13:41:45.233713.log' + //2009-12-11 13:42:11,988 INFO All upgrades installed + + "linux-image-2.6.18-5-vserver-686"; + "linux-image-2.6.18-5-xen-vserver-686"; + "linux-image-2.6.18-6-vserver-686"; + "linux-image-2.6.18-6-xen-vserver-686"; + "linux-image-2.6.24.3"; + "linux-image-2.6.26-1-686"; + "linux-image-2.6.26-2-xen-amd64"; + "linux-image-2.6.26-2-xen-686"; + "linux-image-2.6.26-2-amd64"; +}; + diff --git a/manifests/init.pp b/manifests/init.pp index 1af6e1f..07b6c2b 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -3,6 +3,7 @@ # Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at> # See LICENSE for the full license granted to you. + class apt { # See README @@ -15,6 +16,11 @@ class apt { '' => 'false', default => $backports_enabled, } + + $apt_deb_src_enabled = $apt_deb_src_enabled ? { + 'true' => 'true', + default => $apt_deb_src_enabled, + } package { apt: ensure => installed } @@ -150,7 +156,17 @@ class apt { default: { } } - + case $apt_deb_src_enabled { + 'true': { + config_file { + # deb-src + "/etc/apt/sources.list.d/debian-sources.list": + content => template("apt/sources.list.deb-src.erb"), + require => Exec[assert_lsbdistcodename]; + } + } + default: {} + } case $custom_key_dir { '': { @@ -226,3 +242,18 @@ class dselect { package { dselect: ensure => installed } } + + +class apt::unattended_upgrades { + case $operatingsystem { + debian,ubuntu: { + package { unattended-upgrades : ensure => latest; } + file { "/etc/apt/apt.conf.d/50unattended-upgrades": + source => "puppet://$server/modules/apt/50unattended-upgrades" } + } + + default: { notice "unknown operatingsystem: $operatingsystem for class apt::unattended_upgrades" } + } + +} + diff --git a/templates/sources.list.deb-src.erb b/templates/sources.list.deb-src.erb new file mode 100644 index 0000000..6811eca --- /dev/null +++ b/templates/sources.list.deb-src.erb @@ -0,0 +1,11 @@ +# This file is brought to you by puppet + +# basic <%= lsbdistcodename %> +deb-src http://ftp.debian.org/debian/ <%= lsbdistcodename %> main contrib non-free +# security suppport +<% if (lsbdistcodename == "sid" || lsbdistcodename == "unstable") -%> +# There is no security mirror for <%= lsbdistcodename %> +<% else -%> +deb-src http://security.debian.org/ <%= lsbdistcodename %>/updates main contrib non-free +<% end -%> + |