diff options
-rw-r--r-- | files/50unattended-upgrades | 57 | ||||
-rw-r--r-- | manifests/custom_sources.pp | 10 | ||||
-rw-r--r-- | manifests/default_preferences.pp | 2 | ||||
-rw-r--r-- | manifests/default_sources_list.pp | 1 | ||||
-rw-r--r-- | manifests/init.pp | 35 | ||||
-rw-r--r-- | manifests/unattended_upgrades.pp | 12 | ||||
-rw-r--r-- | templates/Ubuntu/sources.list.erb | 3 |
7 files changed, 93 insertions, 27 deletions
diff --git a/files/50unattended-upgrades b/files/50unattended-upgrades new file mode 100644 index 0000000..d9535bc --- /dev/null +++ b/files/50unattended-upgrades @@ -0,0 +1,57 @@ +// this file is managed by puppet ! +// +//See https://wiki.ubuntu.com/AutomaticUpdates for more details about this feature. + +// allowed (origin, archive) pairs +Unattended-Upgrade::Allowed-Origins { + "Debian stable"; + "Debian-Security stable"; +// "Debian testing"; +}; + +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Unattended-Upgrade "1"; +Unattended-Upgrade::Mail "root"; + +APT::UnattendedUpgrades::LogDir "/var/log/"; +APT::UnattendedUpgrades::LogFile "unattended_upgrades.log"; + +Unattended-Upgrade::Package-Blacklist { + // we don't want the kernel to be updated so nagios still can give a warning if there is + // a manual update (and reboot) left + + "linux-image-*"; + + // unfortunately there seems to be a bug in unattended-upgrades <= 0.25.1 that wildcards aren't recognized: + //2009-12-11 13:41:43,267 INFO Initial blacklisted packages: linux-image-* + //2009-12-11 13:41:43,267 INFO Starting unattended upgrades script + //2009-12-11 13:41:43,267 INFO Allowed origins are: ["['Debian', 'stable']", "['Debian-Security', 'stable']"] + //2009-12-11 13:41:45,233 INFO Packages that are upgraded: linux-image-2.6.26-2-amd64 + //2009-12-11 13:41:45,233 INFO Writing dpkg log to '/var/log/unattended-upgrades-dpkg_2009-12-11_13:41:45.233713.log' + //2009-12-11 13:42:11,988 INFO All upgrades installed + + // lenny + "linux-image-2.6.26-1-686"; + "linux-image-2.6.26-1-amd64"; + "linux-image-2.6.26-1-xen-686"; + "linux-image-2.6.26-1-xen-amd64"; + "linux-image-2.6.26-1-vserver-686"; + "linux-image-2.6.26-1-vserver-amd64"; + + "linux-image-2.6.26-2-686"; + "linux-image-2.6.26-2-amd64"; + "linux-image-2.6.26-2-xen-686"; + "linux-image-2.6.26-2-xen-amd64"; + "linux-image-2.6.26-2-vserver-686"; + "linux-image-2.6.26-2-vserver-amd64"; + + // squeeze + "linux-image-2.6.32-5-686"; + "linux-image-2.6.32-5-amd64"; + "linux-image-2.6.32-5-xen-686"; + "linux-image-2.6.32-5-xen-amd64"; + "linux-image-2.6.32-5-vserver-686"; + "linux-image-2.6.32-5-vserver-amd64"; + +}; + diff --git a/manifests/custom_sources.pp b/manifests/custom_sources.pp new file mode 100644 index 0000000..31d685a --- /dev/null +++ b/manifests/custom_sources.pp @@ -0,0 +1,10 @@ +define apt::custom_sources_template ($sources_file = "") { + file { "/etc/apt/sources.list.d/$sources_file": + content => template($name), + } + exec { "/usr/bin/apt-get update": + subscribe => File["/etc/apt/sources.list.d/$sources_file"], + refreshonly => true, + } + } + diff --git a/manifests/default_preferences.pp b/manifests/default_preferences.pp index 605ba78..28471b9 100644 --- a/manifests/default_preferences.pp +++ b/manifests/default_preferences.pp @@ -10,7 +10,7 @@ class apt::default_preferences { # only update together require => File["/etc/apt/sources.list"]; # little default settings which keep the system sane - "/etc/apt/apt.conf.d/from_puppet": + "/etc/apt/apt.conf.d/99from_puppet": content => "APT::Get::Show-Upgraded true;\nDSelect::Clean $real_apt_clean;\n", before => Config_file[apt_config]; } diff --git a/manifests/default_sources_list.pp b/manifests/default_sources_list.pp index 0e78c02..91955d7 100644 --- a/manifests/default_sources_list.pp +++ b/manifests/default_sources_list.pp @@ -4,6 +4,7 @@ class apt::default_sources_list { # additional sources could be included via an array "/etc/apt/sources.list": content => template("apt/${operatingsystem}/sources.list.erb"), + require => Package['lsb']; } } diff --git a/manifests/init.pp b/manifests/init.pp index 85cab9f..8136f25 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -5,6 +5,8 @@ class apt { + import "custom_sources.pp" + # See README $real_apt_clean = $apt_clean ? { '' => 'auto', @@ -124,28 +126,21 @@ class apt { package { "debian-archive-keyring": ensure => latest } # backports uses the normal archive key now package { "debian-backports-keyring": ensure => absent } - - case $custom_key_dir { - '': { - exec { "/bin/true # no_custom_keydir": } + + if $custom_key_dir { + file { "${apt_base_dir}/keys.d": + source => "$custom_key_dir", + recurse => true, + mode => 0755, owner => root, group => root, } - default: { - file { "${apt_base_dir}/keys.d": - source => "$custom_key_dir", - recurse => true, - mode => 0755, owner => root, group => root, - } - exec { "find ${apt_base_dir}/keys.d -type f -exec apt-key add '{}' \\; && apt-get update": - alias => "custom_keys", - subscribe => File["${apt_base_dir}/keys.d"], - refreshonly => true, - before => Config_file["apt_config"]; - } + exec { "find ${apt_base_dir}/keys.d -type f -exec apt-key add '{}' \\; && apt-get update": + alias => "custom_keys", + subscribe => File["${apt_base_dir}/keys.d"], + refreshonly => true, + before => Config_file[apt_config]; } } # workaround for preseeded_package component - file { "/var/cache": ensure => directory } - file { "/var/cache/local": ensure => directory } - file { "/var/cache/local/preseeding": ensure => directory } -} + file { [ "/var/cache", "/var/cache/local", "/var/cache/local/preseeding" ]: ensure => directory } +} diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp index c984c40..805b0ed 100644 --- a/manifests/unattended_upgrades.pp +++ b/manifests/unattended_upgrades.pp @@ -5,11 +5,11 @@ class apt::unattended_upgrades { } config_file { - "/etc/apt/apt.conf.d/unattended_upgrades": - content => 'APT::Periodic::Update-Package-Lists "1"; -APT::Periodic::Unattended-Upgrade "1"; -', - before => Config_file[apt_config], - require => Package['unattended-upgrades'], + "/etc/apt/apt.conf.d/50unattended-upgrades": + source => ["puppet:///modules/site-apt/50unattended-upgrades", + "puppet:///modules/apt/50unattended-upgrades" ], + + before => Config_file[apt_config], + require => Package['unattended-upgrades'], } } diff --git a/templates/Ubuntu/sources.list.erb b/templates/Ubuntu/sources.list.erb index 44f3024..36fc150 100644 --- a/templates/Ubuntu/sources.list.erb +++ b/templates/Ubuntu/sources.list.erb @@ -20,3 +20,6 @@ deb-src http://de.archive.ubuntu.com/ubuntu <%= lsbdistcodename %>-security main # backports deb http://archive.ubuntu.com/ubuntu <%= lsbdistcodename %>-backports main universe multiverse restricted +<% if include_src then -%> +deb-src http://archive.ubuntu.com/ubuntu <%= lsbdistcodename %>-backports main universe multiverse restricted +<% end -%> |