diff options
-rw-r--r-- | README | 29 | ||||
-rw-r--r-- | files/backports.org.key | 33 | ||||
-rw-r--r-- | manifests/default_preferences.pp | 16 | ||||
-rw-r--r-- | manifests/init.pp | 70 | ||||
-rw-r--r-- | manifests/preferences.pp | 31 | ||||
-rw-r--r-- | manifests/preferences/absent.pp | 8 | ||||
-rw-r--r-- | manifests/preferences_snippet.pp | 17 | ||||
-rw-r--r-- | manifests/proxy-client.pp | 18 | ||||
-rw-r--r-- | manifests/unattended_upgrades.pp | 4 |
9 files changed, 118 insertions, 108 deletions
@@ -7,7 +7,7 @@ This module manages apt on Debian. It keeps dpkg's and apt's databases as well as the keyrings for securing package download current. -backports.org is added and an archive key is provided[1]. +backports.debian.org is added. dselect is switched to expert mode to suppress superfluous help screens. @@ -62,6 +62,10 @@ example, setting the following variable before including this class will pull in the templates/apt/preferences file: $custom_preferences = 'template("apt/preferences")' +Also, if you need the preferences file to be absent, set this variable to false: + +$custom_preferences = false + $custom_key_dir --------------- If you have different apt-key files that you want to get added to your @@ -82,12 +86,27 @@ Classes This module contains only the apt class, which sets up all described functionality. +Defines +======= + +apt::preferences_snippet +------------------------ + +A way to add pinning information to /etc/apt/preferences + +Example: + + apt::preferences_snippet{ + 'irssi-plugin-otr': + release => 'lenny-backports', + priority => 999; + } Resources ========= -File[apt_config] ----------------- +Concatenated_file[apt_config] +----------------------------- Use this resource to depend on or add to a completed apt configuration Exec[apt_updated] @@ -139,7 +158,3 @@ Sometimes -- especially when initially starting management or deploying new packages -- a immediate update is really needed to be able to install the right packages without errors. Thus a method should be devised to be able to specify with high fidelity when a update should be run and when it is not needed. - - - -[1] Of course, you should check the validity of _this_ key yourself. diff --git a/files/backports.org.key b/files/backports.org.key deleted file mode 100644 index 6e66404..0000000 --- a/files/backports.org.key +++ /dev/null @@ -1,33 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.3 (GNU/Linux) - -mQGiBEMIgw4RBADueqAzlq+rQT9JYSSWnNzo6C+9crI8lzW/fcl2Q3PO97MOQTOx -Qsf/lOh0Ku7O+VdBa+BwVPuUkSw6wTY5Ku1y/6r1BQzJ9oHkryDDJXsHzKhpdyFc -/lD4hNGqRkiNg5ulwAI0O1eqffPWDmeR9ZzSsqM40f1U4TNLfPAu1viWxwCgnbWz -onY6RqSYlRsDQaPsNTwieVEEAJeX2FGgNepD1SvfEremAkWCrYYlSZI76iTIf6bd -kGkWqIT0vJyE2MNenhDJ2ebbHJVFmL9x8S3m1daC4Zwnacm7aoCY/QgMJ+Js1Fex -Acev48W9KHgpVbFMd1t8KAwRbmFcQf0C/FZUbE7xScpTxS4z3SsMOuRyfnGpDOi6 -m/SnA/9wpquf3pPwbPykzKWNJEDouiJgt0zaFLauKDPeyTWeJ6htaAPDglArewdq -bJ9M8QgLFtzjhg/fBQlRRUk7YP4OYtp1OdPkg2D/1rPQNySWlDf21T3N/K8ydKhR -bYi+AsPuJLQUi3d+lVTFOebaL9felePvDC2/Eod7PSD1/rnkZ7Q0QmFja3BvcnRz -Lm9yZyBBcmNoaXZlIEtleSA8ZnRwLW1hc3RlckBiYWNrcG9ydHMub3JnPohGBBAR -AgAGBQJDgImkAAoJEHFe1qB+e4rJ2x4An2oI4xJpDvOx8uDIo9ihG1M0MpUqAJ9S -cqVUmiyYSPtu8MwcZecy9kmOIYheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD -FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AniaEBvlr4oVFMrGgPiye7iE/jv68AJ48 -OkIfwcKJt7N8ImPAboeimFvWgIheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD -FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AnjdB14rGa/rzz1ohwsi1oEnDRYuyAJ44 -Nv8MTPjOaeEZArQ0flg8OXwF37kCDQRDCIMREAgAzXu6DGSDAz4JH+mlthtiQwNZ -FU8bjWanGT3DL6zubxwc3ZQmRaMOiVuvJUuaJv8fdGRSvp09dP2/x5mzq2rACiEn -DwZssNSK5sigxgy2W9zeO9bOtg6bhqZLwlsL8Y2xZhyGL3qGeP4zL1QbXZ1QdJuO -90Xu7GWYS6Wsj+Y6dUsZFYvTZwSiLkEmgFUTxkNue3DQtZ/KNkwoKc+aqU+S7gDN -StQDvTNtR6IV11KbKcY1iQ0B2bkh4zShWwloIr83V6huAhfH8GA7UW6saRJAof5D -JWUb+PRmU2TAOOlyZoM4nMH+sFFDPOeG8fbecwlox5BRTMqcCB5ELbQXoVZT+wAD -BQf/ffI9R53f9USQkhsSak+k82JjRo9hqKAvPwBv3fDhMYqX3XRmwgNeax2y6Ub0 -AQkDhIC6eJILP5hTb2gjpmYYP7YE/7F1h37lUg7dDYeyPQF54mUXPnIg3uQ/V9HB -TY+ZW8rsVe1KRvPAuVFU77FfCvIFdLSXVi1HSUcGv9Y7Kk4Tkr7vzKshlcIp6zZr -O0Y3t/+ekBwTTQqEoUylVYkCSt3z6bjpVWbepkL88rbqJnPueTATw9shjbFYaND8 -cXZox9tQmlOIZ6gDeH1YvFf7ObRLxULm7C6hwik6agtXWkNABVXSxM6MB4hcP9QC -+FEhK6y/7wC3SyNRBuFujDG1aohJBBgRAgAJBQJDCIMRAhsMAAoJEOqOiyEWuhNs -VVMAoJ1gbL0PHVf7yDwMjO3HuJBErxLdAJ4v9ojJnvJu2yUl4W586soBm+wsLg== -=fBrI ------END PGP PUBLIC KEY BLOCK----- diff --git a/manifests/default_preferences.pp b/manifests/default_preferences.pp deleted file mode 100644 index 671abdd..0000000 --- a/manifests/default_preferences.pp +++ /dev/null @@ -1,16 +0,0 @@ -class apt::default_preferences { - config_file { - # this just pins unstable and testing to very low values - "/etc/apt/preferences": - content => template("apt/preferences.erb"), - # use File[apt_config] to reference a completed configuration - # See "The Puppet Semaphor" 2007-06-25 on the puppet-users ML - alias => apt_config, - # only update together - require => File["/etc/apt/sources.list"]; - # little default settings which keep the system sane - "/etc/apt/apt.conf.d/99from_puppet": - content => "APT::Get::Show-Upgraded true;\nDSelect::Clean $real_apt_clean;\n", - before => Config_file[apt_config]; - } -} diff --git a/manifests/init.pp b/manifests/init.pp index 9c33b4d..1011e65 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -31,16 +31,19 @@ class apt { } } + config_file { + # little default settings which keep the system sane + "/etc/apt/apt.conf.d/from_puppet": + content => "APT::Get::Show-Upgraded true;\nDSelect::Clean $real_apt_clean;\n", + before => Concatenated_file['/etc/apt/preferences']; + } + case $custom_preferences { - '': { - include apt::default_preferences + false: { + include apt::preferences::absent } default: { - config_file { "/etc/apt/preferences": - content => $custom_preferences, - alias => apt_config, - require => File["/etc/apt/sources.list"]; - } + include apt::preferences } } @@ -59,58 +62,23 @@ class apt { 'refresh_apt': command => '/usr/bin/apt-get update && sleep 1', refreshonly => true, - subscribe => [ File["/etc/apt/sources.list"], - File["/etc/apt/preferences"], - File["/etc/apt/apt.conf.d"], - Config_file[apt_config] ]; + subscribe => File['/etc/apt/sources.list', + '/etc/apt/apt.conf.d', + '/etc/apt/preferences']; 'update_apt': command => '/usr/bin/apt-get update && /usr/bin/apt-get autoclean', - require => [ File["/etc/apt/sources.list"], - File["/etc/apt/preferences"], Config_file[apt_config] ], + require => File['/etc/apt/sources.list', + '/etc/apt/preferences'], loglevel => info, # Another Semaphor for all packages to reference - alias => apt_updated; + alias => "apt_updated"; } ## This package should really always be current package { "debian-archive-keyring": ensure => latest } - - case $lsbdistcodename { - etch: { - package { "debian-backports-keyring": ensure => latest } - - # This key was downloaded from - # http://backports.org/debian/archive.key - # and is needed to bootstrap the backports trustpath - file { "${apt_base_dir}/backports.org.key": - source => "puppet:///modules/apt/backports.org.key", - mode => 0444, owner => root, group => root, - } - exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update": - alias => "backports_key", - refreshonly => true, - subscribe => File["${apt_base_dir}/backports.org.key"], - before => [ File[apt_config], Package["debian-backports-keyring"] ] - } - } - lenny: { - package { "debian-backports-keyring": ensure => latest } - # This key was downloaded from - # http://backports.org/debian/archive.key - # and is needed to bootstrap the backports trustpath - file { "${apt_base_dir}/backports.org.key": - source => "puppet:///modules/apt/backports.org.key", - mode => 0444, owner => root, group => root, - } - exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update": - alias => "backports_key", - refreshonly => true, - subscribe => File["${apt_base_dir}/backports.org.key"], - before => [ Config_file[apt_config], Package["debian-backports-keyring"] ] - } - } - } + # backports uses the normal archive key now + package { "debian-backports-keyring": ensure => absent } if $custom_key_dir { file { "${apt_base_dir}/keys.d": @@ -122,7 +90,7 @@ class apt { alias => "custom_keys", subscribe => File["${apt_base_dir}/keys.d"], refreshonly => true, - before => Config_file[apt_config]; + before => Concatenated_file[apt_config]; } } diff --git a/manifests/preferences.pp b/manifests/preferences.pp new file mode 100644 index 0000000..772b426 --- /dev/null +++ b/manifests/preferences.pp @@ -0,0 +1,31 @@ +class apt::preferences { + + include common::moduledir + $apt_preferences_dir = "${common::moduledir::module_dir_path}/apt/preferences" + module_dir{'apt/preferences': } + file{"${apt_preferences_dir}_header": + content => $custom_preferences ? { + '' => 'Package: * +Pin: release a=unstable +Pin-Priority: 1 + +Package: * +Pin: release a=testing +Pin-Priority: 2 + +', + default => $custom_preferences + }, + } + + concatenated_file{'/etc/apt/preferences': + dir => $apt_preferences_dir, + header => "${apt_preferences_dir}_header", + # use Concatenated_file[apt_config] to reference a completed configuration + # See "The Puppet Semaphor" 2007-06-25 on the puppet-users ML + alias => apt_config, + # only update together + require => File["/etc/apt/sources.list"]; + } + +} diff --git a/manifests/preferences/absent.pp b/manifests/preferences/absent.pp new file mode 100644 index 0000000..3131aff --- /dev/null +++ b/manifests/preferences/absent.pp @@ -0,0 +1,8 @@ +class apt::preferences::absent { + include common::moduledir + $apt_preferences_dir = "${common::moduledir::module_dir_path}/apt/preferences" + concatenated_file{'/etc/apt/preferences': + dir => $apt_preferences_dir, + ensure => absent, + } +} diff --git a/manifests/preferences_snippet.pp b/manifests/preferences_snippet.pp new file mode 100644 index 0000000..21dfe86 --- /dev/null +++ b/manifests/preferences_snippet.pp @@ -0,0 +1,17 @@ +define apt::preferences_snippet( + $ensure = 'present', + $release, + $priority +){ + include apt::preferences + file { "${apt::preferences::apt_preferences_dir}/${name}": + ensure => $ensure, + content => "Package: ${name} +Pin: release a=${release} +Pin-Priority: ${priority} + +", + notify => Exec["concat_${apt::preferences::apt_preferences_dir}"], + owner => root, group => 0, mode => 0600; + } +} diff --git a/manifests/proxy-client.pp b/manifests/proxy-client.pp new file mode 100644 index 0000000..ea0a29c --- /dev/null +++ b/manifests/proxy-client.pp @@ -0,0 +1,18 @@ +class apt::proxy-client { + + $real_apt_proxy = $apt_proxy ? { + "" => "localhost", + default => $apt_proxy + } + + $real_apt_proxy_port = $apt_proxy_port ? { + "" => "3142", + default => $apt_proxy_port + } + + file { "/etc/apt/apt.conf.d/20proxy": + ensure => present, + content => "Acquire::http { Proxy \"http://$real_apt_proxy:$real_apt_proxy_port\"; };\n", + owner => root, group => 0, mode => 0644; + } +} diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp index 27942b3..e1080a0 100644 --- a/manifests/unattended_upgrades.pp +++ b/manifests/unattended_upgrades.pp @@ -8,8 +8,10 @@ class apt::unattended_upgrades { "/etc/apt/apt.conf.d/50unattended-upgrades": source => ["puppet:///modules/site-apt/50unattended-upgrades", "puppet:///modules/apt/50unattended-upgrades" ], + + # err: Could not run Puppet configuration client: Could not find dependent Config_file[apt_config] for Config_file[/etc/apt/apt.conf.d/50unattended-upgrades] at /etc/puppet/modules/apt/manifests/unattended_upgrades.pp:14 - before => Config_file[apt_config], + #before => Config_file[apt_config], require => Package['unattended-upgrades'], } } |