summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README82
-rw-r--r--files/50unattended-upgrades19
-rw-r--r--files/backports.org.key33
-rw-r--r--lib/puppet/parser/functions/debian_nextcodename.rb11
-rw-r--r--lib/puppet/parser/functions/debian_nextrelease.rb11
-rw-r--r--lib/puppet/parser/functions/debian_release.rb13
-rw-r--r--manifests/cron/base.pp3
-rw-r--r--manifests/cron/dist-upgrade.pp21
-rw-r--r--manifests/cron/download.pp21
-rw-r--r--manifests/custom_sources.pp4
-rw-r--r--manifests/default_preferences.pp32
-rw-r--r--manifests/default_sources_list.pp3
-rw-r--r--manifests/init.pp113
-rw-r--r--manifests/preseeded_package.pp4
-rw-r--r--manifests/unattended_upgrades.pp8
-rw-r--r--templates/Debian/preferences_lenny.erb24
-rw-r--r--templates/Debian/preferences_sid.erb9
-rw-r--r--templates/Debian/preferences_squeeze.erb24
-rw-r--r--templates/Debian/sources.list.deb-src.erb11
-rw-r--r--templates/Debian/sources.list.erb84
-rw-r--r--templates/Debian/sources.list.volatile.erb7
-rw-r--r--templates/Ubuntu/sources.list.backports.erb4
-rw-r--r--templates/Ubuntu/sources.list.deb-src.erb12
-rw-r--r--templates/Ubuntu/sources.list.erb15
-rw-r--r--templates/preferences.erb7
25 files changed, 396 insertions, 179 deletions
diff --git a/README b/README
index 1234ce2..8dafe2f 100644
--- a/README
+++ b/README
@@ -7,12 +7,15 @@ This module manages apt on Debian.
It keeps dpkg's and apt's databases as well as the keyrings for securing
package download current.
-backports.org is added and an archive key is provided[1].
+backports.debian.org is added.
dselect is switched to expert mode to suppress superfluous help screens.
-sources.list and apt_preferences are managed. Testing and unstable are pinned to
-very low values by default to prevent accidental upgrades.
+sources.list and apt_preferences are managed. More recent Debian
+releases are pinned to very low values by default to prevent
+accidental upgrades.
+
+Ubuntu support is lagging behind but not absent either.
This module needs lsb-release installed.
@@ -43,18 +46,17 @@ value can be set manually too, e.g. to enable forced upgrades
$custom_sources_list
--------------------
-By default this module will use a basic apt/sources.list with a
-generic debian mirror. If you need to set more specific sources,
-e.g. for country proximity, proxies, etc. you can set this variable to
-the location of your sources.list template. For example, setting the
-following variable before including this class will pull in the
-templates/apt/sources.list file:
+By default this module will use a basic apt/sources.list.
+If you need to set more specific sources, e.g. for proxies, etc. you
+can set this variable to the location of your sources.list template.
+For example, setting the following variable before including this
+class will pull in the templates/apt/sources.list file:
$custom_sources_list ='template("apt/sources.list")'
$custom_preferences
--------------------
By default this module will use a basic apt/preferences file with
-unstable and testing pinned to very low values so that any package
+more recent releases pinned to very low values so that any package
installation will not accidentally pull in packages from those suites
unless you explicitly specify the version number. You can set this
variable to pull in a customized apt/preferences template, for
@@ -76,12 +78,62 @@ If this variable is set to true apt::unattended_upgrades is included,
which will install the package unattended-upgrades and configure it to
daily upgrade the system.
+$apt_volatile_enabled
+-----------------
+
+If this variable is set to true the Debian Volatile sources are added.
+By default this is false for backward compatibility with older
+versions of this module.
+
+$apt_include_src
+----------------
+
+If this variable is set to true a deb-src source is added for every
+added binary archive source.
+By default this is false for backward compatibility with older
+versions of this module.
+
+$apt_use_next_release
+---------------------
+
+If this variable is set to true the sources for the next Debian
+release are added. The default pinning configuration pins it to very
+low values.
+By default this is false for backward compatibility with older
+versions of this module.
+
+$apt_debian_url, $apt_security_url, $apt_backports_url, $apt_volatile_url
+-------------------------------------------------------------------------
+
+These variables allow to override the default APT mirrors respectively
+used for the standard Debian archives, the Debian security archive,
+the Debian official backports and the Debian Volatile archive.
+
+$apt_repos
+----------
+
+If this variable is set the default repositories list ("main contrib non-free")
+is overriden.
+
Classes
=======
-This module contains only the apt class, which sets up all described
-functionality.
+apt
+---
+
+The apt class sets up all documented functionality but cron-apt.
+
+apt::cron::download
+-------------------
+
+This class sets up cron-apt so that it downloads upgradable packages,
+does not actually do any upgrade and email when the output changes.
+apt::cron::dist-upgrade
+-----------------------
+
+This class sets up cron-apt so that it dist-upgrades the system and
+email when upgrades are performed.
Resources
=========
@@ -131,15 +183,9 @@ TODO
Enable debian-archive-keyring handling for sarge, lenny and sid.
-Enable selection of country-specific mirrors.
-
Currently this module updates the caches on every run. Running dselect update is
a expensive operation and should be done only on schedule by using apticron.
Sometimes -- especially when initially starting management or deploying new
packages -- a immediate update is really needed to be able to install the right
packages without errors. Thus a method should be devised to be able to specify
with high fidelity when a update should be run and when it is not needed.
-
-
-
-[1] Of course, you should check the validity of _this_ key yourself.
diff --git a/files/50unattended-upgrades b/files/50unattended-upgrades
index 384b373..d9535bc 100644
--- a/files/50unattended-upgrades
+++ b/files/50unattended-upgrades
@@ -17,11 +17,11 @@ APT::UnattendedUpgrades::LogDir "/var/log/";
APT::UnattendedUpgrades::LogFile "unattended_upgrades.log";
Unattended-Upgrade::Package-Blacklist {
- // we don't want the kernel to be updated so nagios still can give a warnig if there is
+ // we don't want the kernel to be updated so nagios still can give a warning if there is
// a manual update (and reboot) left
-
+
"linux-image-*";
-
+
// unfortunately there seems to be a bug in unattended-upgrades <= 0.25.1 that wildcards aren't recognized:
//2009-12-11 13:41:43,267 INFO Initial blacklisted packages: linux-image-*
//2009-12-11 13:41:43,267 INFO Starting unattended upgrades script
@@ -29,7 +29,7 @@ Unattended-Upgrade::Package-Blacklist {
//2009-12-11 13:41:45,233 INFO Packages that are upgraded: linux-image-2.6.26-2-amd64
//2009-12-11 13:41:45,233 INFO Writing dpkg log to '/var/log/unattended-upgrades-dpkg_2009-12-11_13:41:45.233713.log'
//2009-12-11 13:42:11,988 INFO All upgrades installed
-
+
// lenny
"linux-image-2.6.26-1-686";
"linux-image-2.6.26-1-amd64";
@@ -37,12 +37,21 @@ Unattended-Upgrade::Package-Blacklist {
"linux-image-2.6.26-1-xen-amd64";
"linux-image-2.6.26-1-vserver-686";
"linux-image-2.6.26-1-vserver-amd64";
-
+
"linux-image-2.6.26-2-686";
"linux-image-2.6.26-2-amd64";
"linux-image-2.6.26-2-xen-686";
"linux-image-2.6.26-2-xen-amd64";
+ "linux-image-2.6.26-2-vserver-686";
"linux-image-2.6.26-2-vserver-amd64";
+ // squeeze
+ "linux-image-2.6.32-5-686";
+ "linux-image-2.6.32-5-amd64";
+ "linux-image-2.6.32-5-xen-686";
+ "linux-image-2.6.32-5-xen-amd64";
+ "linux-image-2.6.32-5-vserver-686";
+ "linux-image-2.6.32-5-vserver-amd64";
+
};
diff --git a/files/backports.org.key b/files/backports.org.key
deleted file mode 100644
index 6e66404..0000000
--- a/files/backports.org.key
+++ /dev/null
@@ -1,33 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.4.3 (GNU/Linux)
-
-mQGiBEMIgw4RBADueqAzlq+rQT9JYSSWnNzo6C+9crI8lzW/fcl2Q3PO97MOQTOx
-Qsf/lOh0Ku7O+VdBa+BwVPuUkSw6wTY5Ku1y/6r1BQzJ9oHkryDDJXsHzKhpdyFc
-/lD4hNGqRkiNg5ulwAI0O1eqffPWDmeR9ZzSsqM40f1U4TNLfPAu1viWxwCgnbWz
-onY6RqSYlRsDQaPsNTwieVEEAJeX2FGgNepD1SvfEremAkWCrYYlSZI76iTIf6bd
-kGkWqIT0vJyE2MNenhDJ2ebbHJVFmL9x8S3m1daC4Zwnacm7aoCY/QgMJ+Js1Fex
-Acev48W9KHgpVbFMd1t8KAwRbmFcQf0C/FZUbE7xScpTxS4z3SsMOuRyfnGpDOi6
-m/SnA/9wpquf3pPwbPykzKWNJEDouiJgt0zaFLauKDPeyTWeJ6htaAPDglArewdq
-bJ9M8QgLFtzjhg/fBQlRRUk7YP4OYtp1OdPkg2D/1rPQNySWlDf21T3N/K8ydKhR
-bYi+AsPuJLQUi3d+lVTFOebaL9felePvDC2/Eod7PSD1/rnkZ7Q0QmFja3BvcnRz
-Lm9yZyBBcmNoaXZlIEtleSA8ZnRwLW1hc3RlckBiYWNrcG9ydHMub3JnPohGBBAR
-AgAGBQJDgImkAAoJEHFe1qB+e4rJ2x4An2oI4xJpDvOx8uDIo9ihG1M0MpUqAJ9S
-cqVUmiyYSPtu8MwcZecy9kmOIYheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD
-FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AniaEBvlr4oVFMrGgPiye7iE/jv68AJ48
-OkIfwcKJt7N8ImPAboeimFvWgIheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD
-FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AnjdB14rGa/rzz1ohwsi1oEnDRYuyAJ44
-Nv8MTPjOaeEZArQ0flg8OXwF37kCDQRDCIMREAgAzXu6DGSDAz4JH+mlthtiQwNZ
-FU8bjWanGT3DL6zubxwc3ZQmRaMOiVuvJUuaJv8fdGRSvp09dP2/x5mzq2rACiEn
-DwZssNSK5sigxgy2W9zeO9bOtg6bhqZLwlsL8Y2xZhyGL3qGeP4zL1QbXZ1QdJuO
-90Xu7GWYS6Wsj+Y6dUsZFYvTZwSiLkEmgFUTxkNue3DQtZ/KNkwoKc+aqU+S7gDN
-StQDvTNtR6IV11KbKcY1iQ0B2bkh4zShWwloIr83V6huAhfH8GA7UW6saRJAof5D
-JWUb+PRmU2TAOOlyZoM4nMH+sFFDPOeG8fbecwlox5BRTMqcCB5ELbQXoVZT+wAD
-BQf/ffI9R53f9USQkhsSak+k82JjRo9hqKAvPwBv3fDhMYqX3XRmwgNeax2y6Ub0
-AQkDhIC6eJILP5hTb2gjpmYYP7YE/7F1h37lUg7dDYeyPQF54mUXPnIg3uQ/V9HB
-TY+ZW8rsVe1KRvPAuVFU77FfCvIFdLSXVi1HSUcGv9Y7Kk4Tkr7vzKshlcIp6zZr
-O0Y3t/+ekBwTTQqEoUylVYkCSt3z6bjpVWbepkL88rbqJnPueTATw9shjbFYaND8
-cXZox9tQmlOIZ6gDeH1YvFf7ObRLxULm7C6hwik6agtXWkNABVXSxM6MB4hcP9QC
-+FEhK6y/7wC3SyNRBuFujDG1aohJBBgRAgAJBQJDCIMRAhsMAAoJEOqOiyEWuhNs
-VVMAoJ1gbL0PHVf7yDwMjO3HuJBErxLdAJ4v9ojJnvJu2yUl4W586soBm+wsLg==
-=fBrI
------END PGP PUBLIC KEY BLOCK-----
diff --git a/lib/puppet/parser/functions/debian_nextcodename.rb b/lib/puppet/parser/functions/debian_nextcodename.rb
new file mode 100644
index 0000000..6bc4b6b
--- /dev/null
+++ b/lib/puppet/parser/functions/debian_nextcodename.rb
@@ -0,0 +1,11 @@
+module Puppet::Parser::Functions
+ newfunction(:debian_nextcodename, :type => :rvalue) do |args|
+ case args[0]
+ when "etch" then "lenny"
+ when "lenny" then "squeeze"
+ when "squeeze" then "sid"
+ when "sid" then "experimental"
+ else "sid"
+ end
+ end
+end
diff --git a/lib/puppet/parser/functions/debian_nextrelease.rb b/lib/puppet/parser/functions/debian_nextrelease.rb
new file mode 100644
index 0000000..76c3e0d
--- /dev/null
+++ b/lib/puppet/parser/functions/debian_nextrelease.rb
@@ -0,0 +1,11 @@
+module Puppet::Parser::Functions
+ newfunction(:debian_nextrelease, :type => :rvalue) do |args|
+ case args[0]
+ when 'oldstable' then 'stable'
+ when 'stable' then 'testing'
+ when 'testing' then 'unstable'
+ when 'unstable' then 'experimental'
+ else 'unstable'
+ end
+ end
+end
diff --git a/lib/puppet/parser/functions/debian_release.rb b/lib/puppet/parser/functions/debian_release.rb
new file mode 100644
index 0000000..64feb66
--- /dev/null
+++ b/lib/puppet/parser/functions/debian_release.rb
@@ -0,0 +1,13 @@
+module Puppet::Parser::Functions
+ newfunction(:debian_release, :type => :rvalue) do |args|
+ case args[0]
+ when 'etch' then 'oldstable'
+ when 'lenny' then 'stable'
+ when 'squeeze' then 'testing'
+ when 'wheezy' then 'testing'
+ when 'sid' then 'unstable'
+ when 'experimental' then 'experimental'
+ else 'testing'
+ end
+ end
+end
diff --git a/manifests/cron/base.pp b/manifests/cron/base.pp
new file mode 100644
index 0000000..2cfbefb
--- /dev/null
+++ b/manifests/cron/base.pp
@@ -0,0 +1,3 @@
+class apt::cron::base {
+ package { cron-apt: ensure => installed }
+}
diff --git a/manifests/cron/dist-upgrade.pp b/manifests/cron/dist-upgrade.pp
new file mode 100644
index 0000000..069601f
--- /dev/null
+++ b/manifests/cron/dist-upgrade.pp
@@ -0,0 +1,21 @@
+class apt::cron::dist-upgrade inherits apt::cron::base {
+
+ $action = "autoclean -y
+dist-upgrade -y -o APT::Get::Show-Upgraded=true
+"
+
+ file { "/etc/cron-apt/action.d/3-download":
+ ensure => absent,
+ }
+
+ config_file { "/etc/cron-apt/action.d/4-dist-upgrade":
+ content => $action,
+ require => Package[cron-apt]
+ }
+
+ config_file { "/etc/cron-apt/config.d/MAILON":
+ content => "MAILON=upgrade\n",
+ require => Package[cron-apt]
+ }
+
+}
diff --git a/manifests/cron/download.pp b/manifests/cron/download.pp
new file mode 100644
index 0000000..a27967d
--- /dev/null
+++ b/manifests/cron/download.pp
@@ -0,0 +1,21 @@
+class apt::cron::download inherits apt::cron::base {
+
+ $action = "autoclean -y
+dist-upgrade -d -y -o APT::Get::Show-Upgraded=true
+"
+
+ file { "/etc/cron-apt/action.d/4-dist-upgrade":
+ ensure => absent,
+ }
+
+ config_file { "/etc/cron-apt/action.d/3-download":
+ content => $action,
+ require => Package[cron-apt]
+ }
+
+ config_file { "/etc/cron-apt/config.d/MAILON":
+ content => "MAILON=changes\n",
+ require => Package[cron-apt]
+ }
+
+}
diff --git a/manifests/custom_sources.pp b/manifests/custom_sources.pp
index cd7b8fc..31d685a 100644
--- a/manifests/custom_sources.pp
+++ b/manifests/custom_sources.pp
@@ -2,9 +2,9 @@ define apt::custom_sources_template ($sources_file = "") {
file { "/etc/apt/sources.list.d/$sources_file":
content => template($name),
}
- exec { "/usr/bin/apt-get update":
+ exec { "/usr/bin/apt-get update":
subscribe => File["/etc/apt/sources.list.d/$sources_file"],
- refreshonly => true,
+ refreshonly => true,
}
}
diff --git a/manifests/default_preferences.pp b/manifests/default_preferences.pp
index 671abdd..28471b9 100644
--- a/manifests/default_preferences.pp
+++ b/manifests/default_preferences.pp
@@ -1,16 +1,22 @@
class apt::default_preferences {
- config_file {
- # this just pins unstable and testing to very low values
- "/etc/apt/preferences":
- content => template("apt/preferences.erb"),
- # use File[apt_config] to reference a completed configuration
- # See "The Puppet Semaphor" 2007-06-25 on the puppet-users ML
- alias => apt_config,
- # only update together
- require => File["/etc/apt/sources.list"];
- # little default settings which keep the system sane
- "/etc/apt/apt.conf.d/99from_puppet":
- content => "APT::Get::Show-Upgraded true;\nDSelect::Clean $real_apt_clean;\n",
- before => Config_file[apt_config];
+ case $operatingsystem {
+ 'debian': {
+ config_file {
+ "/etc/apt/preferences":
+ content => template("apt/${operatingsystem}/preferences_${codename}.erb"),
+ # use File[apt_config] to reference a completed configuration
+ # See "The Puppet Semaphor" 2007-06-25 on the puppet-users ML
+ alias => apt_config,
+ # only update together
+ require => File["/etc/apt/sources.list"];
+ # little default settings which keep the system sane
+ "/etc/apt/apt.conf.d/99from_puppet":
+ content => "APT::Get::Show-Upgraded true;\nDSelect::Clean $real_apt_clean;\n",
+ before => Config_file[apt_config];
+ }
+ }
+ 'ubuntu': {
+ notice('There is no support for default Ubuntu APT preferences')
+ }
}
}
diff --git a/manifests/default_sources_list.pp b/manifests/default_sources_list.pp
index cf7d523..91955d7 100644
--- a/manifests/default_sources_list.pp
+++ b/manifests/default_sources_list.pp
@@ -1,10 +1,9 @@
class apt::default_sources_list {
- include lsb
config_file {
# include main, security and backports
# additional sources could be included via an array
"/etc/apt/sources.list":
- content => template( "apt/$operatingsystem/sources.list.erb"),
+ content => template("apt/${operatingsystem}/sources.list.erb"),
require => Package['lsb'];
}
}
diff --git a/manifests/init.pp b/manifests/init.pp
index 9c33b4d..8136f25 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -6,27 +6,76 @@
class apt {
import "custom_sources.pp"
-
+
# See README
$real_apt_clean = $apt_clean ? {
'' => 'auto',
default => $apt_clean,
}
+ $use_volatile = $apt_volatile_enabled ? {
+ '' => false,
+ default => $apt_volatile_enabled,
+ }
+
+ $include_src = $apt_include_src ? {
+ '' => false,
+ default => $apt_include_src,
+ }
+
+ $use_next_release = $apt_use_next_release ? {
+ '' => false,
+ default => $apt_use_next_release,
+ }
+
+ $debian_url = $apt_debian_url ? {
+ '' => 'http://ftp.debian.org/debian/',
+ default => "${apt_debian_url}",
+ }
+ $security_url = $apt_security_url ? {
+ '' => 'http://security.debian.org/',
+ default => "${apt_security_url}",
+ }
+ $backports_url = $apt_backports_url ? {
+ '' => 'http://backports.debian.org/debian-backports/',
+ default => "${apt_backports_url}",
+ }
+ $volatile_url = $apt_volatile_url ? {
+ '' => 'http://volatile.debian.org/debian-volatile/',
+ default => "${apt_volatile_url}",
+ }
+ $repos = $apt_repos ? {
+ '' => 'main contrib non-free',
+ default => "${apt_repos}",
+ }
+
package { apt:
ensure => installed,
require => undef,
}
+ # init $release, $next_release, $codename, $next_codename
+ case $lsbdistcodename {
+ '': {
+ include lsb
+ $codename = $lsbdistcodename
+ $release = $lsbdistrelease
+ }
+ default: {
+ $codename = $lsbdistcodename
+ $release = debian_release($codename)
+ }
+ }
+ $next_codename = debian_nextcodename($codename)
+ $next_release = debian_nextrelease($release)
+
case $custom_sources_list {
'': {
include apt::default_sources_list
}
default: {
- include lsb
config_file { "/etc/apt/sources.list":
content => $custom_sources_list,
- require => Package['lsb'];
}
}
}
@@ -38,7 +87,7 @@ class apt {
default: {
config_file { "/etc/apt/preferences":
content => $custom_preferences,
- alias => apt_config,
+ alias => "apt_config",
require => File["/etc/apt/sources.list"];
}
}
@@ -53,64 +102,30 @@ class apt {
modules_dir { apt: }
# watch apt.conf.d
file { "/etc/apt/apt.conf.d": ensure => directory, checksum => mtime; }
+ file { '/etc/apt/apt.conf.d/99-puppet':
+ ensure => 'file',
+ owner => 'root', group => '0', mode => '0644',
+ }
exec {
# "&& sleep 1" is workaround for older(?) clients
'refresh_apt':
command => '/usr/bin/apt-get update && sleep 1',
refreshonly => true,
- subscribe => [ File["/etc/apt/sources.list"],
- File["/etc/apt/preferences"],
- File["/etc/apt/apt.conf.d"],
- Config_file[apt_config] ];
+ subscribe => [ File["/etc/apt/sources.list", "/etc/apt/preferences", "/etc/apt/apt.conf.d"],
+ Config_file["apt_config"] ];
'update_apt':
command => '/usr/bin/apt-get update && /usr/bin/apt-get autoclean',
- require => [ File["/etc/apt/sources.list"],
- File["/etc/apt/preferences"], Config_file[apt_config] ],
+ require => [ File["/etc/apt/sources.list", "/etc/apt/preferences"], Config_file["apt_config"] ],
loglevel => info,
# Another Semaphor for all packages to reference
- alias => apt_updated;
+ alias => "apt_updated";
}
## This package should really always be current
package { "debian-archive-keyring": ensure => latest }
-
- case $lsbdistcodename {
- etch: {
- package { "debian-backports-keyring": ensure => latest }
-
- # This key was downloaded from
- # http://backports.org/debian/archive.key
- # and is needed to bootstrap the backports trustpath
- file { "${apt_base_dir}/backports.org.key":
- source => "puppet:///modules/apt/backports.org.key",
- mode => 0444, owner => root, group => root,
- }
- exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update":
- alias => "backports_key",
- refreshonly => true,
- subscribe => File["${apt_base_dir}/backports.org.key"],
- before => [ File[apt_config], Package["debian-backports-keyring"] ]
- }
- }
- lenny: {
- package { "debian-backports-keyring": ensure => latest }
-
- # This key was downloaded from
- # http://backports.org/debian/archive.key
- # and is needed to bootstrap the backports trustpath
- file { "${apt_base_dir}/backports.org.key":
- source => "puppet:///modules/apt/backports.org.key",
- mode => 0444, owner => root, group => root,
- }
- exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update":
- alias => "backports_key",
- refreshonly => true,
- subscribe => File["${apt_base_dir}/backports.org.key"],
- before => [ Config_file[apt_config], Package["debian-backports-keyring"] ]
- }
- }
- }
+ # backports uses the normal archive key now
+ package { "debian-backports-keyring": ensure => absent }
if $custom_key_dir {
file { "${apt_base_dir}/keys.d":
@@ -128,4 +143,4 @@ class apt {
# workaround for preseeded_package component
file { [ "/var/cache", "/var/cache/local", "/var/cache/local/preseeding" ]: ensure => directory }
-}
+}
diff --git a/manifests/preseeded_package.pp b/manifests/preseeded_package.pp
index 276c90f..76c432e 100644
--- a/manifests/preseeded_package.pp
+++ b/manifests/preseeded_package.pp
@@ -1,8 +1,8 @@
define apt::preseeded_package ($content = "", $ensure = "installed") {
$seedfile = "/var/cache/local/preseeding/$name.seeds"
$real_content = $content ? {
- "" => template ( "$debian_version/$name.seeds" ),
- Default => $content
+ "" => template ( "$name.seeds", "$debian_version/$name.seeds" ),
+ default => $content
}
file{ $seedfile:
diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp
index 27942b3..805b0ed 100644
--- a/manifests/unattended_upgrades.pp
+++ b/manifests/unattended_upgrades.pp
@@ -5,10 +5,10 @@ class apt::unattended_upgrades {
}
config_file {
- "/etc/apt/apt.conf.d/50unattended-upgrades":
- source => ["puppet:///modules/site-apt/50unattended-upgrades",
- "puppet:///modules/apt/50unattended-upgrades" ],
-
+ "/etc/apt/apt.conf.d/50unattended-upgrades":
+ source => ["puppet:///modules/site-apt/50unattended-upgrades",
+ "puppet:///modules/apt/50unattended-upgrades" ],
+
before => Config_file[apt_config],
require => Package['unattended-upgrades'],
}
diff --git a/templates/Debian/preferences_lenny.erb b/templates/Debian/preferences_lenny.erb
new file mode 100644
index 0000000..3de7959
--- /dev/null
+++ b/templates/Debian/preferences_lenny.erb
@@ -0,0 +1,24 @@
+Explanation: Debian <%= codename %>
+Package: *
+Pin: release o=Debian,n=<%= codename %>
+Pin-Priority: 990
+
+Explanation: Debian backports
+Package: *
+Pin: origin backports.debian.org
+Pin-Priority: 200
+
+Explanation: Debian <%= next_codename %>
+Package: *
+Pin: release o=Debian,n=<%= next_codename %>
+Pin-Priority: 2
+
+Explanation: Debian sid
+Package: *
+Pin: release o=Debian,n=sid
+Pin-Priority: 1
+
+Explanation: Debian fallback
+Package: *
+Pin: release o=Debian
+Pin-Priority: -10
diff --git a/templates/Debian/preferences_sid.erb b/templates/Debian/preferences_sid.erb
new file mode 100644
index 0000000..3d8a45f
--- /dev/null
+++ b/templates/Debian/preferences_sid.erb
@@ -0,0 +1,9 @@
+Explanation: Debian sid
+Package: *
+Pin: release o=Debian,n=sid
+Pin-Priority: 990
+
+Explanation: Debian fallback
+Package: *
+Pin: release o=Debian
+Pin-Priority: -10
diff --git a/templates/Debian/preferences_squeeze.erb b/templates/Debian/preferences_squeeze.erb
new file mode 100644
index 0000000..f21562d
--- /dev/null
+++ b/templates/Debian/preferences_squeeze.erb
@@ -0,0 +1,24 @@
+Explanation: Debian <%= codename %>
+Package: *
+Pin: release o=Debian,n=<%= codename %>
+Pin-Priority: 990
+
+Explanation: Debian backports
+Package: *
+Pin: origin backports.debian.org
+Pin-Priority: 200
+
+Explanation: Debian wheezy
+Package: *
+Pin: release o=Debian,n=wheezy
+Pin-Priority: 2
+
+Explanation: Debian sid
+Package: *
+Pin: release o=Debian,n=sid
+Pin-Priority: 1
+
+Explanation: Debian fallback
+Package: *
+Pin: release o=Debian
+Pin-Priority: -10
diff --git a/templates/Debian/sources.list.deb-src.erb b/templates/Debian/sources.list.deb-src.erb
deleted file mode 100644
index 6811eca..0000000
--- a/templates/Debian/sources.list.deb-src.erb
+++ /dev/null
@@ -1,11 +0,0 @@
-# This file is brought to you by puppet
-
-# basic <%= lsbdistcodename %>
-deb-src http://ftp.debian.org/debian/ <%= lsbdistcodename %> main contrib non-free
-# security suppport
-<% if (lsbdistcodename == "sid" || lsbdistcodename == "unstable") -%>
-# There is no security mirror for <%= lsbdistcodename %>
-<% else -%>
-deb-src http://security.debian.org/ <%= lsbdistcodename %>/updates main contrib non-free
-<% end -%>
-
diff --git a/templates/Debian/sources.list.erb b/templates/Debian/sources.list.erb
index 169d7b5..67da85d 100644
--- a/templates/Debian/sources.list.erb
+++ b/templates/Debian/sources.list.erb
@@ -1,17 +1,83 @@
# This file is brought to you by puppet
-# basic <%= lsbdistcodename %>
-deb http://ftp.debian.org/debian/ <%= lsbdistcodename %> main contrib non-free
-# security suppport
-<% if (lsbdistcodename == "sid" || lsbdistcodename == "unstable") -%>
-# There is no security mirror for <%= lsbdistcodename %>
+### Debian current: <%= codename %>
+
+# basic
+deb <%= debian_url %> <%= codename %> <%= repos %>
+<% if include_src then -%>
+deb-src <%= debian_url %> <%= codename %> <%= repos %>
+<% end -%>
+
+# security
+<% if (release == "unstable" || release == "experimental") -%>
+# There is no security support for <%= release %>
+<% else -%>
+deb <%= security_url %> <%= codename %>/updates <%= repos %>
+<% if include_src then -%>
+deb-src <%= security_url %> <%= codename %>/updates <%= repos %>
+<% end -%>
+<% end -%>
+
+# backports
+<% if (release == "testing" || release == "unstable" || release == "experimental") -%>
+# There is no backports archive for <%= release %>
+<% else -%>
+deb <%= backports_url %> <%= codename %>-backports <%= repos %>
+<% if include_src then -%>
+deb-src <%= backports_url %> <%= codename %>-backports <%= repos %>
+<% end -%>
+<% end -%>
+
+<% if use_volatile -%>
+# volatile
+<% if (release == "testing" || release == "unstable" || release == "experimental") -%>
+# There is no volatile archive for <%= release %>
+<% else -%>
+deb <%= volatile_url %> <%= codename %>/volatile <%= repos %>
+<% if include_src then -%>
+deb-src <%= volatile_url %> <%= codename %>/volatile <%= repos %>
+<% end -%>
+<% end -%>
+<% end -%>
+
+<% if use_next_release then -%>
+### Debian next: <%= next_codename %>
+
+# basic
+deb <%= debian_url %> <%= next_codename %> <%= repos %>
+<% if include_src then -%>
+deb-src <%= debian_url %> <%= next_codename %> <%= repos %>
+<% end -%>
+
+# security
+<% if (next_release == "unstable" || next_release == "experimental") -%>
+# There is no security support for <%= next_release %>
<% else -%>
-deb http://security.debian.org/ <%= lsbdistcodename %>/updates main contrib non-free
+deb <%= security_url %> <%= next_codename %>/updates <%= repos %>
+<% if include_src then -%>
+deb-src <%= security_url %> <%= next_codename %>/updates <%= repos %>
+<% end -%>
<% end -%>
# backports
-<% if (lsbdistcodename == "sid" || lsbdistcodename == "unstable") -%>
-# There are no backports for for <%= lsbdistcodename %>
+<% if (next_release == "testing" || next_release == "unstable" || next_release == "experimental") -%>
+# There is no backports archive for <%= next_release %>
<% else -%>
-deb http://www.backports.org/debian/ <%= lsbdistcodename %>-backports main
+deb <%= backports_url %> <%= next_codename %>-backports <%= repos %>
+<% if include_src then -%>
+deb-src <%= backports_url %> <%= next_codename %>-backports <%= repos %>
+<% end -%>
+<% end -%>
+
+<% if use_volatile -%>
+# volatile
+<% if (next_release == "testing" || next_release == "unstable" || next_release == "experimental") -%>
+# There is no volatile archive for <%= next_release %>
+<% else -%>
+deb <%= volatile_url %> <%= next_codename %>/volatile <%= repos %>
+<% if include_src then -%>
+deb-src <%= volatile_url %> <%= next_codename %>/volatile <%= repos %>
+<% end -%>
+<% end -%>
+<% end -%>
<% end -%>
diff --git a/templates/Debian/sources.list.volatile.erb b/templates/Debian/sources.list.volatile.erb
deleted file mode 100644
index 06d6590..0000000
--- a/templates/Debian/sources.list.volatile.erb
+++ /dev/null
@@ -1,7 +0,0 @@
-# This file is brought to you by puppet
-
-<% if (lsbdistcodename == "sid" || lsbdistcodename == "unstable" || lsbdistcodename == "squeeze") -%>
-# There are no backports for for <%= lsbdistcodename %>
-<% else -%>
-deb http://volatile.debian.org/debian-volatile <%= lsbdistcodename %>/volatile main contrib non-free
-<% end -%>
diff --git a/templates/Ubuntu/sources.list.backports.erb b/templates/Ubuntu/sources.list.backports.erb
deleted file mode 100644
index 66610a6..0000000
--- a/templates/Ubuntu/sources.list.backports.erb
+++ /dev/null
@@ -1,4 +0,0 @@
-# This file is brought to you by puppet
-
-# backports
-deb http://archive.ubuntu.com/ubuntu <%= lsbdistcodename %>-backports main universe multiverse restricted
diff --git a/templates/Ubuntu/sources.list.deb-src.erb b/templates/Ubuntu/sources.list.deb-src.erb
deleted file mode 100644
index f04de67..0000000
--- a/templates/Ubuntu/sources.list.deb-src.erb
+++ /dev/null
@@ -1,12 +0,0 @@
-# This file is brought to you by puppet
-
-# basic <%= lsbdistcodename %>
-deb-src http://de.archive.ubuntu.com/ubuntu <%= lsbdistcodename %> main restricted universe multiverse
-
-# updates
-deb-src http://de.archive.ubuntu.com/ubuntu <%= lsbdistcodename %>-updates main restricted universe multiverse
-
-# security suppport
-deb-src http://de.archive.ubuntu.com/ubuntu <%= lsbdistcodename %>-security main restricted universe multiverse
-
-
diff --git a/templates/Ubuntu/sources.list.erb b/templates/Ubuntu/sources.list.erb
index dfecd63..36fc150 100644
--- a/templates/Ubuntu/sources.list.erb
+++ b/templates/Ubuntu/sources.list.erb
@@ -2,11 +2,24 @@
# basic <%= lsbdistcodename %>
deb http://de.archive.ubuntu.com/ubuntu <%= lsbdistcodename %> main restricted universe multiverse
+<% if include_src then -%>
+deb-src http://de.archive.ubuntu.com/ubuntu <%= lsbdistcodename %> main restricted universe multiverse
+<% end -%>
# updates
deb http://de.archive.ubuntu.com/ubuntu <%= lsbdistcodename %>-updates main restricted universe multiverse
+<% if include_src then -%>
+deb-src http://de.archive.ubuntu.com/ubuntu <%= lsbdistcodename %>-updates main restricted universe multiverse
+<% end -%>
# security suppport
deb http://de.archive.ubuntu.com/ubuntu <%= lsbdistcodename %>-security main restricted universe multiverse
+<% if include_src then -%>
+deb-src http://de.archive.ubuntu.com/ubuntu <%= lsbdistcodename %>-security main restricted universe multiverse
+<% end -%>
-
+# backports
+deb http://archive.ubuntu.com/ubuntu <%= lsbdistcodename %>-backports main universe multiverse restricted
+<% if include_src then -%>
+deb-src http://archive.ubuntu.com/ubuntu <%= lsbdistcodename %>-backports main universe multiverse restricted
+<% end -%>
diff --git a/templates/preferences.erb b/templates/preferences.erb
deleted file mode 100644
index ac71582..0000000
--- a/templates/preferences.erb
+++ /dev/null
@@ -1,7 +0,0 @@
-Package: *
-Pin: release a=unstable
-Pin-Priority: 1
-
-Package: *
-Pin: release a=testing
-Pin-Priority: 2