summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--files/50unattended-upgrades57
-rw-r--r--manifests/custom_sources.pp10
-rw-r--r--manifests/default_preferences.pp2
-rw-r--r--manifests/default_sources_list.pp1
-rw-r--r--manifests/init.pp35
-rw-r--r--manifests/unattended_upgrades.pp12
-rw-r--r--templates/Ubuntu/sources.list.erb3
7 files changed, 93 insertions, 27 deletions
diff --git a/files/50unattended-upgrades b/files/50unattended-upgrades
new file mode 100644
index 0000000..d9535bc
--- /dev/null
+++ b/files/50unattended-upgrades
@@ -0,0 +1,57 @@
+// this file is managed by puppet !
+//
+//See https://wiki.ubuntu.com/AutomaticUpdates for more details about this feature.
+
+// allowed (origin, archive) pairs
+Unattended-Upgrade::Allowed-Origins {
+ "Debian stable";
+ "Debian-Security stable";
+// "Debian testing";
+};
+
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Unattended-Upgrade "1";
+Unattended-Upgrade::Mail "root";
+
+APT::UnattendedUpgrades::LogDir "/var/log/";
+APT::UnattendedUpgrades::LogFile "unattended_upgrades.log";
+
+Unattended-Upgrade::Package-Blacklist {
+ // we don't want the kernel to be updated so nagios still can give a warning if there is
+ // a manual update (and reboot) left
+
+ "linux-image-*";
+
+ // unfortunately there seems to be a bug in unattended-upgrades <= 0.25.1 that wildcards aren't recognized:
+ //2009-12-11 13:41:43,267 INFO Initial blacklisted packages: linux-image-*
+ //2009-12-11 13:41:43,267 INFO Starting unattended upgrades script
+ //2009-12-11 13:41:43,267 INFO Allowed origins are: ["['Debian', 'stable']", "['Debian-Security', 'stable']"]
+ //2009-12-11 13:41:45,233 INFO Packages that are upgraded: linux-image-2.6.26-2-amd64
+ //2009-12-11 13:41:45,233 INFO Writing dpkg log to '/var/log/unattended-upgrades-dpkg_2009-12-11_13:41:45.233713.log'
+ //2009-12-11 13:42:11,988 INFO All upgrades installed
+
+ // lenny
+ "linux-image-2.6.26-1-686";
+ "linux-image-2.6.26-1-amd64";
+ "linux-image-2.6.26-1-xen-686";
+ "linux-image-2.6.26-1-xen-amd64";
+ "linux-image-2.6.26-1-vserver-686";
+ "linux-image-2.6.26-1-vserver-amd64";
+
+ "linux-image-2.6.26-2-686";
+ "linux-image-2.6.26-2-amd64";
+ "linux-image-2.6.26-2-xen-686";
+ "linux-image-2.6.26-2-xen-amd64";
+ "linux-image-2.6.26-2-vserver-686";
+ "linux-image-2.6.26-2-vserver-amd64";
+
+ // squeeze
+ "linux-image-2.6.32-5-686";
+ "linux-image-2.6.32-5-amd64";
+ "linux-image-2.6.32-5-xen-686";
+ "linux-image-2.6.32-5-xen-amd64";
+ "linux-image-2.6.32-5-vserver-686";
+ "linux-image-2.6.32-5-vserver-amd64";
+
+};
+
diff --git a/manifests/custom_sources.pp b/manifests/custom_sources.pp
new file mode 100644
index 0000000..31d685a
--- /dev/null
+++ b/manifests/custom_sources.pp
@@ -0,0 +1,10 @@
+define apt::custom_sources_template ($sources_file = "") {
+ file { "/etc/apt/sources.list.d/$sources_file":
+ content => template($name),
+ }
+ exec { "/usr/bin/apt-get update":
+ subscribe => File["/etc/apt/sources.list.d/$sources_file"],
+ refreshonly => true,
+ }
+ }
+
diff --git a/manifests/default_preferences.pp b/manifests/default_preferences.pp
index 605ba78..28471b9 100644
--- a/manifests/default_preferences.pp
+++ b/manifests/default_preferences.pp
@@ -10,7 +10,7 @@ class apt::default_preferences {
# only update together
require => File["/etc/apt/sources.list"];
# little default settings which keep the system sane
- "/etc/apt/apt.conf.d/from_puppet":
+ "/etc/apt/apt.conf.d/99from_puppet":
content => "APT::Get::Show-Upgraded true;\nDSelect::Clean $real_apt_clean;\n",
before => Config_file[apt_config];
}
diff --git a/manifests/default_sources_list.pp b/manifests/default_sources_list.pp
index 0e78c02..91955d7 100644
--- a/manifests/default_sources_list.pp
+++ b/manifests/default_sources_list.pp
@@ -4,6 +4,7 @@ class apt::default_sources_list {
# additional sources could be included via an array
"/etc/apt/sources.list":
content => template("apt/${operatingsystem}/sources.list.erb"),
+ require => Package['lsb'];
}
}
diff --git a/manifests/init.pp b/manifests/init.pp
index 85cab9f..8136f25 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -5,6 +5,8 @@
class apt {
+ import "custom_sources.pp"
+
# See README
$real_apt_clean = $apt_clean ? {
'' => 'auto',
@@ -124,28 +126,21 @@ class apt {
package { "debian-archive-keyring": ensure => latest }
# backports uses the normal archive key now
package { "debian-backports-keyring": ensure => absent }
-
- case $custom_key_dir {
- '': {
- exec { "/bin/true # no_custom_keydir": }
+
+ if $custom_key_dir {
+ file { "${apt_base_dir}/keys.d":
+ source => "$custom_key_dir",
+ recurse => true,
+ mode => 0755, owner => root, group => root,
}
- default: {
- file { "${apt_base_dir}/keys.d":
- source => "$custom_key_dir",
- recurse => true,
- mode => 0755, owner => root, group => root,
- }
- exec { "find ${apt_base_dir}/keys.d -type f -exec apt-key add '{}' \\; && apt-get update":
- alias => "custom_keys",
- subscribe => File["${apt_base_dir}/keys.d"],
- refreshonly => true,
- before => Config_file["apt_config"];
- }
+ exec { "find ${apt_base_dir}/keys.d -type f -exec apt-key add '{}' \\; && apt-get update":
+ alias => "custom_keys",
+ subscribe => File["${apt_base_dir}/keys.d"],
+ refreshonly => true,
+ before => Config_file[apt_config];
}
}
# workaround for preseeded_package component
- file { "/var/cache": ensure => directory }
- file { "/var/cache/local": ensure => directory }
- file { "/var/cache/local/preseeding": ensure => directory }
-}
+ file { [ "/var/cache", "/var/cache/local", "/var/cache/local/preseeding" ]: ensure => directory }
+}
diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp
index c984c40..805b0ed 100644
--- a/manifests/unattended_upgrades.pp
+++ b/manifests/unattended_upgrades.pp
@@ -5,11 +5,11 @@ class apt::unattended_upgrades {
}
config_file {
- "/etc/apt/apt.conf.d/unattended_upgrades":
- content => 'APT::Periodic::Update-Package-Lists "1";
-APT::Periodic::Unattended-Upgrade "1";
-',
- before => Config_file[apt_config],
- require => Package['unattended-upgrades'],
+ "/etc/apt/apt.conf.d/50unattended-upgrades":
+ source => ["puppet:///modules/site-apt/50unattended-upgrades",
+ "puppet:///modules/apt/50unattended-upgrades" ],
+
+ before => Config_file[apt_config],
+ require => Package['unattended-upgrades'],
}
}
diff --git a/templates/Ubuntu/sources.list.erb b/templates/Ubuntu/sources.list.erb
index 44f3024..36fc150 100644
--- a/templates/Ubuntu/sources.list.erb
+++ b/templates/Ubuntu/sources.list.erb
@@ -20,3 +20,6 @@ deb-src http://de.archive.ubuntu.com/ubuntu <%= lsbdistcodename %>-security main
# backports
deb http://archive.ubuntu.com/ubuntu <%= lsbdistcodename %>-backports main universe multiverse restricted
+<% if include_src then -%>
+deb-src http://archive.ubuntu.com/ubuntu <%= lsbdistcodename %>-backports main universe multiverse restricted
+<% end -%>