diff options
38 files changed, 580 insertions, 286 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 49bf2e3..05430fd 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,7 +1,5 @@ -image: leapcode/ruby +image: ruby:2.1 before_script: - - "[ -d /var/cache/gitlab-runner ] || sudo mkdir /var/cache/gitlab-runner" - - sudo chown cirunner:cirunner -R /var/cache/gitlab-runner - bundle install --jobs $(nproc) --without system_tests --path=/var/cache/gitlab-runner/ "${FLAGS[@]}" .job_template: &job_definition @@ -39,4 +37,3 @@ test:puppet4x: PUPPET_VERSION: "> 4" FACTER_VERSION: '> 2' <<: *job_definition - @@ -3,7 +3,7 @@ source "https://rubygems.org" group :development, :unit_tests do gem "rake" gem "rspec-puppet", "~> 2.1", :require => false - gem "rspec-core", "3.1.7", :require => false + gem "rspec-core" gem "puppetlabs_spec_helper" gem "metadata-json-lint" gem "rspec-puppet-facts" @@ -19,12 +19,13 @@ * [Defines](#defines) * [apt::apt_conf](#apt-apt_conf) * [apt::preferences_snippet](#apt-preferences_snippet) - * [apt::preseeded_package](#apt-preseeded_package) + * [apt::package](#apt-package) * [apt::sources_list](#apt-sources_list) * [apt::key](#apt-key) * [`apt::key::plain`](#apt-key-plain) * [apt::upgrade_package](#apt-upgrade_package) -* [Resources](#ressources) + * [apt::dpkg_statoverride](#apt-dpkg_statoverride) +* [Resources](#resources) * [File\['apt_config'\]](#fileapt_config) * [Exec\['apt_updated'\]](#execapt_updated) * [Tests](#tests) @@ -155,6 +156,10 @@ Ubuntu support is lagging behind but not absent either. port => '666'; } + * <a name="apt-preseeded_package"></a>the `apt::preseeded_package` defined + type was renamed `apt::package`. the previous name is now deprecated and + will be removed in the future. + # Requirements<a name="requirements"></a> @@ -252,14 +257,10 @@ Example usage: If this variable is set the default repositories list ("main contrib non-free") is overriden. -### disable_update - - Disable "apt-get update" which is normally triggered by apt::upgrade_package - and apt::dist_upgrade. +### manage_preferences - Note that nodes can be updated once a day by using - APT::Periodic::Update-Package-Lists "1"; - in i.e. /etc/apt/apt.conf.d/80_apt_update_daily. + Setting this variable to `false` will delete all the files in `preferences.d` + managed by Puppet. By default, this parameter is set to `true`. ### custom_preferences @@ -272,14 +273,11 @@ Example usage: complemented with all of the preferences_snippet calls (see below). If the default preferences template doesn't suit your needs, you can create a - template located in your `site_apt` module, and set custom_preferences with the - content (eg. custom_preferences => template('site_apt/preferences') ) - - Setting this variable to false before including this class will force the - `apt/preferences` file to be absent: + template located in your `apt` module, and set `custom_preferences` to your + preferred template: class { 'apt': - custom_preferences => false, + custom_preferences => 'apt/my_super_template.erb', } ### custom_sources_list @@ -514,23 +512,45 @@ From apt_preferences(5): characters - otherwise they will be silently ignored. -## apt::preseeded_package<a name="apt-preseeded_package"></a> +## apt::package<a name="apt-package"></a> This simplifies installation of packages for which you wish to preseed the -answers to debconf. For example, if you wish to provide a preseed file for the -locales package, you would place the `locales.seed` file in +answers to debconf or pin to a certain version. + +To use preseeding you need to set the `use_seed` parameter to true. For +example, if you wish to provide a preseed template for the locales package, you +would place the `locales.seed` file in `site_apt/templates/${::lsbdistcodename}/locales.seeds` and then include the following in your manifest: - apt::preseeded_package { locales: } + apt::package { 'locales': + use_seed => true, + } -You can also specify the content of the seed via the content parameter, -for example: +You can change what template is used by setting `seedfile_template` to a +template path of your choosing (same as you would pass to the template() +function). - apt::preseeded_package { 'apticron': - content => 'apticron apticron/notification string root@example.com', +You can also specify the content of the seed via the `seedfile_content` +parameter instead of using a template, for example: + + apt::package { 'apticron': + use_seed => true, + seedfile_content => 'apticron apticron/notification string root@example.com', } +To pin a package to a certain release or version, you need to set the `pin` +parameter to the restriction that you want (this value corresponds to the +'Pin:' line in preferences files). For example this would pin the package +ganeti to the jessie release: + + apt::package { 'ganeti': + pin => 'release o=Debian Backports,a=jessie', + } + +Also, if you want to set a priority number to a package pin, you can set +`pin_priority` to an integer value. The default value of this parameter is +1000, which will install but not downgrade a package. ## apt::sources_list<a name="apt-sources_list"></a> @@ -611,7 +631,36 @@ to their latest (also, only if they are installed): } -# Resources<a name="ressources"></a> +## apt::dpkg_statoverride<a name="apt-dpkg_statoverride"></a> + +Override ownership and mode of files. This define takes the following parameters: + +[*name*] + Implicit parameter. + File path. + +[*user*] + User name (or user id if prepended with '#'). + +[*group*] + Group name (or group id if prepended with '#'). + +[*mode*] + File mode, in octal + +[*ensure*] + Whether to add or delete this configuration + + +Example usage: + + apt::dpkg_statoverride { '/var/log/puppet': + user => 'puppet', + group => 'puppet', + mode => '750', + } + +# Resources<a name="resources"></a> ## File['apt_config']<a name="file-apt-config"></a> diff --git a/lib/facter/util/debian.rb b/lib/facter/util/debian.rb index 290c17b..5291660 100644 --- a/lib/facter/util/debian.rb +++ b/lib/facter/util/debian.rb @@ -1,7 +1,7 @@ module Facter module Util module Debian - STABLE = 8 + STABLE = 9 CODENAMES = { "5" => "lenny", "6" => "squeeze", @@ -9,9 +9,11 @@ module Facter "8" => "jessie", "9" => "stretch", "10" => "buster", + "11" => "bullseye", } LTS = [ "squeeze", + "wheezy", ] end end diff --git a/lib/puppet/parser/functions/debian_codename_to_version.rb b/lib/puppet/parser/functions/debian_codename_to_version.rb new file mode 100644 index 0000000..c5cbcf4 --- /dev/null +++ b/lib/puppet/parser/functions/debian_codename_to_version.rb @@ -0,0 +1,18 @@ +begin + require 'facter/util/debian' +rescue LoadError + require "#{File.dirname(__FILE__)}/../../../facter/util/debian" +end + +module Puppet::Parser::Functions + versions = Facter::Util::Debian::CODENAMES.invert + newfunction(:debian_codename_to_version, :type => :rvalue) do |args| + codename = args[0] + if versions.has_key? codename + return versions[codename].to_i + else + raise Puppet::ParseError, + "Could not determine release from codename #{codename}" + end + end +end diff --git a/manifests/apt_conf.pp b/manifests/apt_conf.pp index fa8cfa3..8225915 100644 --- a/manifests/apt_conf.pp +++ b/manifests/apt_conf.pp @@ -1,9 +1,9 @@ -define apt::apt_conf( - $ensure = 'present', - $source = undef, - $content = undef, - $refresh_apt = true ) -{ +define apt::apt_conf ( + $ensure = 'present', + $source = undef, + $content = undef, + $refresh_apt = true, +) { if $source == undef and $content == undef { fail("One of \$source or \$content must be specified for apt_conf ${name}") @@ -38,8 +38,7 @@ define apt::apt_conf( if $refresh_apt { File["/etc/apt/apt.conf.d/${name}"] { - notify => Exec['apt_updated'], + notify => Exec['update_apt'], } } - } diff --git a/manifests/apticron.pp b/manifests/apticron.pp index 89709a8..0adcc68 100644 --- a/manifests/apticron.pp +++ b/manifests/apticron.pp @@ -1,18 +1,20 @@ -class apt::apticron( - $ensure_version = 'installed', - $config = "apt/${::operatingsystem}/apticron.erb", - $email = 'root', - $diff_only = '1', +class apt::apticron ( + $ensure_version = 'present', + $config = "apt/${::operatingsystem}/apticron.erb", + $email = 'root', + $diff_only = '1', $listchanges_profile = 'apticron', - $system = false, - $ipaddressnum = false, - $ipaddresses = false, - $notifyholds = '0', - $notifynew = '0', - $customsubject = '' + $system = false, + $ipaddressnum = false, + $ipaddresses = false, + $notifyholds = '0', + $notifynew = '0', + $customsubject = '', ) { - package { 'apticron': ensure => $ensure_version } + package { 'apticron': + ensure => $ensure_version; + } file { '/etc/apticron/apticron.conf': content => template($apt::apticron::config), diff --git a/manifests/config.pp b/manifests/config.pp new file mode 100644 index 0000000..50a8ebd --- /dev/null +++ b/manifests/config.pp @@ -0,0 +1,88 @@ +class apt::config { + + exec { 'update_apt': + command => '/usr/bin/apt-get update', + require => [ File['/etc/apt/apt.conf.d', + '/etc/apt/sources.list'] ], + refreshonly => true; + } + + $sources_content = $apt::custom_sources_list ? { + '' => template( "apt/${::operatingsystem}/sources.list.erb"), + default => $apt::custom_sources_list, + } + file { + # include main and security + # additional sources should be included via the apt::sources_list define + '/etc/apt/sources.list': + content => $sources_content, + notify => Exec['update_apt'], + owner => root, + group => 0, + mode => '0644'; + } + + # workaround for preseeded_package component + file { + [ '/var/cache', + '/var/cache/local', + '/var/cache/local/preseeding' ]: + ensure => directory; + } + + ::apt::apt_conf { '02show_upgraded': + source => [ "puppet:///modules/site_apt/${::fqdn}/02show_upgraded", + 'puppet:///modules/site_apt/02show_upgraded', + 'puppet:///modules/apt/02show_upgraded' ]; + } + + if ( $::virtual == 'vserver' ) { + ::apt::apt_conf { '03clean_vserver': + source => [ "puppet:///modules/site_apt/${::fqdn}/03clean_vserver", + 'puppet:///modules/site_apt/03clean_vserver', + 'puppet:///modules/apt/03clean_vserver' ], + alias => '03clean'; + } + } + else { + ::apt::apt_conf { '03clean': + source => [ "puppet:///modules/site_apt/${::fqdn}/03clean", + 'puppet:///modules/site_apt/03clean', + 'puppet:///modules/apt/03clean' ]; + } + } + + if ($apt::use_backports and !($::debian_release in ['testing', 'unstable', 'experimental'])) { + apt::sources_list { + 'backports': + content => "deb ${apt::debian_url} ${::debian_codename}-backports ${apt::repos}", + } + if $apt::include_src { + apt::sources_list { + 'backports-src': + content => "deb-src ${apt::debian_url} ${::debian_codename}-backports ${apt::repos}", + } + } + } + + if $apt::custom_key_dir { + file { "${apt::apt_base_dir}/keys.d": + source => $apt::custom_key_dir, + recurse => true, + owner => root, + group => root, + mode => '0755', + } + exec { 'custom_keys': + command => "find ${apt::apt_base_dir}/keys.d -type f -exec apt-key add '{}' \\;", + subscribe => File["${apt::apt_base_dir}/keys.d"], + refreshonly => true, + notify => Exec['update_apt']; + } + if $apt::custom_preferences != false { + Exec['custom_keys'] { + before => File['apt_config'], + } + } + } +} diff --git a/manifests/cron/dist_upgrade.pp b/manifests/cron/dist_upgrade.pp index e1a03ed..db36544 100644 --- a/manifests/cron/dist_upgrade.pp +++ b/manifests/cron/dist_upgrade.pp @@ -2,7 +2,9 @@ class apt::cron::dist_upgrade ( $cron_hours = '', ) { - package { 'cron-apt': ensure => installed } + package { 'cron-apt': + ensure => present; + } case $cron_hours { '': {} @@ -12,7 +14,7 @@ class apt::cron::dist_upgrade ( cron { 'apt_cron_every_N_hours': command => 'test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt', user => root, - hour => "${cron_hours}", + hour => $cron_hours, minute => 10, require => Package['cron-apt'], } @@ -27,14 +29,16 @@ dist-upgrade -y -o APT::Get::Show-Upgraded=true -o 'DPkg::Options::=--force-conf ensure => absent, } - package { 'apt-listbugs': ensure => absent } + package { 'apt-listbugs': + ensure => absent; + } file { '/etc/cron-apt/action.d/4-dist-upgrade': content => $action, owner => root, group => 0, mode => '0644', - require => Package[cron-apt]; + require => Package['cron-apt']; } file { '/etc/cron-apt/config.d/MAILON': @@ -42,7 +46,6 @@ dist-upgrade -y -o APT::Get::Show-Upgraded=true -o 'DPkg::Options::=--force-conf owner => root, group => 0, mode => '0644', - require => Package[cron-apt]; + require => Package['cron-apt']; } - } diff --git a/manifests/dist_upgrade.pp b/manifests/dist_upgrade.pp index 3061fb8..eb3207c 100644 --- a/manifests/dist_upgrade.pp +++ b/manifests/dist_upgrade.pp @@ -6,7 +6,6 @@ class apt::dist_upgrade ( command => '/usr/bin/apt-get -q -y -o \'DPkg::Options::=--force-confold\' dist-upgrade', refreshonly => true, timeout => $timeout, - before => Exec['apt_updated'] + before => Exec['update_apt']; } - } diff --git a/manifests/dist_upgrade/initiator.pp b/manifests/dist_upgrade/initiator.pp index d238988..5dfce14 100644 --- a/manifests/dist_upgrade/initiator.pp +++ b/manifests/dist_upgrade/initiator.pp @@ -1,6 +1,6 @@ class apt::dist_upgrade::initiator inherits apt::dist_upgrade { - $initiator = 'upgrade_initiator' + $initiator = 'upgrade_initiator' $initiator_abs = "${apt::apt_base_dir}/${initiator}" file { 'apt_upgrade_initiator': @@ -9,15 +9,12 @@ class apt::dist_upgrade::initiator inherits apt::dist_upgrade { group => 0, path => $initiator_abs, checksum => md5, - source => [ - "puppet:///modules/site_apt/${::fqdn}/${initiator}", + source => [ "puppet:///modules/site_apt/${::fqdn}/${initiator}", "puppet:///modules/site_apt/${initiator}", - "puppet:///modules/apt/${initiator}", - ], + "puppet:///modules/apt/${initiator}" ], } Exec['apt_dist-upgrade'] { subscribe +> File['apt_upgrade_initiator'], } - } diff --git a/manifests/dot_d_directories.pp b/manifests/dot_d_directories.pp index 0ace863..6d9f790 100644 --- a/manifests/dot_d_directories.pp +++ b/manifests/dot_d_directories.pp @@ -1,15 +1,16 @@ +# watch .d directories and ensure they are present + class apt::dot_d_directories { - # watch .d directories and ensure they are present file { '/etc/apt/apt.conf.d': ensure => directory, checksum => mtime, - notify => Exec['apt_updated']; + notify => Exec['update_apt']; + '/etc/apt/sources.list.d': ensure => directory, checksum => mtime, - notify => Exec['apt_updated']; + notify => Exec['update_apt']; } - } diff --git a/manifests/dpkg_statoverride.pp b/manifests/dpkg_statoverride.pp new file mode 100644 index 0000000..79ef4f1 --- /dev/null +++ b/manifests/dpkg_statoverride.pp @@ -0,0 +1,75 @@ +# = Define: apt::dpkg_statoverride +# +# Override ownership and mode of files +# +# +# == Parameters +# +# [*name*] +# Implicit parameter. +# File path. +# +# [*user*] +# User name (or user id if prepended with '#'). +# +# [*group*] +# Group name (or group id if prepended with '#'). +# +# [*mode*] +# File mode, in octal +# +# [*ensure*] +# Whether to add or delete this configuration +# +# +# == Examples +# +# Usage: +# apt::dpkg_statoverride { '/var/log/puppet': +# user => 'puppet', +# group => 'puppet', +# mode => '750', +# } +# +# == License +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# == Copyright +# +# Copyright 2014-2016 Mathieu Parent +# +define apt::dpkg_statoverride( + $user, + $group, + $mode, + $ensure = present +) { + case $ensure { + 'present': { + exec { "dpkg_statoverride_${name}-add": + command => "dpkg-statoverride --update --add '${user}' '${group}' '${mode}' '${name}'", + unless => "dpkg-statoverride --list '${name}' | grep '${user} ${group} ${mode} ${name}'", + } + } + 'absent': { + exec { "dpkg_statoverride_${name}-add": + command => "dpkg-statoverride --remove '${name}'", + onlyif => "dpkg-statoverride --list '${name}'", + } + } + default: { + fail("Unknown value for \$ensure: '${ensure}'") + } + } +} diff --git a/manifests/dselect.pp b/manifests/dselect.pp index 2b99a43..bfc6cb3 100644 --- a/manifests/dselect.pp +++ b/manifests/dselect.pp @@ -1,5 +1,6 @@ # manage dselect, like # suppressing the annoying help texts + class apt::dselect { file_line { 'dselect_expert': @@ -7,5 +8,7 @@ class apt::dselect { line => 'expert', } - package { 'dselect': ensure => installed } + package { 'dselect': + ensure => present; + } } diff --git a/manifests/init.pp b/manifests/init.pp index 3d93d22..25e35ff 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -3,128 +3,31 @@ # Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at> # See LICENSE for the full license granted to you. -class apt( - $use_lts = $apt::params::use_lts, - $use_volatile = $apt::params::use_volatile, - $use_backports = $apt::params::use_backports, - $include_src = $apt::params::include_src, - $use_next_release = $apt::params::use_next_release, - $debian_url = $apt::params::debian_url, - $security_url = $apt::params::security_url, - $lts_url = $apt::params::lts_url, - $volatile_url = $apt::params::volatile_url, - $ubuntu_url = $apt::params::ubuntu_url, - $repos = $apt::params::repos, - $custom_preferences = $apt::params::custom_preferences, +class apt ( + $use_lts = $apt::params::use_lts, + $use_volatile = $apt::params::use_volatile, + $use_backports = $apt::params::use_backports, + $include_src = $apt::params::include_src, + $use_next_release = $apt::params::use_next_release, + $debian_url = $apt::params::debian_url, + $security_url = $apt::params::security_url, + $lts_url = $apt::params::lts_url, + $volatile_url = $apt::params::volatile_url, + $ubuntu_url = $apt::params::ubuntu_url, + $repos = $apt::params::repos, + $manage_preferences = $apt::params::manage_preferences, + $custom_preferences = $apt::params::custom_preferences, $custom_sources_list = '', - $custom_key_dir = $apt::params::custom_key_dir + $custom_key_dir = $apt::params::custom_key_dir, ) inherits apt::params { - package { 'apt': - ensure => installed, - require => undef, - } - - $sources_content = $custom_sources_list ? { - '' => template( "apt/${::operatingsystem}/sources.list.erb"), - default => $custom_sources_list - } - file { - # include main and security - # additional sources should be included via the apt::sources_list define - '/etc/apt/sources.list': - content => $sources_content, - notify => Exec['apt_updated'], - owner => root, - group => 0, - mode => '0644'; - } - - ::apt::apt_conf { '02show_upgraded': - source => [ "puppet:///modules/site_apt/${::fqdn}/02show_upgraded", - 'puppet:///modules/site_apt/02show_upgraded', - 'puppet:///modules/apt/02show_upgraded' ] - } - - if ( $::virtual == 'vserver' ) { - ::apt::apt_conf { '03clean_vserver': - source => [ "puppet:///modules/site_apt/${::fqdn}/03clean_vserver", - 'puppet:///modules/site_apt/03clean_vserver', - 'puppet:///modules/apt/03clean_vserver' ], - alias => '03clean'; - } - } - else { - ::apt::apt_conf { '03clean': - source => [ "puppet:///modules/site_apt/${::fqdn}/03clean", - 'puppet:///modules/site_apt/03clean', - 'puppet:///modules/apt/03clean' ] - } - } - - case $custom_preferences { - false: { - include apt::preferences::absent - } - default: { - include apt::preferences - } - } - include apt::dot_d_directories - - ## This package should really always be current - package { 'debian-archive-keyring': ensure => latest } - - if ($use_backports and !($::debian_release in ['testing', 'unstable', 'experimental'])) { - apt::sources_list { - 'backports': - content => "deb ${debian_url} ${::debian_codename}-backports ${apt::repos}", - } - if $include_src { - apt::sources_list { - 'backports-src': - content => "deb-src ${debian_url} ${::debian_codename}-backports ${apt::repos}", - } - } - } + include apt::config + include apt::install + include apt::preferences include common::moduledir common::module_dir { 'apt': } $apt_base_dir = "${common::moduledir::module_dir_path}/apt" - if $custom_key_dir { - file { "${apt_base_dir}/keys.d": - source => $custom_key_dir, - recurse => true, - owner => root, - group => root, - mode => '0755', - } - exec { 'custom_keys': - command => "find ${apt_base_dir}/keys.d -type f -exec apt-key add '{}' \\;", - subscribe => File["${apt_base_dir}/keys.d"], - refreshonly => true, - notify => Exec[refresh_apt] - } - if $custom_preferences != false { - Exec['custom_keys'] { - before => File['apt_config'] - } - } - } - - # workaround for preseeded_package component - file { [ '/var/cache', '/var/cache/local', '/var/cache/local/preseeding' ]: ensure => directory } - - exec { 'update_apt': - command => '/usr/bin/apt-get update', - require => [ - File['/etc/apt/apt.conf.d', '/etc/apt/preferences' ], - File['/etc/apt/sources.list'] ], - refreshonly => true, - # Another Semaphor for all packages to reference - alias => [ 'apt_updated', 'refresh_apt'] - } - } diff --git a/manifests/install.pp b/manifests/install.pp new file mode 100644 index 0000000..76eb570 --- /dev/null +++ b/manifests/install.pp @@ -0,0 +1,11 @@ +class apt::install { + + package { 'apt': + ensure => present; + } + + # This package should really always be current + package { 'debian-archive-keyring': + ensure => latest; + } +} diff --git a/manifests/key.pp b/manifests/key.pp index cb70ec6..6ec6523 100644 --- a/manifests/key.pp +++ b/manifests/key.pp @@ -8,6 +8,6 @@ define apt::key ($source, $ensure = 'present') { "/etc/apt/trusted.gpg.d/${name}": ensure => $ensure, source => $source, - notify => Exec['apt_updated'], + notify => Exec['update_apt'], } } diff --git a/manifests/key/plain.pp b/manifests/key/plain.pp index dff8b51..e845b88 100644 --- a/manifests/key/plain.pp +++ b/manifests/key/plain.pp @@ -8,6 +8,6 @@ define apt::key::plain ($source) { exec { "apt-key add '${apt::apt_base_dir}/keys/${name}'": subscribe => File["${apt::apt_base_dir}/keys/${name}"], refreshonly => true, - notify => Exec['apt_updated'], + notify => Exec['update_apt'], } } diff --git a/manifests/listchanges.pp b/manifests/listchanges.pp index ecbbe6d..d657812 100644 --- a/manifests/listchanges.pp +++ b/manifests/listchanges.pp @@ -1,13 +1,16 @@ -class apt::listchanges( - $ensure_version = 'installed', - $config = "apt/${::operatingsystem}/listchanges.erb", - $frontend = 'mail', - $email = 'root', - $confirm = '0', - $saveseen = '/var/lib/apt/listchanges.db', - $which = 'both' +class apt::listchanges ( + $ensure_version = 'present', + $config = "apt/${::operatingsystem}/listchanges.erb", + $frontend = 'mail', + $email = 'root', + $confirm = '0', + $saveseen = '/var/lib/apt/listchanges.db', + $which = 'both', ){ - package { 'apt-listchanges': ensure => $ensure_version } + + package { 'apt-listchanges': + ensure => $ensure_version; + } file { '/etc/apt/listchanges.conf': content => template($apt::listchanges::config), diff --git a/manifests/package.pp b/manifests/package.pp new file mode 100644 index 0000000..e83ac68 --- /dev/null +++ b/manifests/package.pp @@ -0,0 +1,43 @@ +# Install a package with a preseed file to automatically answer some questions. +define apt::package ( + $ensure = 'present', + $use_seed = false, + $seedfile_template = "site_apt/${::debian_codename}/${name}.seeds", + $seedfile_content = '', + $pin = '', + $pin_priority = 1000 +) { + + package { $name: + ensure => $ensure, + responsefile => $seedfile, + } + + if $use_seed { + $seedfile = "/var/cache/local/preseeding/${name}.seeds" + $real_seedfile_content = $seedfile_content ? { + '' => template ( $seedfile_template ), + default => $seedfile_content, + } + + file { $seedfile: + content => $real_seedfile_content, + mode => '0600', + owner => 'root', + group => 0, + } + + File[$seedfile] -> Package[$name] + } + + if $pin { + apt::preferences_snippet { $name: + ensure => $ensure, + priority => $pin_priority, + pin => $pin, + } + + Apt::Preferences_snippet[$name] -> Package[$name] + } + +} diff --git a/manifests/params.pp b/manifests/params.pp index 2b18eb5..3879c81 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -1,14 +1,16 @@ class apt::params () { - $use_lts = false - $use_volatile = false - $use_backports = true - $include_src = false - $use_next_release = false - $debian_url = 'http://httpredir.debian.org/debian/' - $security_url = 'http://security.debian.org/' - $ubuntu_url = 'http://archive.ubuntu.com/ubuntu' - $lts_url = $debian_url - $volatile_url = 'http://volatile.debian.org/debian-volatile/' + $use_lts = false + $use_volatile = false + $use_backports = true + $include_src = false + $use_next_release = false + $manage_preferences = true + $custom_preferences = undef + $debian_url = 'http://httpredir.debian.org/debian/' + $security_url = 'http://security.debian.org/' + $ubuntu_url = 'http://archive.ubuntu.com/ubuntu' + $lts_url = $debian_url + $volatile_url = 'http://volatile.debian.org/debian-volatile/' case $::operatingsystem { 'debian': { $repos = 'main contrib non-free' @@ -20,6 +22,5 @@ class apt::params () { fail("Unsupported system '${::operatingsystem}'.") } } - $custom_preferences = '' $custom_key_dir = false } diff --git a/manifests/preferences.pp b/manifests/preferences.pp index aedd56b..ce28d37 100644 --- a/manifests/preferences.pp +++ b/manifests/preferences.pp @@ -1,20 +1,110 @@ class apt::preferences { - $pref_contents = $apt::custom_preferences ? { - '' => $::operatingsystem ? { - 'debian' => template("apt/${::operatingsystem}/preferences.erb"), - 'ubuntu' => template("apt/${::operatingsystem}/preferences_${apt::codename}.erb"), - }, - default => $apt::custom_preferences + file { '/etc/apt/preferences': + ensure => absent; } - file { '/etc/apt/preferences': - ensure => present, - alias => 'apt_config', - # only update together - content => $pref_contents, - require => File['/etc/apt/sources.list'], - owner => root, group => 0, mode => '0644'; + if ($apt::manage_preferences == true) and ($apt::custom_preferences != undef) { + + file { + '/etc/apt/preferences.d/custom': + ensure => present, + alias => 'apt_config', + content => template($apt::custom_preferences), + require => File['/etc/apt/sources.list'], + owner => root, group => 0, mode => '0644'; + + '/etc/apt/preferences.d/stable': + ensure => absent; + + '/etc/apt/preferences.d/volatile': + ensure => absent; + + '/etc/apt/preferences.d/lts': + ensure => absent; + + '/etc/apt/preferences.d/nextcodename': + ensure => absent; + } + } + + elsif $apt::manage_preferences == true { + + if $::operatingsystem == "Debian" { + + file { + '/etc/apt/preferences.d/stable': + ensure => present, + alias => 'apt_config', + content => template('apt/Debian/stable.erb'), + require => File['/etc/apt/sources.list'], + owner => root, group => 0, mode => '0644'; + + '/etc/apt/preferences.d/custom': + ensure => absent; + } + + if $apt::use_volatile { + + file { '/etc/apt/preferences.d/volatile': + ensure => present, + content => template('apt/Debian/volatile.erb'), + require => File['/etc/apt/sources.list'], + owner => root, group => 0, mode => '0644'; + } + } + + if $apt::use_lts { + + file { '/etc/apt/preferences.d/lts': + ensure => present, + content => template('apt/Debian/lts.erb'), + require => File['/etc/apt/sources.list'], + owner => root, group => 0, mode => '0644'; + } + } + + if ($::debian_nextcodename) and ($::debian_nextcodename != "experimental") { + + file { '/etc/apt/preferences.d/nextcodename': + ensure => present, + content => template('apt/Debian/nextcodename.erb'), + require => File['/etc/apt/sources.list'], + owner => root, group => 0, mode => '0644'; + } + } + } + + elsif $::operatingsystem == "Ubuntu" { + + file { '/etc/apt/preferences': + ensure => present, + alias => 'apt_config', + # only update together + content => template("apt/Ubuntu/preferences_${apt::codename}.erb"), + require => File['/etc/apt/sources.list'], + owner => root, group => 0, mode => '0644'; + } + } } + elsif $apt::manage_preferences == false { + + file { + '/etc/apt/preferences.d/custom': + ensure => absent; + + '/etc/apt/preferences.d/stable': + ensure => absent; + + '/etc/apt/preferences.d/volatile': + ensure => absent; + + '/etc/apt/preferences.d/lts': + ensure => absent; + + '/etc/apt/preferences.d/nextcodename': + ensure => absent; + } + } } diff --git a/manifests/preferences/absent.pp b/manifests/preferences/absent.pp deleted file mode 100644 index f32e030..0000000 --- a/manifests/preferences/absent.pp +++ /dev/null @@ -1,7 +0,0 @@ -class apt::preferences::absent { - - file { '/etc/apt/preferences': - ensure => absent, - alias => 'apt_config', - } -} diff --git a/manifests/preferences_snippet.pp b/manifests/preferences_snippet.pp index 2b2fb74..04fb010 100644 --- a/manifests/preferences_snippet.pp +++ b/manifests/preferences_snippet.pp @@ -1,10 +1,10 @@ define apt::preferences_snippet ( $priority = undef, - $package = false, - $ensure = 'present', - $source = undef, - $release = undef, - $pin = undef + $package = false, + $ensure = 'present', + $source = undef, + $release = undef, + $pin = undef, ) { $real_package = $package ? { @@ -13,26 +13,23 @@ define apt::preferences_snippet ( } if $ensure == 'present' { - if $apt::custom_preferences == false { - fail('Trying to define a preferences_snippet with $custom_preferences set to false.') - } if $priority == undef { - fail('apt::preferences_snippet requires the \'priority\' argument to be set') + fail("apt::preferences_snippet requires the 'priority' argument to be set") } if !$pin and !$release { - fail('apt::preferences_snippet requires one of the \'pin\' or \'release\' argument to be set') + fail("apt::preferences_snippet requires one of the 'pin' or 'release' argument to be set") } if $pin and $release { - fail('apt::preferences_snippet requires either a \'pin\' or \'release\' argument, not both') + fail("apt::preferences_snippet requires either a 'pin' or 'release' argument, not both") } } file { "/etc/apt/preferences.d/${name}": ensure => $ensure, owner => root, group => 0, mode => '0644', - before => Exec['apt_updated']; + before => Exec['update_apt']; } case $source { @@ -40,19 +37,19 @@ define apt::preferences_snippet ( case $release { undef: { File["/etc/apt/preferences.d/${name}"]{ - content => template('apt/preferences_snippet.erb') + content => template('apt/preferences_snippet.erb'), } } default: { File["/etc/apt/preferences.d/${name}"]{ - content => template('apt/preferences_snippet_release.erb') + content => template('apt/preferences_snippet_release.erb'), } } } } default: { File["/etc/apt/preferences.d/${name}"]{ - source => $source + source => $source, } } } diff --git a/manifests/preseeded_package.pp b/manifests/preseeded_package.pp index 162ade7..e6fcab1 100644 --- a/manifests/preseeded_package.pp +++ b/manifests/preseeded_package.pp @@ -1,24 +1,12 @@ -# Install a package with a preseed file to automatically answer some questions. +# This is a wrapper that will be removed after a while define apt::preseeded_package ( - $ensure = 'installed', - $content = '' + $ensure = 'present', + $content = '', ) { - $seedfile = "/var/cache/local/preseeding/${name}.seeds" - $real_content = $content ? { - '' => template ( "site_apt/${::debian_codename}/${name}.seeds" ), - default => $content - } - - file { $seedfile: - content => $real_content, - mode => '0600', - owner => 'root', - group => 0, - } - - package { $name: - ensure => $ensure, - responsefile => $seedfile, - require => File[$seedfile], + warning('apt::preseeded_package is deprecated! you should now use apt::package with parameter use_seed set to true instead.') + apt::package { $name: + ensure => $ensure, + use_seed => true, + seedfile_content => $content, } } diff --git a/manifests/proxy_client.pp b/manifests/proxy_client.pp index e7972f7..0793878 100644 --- a/manifests/proxy_client.pp +++ b/manifests/proxy_client.pp @@ -1,7 +1,7 @@ -class apt::proxy_client( +class apt::proxy_client ( $proxy = 'http://localhost', - $port = '3142', -){ + $port = '3142', +) { ::apt::apt_conf { '20proxy': content => template('apt/20proxy.erb'), diff --git a/manifests/reboot_required_notify.pp b/manifests/reboot_required_notify.pp index efd8aeb..3463bb4 100644 --- a/manifests/reboot_required_notify.pp +++ b/manifests/reboot_required_notify.pp @@ -7,5 +7,4 @@ class apt::reboot_required_notify { } else { class { 'apt::reboot_required_notify::wheezy': } } - } diff --git a/manifests/reboot_required_notify/jessie.pp b/manifests/reboot_required_notify/jessie.pp index 2de6b62..fcd3fb3 100644 --- a/manifests/reboot_required_notify/jessie.pp +++ b/manifests/reboot_required_notify/jessie.pp @@ -1,5 +1,7 @@ class apt::reboot_required_notify::jessie ($ensure = present) { + include apt + if $::operatingsystemmajrelease == 8 and ! $::apt::use_backports { fail('apt::reboot_required_notify requires $apt::use_backports on Jessie') } @@ -24,5 +26,4 @@ class apt::reboot_required_notify::jessie ($ensure = present) { ensure => $ensure, require => Apt::Preferences_snippet['reboot-notifier'], } - } diff --git a/manifests/reboot_required_notify/wheezy.pp b/manifests/reboot_required_notify/wheezy.pp index 06998ef..1ad46cd 100644 --- a/manifests/reboot_required_notify/wheezy.pp +++ b/manifests/reboot_required_notify/wheezy.pp @@ -19,5 +19,4 @@ class apt::reboot_required_notify::wheezy ($ensure = present) { minute => 20, require => Package['update-notifier-common'], } - } diff --git a/manifests/sources_list.pp b/manifests/sources_list.pp index 6ff4fc3..35a7643 100644 --- a/manifests/sources_list.pp +++ b/manifests/sources_list.pp @@ -1,8 +1,9 @@ # Configure an apt source + define apt::sources_list ( $ensure = 'present', $source = undef, - $content = undef + $content = undef, ) { if $ensure == 'present' { @@ -26,7 +27,7 @@ define apt::sources_list ( mode => '0644', owner => 'root', group => 0, - notify => Exec['apt_updated'], + notify => Exec['update_apt'], } if $source { diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp index d604125..c6db396 100644 --- a/manifests/unattended_upgrades.pp +++ b/manifests/unattended_upgrades.pp @@ -1,14 +1,14 @@ class apt::unattended_upgrades ( - $config_content = undef, - $config_template = 'apt/50unattended-upgrades.erb', - $mailonlyonerror = true, - $mail_recipient = 'root', + $config_content = undef, + $config_template = 'apt/50unattended-upgrades.erb', + $mailonlyonerror = true, + $mail_recipient = 'root', $blacklisted_packages = [], - $ensure_version = present + $ensure_version = 'present', ) { package { 'unattended-upgrades': - ensure => $ensure_version + ensure => $ensure_version, } # For some reason, this directory is sometimes absent, which causes @@ -23,12 +23,12 @@ class apt::unattended_upgrades ( $file_content = $config_content ? { undef => template($config_template), - default => $config_content + default => $config_content, } ::apt::apt_conf { '50unattended-upgrades': content => $file_content, require => Package['unattended-upgrades'], - refresh_apt => false + refresh_apt => false; } } diff --git a/manifests/update.pp b/manifests/update.pp index dde8320..72cedc2 100644 --- a/manifests/update.pp +++ b/manifests/update.pp @@ -1,7 +1,6 @@ class apt::update inherits ::apt { Exec['update_apt'] { - refreshonly => false + refreshonly => false, } - } diff --git a/manifests/upgrade_package.pp b/manifests/upgrade_package.pp index e61b15d..3ba2077 100644 --- a/manifests/upgrade_package.pp +++ b/manifests/upgrade_package.pp @@ -1,7 +1,8 @@ # Install a package either to a certain version, or while making sure that it's # always the latest version that's installed. + define apt::upgrade_package ( - $version = '' + $version = '', ) { $version_suffix = $version ? { @@ -12,22 +13,19 @@ define apt::upgrade_package ( if !defined(Package['apt-show-versions']) { package { 'apt-show-versions': - ensure => installed, - require => undef, + ensure => present, } } if !defined(Package['dctrl-tools']) { package { 'dctrl-tools': - ensure => installed, - require => undef, + ensure => present, } } exec { "apt-get -q -y -o 'DPkg::Options::=--force-confold' install ${name}${version_suffix}": onlyif => [ "grep-status -F Status installed -a -P ${name} -q", "apt-show-versions -u ${name} | grep -q upgradeable" ], require => Package['apt-show-versions', 'dctrl-tools'], - before => Exec['apt_updated'] + before => Exec['update_apt']; } - } diff --git a/templates/Debian/fallback.erb b/templates/Debian/fallback.erb new file mode 100644 index 0000000..1c75e83 --- /dev/null +++ b/templates/Debian/fallback.erb @@ -0,0 +1,7 @@ +# This file is managed by puppet +# all local modifications will be overwritten + +Explanation: Debian fallback +Package: * +Pin: release o=Debian +Pin-Priority: -10 diff --git a/templates/Debian/lts.erb b/templates/Debian/lts.erb new file mode 100644 index 0000000..a77835e --- /dev/null +++ b/templates/Debian/lts.erb @@ -0,0 +1,7 @@ +# This file is managed by puppet +# all local modifications will be overwritten + +Explanation: Debian <%= @debian_codename %>-lts +Package: * +Pin: release o=Debian,n=<%= @debian_codename %>-lts +Pin-Priority: 990 diff --git a/templates/Debian/nextcodename.erb b/templates/Debian/nextcodename.erb new file mode 100644 index 0000000..2bec9ad --- /dev/null +++ b/templates/Debian/nextcodename.erb @@ -0,0 +1,7 @@ +# This file is managed by puppet +# all local modifications will be overwritten + +Explanation: Debian <%= @debian_nextcodename %> +Package: * +Pin: release o=Debian,n=<%= @debian_nextcodename %> +Pin-Priority: 2 diff --git a/templates/Debian/stable.erb b/templates/Debian/stable.erb new file mode 100644 index 0000000..be05e51 --- /dev/null +++ b/templates/Debian/stable.erb @@ -0,0 +1,7 @@ +# This file is managed by puppet +# all local modifications will be overwritten + +Explanation: Debian <%= @debian_codename %> +Package: * +Pin: release o=Debian,n=<%= @debian_codename %> +Pin-Priority: 990 diff --git a/templates/Debian/volatile.erb b/templates/Debian/volatile.erb new file mode 100644 index 0000000..47ec2d8 --- /dev/null +++ b/templates/Debian/volatile.erb @@ -0,0 +1,7 @@ +# This file is managed by puppet +# all local modifications will be overwritten + +Explanation: Debian <%= @debian_codename %>-updates +Package: * +Pin: release o=Debian,n=<%= @debian_codename %>-updates +Pin-Priority: 990 |