7 files changed, 63 insertions, 56 deletions

diff --git a/README b/README
index be80c62..1d43284 100644
--- a/README
+++ b/README
@@ -155,6 +155,15 @@ $apt_repos
 If this variable is set the default repositories list ("main contrib non-free")
 is overriden.
 
+$apt_disable_update
+-------------------
+
+Disable "apt-get update" which is normally triggered by apt::upgrade_package 
+and apt::dist_upgrade. 
+Note that nodes can be updated once a day by using 
+  APT::Periodic::Update-Package-Lists "1";
+in i.e. /etc/apt/apt.conf.d/80_apt_update_daily.
+
 Classes
 =======
 
diff --git a/files/50unattended-upgrades b/files/50unattended-upgrades
index 46fc0dc..36c1f54 100644
--- a/files/50unattended-upgrades
+++ b/files/50unattended-upgrades
@@ -1,58 +1,19 @@
 // this file is managed by puppet !
-//
-//See https://wiki.ubuntu.com/AutomaticUpdates for more details about this feature.
 
-// allowed (origin, archive) pairs
-Unattended-Upgrade::Allowed-Origins {
-	"Debian stable";
-	"Debian-Security stable";
-//	"Debian testing";
+Unattended-Upgrade::Origins-Pattern {
+  // Debian
+  "o=${distro_id},n=${distro_codename}";
+  "o=${distro_id},n=${distro_codename},l=Debian-security";
+  "o=${distro_id} Backports,n=${distro_codename}-backports";  
+  // Ubuntu specific 
+  "o=${distro_id},a=${distro_codename}-security";
+  "o=${distro_id},a=${distro_codename}-backports";
+  "o=${distro_id},a=${distro_codename}-proposed";
 };
 
 APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Download-Upgradeable-Packages "1";
 APT::Periodic::Unattended-Upgrade "1";
+
 Unattended-Upgrade::Mail "root";
 Unattended-Upgrade::MailOnlyOnError "true";
-
-APT::UnattendedUpgrades::LogDir "/var/log/";
-APT::UnattendedUpgrades::LogFile "unattended_upgrades.log";
-
-Unattended-Upgrade::Package-Blacklist {
-	// we don't want the kernel to be updated so nagios still can give a warning if there is
-	// a manual update (and reboot) left
-
-        "linux-image-*";
-
-	// unfortunately there seems to be a bug in unattended-upgrades <= 0.62 that wildcards aren't recognized:
-	//2009-12-11 13:41:43,267 INFO Initial blacklisted packages: linux-image-*
-	//2009-12-11 13:41:43,267 INFO Starting unattended upgrades script
-	//2009-12-11 13:41:43,267 INFO Allowed origins are: ["['Debian', 'stable']", "['Debian-Security', 'stable']"]
-	//2009-12-11 13:41:45,233 INFO Packages that are upgraded: linux-image-2.6.26-2-amd64
-	//2009-12-11 13:41:45,233 INFO Writing dpkg log to '/var/log/unattended-upgrades-dpkg_2009-12-11_13:41:45.233713.log'
-	//2009-12-11 13:42:11,988 INFO All upgrades installed
-
-        // lenny
-	"linux-image-2.6.26-1-686";
-	"linux-image-2.6.26-1-amd64";
-        "linux-image-2.6.26-1-xen-686";
-        "linux-image-2.6.26-1-xen-amd64";
-	"linux-image-2.6.26-1-vserver-686";
-	"linux-image-2.6.26-1-vserver-amd64";
-
-	"linux-image-2.6.26-2-686";
-	"linux-image-2.6.26-2-amd64";
-        "linux-image-2.6.26-2-xen-686";
-        "linux-image-2.6.26-2-xen-amd64";
-	"linux-image-2.6.26-2-vserver-686";
-	"linux-image-2.6.26-2-vserver-amd64";
-
-	// squeeze
-	"linux-image-2.6.32-5-686";
-	"linux-image-2.6.32-5-amd64";
-	"linux-image-2.6.32-5-xen-686";
-	"linux-image-2.6.32-5-xen-amd64";
-	"linux-image-2.6.32-5-vserver-686";
-	"linux-image-2.6.32-5-vserver-amd64";
-
-};
-
diff --git a/files/lenny/50unattended-upgrades b/files/lenny/50unattended-upgrades
new file mode 100644
index 0000000..d55bb29
--- /dev/null
+++ b/files/lenny/50unattended-upgrades
@@ -0,0 +1,13 @@
+// this file is managed by puppet !
+
+Unattended-Upgrade::Allowed-Origins {
+	"Debian oldstable";
+	"Debian-Security oldstable";
+};
+
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Download-Upgradeable-Packages "1";
+APT::Periodic::Unattended-Upgrade "1";
+
+Unattended-Upgrade::Mail "root";
+
diff --git a/files/squeeze/50unattended-upgrades b/files/squeeze/50unattended-upgrades
new file mode 100644
index 0000000..0901ad3
--- /dev/null
+++ b/files/squeeze/50unattended-upgrades
@@ -0,0 +1,14 @@
+// this file is managed by puppet !
+
+Unattended-Upgrade::Allowed-Origins {
+        "${distro_id}:stable";
+        "${distro_id}:${distro_codename}-security";
+        "${distro_id}:${distro_codename}-updates";
+        "${distro_id} Backports:${distro_codename}-backports";
+};
+
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Download-Upgradeable-Packages "1";
+APT::Periodic::Unattended-Upgrade "1";
+
+Unattended-Upgrade::Mail "root";
diff --git a/manifests/dist_upgrade.pp b/manifests/dist_upgrade.pp
index 9e26769..47b1cff 100644
--- a/manifests/dist_upgrade.pp
+++ b/manifests/dist_upgrade.pp
@@ -1,6 +1,8 @@
 class apt::dist_upgrade {
 
-  include apt::update
+  if $apt::disable_update == false {
+    include apt::update
+  }
 
   exec { 'apt_dist-upgrade':
     command     => "/usr/bin/apt-get -q -y -o 'DPkg::Options::=--force-confold' dist-upgrade",
diff --git a/manifests/init.pp b/manifests/init.pp
index 802da3a..d102f53 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -40,6 +40,11 @@ class apt {
     ''      => 'http://archive.ubuntu.com/ubuntu',
     default => "${apt_ubuntu_url}",
   }
+  $disable_update = $apt_disable_update ? {
+    ''      => false,
+    default => $apt_disable_update  
+  }
+
   case $operatingsystem {
     'debian': {
       $repos = $apt_repos ? {
diff --git a/manifests/upgrade_package.pp b/manifests/upgrade_package.pp
index 9202624..2ce6932 100644
--- a/manifests/upgrade_package.pp
+++ b/manifests/upgrade_package.pp
@@ -1,6 +1,8 @@
 define apt::upgrade_package ($version = "") {
 
-  include apt::update
+  if $apt::disable_update == false { 
+    include apt::update 
+  }
 
   $version_suffix = $version ? {
     ''       => '',
@@ -24,10 +26,11 @@ define apt::upgrade_package ($version = "") {
 
   exec { "apt-get -q -y -o 'DPkg::Options::=--force-confold' install ${name}${version_suffix}":
     onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ],
-    require => [
-      Exec['apt_updated'],
-      Package['apt-show-versions', 'dctrl-tools'],
-    ],
+    require => $apt::disable_update ? {
+      true    => Package['apt-show-versions', 'dctrl-tools'],
+      default => [ Exec['apt_updated'], 
+                 Package['apt-show-versions', 'dctrl-tools'] ],
+    } 
   }
 
 }