diff options
| -rw-r--r-- | files/50unattended-upgrades | 48 | ||||
| -rw-r--r-- | manifests/init.pp | 86 | ||||
| -rw-r--r-- | templates/Debian/sources.list.backports.erb (renamed from templates/sources.list.backports.erb) | 0 | ||||
| -rw-r--r-- | templates/Debian/sources.list.deb-src.erb | 11 | ||||
| -rw-r--r-- | templates/Debian/sources.list.erb (renamed from templates/sources.list.erb) | 0 | ||||
| -rw-r--r-- | templates/Debian/sources.list.volatile.erb | 7 | ||||
| -rw-r--r-- | templates/Ubuntu/sources.list.backports.erb | 4 | ||||
| -rw-r--r-- | templates/Ubuntu/sources.list.deb-src.erb | 12 | ||||
| -rw-r--r-- | templates/Ubuntu/sources.list.erb | 12 |
9 files changed, 172 insertions, 8 deletions
diff --git a/files/50unattended-upgrades b/files/50unattended-upgrades new file mode 100644 index 0000000..384b373 --- /dev/null +++ b/files/50unattended-upgrades @@ -0,0 +1,48 @@ +// this file is managed by puppet ! +// +//See https://wiki.ubuntu.com/AutomaticUpdates for more details about this feature. + +// allowed (origin, archive) pairs +Unattended-Upgrade::Allowed-Origins { + "Debian stable"; + "Debian-Security stable"; +// "Debian testing"; +}; + +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Unattended-Upgrade "1"; +Unattended-Upgrade::Mail "root"; + +APT::UnattendedUpgrades::LogDir "/var/log/"; +APT::UnattendedUpgrades::LogFile "unattended_upgrades.log"; + +Unattended-Upgrade::Package-Blacklist { + // we don't want the kernel to be updated so nagios still can give a warnig if there is + // a manual update (and reboot) left + + "linux-image-*"; + + // unfortunately there seems to be a bug in unattended-upgrades <= 0.25.1 that wildcards aren't recognized: + //2009-12-11 13:41:43,267 INFO Initial blacklisted packages: linux-image-* + //2009-12-11 13:41:43,267 INFO Starting unattended upgrades script + //2009-12-11 13:41:43,267 INFO Allowed origins are: ["['Debian', 'stable']", "['Debian-Security', 'stable']"] + //2009-12-11 13:41:45,233 INFO Packages that are upgraded: linux-image-2.6.26-2-amd64 + //2009-12-11 13:41:45,233 INFO Writing dpkg log to '/var/log/unattended-upgrades-dpkg_2009-12-11_13:41:45.233713.log' + //2009-12-11 13:42:11,988 INFO All upgrades installed + + // lenny + "linux-image-2.6.26-1-686"; + "linux-image-2.6.26-1-amd64"; + "linux-image-2.6.26-1-xen-686"; + "linux-image-2.6.26-1-xen-amd64"; + "linux-image-2.6.26-1-vserver-686"; + "linux-image-2.6.26-1-vserver-amd64"; + + "linux-image-2.6.26-2-686"; + "linux-image-2.6.26-2-amd64"; + "linux-image-2.6.26-2-xen-686"; + "linux-image-2.6.26-2-xen-amd64"; + "linux-image-2.6.26-2-vserver-amd64"; + +}; + diff --git a/manifests/init.pp b/manifests/init.pp index 1af6e1f..87668fd 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -3,6 +3,7 @@ # Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at> # See LICENSE for the full license granted to you. + class apt { # See README @@ -15,6 +16,16 @@ class apt { '' => 'false', default => $backports_enabled, } + + $apt_deb_src_enabled = $apt_deb_src_enabled ? { + 'true' => 'true', + default => $apt_deb_src_enabled, + } + + $apt_volatile_enabled = $apt_volatile_enabled ? { + 'true' => 'true', + default => $apt_volatile_enabled, + } package { apt: ensure => installed } @@ -38,12 +49,23 @@ class apt { # include main, security and backports # additional sources could be included via an array "/etc/apt/sources.list": - content => template("apt/sources.list.erb"), + content => template("apt/${operatingsystem}/sources.list.erb"), require => Exec[assert_lsbdistcodename]; } } - - case $custom_preferences { + + define custom_sources_template ($sources_file = "") { + file { "/etc/apt/sources.list.d/$sources_file": + content => template($name), + require => Exec[assert_lsbdistcodename]; + } + exec { "/usr/bin/apt-get update": + subscribe => File["/etc/apt/sources.list.d/$sources_file"], + refreshonly => true, + } + } + + case $custom_preferences { '': { include default_preferences } @@ -84,11 +106,6 @@ class apt { subscribe => [ File["/etc/apt/sources.list"], File["/etc/apt/preferences"], File["/etc/apt/apt.conf.d"], File[apt_config] ]; - "/usr/bin/apt-get update && /usr/bin/apt-get autoclean #hourly": - require => [ File["/etc/apt/sources.list"], - File["/etc/apt/preferences"], File[apt_config] ], - # Another Semaphor for all packages to reference - alias => apt_updated; } ## This package should really always be current @@ -96,12 +113,25 @@ class apt { ensure => latest, } +<<<<<<< HEAD + ## This package should really always be current + package { "debian-archive-keyring": + ensure => latest, + } + +======= +>>>>>>> riseup/master case $backports_enabled { 'true': { config_file { # backports +<<<<<<< HEAD + "/etc/apt/sources.list.d/${operatingsystem}-backports.list": + content => template("apt/${operatingsystem}/sources.list.backports.erb"), +======= "/etc/apt/sources.list.d/debian-backports.list": content => template("apt/sources.list.backports.erb"), +>>>>>>> riseup/master require => Exec[assert_lsbdistcodename]; } @@ -150,7 +180,31 @@ class apt { default: { } } +<<<<<<< HEAD + case $apt_deb_src_enabled { + 'true': { + config_file { + "/etc/apt/sources.list.d/${operatingsystem}-sources.list": + content => template("apt/${operatingsystem}/sources.list.deb-src.erb"), + require => Exec[assert_lsbdistcodename]; + } + } + default: {} + } + + case $apt_volatile_enabled { + 'true': { + config_file { + "/etc/apt/sources.list.d/${operatingsystem}-volatile.list": + content => template("apt/${operatingsystem}/sources.list.volatile.erb"), + require => Exec[assert_lsbdistcodename]; + } + } + default: {} + } +======= +>>>>>>> riseup/master case $custom_key_dir { '': { @@ -226,3 +280,19 @@ class dselect { package { dselect: ensure => installed } } + + +class apt::unattended_upgrades inherits apt { + package { unattended-upgrades : ensure => latest; } + file { "/etc/apt/apt.conf.d/50unattended-upgrades": + source => "puppet://$server/modules/apt/50unattended-upgrades" } +} + +class apt::cron inherits apt { + file {'/etc/cron.d/apt.cron': + source => undef, + content => "# by puppet\n3 * * * * root /usr/bin/apt-get update && /usr/bin/apt-get autoclean\n", + notify => service["crond"]; + } +} + diff --git a/templates/sources.list.backports.erb b/templates/Debian/sources.list.backports.erb index b62f6d3..b62f6d3 100644 --- a/templates/sources.list.backports.erb +++ b/templates/Debian/sources.list.backports.erb diff --git a/templates/Debian/sources.list.deb-src.erb b/templates/Debian/sources.list.deb-src.erb new file mode 100644 index 0000000..6811eca --- /dev/null +++ b/templates/Debian/sources.list.deb-src.erb @@ -0,0 +1,11 @@ +# This file is brought to you by puppet + +# basic <%= lsbdistcodename %> +deb-src http://ftp.debian.org/debian/ <%= lsbdistcodename %> main contrib non-free +# security suppport +<% if (lsbdistcodename == "sid" || lsbdistcodename == "unstable") -%> +# There is no security mirror for <%= lsbdistcodename %> +<% else -%> +deb-src http://security.debian.org/ <%= lsbdistcodename %>/updates main contrib non-free +<% end -%> + diff --git a/templates/sources.list.erb b/templates/Debian/sources.list.erb index feb5603..feb5603 100644 --- a/templates/sources.list.erb +++ b/templates/Debian/sources.list.erb diff --git a/templates/Debian/sources.list.volatile.erb b/templates/Debian/sources.list.volatile.erb new file mode 100644 index 0000000..06d6590 --- /dev/null +++ b/templates/Debian/sources.list.volatile.erb @@ -0,0 +1,7 @@ +# This file is brought to you by puppet + +<% if (lsbdistcodename == "sid" || lsbdistcodename == "unstable" || lsbdistcodename == "squeeze") -%> +# There are no backports for for <%= lsbdistcodename %> +<% else -%> +deb http://volatile.debian.org/debian-volatile <%= lsbdistcodename %>/volatile main contrib non-free +<% end -%> diff --git a/templates/Ubuntu/sources.list.backports.erb b/templates/Ubuntu/sources.list.backports.erb new file mode 100644 index 0000000..66610a6 --- /dev/null +++ b/templates/Ubuntu/sources.list.backports.erb @@ -0,0 +1,4 @@ +# This file is brought to you by puppet + +# backports +deb http://archive.ubuntu.com/ubuntu <%= lsbdistcodename %>-backports main universe multiverse restricted diff --git a/templates/Ubuntu/sources.list.deb-src.erb b/templates/Ubuntu/sources.list.deb-src.erb new file mode 100644 index 0000000..f04de67 --- /dev/null +++ b/templates/Ubuntu/sources.list.deb-src.erb @@ -0,0 +1,12 @@ +# This file is brought to you by puppet + +# basic <%= lsbdistcodename %> +deb-src http://de.archive.ubuntu.com/ubuntu <%= lsbdistcodename %> main restricted universe multiverse + +# updates +deb-src http://de.archive.ubuntu.com/ubuntu <%= lsbdistcodename %>-updates main restricted universe multiverse + +# security suppport +deb-src http://de.archive.ubuntu.com/ubuntu <%= lsbdistcodename %>-security main restricted universe multiverse + + diff --git a/templates/Ubuntu/sources.list.erb b/templates/Ubuntu/sources.list.erb new file mode 100644 index 0000000..dfecd63 --- /dev/null +++ b/templates/Ubuntu/sources.list.erb @@ -0,0 +1,12 @@ +# This file is brought to you by puppet + +# basic <%= lsbdistcodename %> +deb http://de.archive.ubuntu.com/ubuntu <%= lsbdistcodename %> main restricted universe multiverse + +# updates +deb http://de.archive.ubuntu.com/ubuntu <%= lsbdistcodename %>-updates main restricted universe multiverse + +# security suppport +deb http://de.archive.ubuntu.com/ubuntu <%= lsbdistcodename %>-security main restricted universe multiverse + + |