diff options
48 files changed, 568 insertions, 874 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a54aa97 --- /dev/null +++ b/.gitignore @@ -0,0 +1,12 @@ +/pkg/ +/Gemfile.lock +/vendor/ +/spec/fixtures/manifests/* +/spec/fixtures/modules/* +!/spec/fixtures/modules/apt +!/spec/fixtures/modules/apt/* +/.vagrant/ +/.bundle/ +/coverage/ +/.idea/ +*.iml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..f7b8eca --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,12 @@ +before_script: + - ruby -v + - gem install bundler --no-ri --no-rdoc + - bundle install --jobs $(nproc) "${FLAGS[@]}" + +# don't fail on lint warnings +rspec: + script: + - bundle exec rake lint || /bin/true + - bundle exec rake syntax + - bundle exec rake validate + - bundle exec rake spec @@ -0,0 +1,13 @@ +source "https://rubygems.org" + +group :test do + gem "rake" + gem "rspec", '< 3.2.0' + gem "puppet", ENV['PUPPET_VERSION'] || ENV['GEM_PUPPET_VERSION'] || ENV['PUPPET_GEM_VERSION'] || '~> 3.7.0' + gem "facter", ENV['FACTER_VERSION'] || ENV['GEM_FACTER_VERSION'] || ENV['FACTER_GEM_VERSION'] || '~> 2.2.0' + gem "rspec-puppet" + gem "puppetlabs_spec_helper" + gem "metadata-json-lint" + gem "rspec-puppet-facts" + gem "mocha" +end @@ -17,9 +17,19 @@ Ubuntu support is lagging behind but not absent either. ! Upgrade Notice ! - * Several parser functions have been updated: you need to restart your puppet - master, otherwise some nodes may keep on using an old, cached version! - (https://docs.puppetlabs.com/guides/custom_functions.html#gotchas) + * The `disable_update` parameter has been removed. The main apt class + defaults to *not* run an `apt-get update` on every run anyway so this + parameter seems useless. + You can include the `apt::update` class if you want it to be run every time. + + * The `apt::upgrade_package` now doesn't automatically call an Exec['apt_updated'] + anymore, so you would need to include `apt::update` now by hand. + + * The apt::codename parameter has been removed. In its place, the + debian_codename fact may be overridden via an environment variable. This + will affect all other debian_* facts, and achieve the same result. + + FACTER_debian_codename=jessie puppet agent -t * If you were using custom 50unattended-upgrades.${::lsbdistcodename} in your site_apt, these are no longer supported. You should migrate to passing @@ -97,8 +107,9 @@ Requirements This module needs: -- the lsb module: git://labs.riseup.net/shared-lsb -- the common module: git://labs.riseup.net/shared-common +- the lsb-release package should be installed on the server prior to running + puppet. otherwise, all of the $::lsb* facts will be empty during runs. +- the common module: https://gitlab.com/shared-puppet-modules-group/common By default, on normal hosts, this module sets the configuration option DSelect::Clean to 'auto'. On virtual servers, the value is set by default to @@ -185,15 +196,6 @@ Class parameters: If this variable is set the default repositories list ("main contrib non-free") is overriden. -* disable_update - - Disable "apt-get update" which is normally triggered by apt::upgrade_package - and apt::dist_upgrade. - - Note that nodes can be updated once a day by using - APT::Periodic::Update-Package-Lists "1"; - in i.e. /etc/apt/apt.conf.d/80_apt_update_daily. - * custom_preferences For historical reasons (Debian Lenny's version of APT did not support the use @@ -225,15 +227,6 @@ Class parameters: class { 'apt': custom_sources_list => template('site_apt/sources.list') } -* codename - - Contains the codename ("squeeze", "wheezy", ...) of the client's release. While - these values come from lsb-release by default, this parameter can be set - manually, e.g. to enable forced upgrades. For example: - - include apt::dist_upgrade - class { 'apt': codename => 'wheezy', notify => Exec['apt_dist-upgrade'] } - * custom_key_dir If you have different apt-key files that you want to get added to your @@ -302,9 +295,6 @@ classes may inherit from this one and add to its subscription list using the plusignment ('+>') operator. A real-world example can be seen in the apt::dist_upgrade::initiator source. -When this class is included the APT indexes are updated on every -Puppet run due to the author's lack of Puppet wizardry. - apt::dist_upgrade::initiator ---------------------------- @@ -382,6 +372,7 @@ The class has the following parameters that you can use to change the contents of the configuration file. The values shown here are the default values: * $config_content = undef + * $config_template = 'apt/50unattended-upgrades.erb' * $mailonlyonerror = true * $mail_recipient = 'root' * $blacklisted_packages = [] @@ -389,6 +380,16 @@ of the configuration file. The values shown here are the default values: Note that using $config_content actually specifies all of the configuration contents and thus makes the other parameters useless. +example: + + class { 'apt::unattended_upgrades': + config_template => 'site_apt/50unattended-upgrades.jessie', + blacklisted_packages => [ + 'libc6', 'libc6-dev', 'libc6-i686', 'mysql-server', 'redmine', 'nodejs', + 'bird' + ], + } + Defines ======= @@ -478,6 +479,46 @@ Example: 'puppet:///modules/site_apt/company_internals.list' ], } +apt::key +-------- + +Deploys a secure apt OpenPGP key. This usually accompanies the +sources.list snippets above for third party repositories. For example, +you would do: + + apt::key { 'neurodebian.gpg': + ensure => present, + source => 'puppet:///modules/site_apt/neurodebian.gpg', + } + +This deploys the key in the `/etc/apt/trusted.gpg.d` directory, which +is assumed by secure apt to be binary OpenPGP keys and *not* +"ascii-armored" or "plain text" OpenPGP key material. For the latter, +use `apt::key::plain`. + +The `.gpg` extension is compulsory for `apt` to pickup the key properly. + +apt::key::plain +--------------- + +Deploys a secure apt OpenPGP key. This usually accompanies the +sources.list snippets above for third party repositories. For example, +you would do: + + apt::key::plain { 'neurodebian.asc': + source => 'puppet:///modules/site_apt/neurodebian.asc', + } + +This deploys the key in the `${apt_base_dir}/keys` directory (as +opposed to `$custom_key_dir` which deploys it in `keys.d`). The reason +this exists on top of `$custom_key_dir` is to allow a more +decentralised distribution of those keys, without having all modules +throw their keys in the same directory in the manifests. + +Note that this model does *not* currently allow keys to be removed! +Use `apt::key` instead for a more practical, revokable approach, but +that needs binary keys. + apt::upgrade_package -------------------- @@ -510,19 +551,35 @@ Exec['apt_updated'] ------------------- After this point the APT indexes are up-to-date. +This resource is set to `refreshonly => true` so it is not run on +every puppetrun. To run this every time, you can include the `apt::update` +class. This resource is usually used like this to ensure current packages are installed by Package resources: - include apt::update - Package { require => Exec['apt_updated'] } + include apt::update + Package { require => Exec['apt_updated'] } + +Note that nodes can be updated once a day by using + + APT::Periodic::Update-Package-Lists "1"; + +in i.e. /etc/apt/apt.conf.d/80_apt_update_daily. + + +Tests +===== + +To run pupept rspec tests: + + bundle install --path vendor/bundle + bundle exec rake spec -Please note that the apt::upgrade_package define automatically uses -this resource so you don't have to manage this yourself if you need to -make sure APT indexes are up-to-date before a package upgrade is -attempted, but don't want "apt-get update" to happen on every Puppet -run. +Using different facter/puppet versions: + FACTER_GEM_VERSION=1.6.10 PUPPET_GEM_VERSION=2.7.23 bundle install --path vendor/bundle + bundle exec rake spec Licensing ========= diff --git a/Rakefile b/Rakefile new file mode 100644 index 0000000..85326bb --- /dev/null +++ b/Rakefile @@ -0,0 +1,19 @@ +require 'puppetlabs_spec_helper/rake_tasks' +require 'puppet-lint/tasks/puppet-lint' +PuppetLint.configuration.send('disable_80chars') +PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"] + +desc "Validate manifests, templates, and ruby files" +task :validate do + Dir['manifests/**/*.pp'].each do |manifest| + sh "puppet parser validate --noop #{manifest}" + end + Dir['spec/**/*.rb','lib/**/*.rb'].each do |ruby_file| + sh "ruby -c #{ruby_file}" unless ruby_file =~ /spec\/fixtures/ + end + Dir['templates/**/*.erb'].each do |template| + sh "erb -P -x -T '-' #{template} | ruby -c" + end +end + +task :test => [:lint, :syntax , :validate, :spec] diff --git a/gpl.txt b/gpl.txt deleted file mode 100644 index 94a9ed0..0000000 --- a/gpl.txt +++ /dev/null @@ -1,674 +0,0 @@ - GNU GENERAL PUBLIC LICENSE - Version 3, 29 June 2007 - - Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/> - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The GNU General Public License is a free, copyleft license for -software and other kinds of works. - - The licenses for most software and other practical works are designed -to take away your freedom to share and change the works. By contrast, -the GNU General Public License is intended to guarantee your freedom to -share and change all versions of a program--to make sure it remains free -software for all its users. We, the Free Software Foundation, use the -GNU General Public License for most of our software; it applies also to -any other work released this way by its authors. You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -them if you wish), that you receive source code or can get it if you -want it, that you can change the software or use pieces of it in new -free programs, and that you know you can do these things. - - To protect your rights, we need to prevent others from denying you -these rights or asking you to surrender the rights. Therefore, you have -certain responsibilities if you distribute copies of the software, or if -you modify it: responsibilities to respect the freedom of others. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must pass on to the recipients the same -freedoms that you received. You must make sure that they, too, receive -or can get the source code. And you must show them these terms so they -know their rights. - - Developers that use the GNU GPL protect your rights with two steps: -(1) assert copyright on the software, and (2) offer you this License -giving you legal permission to copy, distribute and/or modify it. - - For the developers' and authors' protection, the GPL clearly explains -that there is no warranty for this free software. For both users' and -authors' sake, the GPL requires that modified versions be marked as -changed, so that their problems will not be attributed erroneously to -authors of previous versions. - - Some devices are designed to deny users access to install or run -modified versions of the software inside them, although the manufacturer -can do so. This is fundamentally incompatible with the aim of -protecting users' freedom to change the software. The systematic -pattern of such abuse occurs in the area of products for individuals to -use, which is precisely where it is most unacceptable. Therefore, we -have designed this version of the GPL to prohibit the practice for those -products. If such problems arise substantially in other domains, we -stand ready to extend this provision to those domains in future versions -of the GPL, as needed to protect the freedom of users. - - Finally, every program is threatened constantly by software patents. -States should not allow patents to restrict development and use of -software on general-purpose computers, but in those that do, we wish to -avoid the special danger that patents applied to a free program could -make it effectively proprietary. To prevent this, the GPL assures that -patents cannot be used to render the program non-free. - - The precise terms and conditions for copying, distribution and -modification follow. - - TERMS AND CONDITIONS - - 0. Definitions. - - "This License" refers to version 3 of the GNU General Public License. - - "Copyright" also means copyright-like laws that apply to other kinds of -works, such as semiconductor masks. - - "The Program" refers to any copyrightable work licensed under this -License. Each licensee is addressed as "you". "Licensees" and -"recipients" may be individuals or organizations. - - To "modify" a work means to copy from or adapt all or part of the work -in a fashion requiring copyright permission, other than the making of an -exact copy. The resulting work is called a "modified version" of the -earlier work or a work "based on" the earlier work. - - A "covered work" means either the unmodified Program or a work based -on the Program. - - To "propagate" a work means to do anything with it that, without -permission, would make you directly or secondarily liable for -infringement under applicable copyright law, except executing it on a -computer or modifying a private copy. Propagation includes copying, -distribution (with or without modification), making available to the -public, and in some countries other activities as well. - - To "convey" a work means any kind of propagation that enables other -parties to make or receive copies. Mere interaction with a user through -a computer network, with no transfer of a copy, is not conveying. - - An interactive user interface displays "Appropriate Legal Notices" -to the extent that it includes a convenient and prominently visible -feature that (1) displays an appropriate copyright notice, and (2) -tells the user that there is no warranty for the work (except to the -extent that warranties are provided), that licensees may convey the -work under this License, and how to view a copy of this License. If -the interface presents a list of user commands or options, such as a -menu, a prominent item in the list meets this criterion. - - 1. Source Code. - - The "source code" for a work means the preferred form of the work -for making modifications to it. "Object code" means any non-source -form of a work. - - A "Standard Interface" means an interface that either is an official -standard defined by a recognized standards body, or, in the case of -interfaces specified for a particular programming language, one that -is widely used among developers working in that language. - - The "System Libraries" of an executable work include anything, other -than the work as a whole, that (a) is included in the normal form of -packaging a Major Component, but which is not part of that Major -Component, and (b) serves only to enable use of the work with that -Major Component, or to implement a Standard Interface for which an -implementation is available to the public in source code form. A -"Major Component", in this context, means a major essential component -(kernel, window system, and so on) of the specific operating system -(if any) on which the executable work runs, or a compiler used to -produce the work, or an object code interpreter used to run it. - - The "Corresponding Source" for a work in object code form means all -the source code needed to generate, install, and (for an executable -work) run the object code and to modify the work, including scripts to -control those activities. However, it does not include the work's -System Libraries, or general-purpose tools or generally available free -programs which are used unmodified in performing those activities but -which are not part of the work. For example, Corresponding Source -includes interface definition files associated with source files for -the work, and the source code for shared libraries and dynamically -linked subprograms that the work is specifically designed to require, -such as by intimate data communication or control flow between those -subprograms and other parts of the work. - - The Corresponding Source need not include anything that users -can regenerate automatically from other parts of the Corresponding -Source. - - The Corresponding Source for a work in source code form is that -same work. - - 2. Basic Permissions. - - All rights granted under this License are granted for the term of -copyright on the Program, and are irrevocable provided the stated -conditions are met. This License explicitly affirms your unlimited -permission to run the unmodified Program. The output from running a -covered work is covered by this License only if the output, given its -content, constitutes a covered work. This License acknowledges your -rights of fair use or other equivalent, as provided by copyright law. - - You may make, run and propagate covered works that you do not -convey, without conditions so long as your license otherwise remains -in force. You may convey covered works to others for the sole purpose -of having them make modifications exclusively for you, or provide you -with facilities for running those works, provided that you comply with -the terms of this License in conveying all material for which you do -not control copyright. Those thus making or running the covered works -for you must do so exclusively on your behalf, under your direction -and control, on terms that prohibit them from making any copies of -your copyrighted material outside their relationship with you. - - Conveying under any other circumstances is permitted solely under -the conditions stated below. Sublicensing is not allowed; section 10 -makes it unnecessary. - - 3. Protecting Users' Legal Rights From Anti-Circumvention Law. - - No covered work shall be deemed part of an effective technological -measure under any applicable law fulfilling obligations under article -11 of the WIPO copyright treaty adopted on 20 December 1996, or -similar laws prohibiting or restricting circumvention of such -measures. - - When you convey a covered work, you waive any legal power to forbid -circumvention of technological measures to the extent such circumvention -is effected by exercising rights under this License with respect to -the covered work, and you disclaim any intention to limit operation or -modification of the work as a means of enforcing, against the work's -users, your or third parties' legal rights to forbid circumvention of -technological measures. - - 4. Conveying Verbatim Copies. - - You may convey verbatim copies of the Program's source code as you -receive it, in any medium, provided that you conspicuously and -appropriately publish on each copy an appropriate copyright notice; -keep intact all notices stating that this License and any -non-permissive terms added in accord with section 7 apply to the code; -keep intact all notices of the absence of any warranty; and give all -recipients a copy of this License along with the Program. - - You may charge any price or no price for each copy that you convey, -and you may offer support or warranty protection for a fee. - - 5. Conveying Modified Source Versions. - - You may convey a work based on the Program, or the modifications to -produce it from the Program, in the form of source code under the -terms of section 4, provided that you also meet all of these conditions: - - a) The work must carry prominent notices stating that you modified - it, and giving a relevant date. - - b) The work must carry prominent notices stating that it is - released under this License and any conditions added under section - 7. This requirement modifies the requirement in section 4 to - "keep intact all notices". - - c) You must license the entire work, as a whole, under this - License to anyone who comes into possession of a copy. This - License will therefore apply, along with any applicable section 7 - additional terms, to the whole of the work, and all its parts, - regardless of how they are packaged. This License gives no - permission to license the work in any other way, but it does not - invalidate such permission if you have separately received it. - - d) If the work has interactive user interfaces, each must display - Appropriate Legal Notices; however, if the Program has interactive - interfaces that do not display Appropriate Legal Notices, your - work need not make them do so. - - A compilation of a covered work with other separate and independent -works, which are not by their nature extensions of the covered work, -and which are not combined with it such as to form a larger program, -in or on a volume of a storage or distribution medium, is called an -"aggregate" if the compilation and its resulting copyright are not -used to limit the access or legal rights of the compilation's users -beyond what the individual works permit. Inclusion of a covered work -in an aggregate does not cause this License to apply to the other -parts of the aggregate. - - 6. Conveying Non-Source Forms. - - You may convey a covered work in object code form under the terms -of sections 4 and 5, provided that you also convey the -machine-readable Corresponding Source under the terms of this License, -in one of these ways: - - a) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by the - Corresponding Source fixed on a durable physical medium - customarily used for software interchange. - - b) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by a - written offer, valid for at least three years and valid for as - long as you offer spare parts or customer support for that product - model, to give anyone who possesses the object code either (1) a - copy of the Corresponding Source for all the software in the - product that is covered by this License, on a durable physical - medium customarily used for software interchange, for a price no - more than your reasonable cost of physically performing this - conveying of source, or (2) access to copy the - Corresponding Source from a network server at no charge. - - c) Convey individual copies of the object code with a copy of the - written offer to provide the Corresponding Source. This - alternative is allowed only occasionally and noncommercially, and - only if you received the object code with such an offer, in accord - with subsection 6b. - - d) Convey the object code by offering access from a designated - place (gratis or for a charge), and offer equivalent access to the - Corresponding Source in the same way through the same place at no - further charge. You need not require recipients to copy the - Corresponding Source along with the object code. If the place to - copy the object code is a network server, the Corresponding Source - may be on a different server (operated by you or a third party) - that supports equivalent copying facilities, provided you maintain - clear directions next to the object code saying where to find the - Corresponding Source. Regardless of what server hosts the - Corresponding Source, you remain obligated to ensure that it is - available for as long as needed to satisfy these requirements. - - e) Convey the object code using peer-to-peer transmission, provided - you inform other peers where the object code and Corresponding - Source of the work are being offered to the general public at no - charge under subsection 6d. - - A separable portion of the object code, whose source code is excluded -from the Corresponding Source as a System Library, need not be -included in conveying the object code work. - - A "User Product" is either (1) a "consumer product", which means any -tangible personal property which is normally used for personal, family, -or household purposes, or (2) anything designed or sold for incorporation -into a dwelling. In determining whether a product is a consumer product, -doubtful cases shall be resolved in favor of coverage. For a particular -product received by a particular user, "normally used" refers to a -typical or common use of that class of product, regardless of the status -of the particular user or of the way in which the particular user -actually uses, or expects or is expected to use, the product. A product -is a consumer product regardless of whether the product has substantial -commercial, industrial or non-consumer uses, unless such uses represent -the only significant mode of use of the product. - - "Installation Information" for a User Product means any methods, -procedures, authorization keys, or other information required to install -and execute modified versions of a covered work in that User Product from -a modified version of its Corresponding Source. The information must -suffice to ensure that the continued functioning of the modified object -code is in no case prevented or interfered with solely because -modification has been made. - - If you convey an object code work under this section in, or with, or -specifically for use in, a User Product, and the conveying occurs as -part of a transaction in which the right of possession and use of the -User Product is transferred to the recipient in perpetuity or for a -fixed term (regardless of how the transaction is characterized), the -Corresponding Source conveyed under this section must be accompanied -by the Installation Information. But this requirement does not apply -if neither you nor any third party retains the ability to install -modified object code on the User Product (for example, the work has -been installed in ROM). - - The requirement to provide Installation Information does not include a -requirement to continue to provide support service, warranty, or updates -for a work that has been modified or installed by the recipient, or for -the User Product in which it has been modified or installed. Access to a -network may be denied when the modification itself materially and -adversely affects the operation of the network or violates the rules and -protocols for communication across the network. - - Corresponding Source conveyed, and Installation Information provided, -in accord with this section must be in a format that is publicly -documented (and with an implementation available to the public in -source code form), and must require no special password or key for -unpacking, reading or copying. - - 7. Additional Terms. - - "Additional permissions" are terms that supplement the terms of this -License by making exceptions from one or more of its conditions. -Additional permissions that are applicable to the entire Program shall -be treated as though they were included in this License, to the extent -that they are valid under applicable law. If additional permissions -apply only to part of the Program, that part may be used separately -under those permissions, but the entire Program remains governed by -this License without regard to the additional permissions. - - When you convey a copy of a covered work, you may at your option -remove any additional permissions from that copy, or from any part of -it. (Additional permissions may be written to require their own -removal in certain cases when you modify the work.) You may place -additional permissions on material, added by you to a covered work, -for which you have or can give appropriate copyright permission. - - Notwithstanding any other provision of this License, for material you -add to a covered work, you may (if authorized by the copyright holders of -that material) supplement the terms of this License with terms: - - a) Disclaiming warranty or limiting liability differently from the - terms of sections 15 and 16 of this License; or - - b) Requiring preservation of specified reasonable legal notices or - author attributions in that material or in the Appropriate Legal - Notices displayed by works containing it; or - - c) Prohibiting misrepresentation of the origin of that material, or - requiring that modified versions of such material be marked in - reasonable ways as different from the original version; or - - d) Limiting the use for publicity purposes of names of licensors or - authors of the material; or - - e) Declining to grant rights under trademark law for use of some - trade names, trademarks, or service marks; or - - f) Requiring indemnification of licensors and authors of that - material by anyone who conveys the material (or modified versions of - it) with contractual assumptions of liability to the recipient, for - any liability that these contractual assumptions directly impose on - those licensors and authors. - - All other non-permissive additional terms are considered "further -restrictions" within the meaning of section 10. If the Program as you -received it, or any part of it, contains a notice stating that it is -governed by this License along with a term that is a further -restriction, you may remove that term. If a license document contains -a further restriction but permits relicensing or conveying under this -License, you may add to a covered work material governed by the terms -of that license document, provided that the further restriction does -not survive such relicensing or conveying. - - If you add terms to a covered work in accord with this section, you -must place, in the relevant source files, a statement of the -additional terms that apply to those files, or a notice indicating -where to find the applicable terms. - - Additional terms, permissive or non-permissive, may be stated in the -form of a separately written license, or stated as exceptions; -the above requirements apply either way. - - 8. Termination. - - You may not propagate or modify a covered work except as expressly -provided under this License. Any attempt otherwise to propagate or -modify it is void, and will automatically terminate your rights under -this License (including any patent licenses granted under the third -paragraph of section 11). - - However, if you cease all violation of this License, then your -license from a particular copyright holder is reinstated (a) -provisionally, unless and until the copyright holder explicitly and -finally terminates your license, and (b) permanently, if the copyright -holder fails to notify you of the violation by some reasonable means -prior to 60 days after the cessation. - - Moreover, your license from a particular copyright holder is -reinstated permanently if the copyright holder notifies you of the -violation by some reasonable means, this is the first time you have -received notice of violation of this License (for any work) from that -copyright holder, and you cure the violation prior to 30 days after -your receipt of the notice. - - Termination of your rights under this section does not terminate the -licenses of parties who have received copies or rights from you under -this License. If your rights have been terminated and not permanently -reinstated, you do not qualify to receive new licenses for the same -material under section 10. - - 9. Acceptance Not Required for Having Copies. - - You are not required to accept this License in order to receive or -run a copy of the Program. Ancillary propagation of a covered work -occurring solely as a consequence of using peer-to-peer transmission -to receive a copy likewise does not require acceptance. However, -nothing other than this License grants you permission to propagate or -modify any covered work. These actions infringe copyright if you do -not accept this License. Therefore, by modifying or propagating a -covered work, you indicate your acceptance of this License to do so. - - 10. Automatic Licensing of Downstream Recipients. - - Each time you convey a covered work, the recipient automatically -receives a license from the original licensors, to run, modify and -propagate that work, subject to this License. You are not responsible -for enforcing compliance by third parties with this License. - - An "entity transaction" is a transaction transferring control of an -organization, or substantially all assets of one, or subdividing an -organization, or merging organizations. If propagation of a covered -work results from an entity transaction, each party to that -transaction who receives a copy of the work also receives whatever -licenses to the work the party's predecessor in interest had or could -give under the previous paragraph, plus a right to possession of the -Corresponding Source of the work from the predecessor in interest, if -the predecessor has it or can get it with reasonable efforts. - - You may not impose any further restrictions on the exercise of the -rights granted or affirmed under this License. For example, you may -not impose a license fee, royalty, or other charge for exercise of -rights granted under this License, and you may not initiate litigation -(including a cross-claim or counterclaim in a lawsuit) alleging that -any patent claim is infringed by making, using, selling, offering for -sale, or importing the Program or any portion of it. - - 11. Patents. - - A "contributor" is a copyright holder who authorizes use under this -License of the Program or a work on which the Program is based. The -work thus licensed is called the contributor's "contributor version". - - A contributor's "essential patent claims" are all patent claims -owned or controlled by the contributor, whether already acquired or -hereafter acquired, that would be infringed by some manner, permitted -by this License, of making, using, or selling its contributor version, -but do not include claims that would be infringed only as a -consequence of further modification of the contributor version. For -purposes of this definition, "control" includes the right to grant -patent sublicenses in a manner consistent with the requirements of -this License. - - Each contributor grants you a non-exclusive, worldwide, royalty-free -patent license under the contributor's essential patent claims, to -make, use, sell, offer for sale, import and otherwise run, modify and -propagate the contents of its contributor version. - - In the following three paragraphs, a "patent license" is any express -agreement or commitment, however denominated, not to enforce a patent -(such as an express permission to practice a patent or covenant not to -sue for patent infringement). To "grant" such a patent license to a -party means to make such an agreement or commitment not to enforce a -patent against the party. - - If you convey a covered work, knowingly relying on a patent license, -and the Corresponding Source of the work is not available for anyone -to copy, free of charge and under the terms of this License, through a -publicly available network server or other readily accessible means, -then you must either (1) cause the Corresponding Source to be so -available, or (2) arrange to deprive yourself of the benefit of the -patent license for this particular work, or (3) arrange, in a manner -consistent with the requirements of this License, to extend the patent -license to downstream recipients. "Knowingly relying" means you have -actual knowledge that, but for the patent license, your conveying the -covered work in a country, or your recipient's use of the covered work -in a country, would infringe one or more identifiable patents in that -country that you have reason to believe are valid. - - If, pursuant to or in connection with a single transaction or -arrangement, you convey, or propagate by procuring conveyance of, a -covered work, and grant a patent license to some of the parties -receiving the covered work authorizing them to use, propagate, modify -or convey a specific copy of the covered work, then the patent license -you grant is automatically extended to all recipients of the covered -work and works based on it. - - A patent license is "discriminatory" if it does not include within -the scope of its coverage, prohibits the exercise of, or is -conditioned on the non-exercise of one or more of the rights that are -specifically granted under this License. You may not convey a covered -work if you are a party to an arrangement with a third party that is -in the business of distributing software, under which you make payment -to the third party based on the extent of your activity of conveying -the work, and under which the third party grants, to any of the -parties who would receive the covered work from you, a discriminatory -patent license (a) in connection with copies of the covered work -conveyed by you (or copies made from those copies), or (b) primarily -for and in connection with specific products or compilations that -contain the covered work, unless you entered into that arrangement, -or that patent license was granted, prior to 28 March 2007. - - Nothing in this License shall be construed as excluding or limiting -any implied license or other defenses to infringement that may -otherwise be available to you under applicable patent law. - - 12. No Surrender of Others' Freedom. - - If conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot convey a -covered work so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you may -not convey it at all. For example, if you agree to terms that obligate you -to collect a royalty for further conveying from those to whom you convey -the Program, the only way you could satisfy both those terms and this -License would be to refrain entirely from conveying the Program. - - 13. Use with the GNU Affero General Public License. - - Notwithstanding any other provision of this License, you have -permission to link or combine any covered work with a work licensed -under version 3 of the GNU Affero General Public License into a single -combined work, and to convey the resulting work. The terms of this -License will continue to apply to the part which is the covered work, -but the special requirements of the GNU Affero General Public License, -section 13, concerning interaction through a network will apply to the -combination as such. - - 14. Revised Versions of this License. - - The Free Software Foundation may publish revised and/or new versions of -the GNU General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - - Each version is given a distinguishing version number. If the -Program specifies that a certain numbered version of the GNU General -Public License "or any later version" applies to it, you have the -option of following the terms and conditions either of that numbered -version or of any later version published by the Free Software -Foundation. If the Program does not specify a version number of the -GNU General Public License, you may choose any version ever published -by the Free Software Foundation. - - If the Program specifies that a proxy can decide which future -versions of the GNU General Public License can be used, that proxy's -public statement of acceptance of a version permanently authorizes you -to choose that version for the Program. - - Later license versions may give you additional or different -permissions. However, no additional obligations are imposed on any -author or copyright holder as a result of your choosing to follow a -later version. - - 15. Disclaimer of Warranty. - - THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY -APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT -HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY -OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM -IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF -ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - - 16. Limitation of Liability. - - IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS -THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY -GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE -USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF -DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD -PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), -EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF -SUCH DAMAGES. - - 17. Interpretation of Sections 15 and 16. - - If the disclaimer of warranty and limitation of liability provided -above cannot be given local legal effect according to their terms, -reviewing courts shall apply local law that most closely approximates -an absolute waiver of all civil liability in connection with the -Program, unless a warranty or assumption of liability accompanies a -copy of the Program in return for a fee. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -state the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - <one line to give the program's name and a brief idea of what it does.> - Copyright (C) <year> <name of author> - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. - -Also add information on how to contact you by electronic and paper mail. - - If the program does terminal interaction, make it output a short -notice like this when it starts in an interactive mode: - - <program> Copyright (C) <year> <name of author> - This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, your program's commands -might be different; for a GUI interface, you would use an "about box". - - You should also get your employer (if you work as a programmer) or school, -if any, to sign a "copyright disclaimer" for the program, if necessary. -For more information on this, and how to apply and follow the GNU GPL, see -<http://www.gnu.org/licenses/>. - - The GNU General Public License does not permit incorporating your program -into proprietary programs. If your program is a subroutine library, you -may consider it more useful to permit linking proprietary applications with -the library. If this is what you want to do, use the GNU Lesser General -Public License instead of this License. But first, please read -<http://www.gnu.org/philosophy/why-not-lgpl.html>. diff --git a/lib/facter/debian_codename.rb b/lib/facter/debian_codename.rb new file mode 100644 index 0000000..254877a --- /dev/null +++ b/lib/facter/debian_codename.rb @@ -0,0 +1,42 @@ +begin + require 'facter/util/debian' +rescue LoadError + require "#{File.dirname(__FILE__)}/util/debian" +end + +def version_to_codename(version) + if Facter::Util::Debian::CODENAMES.has_key?(version) + return Facter::Util::Debian::CODENAMES[version] + else + Facter.warn("Could not determine codename from version '#{version}'") + end +end + +Facter.add(:debian_codename) do + has_weight 99 + confine :operatingsystem => 'Debian' + setcode do + Facter.value('lsbdistcodename') + end +end + +Facter.add(:debian_codename) do + has_weight 66 + confine :operatingsystem => 'Debian' + setcode do + version_to_codename(Facter.value('operatingsystemmajrelease')) + end +end + +Facter.add(:debian_codename) do + has_weight 33 + confine :operatingsystem => 'Debian' + setcode do + debian_version = File.open('/etc/debian_version', &:readline) + if debian_version.match(/^\d+/) + version_to_codename(debian_version.scan(/^(\d+)/)[0][0]) + elsif debian_version.match(/^[a-z]+\/(sid|unstable)/) + debian_version.scan(/^([a-z]+)\//)[0][0] + end + end +end diff --git a/lib/facter/debian_lts.rb b/lib/facter/debian_lts.rb new file mode 100644 index 0000000..f53a9eb --- /dev/null +++ b/lib/facter/debian_lts.rb @@ -0,0 +1,16 @@ +begin + require 'facter/util/debian' +rescue LoadError + require "#{File.dirname(__FILE__)}/util/debian" +end + +Facter.add(:debian_lts) do + confine :operatingsystem => 'Debian' + setcode do + if Facter::Util::Debian::LTS.include? Facter.value('debian_codename') + true + else + false + end + end +end diff --git a/lib/facter/debian_nextcodename.rb b/lib/facter/debian_nextcodename.rb new file mode 100644 index 0000000..c4c569b --- /dev/null +++ b/lib/facter/debian_nextcodename.rb @@ -0,0 +1,23 @@ +begin + require 'facter/util/debian' +rescue LoadError + require "#{File.dirname(__FILE__)}/util/debian" +end + +def debian_codename_to_next(codename) + if codename == "sid" + return "experimental" + else + codenames = Facter::Util::Debian::CODENAMES + versions = Facter::Util::Debian::CODENAMES.invert + current_version = versions[codename] + return codenames[(current_version.to_i + 1).to_s] + end +end + +Facter.add(:debian_nextcodename) do + confine :operatingsystem => 'Debian' + setcode do + debian_codename_to_next(Facter.value('debian_codename')) + end +end diff --git a/lib/facter/debian_nextrelease.rb b/lib/facter/debian_nextrelease.rb new file mode 100644 index 0000000..2a9c4f5 --- /dev/null +++ b/lib/facter/debian_nextrelease.rb @@ -0,0 +1,23 @@ +def debian_release_to_next(release) + releases = [ + 'oldoldoldstable', + 'oldoldstable', + 'oldstable', + 'stable', + 'testing', + 'unstable', + 'experimental', + ] + if releases.include? release + if releases.index(release)+1 < releases.count + return releases[releases.index(release)+1] + end + end +end + +Facter.add(:debian_nextrelease) do + confine :operatingsystem => 'Debian' + setcode do + debian_release_to_next(Facter.value('debian_release')) + end +end diff --git a/lib/facter/debian_release.rb b/lib/facter/debian_release.rb new file mode 100644 index 0000000..2c334cc --- /dev/null +++ b/lib/facter/debian_release.rb @@ -0,0 +1,38 @@ +begin + require 'facter/util/debian' +rescue LoadError + require "#{File.dirname(__FILE__)}/util/debian" +end + +def debian_codename_to_release(codename) + stable = Facter::Util::Debian::STABLE + versions = Facter::Util::Debian::CODENAMES.invert + release = nil + if codename == "sid" + release = "unstable" + elsif versions.has_key? codename + version = versions[codename].to_i + if version == stable + release = "stable" + elsif version < stable + release = "stable" + for i in version..stable - 1 + release = "old" + release + end + elsif version == stable + 1 + release = "testing" + end + end + if release.nil? + Facter.warn("Could not determine release from codename #{codename}!") + end + return release +end + +Facter.add(:debian_release) do + has_weight 99 + confine :operatingsystem => 'Debian' + setcode do + debian_codename_to_release(Facter.value('debian_codename')) + end +end diff --git a/lib/facter/ubuntu_codename.rb b/lib/facter/ubuntu_codename.rb new file mode 100644 index 0000000..814fd94 --- /dev/null +++ b/lib/facter/ubuntu_codename.rb @@ -0,0 +1,8 @@ +Facter.add(:ubuntu_codename) do + confine :operatingsystem => 'Ubuntu' + setcode do + Facter.value('lsbdistcodename') + end +end + + diff --git a/lib/facter/ubuntu_nextcodename.rb b/lib/facter/ubuntu_nextcodename.rb new file mode 100644 index 0000000..dcd1d42 --- /dev/null +++ b/lib/facter/ubuntu_nextcodename.rb @@ -0,0 +1,20 @@ +begin + require 'facter/util/ubuntu' +rescue LoadError + require "#{File.dirname(__FILE__)}/util/ubuntu" +end + +def ubuntu_codename_to_next(codename) + codenames = Facter::Util::Ubuntu::CODENAMES + i = codenames.index(codename) + if i and i+1 < codenames.count + return codenames[i+1] + end +end + +Facter.add(:ubuntu_nextcodename) do + confine :operatingsystem => 'Ubuntu' + setcode do + ubuntu_codename_to_next(Facter.value('ubuntu_codename')) + end +end diff --git a/lib/facter/util/debian.rb b/lib/facter/util/debian.rb new file mode 100644 index 0000000..290c17b --- /dev/null +++ b/lib/facter/util/debian.rb @@ -0,0 +1,18 @@ +module Facter + module Util + module Debian + STABLE = 8 + CODENAMES = { + "5" => "lenny", + "6" => "squeeze", + "7" => "wheezy", + "8" => "jessie", + "9" => "stretch", + "10" => "buster", + } + LTS = [ + "squeeze", + ] + end + end +end diff --git a/lib/facter/util/ubuntu.rb b/lib/facter/util/ubuntu.rb new file mode 100644 index 0000000..52c15e8 --- /dev/null +++ b/lib/facter/util/ubuntu.rb @@ -0,0 +1,21 @@ +module Facter + module Util + module Ubuntu + CODENAMES = [ + "lucid", + "maverick", + "natty", + "oneiric", + "precise", + "quantal", + "raring", + "saucy", + "trusty", + "utopic", + "vivid", + "wily", + "xenial" + ] + end + end +end diff --git a/lib/puppet/parser/functions/debian_nextcodename.rb b/lib/puppet/parser/functions/debian_nextcodename.rb deleted file mode 100644 index ee59612..0000000 --- a/lib/puppet/parser/functions/debian_nextcodename.rb +++ /dev/null @@ -1,12 +0,0 @@ -module Puppet::Parser::Functions - newfunction(:debian_nextcodename, :type => :rvalue) do |args| - case args[0] - when "squeeze" then "wheezy" - when "wheezy" then "jessie" - when "jessie" then "stretch" - when "stretch" then "sid" - when "sid" then "experimental" - else "sid" - end - end -end diff --git a/lib/puppet/parser/functions/debian_nextrelease.rb b/lib/puppet/parser/functions/debian_nextrelease.rb deleted file mode 100644 index 76c3e0d..0000000 --- a/lib/puppet/parser/functions/debian_nextrelease.rb +++ /dev/null @@ -1,11 +0,0 @@ -module Puppet::Parser::Functions - newfunction(:debian_nextrelease, :type => :rvalue) do |args| - case args[0] - when 'oldstable' then 'stable' - when 'stable' then 'testing' - when 'testing' then 'unstable' - when 'unstable' then 'experimental' - else 'unstable' - end - end -end diff --git a/lib/puppet/parser/functions/debian_release.rb b/lib/puppet/parser/functions/debian_release.rb deleted file mode 100644 index 3f24ad0..0000000 --- a/lib/puppet/parser/functions/debian_release.rb +++ /dev/null @@ -1,13 +0,0 @@ -module Puppet::Parser::Functions - newfunction(:debian_release, :type => :rvalue) do |args| - case args[0] - when 'squeeze' then 'oldoldstable' - when 'wheezy' then 'oldstable' - when 'jessie' then 'stable' - when 'stretch' then 'testing' - when 'sid' then 'unstable' - when 'experimental' then 'experimental' - else 'testing' - end - end -end diff --git a/lib/puppet/parser/functions/debian_release_version.rb b/lib/puppet/parser/functions/debian_release_version.rb deleted file mode 100644 index 32cafcb..0000000 --- a/lib/puppet/parser/functions/debian_release_version.rb +++ /dev/null @@ -1,12 +0,0 @@ -module Puppet::Parser::Functions - newfunction(:debian_release_version, :type => :rvalue) do |args| - case args[0] - when 'squeeze' then '6.0' - when 'wheezy' then '7.0' - when 'jessie' then '8.0' - when 'stretch' then '9.0' - when 'buster' then '10.0' - else '' - end - end -end diff --git a/manifests/apt_conf.pp b/manifests/apt_conf.pp index f446c69..949f615 100644 --- a/manifests/apt_conf.pp +++ b/manifests/apt_conf.pp @@ -38,7 +38,7 @@ define apt::apt_conf( if $refresh_apt { File["/etc/apt/apt.conf.d/${name}"] { - notify => Exec['refresh_apt'], + notify => Exec['apt_updated'], } } diff --git a/manifests/apticron.pp b/manifests/apticron.pp index 54d7b71..9c94f9c 100644 --- a/manifests/apticron.pp +++ b/manifests/apticron.pp @@ -1,6 +1,6 @@ class apt::apticron( $ensure_version = 'installed', - $config = "apt/${::operatingsystem}/apticron_${::lsbdistcodename}.erb", + $config = "apt/${::operatingsystem}/apticron_${::debian_codename}.erb", $email = 'root', $diff_only = '1', $listchanges_profile = 'apticron', diff --git a/manifests/dist_upgrade.pp b/manifests/dist_upgrade.pp index bf78dcc..19c031e 100644 --- a/manifests/dist_upgrade.pp +++ b/manifests/dist_upgrade.pp @@ -1,18 +1,9 @@ class apt::dist_upgrade { - if $apt::disable_update == false { - include apt::update - } - - $req = $apt::disable_update ? { - true => undef, - default => Exec['apt_updated'], - } - exec { 'apt_dist-upgrade': command => '/usr/bin/apt-get -q -y -o \'DPkg::Options::=--force-confold\' dist-upgrade', refreshonly => true, - require => $req + before => Exec['apt_updated'] } } diff --git a/manifests/dot_d_directories.pp b/manifests/dot_d_directories.pp index 37c3fc8..0ace863 100644 --- a/manifests/dot_d_directories.pp +++ b/manifests/dot_d_directories.pp @@ -5,18 +5,11 @@ class apt::dot_d_directories { '/etc/apt/apt.conf.d': ensure => directory, checksum => mtime, - notify => Exec['refresh_apt']; + notify => Exec['apt_updated']; '/etc/apt/sources.list.d': ensure => directory, checksum => mtime, - notify => Exec['refresh_apt']; - } - - exec { - # "&& sleep 1" is workaround for older(?) clients - 'refresh_apt': - command => '/usr/bin/apt-get update && sleep 1', - refreshonly => true, + notify => Exec['apt_updated']; } } diff --git a/manifests/init.pp b/manifests/init.pp index 062be4c..4c44af2 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -4,7 +4,6 @@ # See LICENSE for the full license granted to you. class apt( - $codename = $apt::params::codename, $use_lts = $apt::params::use_lts, $use_volatile = $apt::params::use_volatile, $use_backports = $apt::params::use_backports, @@ -19,7 +18,6 @@ class apt( $repos = $apt::params::repos, $custom_preferences = $apt::params::custom_preferences, $custom_sources_list = '', - $disable_update = $apt::params::disable_update, $custom_key_dir = $apt::params::custom_key_dir ) inherits apt::params { case $::operatingsystem { @@ -42,32 +40,16 @@ class apt( require => undef, } - include lsb - - # init $release, $next_release, $next_codename, $release_version - case $codename { - 'n/a': { - fail("Unknown lsbdistcodename reported by facter: '$::lsbdistcodename', please fix this by setting this variable in your manifest.") - } - default: { - $release = debian_release($codename) - } - } - $release_version = debian_release_version($codename) - $next_codename = debian_nextcodename($codename) - $next_release = debian_nextrelease($release) - $sources_content = $custom_sources_list ? { '' => template( "apt/${::operatingsystem}/sources.list.erb"), default => $custom_sources_list } file { - # include main, security and backports + # include main and security # additional sources should be included via the apt::sources_list define '/etc/apt/sources.list': content => $sources_content, - require => Package['lsb'], - notify => Exec['refresh_apt'], + notify => Exec['apt_updated'], owner => root, group => 0, mode => '0644'; @@ -114,6 +96,19 @@ class apt( # backports uses the normal archive key now package { 'debian-backports-keyring': ensure => absent } + if ($use_backports and !($::debian_release in ['testing', 'unstable', 'experimental'])) { + apt::sources_list { + 'backports': + content => "deb $backports_url ${::debian_codename}-backports ${apt::real_repos}", + } + if $include_src { + apt::sources_list { + 'backports-src': + content => "deb-src $backports_url ${::debian_codename}-backports ${apt::real_repos}", + } + } + } + include common::moduledir common::module_dir { 'apt': } $apt_base_dir = "${common::moduledir::module_dir_path}/apt" @@ -127,21 +122,29 @@ class apt( mode => '0755', } exec { 'custom_keys': - command => "find ${apt_base_dir}/keys.d -type f -exec apt-key add '{}' \\; && /usr/bin/apt-get update", + command => "find ${apt_base_dir}/keys.d -type f -exec apt-key add '{}' \\;", subscribe => File["${apt_base_dir}/keys.d"], refreshonly => true, + notify => Exec[refresh_apt] } if $custom_preferences != false { Exec['custom_keys'] { - before => [ Exec[refresh_apt], File['apt_config'] ] - } - } else { - Exec['custom_keys'] { - before => Exec[refresh_apt] + before => File['apt_config'] } } } # workaround for preseeded_package component file { [ '/var/cache', '/var/cache/local', '/var/cache/local/preseeding' ]: ensure => directory } + + exec { 'update_apt': + command => '/usr/bin/apt-get update', + require => [ + File['/etc/apt/apt.conf.d', '/etc/apt/preferences' ], + File['/etc/apt/sources.list'] ], + refreshonly => true, + # Another Semaphor for all packages to reference + alias => [ 'apt_updated', 'refresh_apt'] + } + } diff --git a/manifests/key.pp b/manifests/key.pp new file mode 100644 index 0000000..cb70ec6 --- /dev/null +++ b/manifests/key.pp @@ -0,0 +1,13 @@ +define apt::key ($source, $ensure = 'present') { + validate_re( + $name, '\.gpg$', + 'An apt::key resource name must have the .gpg extension', + ) + + file { + "/etc/apt/trusted.gpg.d/${name}": + ensure => $ensure, + source => $source, + notify => Exec['apt_updated'], + } +} diff --git a/manifests/key/plain.pp b/manifests/key/plain.pp new file mode 100644 index 0000000..dff8b51 --- /dev/null +++ b/manifests/key/plain.pp @@ -0,0 +1,13 @@ +define apt::key::plain ($source) { + file { + "${apt::apt_base_dir}/keys/${name}": + source => $source; + "${apt::apt_base_dir}/keys": + ensure => directory; + } + exec { "apt-key add '${apt::apt_base_dir}/keys/${name}'": + subscribe => File["${apt::apt_base_dir}/keys/${name}"], + refreshonly => true, + notify => Exec['apt_updated'], + } +} diff --git a/manifests/listchanges.pp b/manifests/listchanges.pp index 0c163ae..e64bb1b 100644 --- a/manifests/listchanges.pp +++ b/manifests/listchanges.pp @@ -1,6 +1,6 @@ class apt::listchanges( $ensure_version = 'installed', - $config = "apt/${::operatingsystem}/listchanges_${::lsbdistcodename}.erb", + $config = "apt/${::operatingsystem}/listchanges_${::debian_codename}.erb", $frontend = 'mail', $email = 'root', $confirm = '0', diff --git a/manifests/params.pp b/manifests/params.pp index a1c7392..28af06e 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -1,5 +1,4 @@ class apt::params () { - $codename = $::lsbdistcodename $use_lts = false $use_volatile = false $use_backports = true @@ -7,15 +6,17 @@ class apt::params () { $use_next_release = false $debian_url = 'http://httpredir.debian.org/debian/' $security_url = 'http://security.debian.org/' - $backports_url = $::lsbdistcodename ? { + $ubuntu_url = 'http://archive.ubuntu.com/ubuntu' + $backports_url = $::debian_codename ? { 'squeeze' => 'http://backports.debian.org/debian-backports/', - default => $debian_url + default => $::operatingsystem ? { + 'Ubuntu' => $ubuntu_url, + default => $debian_url, + } } $lts_url = $debian_url $volatile_url = 'http://volatile.debian.org/debian-volatile/' - $ubuntu_url = 'http://archive.ubuntu.com/ubuntu' $repos = 'auto' $custom_preferences = '' - $disable_update = false $custom_key_dir = false } diff --git a/manifests/preferences.pp b/manifests/preferences.pp index 9ed24c1..6982ca0 100644 --- a/manifests/preferences.pp +++ b/manifests/preferences.pp @@ -2,8 +2,8 @@ class apt::preferences { $pref_contents = $apt::custom_preferences ? { '' => $::operatingsystem ? { - 'debian' => template("apt/${::operatingsystem}/preferences_${apt::codename}.erb"), - 'ubuntu' => template("apt/${::operatingsystem}/preferences_${apt::codename}.erb"), + 'debian' => template("apt/${::operatingsystem}/preferences_${::debian_codename}.erb"), + 'ubuntu' => template("apt/${::operatingsystem}/preferences_${::ubuntu_codename}.erb"), }, default => $apt::custom_preferences } diff --git a/manifests/preferences_snippet.pp b/manifests/preferences_snippet.pp index 0c7b7bb..b7dba0d 100644 --- a/manifests/preferences_snippet.pp +++ b/manifests/preferences_snippet.pp @@ -31,7 +31,8 @@ define apt::preferences_snippet ( file { "/etc/apt/preferences.d/${name}": ensure => $ensure, - owner => root, group => 0, mode => '0644'; + owner => root, group => 0, mode => '0644', + before => Exec['apt_updated']; } case $source { diff --git a/manifests/preseeded_package.pp b/manifests/preseeded_package.pp index 9bca8b1..3ef0687 100644 --- a/manifests/preseeded_package.pp +++ b/manifests/preseeded_package.pp @@ -4,7 +4,7 @@ define apt::preseeded_package ( ) { $seedfile = "/var/cache/local/preseeding/${name}.seeds" $real_content = $content ? { - '' => template ( "site_apt/${::lsbdistcodename}/${name}.seeds" ), + '' => template ( "site_apt/${::debian_codename}/${name}.seeds" ), default => $content } diff --git a/manifests/sources_list.pp b/manifests/sources_list.pp index aefad2d..0ee068d 100644 --- a/manifests/sources_list.pp +++ b/manifests/sources_list.pp @@ -23,7 +23,7 @@ define apt::sources_list ( file { "/etc/apt/sources.list.d/${realname}.list": ensure => $ensure, owner => root, group => 0, mode => '0644', - notify => Exec['refresh_apt'], + notify => Exec['apt_updated'], } if $source { diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp index 6cb0518..52d7542 100644 --- a/manifests/unattended_upgrades.pp +++ b/manifests/unattended_upgrades.pp @@ -1,5 +1,6 @@ class apt::unattended_upgrades ( $config_content = undef, + $config_template = 'apt/50unattended-upgrades.erb', $mailonlyonerror = true, $mail_recipient = 'root', $blacklisted_packages = [], @@ -10,8 +11,18 @@ class apt::unattended_upgrades ( ensure => $ensure_version } + # For some reason, this directory is sometimes absent, which causes + # unattended-upgrades to crash. + file { '/var/log/unattended-upgrades': + ensure => directory, + owner => 'root', + group => 0, + mode => '0755', + require => Package['unattended-upgrades'], + } + $file_content = $config_content ? { - undef => template('apt/50unattended-upgrades.erb'), + undef => template($config_template), default => $config_content } diff --git a/manifests/update.pp b/manifests/update.pp index 3f45125..dde8320 100644 --- a/manifests/update.pp +++ b/manifests/update.pp @@ -1,13 +1,7 @@ -class apt::update { +class apt::update inherits ::apt { - exec { 'update_apt': - command => '/usr/bin/apt-get update && /usr/bin/apt-get autoclean', - require => [ - File['/etc/apt/apt.conf.d', '/etc/apt/preferences' ], - File['/etc/apt/sources.list'] ], - loglevel => info, - # Another Semaphor for all packages to reference - alias => 'apt_updated' + Exec['update_apt'] { + refreshonly => false } } diff --git a/manifests/upgrade_package.pp b/manifests/upgrade_package.pp index d607150..30572c9 100644 --- a/manifests/upgrade_package.pp +++ b/manifests/upgrade_package.pp @@ -2,10 +2,6 @@ define apt::upgrade_package ( $version = '' ) { - if $apt::disable_update == false { - include apt::update - } - $version_suffix = $version ? { '' => '', 'latest' => '', @@ -26,17 +22,10 @@ define apt::upgrade_package ( } } - $req = $apt::disable_update ? { - true => Package['apt-show-versions', 'dctrl-tools'], - default => [ - Exec['apt_updated'], - Package['apt-show-versions', 'dctrl-tools'] - ], - } - exec { "apt-get -q -y -o 'DPkg::Options::=--force-confold' install ${name}${version_suffix}": onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ], - require => $req + require => Package['apt-show-versions', 'dctrl-tools'], + before => Exec['apt_updated'] } } diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb new file mode 100644 index 0000000..21d1a98 --- /dev/null +++ b/spec/spec_helper.rb @@ -0,0 +1,12 @@ +# https://puppetlabs.com/blog/testing-modules-in-the-puppet-forge +require 'rspec-puppet' +require 'mocha/api' + +RSpec.configure do |c| + + c.module_path = File.expand_path(File.join(File.dirname(__FILE__), '..', '..')) + c.color = true + + #Puppet.features.stubs(:root? => true) + +end diff --git a/spec/unit/custom_facts_spec.rb b/spec/unit/custom_facts_spec.rb new file mode 100644 index 0000000..9a28d92 --- /dev/null +++ b/spec/unit/custom_facts_spec.rb @@ -0,0 +1,86 @@ +require "spec_helper" + +describe "Facter::Util::Fact" do + before { + Facter.clear + } + + describe 'custom facts' do + + context 'Debian 7' do + before do + Facter.fact(:operatingsystem).stubs(:value).returns("Debian") + Facter.fact(:operatingsystemrelease).stubs(:value).returns("7.8") + Facter.fact(:lsbdistcodename).stubs(:value).returns("wheezy") + end + + it "debian_release = oldstable" do + expect(Facter.fact(:debian_release).value).to eq('oldstable') + end + + it "debian_codename = wheezy" do + expect(Facter.fact(:debian_codename).value).to eq('wheezy') + end + + it "debian_nextcodename = jessie" do + expect(Facter.fact(:debian_nextcodename).value).to eq('jessie') + end + + it "debian_nextrelease = stable" do + expect(Facter.fact(:debian_nextrelease).value).to eq('stable') + end + end + + context 'Debian 8' do + before do + Facter.fact(:operatingsystem).stubs(:value).returns("Debian") + Facter.fact(:operatingsystemrelease).stubs(:value).returns("8.0") + Facter.fact(:lsbdistcodename).stubs(:value).returns("jessie") + end + + it "debian_release = stable" do + expect(Facter.fact(:debian_release).value).to eq('stable') + end + + it "debian_codename = jessie" do + expect(Facter.fact(:debian_codename).value).to eq('jessie') + end + + it "debian_nextcodename = stretch" do + expect(Facter.fact(:debian_nextcodename).value).to eq('stretch') + end + + it "debian_nextrelease = testing" do + expect(Facter.fact(:debian_nextrelease).value).to eq('testing') + end + end + + context 'Ubuntu 15.10' do + before do + Facter.fact(:operatingsystem).stubs(:value).returns("Ubuntu") + Facter.fact(:operatingsystemrelease).stubs(:value).returns("15.10") + Facter.fact(:lsbdistcodename).stubs(:value).returns("wily") + end + + it "ubuntu_codename = wily" do + expect(Facter.fact(:ubuntu_codename).value).to eq('wily') + end + + it "ubuntu_nextcodename = xenial" do + expect(Facter.fact(:ubuntu_nextcodename).value).to eq('xenial') + end + end + end + + describe "Test 'apt_running' fact" do + it "should return true when apt-get is running" do + Facter::Util::Resolution.stubs(:exec).with("pgrep apt-get >/dev/null 2>&1 && echo true || echo false").returns("true") + expect(Facter.fact(:apt_running).value).to eq('true') + end + it "should return false when apt-get is not running" do + Facter::Util::Resolution.stubs(:exec).with("pgrep apt-get >/dev/null 2>&1 && echo true || echo false").returns("false") + expect(Facter.fact(:apt_running).value).to eq('false') + end + end + +end diff --git a/templates/50unattended-upgrades.erb b/templates/50unattended-upgrades.erb index 23c5c89..7c65d10 100644 --- a/templates/50unattended-upgrades.erb +++ b/templates/50unattended-upgrades.erb @@ -5,14 +5,18 @@ Unattended-Upgrade::Allowed-Origins { "${distro_id}:${distro_codename}-security"; "${distro_id}:${distro_codename}-updates"; "${distro_id}:${distro_codename}-backports"; -<% elsif scope.lookupvar('::operatingsystem') == 'Debian' and scope.lookupvar('::operatingsystemmajrelease') == 6 -%> +<% elsif scope.lookupvar('::operatingsystem') == 'Debian' and scope.lookupvar('::debian_codename') == 'squeeze' -%> Unattended-Upgrade::Allowed-Origins { - "${distro_id}:oldoldstable"; + "${distro_id}:<%= scope.lookupvar('::debian_release') %>"; "${distro_id}:squeeze-lts"; -<% else -%> +<% elsif scope.lookupvar('::operatingsystem') == 'Debian' and scope.lookupvar('::debian_codename') == 'wheezy' -%> Unattended-Upgrade::Origins-Pattern { - "origin=Debian,archive=<%= scope.lookupvar('::apt::release') %>,label=Debian-Security"; + "origin=Debian,archive=<%= scope.lookupvar('::debian_release') %>,label=Debian-Security"; "origin=Debian,archive=${distro_codename}-lts"; +<% else -%> +Unattended-Upgrade::Origins-Pattern { + "origin=Debian,codename=${distro_codename},label=Debian"; + "origin=Debian,codename=${distro_codename},label=Debian-Security"; <% end -%> }; diff --git a/templates/Debian/preferences_jessie.erb b/templates/Debian/preferences_jessie.erb index 4f8e95c..0888abe 100644 --- a/templates/Debian/preferences_jessie.erb +++ b/templates/Debian/preferences_jessie.erb @@ -1,4 +1,4 @@ -Explanation: Debian <%= codename=scope.lookupvar('apt::codename') %> +Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %> Package: * Pin: release o=Debian,n=<%= codename %> Pin-Priority: 990 diff --git a/templates/Debian/preferences_lenny.erb b/templates/Debian/preferences_lenny.erb index 5c3c829..6500168 100644 --- a/templates/Debian/preferences_lenny.erb +++ b/templates/Debian/preferences_lenny.erb @@ -1,6 +1,6 @@ -Explanation: Debian <%= codename=scope.lookupvar('apt::codename') %> +Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %> Package: * -Pin: release o=Debian,a=<%= scope.lookupvar('apt::release') %>,v=<%= scope.lookupvar('apt::release_version') %>* +Pin: release o=Debian,a=<%= scope.lookupvar('::debian_release') %>,v=5* Pin-Priority: 990 Explanation: Debian backports @@ -8,7 +8,7 @@ Package: * Pin: origin backports.debian.org Pin-Priority: 200 -Explanation: Debian <%= next_release=scope.lookupvar('apt::next_release') %> +Explanation: Debian <%= next_release=scope.lookupvar('::debian_nextrelease') %> Package: * Pin: release o=Debian,a=<%= next_release %> Pin-Priority: 2 diff --git a/templates/Debian/preferences_squeeze.erb b/templates/Debian/preferences_squeeze.erb index 838b3a1..885edc7 100644 --- a/templates/Debian/preferences_squeeze.erb +++ b/templates/Debian/preferences_squeeze.erb @@ -1,4 +1,4 @@ -Explanation: Debian <%= codename=scope.lookupvar('apt::codename') %> +Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %> Package: * Pin: release o=Debian,n=<%= codename %> Pin-Priority: 990 @@ -13,7 +13,7 @@ Package: * Pin: release o=Debian,n=<%= codename %>-lts Pin-Priority: 990 -Explanation: Debian <%= next_codename=scope.lookupvar('apt::next_codename') %> +Explanation: Debian <%= next_codename=scope.lookupvar('::debian_nextcodename') %> Package: * Pin: release o=Debian,n=<%= next_codename %> Pin-Priority: 2 diff --git a/templates/Debian/preferences_wheezy.erb b/templates/Debian/preferences_wheezy.erb index 0cc0e5c..106108d 100644 --- a/templates/Debian/preferences_wheezy.erb +++ b/templates/Debian/preferences_wheezy.erb @@ -1,4 +1,4 @@ -Explanation: Debian <%= codename=scope.lookupvar('apt::codename') %> +Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %> Package: * Pin: release o=Debian,n=<%= codename %> Pin-Priority: 990 diff --git a/templates/Debian/sources.list.erb b/templates/Debian/sources.list.erb index ce43135..44eea53 100644 --- a/templates/Debian/sources.list.erb +++ b/templates/Debian/sources.list.erb @@ -1,7 +1,7 @@ # This file is managed by puppet # all local modifications will be overwritten -### Debian current: <%= codename=scope.lookupvar('apt::codename') %> +### Debian current: <%= codename=scope.lookupvar('::debian_codename') %> # basic deb <%= debian_url=scope.lookupvar('apt::debian_url') %> <%= codename %> <%= lrepos=scope.lookupvar('apt::real_repos') %> @@ -10,7 +10,7 @@ deb-src <%= debian_url %> <%= codename %> <%= lrepos %> <% end -%> # security -<% if ((release=scope.lookupvar('apt::release')) == "stable" || release == "oldstable") -%> +<% if ((release=scope.lookupvar('::debian_release')) == "stable" || release == "oldstable") -%> deb <%= security_url=scope.lookupvar('apt::security_url') %> <%= codename %>/updates <%= lrepos %> <% if include_src -%> deb-src <%= security_url %> <%= codename %>/updates <%= lrepos %> @@ -19,18 +19,6 @@ deb-src <%= security_url %> <%= codename %>/updates <%= lrepos %> # There is no security support for <%= release %> <% end -%> -<% if use_backports=scope.lookupvar('apt::use_backports') -%> -# backports -<% if (release == "testing" || release == "unstable" || release == "experimental") -%> -# There is no backports archive for <%= release %> -<% else -%> -deb <%= backports_url=scope.lookupvar('apt::backports_url') %> <%= codename %>-backports <%= lrepos %> -<% if include_src -%> -deb-src <%= backports_url %> <%= codename %>-backports <%= lrepos %> -<% end - end - end -%> - <% if use_volatile=scope.lookupvar('apt::use_volatile') -%> # volatile <% if (release == "testing" || release == "unstable" || release == "experimental") -%> @@ -45,7 +33,7 @@ deb-src <%= debian_url %> <%= codename %>-updates <%= lrepos %> <% if use_lts=scope.lookupvar('apt::use_lts') -%> # LTS -<% if release != "oldoldstable" -%> +<% if release_lts=scope.lookupvar('::debian_lts') == "false" -%> # There is no LTS archive for <%= release %> <% else -%> deb <%= debian_url %> <%= codename %>-lts <%= lrepos %> @@ -56,7 +44,7 @@ deb-src <%= debian_url %> <%= codename %>-lts <%= lrepos %> <% end -%> <% if next_release=scope.lookupvar('apt::use_next_release') -%> -### Debian next: <%= next_release=scope.lookupvar('apt::next_release') ; next_codename=scope.lookupvar('apt::next_codename') %> +### Debian next: <%= next_release=scope.lookupvar('::debian_nextrelease') ; next_codename=scope.lookupvar('::debian_nextcodename') %> # basic deb <%= debian_url %> <%= next_codename %> <%= lrepos %> diff --git a/templates/Ubuntu/preferences_maverick.erb b/templates/Ubuntu/preferences_maverick.erb index 801ddd4..8e5481d 100644 --- a/templates/Ubuntu/preferences_maverick.erb +++ b/templates/Ubuntu/preferences_maverick.erb @@ -1,4 +1,4 @@ -Explanation: Ubuntu <%= codename=scope.lookupvar('apt::codename') %> security +Explanation: Ubuntu <%= codename=scope.lookupvar('::ubuntu_codename') %> security Package: * Pin: release o=Ubuntu,a=<%= codename %>-security Pin-Priority: 990 @@ -18,7 +18,7 @@ Package: * Pin: release a=<%= codename %>-backports Pin-Priority: 200 -Explanation: Ubuntu <%= next_release=scope.lookupvar('apt::next_release') %> +Explanation: Ubuntu <%= next_release=scope.lookupvar('::ubuntu_nextcodename') %> Package: * Pin: release o=Ubuntu,a=<%= next_release %> Pin-Priority: 2 diff --git a/templates/Ubuntu/preferences_vivid.erb b/templates/Ubuntu/preferences_vivid.erb new file mode 120000 index 0000000..3debe4f --- /dev/null +++ b/templates/Ubuntu/preferences_vivid.erb @@ -0,0 +1 @@ +preferences_maverick.erb
\ No newline at end of file diff --git a/templates/Ubuntu/preferences_wily.erb b/templates/Ubuntu/preferences_wily.erb new file mode 120000 index 0000000..3debe4f --- /dev/null +++ b/templates/Ubuntu/preferences_wily.erb @@ -0,0 +1 @@ +preferences_maverick.erb
\ No newline at end of file diff --git a/templates/Ubuntu/preferences_xenial.erb b/templates/Ubuntu/preferences_xenial.erb new file mode 120000 index 0000000..3debe4f --- /dev/null +++ b/templates/Ubuntu/preferences_xenial.erb @@ -0,0 +1 @@ +preferences_maverick.erb
\ No newline at end of file diff --git a/templates/Ubuntu/sources.list.erb b/templates/Ubuntu/sources.list.erb index 213f051..e6d2f64 100644 --- a/templates/Ubuntu/sources.list.erb +++ b/templates/Ubuntu/sources.list.erb @@ -1,7 +1,7 @@ # This file is managed by puppet # all local modifications will be overwritten -# basic <%= codename=scope.lookupvar('apt::codename') %> +# basic <%= codename=scope.lookupvar('::ubuntu_codename') %> deb <%= ubuntu_url=scope.lookupvar('apt::ubuntu_url') %> <%= codename %> <%= lrepos=scope.lookupvar('apt::real_repos') %> <% if include_src=scope.lookupvar('apt::include_src') -%> deb-src <%= ubuntu_url %> <%= codename %> <%= lrepos %> @@ -20,11 +20,3 @@ deb <%= ubuntu_url %> <%= codename %>-security <%= lrepos %> <% if include_src -%> deb-src <%= ubuntu_url %> <%= codename %>-security <%= lrepos %> <% end -%> - -<% if use_backports=scope.lookupvar('apt::use_backports') -%> -# backports -deb <%= ubuntu_url %> <%= codename %>-backports <%= lrepos %> -<% if include_src -%> -deb-src <%= ubuntu_url %> <%= codename %>-backports <%= lrepos %> -<% end - end -%> |