diff options
-rw-r--r-- | files/50unattended-upgrades | 48 | ||||
-rw-r--r-- | manifests/custom_sources.pp | 10 | ||||
-rw-r--r-- | manifests/default_sources_list.pp | 2 | ||||
-rw-r--r-- | manifests/init.pp | 4 | ||||
-rw-r--r-- | manifests/unattended_upgrades.pp | 14 | ||||
-rw-r--r-- | templates/Debian/sources.list.deb-src.erb | 11 | ||||
-rw-r--r-- | templates/Debian/sources.list.erb (renamed from templates/sources.list.erb) | 6 | ||||
-rw-r--r-- | templates/Debian/sources.list.volatile.erb (renamed from templates/sources.list.backports.erb) | 5 | ||||
-rw-r--r-- | templates/Ubuntu/sources.list.backports.erb | 4 | ||||
-rw-r--r-- | templates/Ubuntu/sources.list.deb-src.erb | 12 | ||||
-rw-r--r-- | templates/Ubuntu/sources.list.erb | 12 |
11 files changed, 117 insertions, 11 deletions
diff --git a/files/50unattended-upgrades b/files/50unattended-upgrades new file mode 100644 index 0000000..384b373 --- /dev/null +++ b/files/50unattended-upgrades @@ -0,0 +1,48 @@ +// this file is managed by puppet ! +// +//See https://wiki.ubuntu.com/AutomaticUpdates for more details about this feature. + +// allowed (origin, archive) pairs +Unattended-Upgrade::Allowed-Origins { + "Debian stable"; + "Debian-Security stable"; +// "Debian testing"; +}; + +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Unattended-Upgrade "1"; +Unattended-Upgrade::Mail "root"; + +APT::UnattendedUpgrades::LogDir "/var/log/"; +APT::UnattendedUpgrades::LogFile "unattended_upgrades.log"; + +Unattended-Upgrade::Package-Blacklist { + // we don't want the kernel to be updated so nagios still can give a warnig if there is + // a manual update (and reboot) left + + "linux-image-*"; + + // unfortunately there seems to be a bug in unattended-upgrades <= 0.25.1 that wildcards aren't recognized: + //2009-12-11 13:41:43,267 INFO Initial blacklisted packages: linux-image-* + //2009-12-11 13:41:43,267 INFO Starting unattended upgrades script + //2009-12-11 13:41:43,267 INFO Allowed origins are: ["['Debian', 'stable']", "['Debian-Security', 'stable']"] + //2009-12-11 13:41:45,233 INFO Packages that are upgraded: linux-image-2.6.26-2-amd64 + //2009-12-11 13:41:45,233 INFO Writing dpkg log to '/var/log/unattended-upgrades-dpkg_2009-12-11_13:41:45.233713.log' + //2009-12-11 13:42:11,988 INFO All upgrades installed + + // lenny + "linux-image-2.6.26-1-686"; + "linux-image-2.6.26-1-amd64"; + "linux-image-2.6.26-1-xen-686"; + "linux-image-2.6.26-1-xen-amd64"; + "linux-image-2.6.26-1-vserver-686"; + "linux-image-2.6.26-1-vserver-amd64"; + + "linux-image-2.6.26-2-686"; + "linux-image-2.6.26-2-amd64"; + "linux-image-2.6.26-2-xen-686"; + "linux-image-2.6.26-2-xen-amd64"; + "linux-image-2.6.26-2-vserver-amd64"; + +}; + diff --git a/manifests/custom_sources.pp b/manifests/custom_sources.pp new file mode 100644 index 0000000..cd7b8fc --- /dev/null +++ b/manifests/custom_sources.pp @@ -0,0 +1,10 @@ +define apt::custom_sources_template ($sources_file = "") { + file { "/etc/apt/sources.list.d/$sources_file": + content => template($name), + } + exec { "/usr/bin/apt-get update": + subscribe => File["/etc/apt/sources.list.d/$sources_file"], + refreshonly => true, + } + } + diff --git a/manifests/default_sources_list.pp b/manifests/default_sources_list.pp index 7db6535..cf7d523 100644 --- a/manifests/default_sources_list.pp +++ b/manifests/default_sources_list.pp @@ -4,7 +4,7 @@ class apt::default_sources_list { # include main, security and backports # additional sources could be included via an array "/etc/apt/sources.list": - content => template("apt/sources.list.erb"), + content => template( "apt/$operatingsystem/sources.list.erb"), require => Package['lsb']; } } diff --git a/manifests/init.pp b/manifests/init.pp index 4db120d..1011e65 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -5,6 +5,8 @@ class apt { + import "custom_sources.pp" + # See README $real_apt_clean = $apt_clean ? { '' => 'auto', @@ -94,4 +96,4 @@ class apt { # workaround for preseeded_package component file { [ "/var/cache", "/var/cache/local", "/var/cache/local/preseeding" ]: ensure => directory } -} +} diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp index 9a6c13b..e1080a0 100644 --- a/manifests/unattended_upgrades.pp +++ b/manifests/unattended_upgrades.pp @@ -5,11 +5,13 @@ class apt::unattended_upgrades { } config_file { - "/etc/apt/apt.conf.d/unattended_upgrades": - content => 'APT::Periodic::Update-Package-Lists "1"; -APT::Periodic::Unattended-Upgrade "1"; -', - before => Concatenated_file[apt_config], - require => Package['unattended-upgrades'], + "/etc/apt/apt.conf.d/50unattended-upgrades": + source => ["puppet:///modules/site-apt/50unattended-upgrades", + "puppet:///modules/apt/50unattended-upgrades" ], + + # err: Could not run Puppet configuration client: Could not find dependent Config_file[apt_config] for Config_file[/etc/apt/apt.conf.d/50unattended-upgrades] at /etc/puppet/modules/apt/manifests/unattended_upgrades.pp:14 + + #before => Config_file[apt_config], + require => Package['unattended-upgrades'], } } diff --git a/templates/Debian/sources.list.deb-src.erb b/templates/Debian/sources.list.deb-src.erb new file mode 100644 index 0000000..6811eca --- /dev/null +++ b/templates/Debian/sources.list.deb-src.erb @@ -0,0 +1,11 @@ +# This file is brought to you by puppet + +# basic <%= lsbdistcodename %> +deb-src http://ftp.debian.org/debian/ <%= lsbdistcodename %> main contrib non-free +# security suppport +<% if (lsbdistcodename == "sid" || lsbdistcodename == "unstable") -%> +# There is no security mirror for <%= lsbdistcodename %> +<% else -%> +deb-src http://security.debian.org/ <%= lsbdistcodename %>/updates main contrib non-free +<% end -%> + diff --git a/templates/sources.list.erb b/templates/Debian/sources.list.erb index feb5603..169d7b5 100644 --- a/templates/sources.list.erb +++ b/templates/Debian/sources.list.erb @@ -9,3 +9,9 @@ deb http://ftp.debian.org/debian/ <%= lsbdistcodename %> main contrib non-free deb http://security.debian.org/ <%= lsbdistcodename %>/updates main contrib non-free <% end -%> +# backports +<% if (lsbdistcodename == "sid" || lsbdistcodename == "unstable") -%> +# There are no backports for for <%= lsbdistcodename %> +<% else -%> +deb http://www.backports.org/debian/ <%= lsbdistcodename %>-backports main +<% end -%> diff --git a/templates/sources.list.backports.erb b/templates/Debian/sources.list.volatile.erb index b271ca7..06d6590 100644 --- a/templates/sources.list.backports.erb +++ b/templates/Debian/sources.list.volatile.erb @@ -1,8 +1,7 @@ # This file is brought to you by puppet -# backports -<% if (lsbdistcodename == "sid" || lsbdistcodename == "unstable") -%> +<% if (lsbdistcodename == "sid" || lsbdistcodename == "unstable" || lsbdistcodename == "squeeze") -%> # There are no backports for for <%= lsbdistcodename %> <% else -%> -deb http://backports.debian.org/debian-backports/ <%= lsbdistcodename %>-backports main +deb http://volatile.debian.org/debian-volatile <%= lsbdistcodename %>/volatile main contrib non-free <% end -%> diff --git a/templates/Ubuntu/sources.list.backports.erb b/templates/Ubuntu/sources.list.backports.erb new file mode 100644 index 0000000..66610a6 --- /dev/null +++ b/templates/Ubuntu/sources.list.backports.erb @@ -0,0 +1,4 @@ +# This file is brought to you by puppet + +# backports +deb http://archive.ubuntu.com/ubuntu <%= lsbdistcodename %>-backports main universe multiverse restricted diff --git a/templates/Ubuntu/sources.list.deb-src.erb b/templates/Ubuntu/sources.list.deb-src.erb new file mode 100644 index 0000000..f04de67 --- /dev/null +++ b/templates/Ubuntu/sources.list.deb-src.erb @@ -0,0 +1,12 @@ +# This file is brought to you by puppet + +# basic <%= lsbdistcodename %> +deb-src http://de.archive.ubuntu.com/ubuntu <%= lsbdistcodename %> main restricted universe multiverse + +# updates +deb-src http://de.archive.ubuntu.com/ubuntu <%= lsbdistcodename %>-updates main restricted universe multiverse + +# security suppport +deb-src http://de.archive.ubuntu.com/ubuntu <%= lsbdistcodename %>-security main restricted universe multiverse + + diff --git a/templates/Ubuntu/sources.list.erb b/templates/Ubuntu/sources.list.erb new file mode 100644 index 0000000..dfecd63 --- /dev/null +++ b/templates/Ubuntu/sources.list.erb @@ -0,0 +1,12 @@ +# This file is brought to you by puppet + +# basic <%= lsbdistcodename %> +deb http://de.archive.ubuntu.com/ubuntu <%= lsbdistcodename %> main restricted universe multiverse + +# updates +deb http://de.archive.ubuntu.com/ubuntu <%= lsbdistcodename %>-updates main restricted universe multiverse + +# security suppport +deb http://de.archive.ubuntu.com/ubuntu <%= lsbdistcodename %>-security main restricted universe multiverse + + |