From 66f1850e15e1843ba06e8fcc7245eaabe146a6ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Thu, 22 Jun 2017 18:15:38 -0400 Subject: puppet 4 compat: mark integer as string --- manifests/reboot_required_notify.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/reboot_required_notify.pp b/manifests/reboot_required_notify.pp index 3463bb4..a538c9a 100644 --- a/manifests/reboot_required_notify.pp +++ b/manifests/reboot_required_notify.pp @@ -1,6 +1,6 @@ class apt::reboot_required_notify { - if versioncmp($::operatingsystemmajrelease, 8) >= 0 { + if versioncmp($::operatingsystemmajrelease, '8') >= 0 { class { 'apt::reboot_required_notify::jessie': } # Clean up systems that were upgraded from Wheezy or earlier: class { 'apt::reboot_required_notify::wheezy': ensure => absent } -- cgit v1.2.3 From b5123b5cab87fa68ac6eddb098a803453dca54db Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Sat, 24 Jun 2017 19:31:50 -0400 Subject: test: move release targets for debian In commit 8b45a8a, the release names were moved forward in order to follow the new Debian release. However, I didn't change the tests accordingly and thus the tests have been failing since then. --- spec/unit/custom_facts_spec.rb | 38 +++++++++++++++++++++++++++++++------- 1 file changed, 31 insertions(+), 7 deletions(-) diff --git a/spec/unit/custom_facts_spec.rb b/spec/unit/custom_facts_spec.rb index 9a28d92..c24b376 100644 --- a/spec/unit/custom_facts_spec.rb +++ b/spec/unit/custom_facts_spec.rb @@ -14,8 +14,8 @@ describe "Facter::Util::Fact" do Facter.fact(:lsbdistcodename).stubs(:value).returns("wheezy") end - it "debian_release = oldstable" do - expect(Facter.fact(:debian_release).value).to eq('oldstable') + it "debian_release = oldoldstable" do + expect(Facter.fact(:debian_release).value).to eq('oldoldstable') end it "debian_codename = wheezy" do @@ -26,8 +26,8 @@ describe "Facter::Util::Fact" do expect(Facter.fact(:debian_nextcodename).value).to eq('jessie') end - it "debian_nextrelease = stable" do - expect(Facter.fact(:debian_nextrelease).value).to eq('stable') + it "debian_nextrelease = oldstable" do + expect(Facter.fact(:debian_nextrelease).value).to eq('oldstable') end end @@ -38,8 +38,8 @@ describe "Facter::Util::Fact" do Facter.fact(:lsbdistcodename).stubs(:value).returns("jessie") end - it "debian_release = stable" do - expect(Facter.fact(:debian_release).value).to eq('stable') + it "debian_release = oldstable" do + expect(Facter.fact(:debian_release).value).to eq('oldstable') end it "debian_codename = jessie" do @@ -50,7 +50,31 @@ describe "Facter::Util::Fact" do expect(Facter.fact(:debian_nextcodename).value).to eq('stretch') end - it "debian_nextrelease = testing" do + it "debian_nextrelease = stable" do + expect(Facter.fact(:debian_nextrelease).value).to eq('stable') + end + end + + context 'Debian 9' do + before do + Facter.fact(:operatingsystem).stubs(:value).returns("Debian") + Facter.fact(:operatingsystemrelease).stubs(:value).returns("9.0") + Facter.fact(:lsbdistcodename).stubs(:value).returns("stretch") + end + + it "debian_release = stable" do + expect(Facter.fact(:debian_release).value).to eq('stable') + end + + it "debian_codename = stretch" do + expect(Facter.fact(:debian_codename).value).to eq('stretch') + end + + it "debian_nextcodename = stretch" do + expect(Facter.fact(:debian_nextcodename).value).to eq('buster') + end + + it "debian_nextrelease = stable" do expect(Facter.fact(:debian_nextrelease).value).to eq('testing') end end -- cgit v1.2.3 From 2472621c1c2e20c8fd8922674b83c6a815df1d38 Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Sat, 24 Jun 2017 23:44:01 -0400 Subject: specs: manually define debian_nextcodename when expected to be used with puppet 4.x when you don't define the debian_nextcodename, compilation fails saying that the variable is unknown. since we have unit tests specifically for this fact's behaviour, we want to stub out the fact's value in other tests so that we can verify the logic of manifests is actually good. --- spec/classes/init_spec.rb | 17 +++++++++-------- spec/defines/conf_spec.rb | 17 +++++++++-------- spec/defines/preferences_snippet_spec.rb | 17 +++++++++-------- 3 files changed, 27 insertions(+), 24 deletions(-) diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 9ba554f..a3f19a0 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -5,14 +5,15 @@ describe 'apt', :type => :class do 'class { "apt": }' end let(:facts) { { - :lsbdistid => 'Debian', - :osfamily => 'Debian', - :operatingsystem => 'Debian', - :debian_release => 'jessie', - :debian_codename => 'jessie', - :lsbdistcodename => 'jessie', - :virtual => 'physical', - :puppetversion => Puppet.version, } } + :lsbdistid => 'Debian', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :debian_release => 'jessie', + :debian_codename => 'jessie', + :lsbdistcodename => 'jessie', + :debian_nextcodename => 'stretch', + :virtual => 'physical', + :puppetversion => Puppet.version, } } #it { is_expected.to compile.with_all_deps } it { is_expected.to compile } end diff --git a/spec/defines/conf_spec.rb b/spec/defines/conf_spec.rb index cc4fb1f..167b249 100644 --- a/spec/defines/conf_spec.rb +++ b/spec/defines/conf_spec.rb @@ -4,14 +4,15 @@ describe 'apt::apt_conf', :type => :define do 'class { "apt": }' end let(:facts) { { - :lsbdistid => 'Debian', - :osfamily => 'Debian', - :operatingsystem => 'Debian', - :debian_release => 'jessie', - :debian_codename => 'jessie', - :lsbdistcodename => 'jessie', - :virtual => 'physical', - :puppetversion => Puppet.version, } } + :lsbdistid => 'Debian', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :debian_release => 'jessie', + :debian_codename => 'jessie', + :lsbdistcodename => 'jessie', + :debian_nextcodename => 'stretch', + :virtual => 'physical', + :puppetversion => Puppet.version, } } let :title do 'norecommends' end diff --git a/spec/defines/preferences_snippet_spec.rb b/spec/defines/preferences_snippet_spec.rb index 012a5f6..6b1a23f 100644 --- a/spec/defines/preferences_snippet_spec.rb +++ b/spec/defines/preferences_snippet_spec.rb @@ -4,14 +4,15 @@ describe 'apt::preferences_snippet', :type => :define do 'class { "apt": }' end let(:facts) { { - :lsbdistid => 'Debian', - :osfamily => 'Debian', - :operatingsystem => 'Debian', - :debian_release => 'jessie', - :debian_codename => 'jessie', - :lsbdistcodename => 'jessie', - :virtual => 'physical', - :puppetversion => Puppet.version, } } + :lsbdistid => 'Debian', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :debian_release => 'jessie', + :debian_codename => 'jessie', + :lsbdistcodename => 'jessie', + :debian_nextcodename => 'stretch', + :virtual => 'physical', + :puppetversion => Puppet.version, } } let :title do 'test' end -- cgit v1.2.3 From 5bbc86ff4f4a601a3924805a13fc1c5154670289 Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Sun, 2 Jul 2017 01:39:34 -0400 Subject: remove template for main preferences config this file is not used anymore. we've moved all of this to preferences.d so the template is useless now, but we forgot to remove it. --- templates/Debian/preferences.erb | 33 --------------------------------- 1 file changed, 33 deletions(-) delete mode 100644 templates/Debian/preferences.erb diff --git a/templates/Debian/preferences.erb b/templates/Debian/preferences.erb deleted file mode 100644 index 37cf80d..0000000 --- a/templates/Debian/preferences.erb +++ /dev/null @@ -1,33 +0,0 @@ -# This file is managed by puppet -# all local modifications will be overwritten - -Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %> -Package: * -Pin: release o=Debian,n=<%= codename %> -Pin-Priority: 990 - -<% if use_volatile=scope.lookupvar('apt::use_volatile') -%> -Explanation: Debian <%= codename %>-updates -Package: * -Pin: release o=Debian,n=<%= codename %>-updates -Pin-Priority: 990 -<%- end -%> - -<% if (use_lts=scope.lookupvar('apt::use_lts')) && (scope.lookupvar('::debian_lts') == "true") -%> -Explanation: Debian <%= codename %>-lts -Package: * -Pin: release o=Debian,n=<%= codename %>-lts -Pin-Priority: 990 -<%- end -%> - -<% if (next_codename=scope.lookupvar('::debian_nextcodename')) && (next_codename != "experimental") -%> -Explanation: Debian <%= next_codename %> -Package: * -Pin: release o=Debian,n=<%= next_codename %> -Pin-Priority: 2 -<%- end -%> - -Explanation: Debian fallback -Package: * -Pin: release o=Debian -Pin-Priority: -10 -- cgit v1.2.3 From 14872fa632f4ae73b75464706e100967c9c9035f Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Sun, 2 Jul 2017 01:44:38 -0400 Subject: Rename "stable" preferences file to "current_codename" The file that we call "stable" can make apt actually pin testing or sid if one of these is the running codename, which is nothing stable. In order to make this file's name more relevant it should be named current_codename. --- manifests/preferences.pp | 14 ++++++++++---- templates/Debian/current_codename.erb | 7 +++++++ templates/Debian/stable.erb | 7 ------- 3 files changed, 17 insertions(+), 11 deletions(-) create mode 100644 templates/Debian/current_codename.erb delete mode 100644 templates/Debian/stable.erb diff --git a/manifests/preferences.pp b/manifests/preferences.pp index ce28d37..d2f6ab4 100644 --- a/manifests/preferences.pp +++ b/manifests/preferences.pp @@ -4,6 +4,12 @@ class apt::preferences { ensure => absent; } + # Remove the file that we were previously deploying. It's now been renamed to + # current_codename + file { '/etc/apt/preferences.d/stable': + ensure => absent, + } + if ($apt::manage_preferences == true) and ($apt::custom_preferences != undef) { file { @@ -14,7 +20,7 @@ class apt::preferences { require => File['/etc/apt/sources.list'], owner => root, group => 0, mode => '0644'; - '/etc/apt/preferences.d/stable': + '/etc/apt/preferences.d/current_codename': ensure => absent; '/etc/apt/preferences.d/volatile': @@ -33,10 +39,10 @@ class apt::preferences { if $::operatingsystem == "Debian" { file { - '/etc/apt/preferences.d/stable': + '/etc/apt/preferences.d/current_codename': ensure => present, alias => 'apt_config', - content => template('apt/Debian/stable.erb'), + content => template('apt/Debian/current_codename.erb'), require => File['/etc/apt/sources.list'], owner => root, group => 0, mode => '0644'; @@ -94,7 +100,7 @@ class apt::preferences { '/etc/apt/preferences.d/custom': ensure => absent; - '/etc/apt/preferences.d/stable': + '/etc/apt/preferences.d/current_codename': ensure => absent; '/etc/apt/preferences.d/volatile': diff --git a/templates/Debian/current_codename.erb b/templates/Debian/current_codename.erb new file mode 100644 index 0000000..be05e51 --- /dev/null +++ b/templates/Debian/current_codename.erb @@ -0,0 +1,7 @@ +# This file is managed by puppet +# all local modifications will be overwritten + +Explanation: Debian <%= @debian_codename %> +Package: * +Pin: release o=Debian,n=<%= @debian_codename %> +Pin-Priority: 990 diff --git a/templates/Debian/stable.erb b/templates/Debian/stable.erb deleted file mode 100644 index be05e51..0000000 --- a/templates/Debian/stable.erb +++ /dev/null @@ -1,7 +0,0 @@ -# This file is managed by puppet -# all local modifications will be overwritten - -Explanation: Debian <%= @debian_codename %> -Package: * -Pin: release o=Debian,n=<%= @debian_codename %> -Pin-Priority: 990 -- cgit v1.2.3 From 994934798031c0f91e8628edee7b848d0444c57e Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Sun, 2 Jul 2017 01:58:34 -0400 Subject: Deploy forgotten fallback for debian to avoid upgrade mishaps During the change from the monolithic preferences file to the series of snippets in preferences.d, one part was left out possibly as an oversight, which prevents installing packages by mistake that belong to a release that hasn't been explicitely pinned. --- files/Debian/preferences_fallback | 7 +++++++ manifests/preferences.pp | 11 +++++++++++ templates/Debian/fallback.erb | 7 ------- 3 files changed, 18 insertions(+), 7 deletions(-) create mode 100644 files/Debian/preferences_fallback delete mode 100644 templates/Debian/fallback.erb diff --git a/files/Debian/preferences_fallback b/files/Debian/preferences_fallback new file mode 100644 index 0000000..1c75e83 --- /dev/null +++ b/files/Debian/preferences_fallback @@ -0,0 +1,7 @@ +# This file is managed by puppet +# all local modifications will be overwritten + +Explanation: Debian fallback +Package: * +Pin: release o=Debian +Pin-Priority: -10 diff --git a/manifests/preferences.pp b/manifests/preferences.pp index d2f6ab4..04a09b0 100644 --- a/manifests/preferences.pp +++ b/manifests/preferences.pp @@ -49,6 +49,17 @@ class apt::preferences { '/etc/apt/preferences.d/custom': ensure => absent; } + # This file ensures that all debian packages that don't have a + # preference file shouldn't be considered for auto-install or upgrade at + # all. + file { '/etc/apt/preferences.d/debian_fallback': + ensure => present, + source => 'puppet:///modules/apt/Debian/preferences_fallback', + owner => 'root', + group => 0, + mode => '0644', + require => File['/etc/apt/sources.list'], + } if $apt::use_volatile { diff --git a/templates/Debian/fallback.erb b/templates/Debian/fallback.erb deleted file mode 100644 index 1c75e83..0000000 --- a/templates/Debian/fallback.erb +++ /dev/null @@ -1,7 +0,0 @@ -# This file is managed by puppet -# all local modifications will be overwritten - -Explanation: Debian fallback -Package: * -Pin: release o=Debian -Pin-Priority: -10 -- cgit v1.2.3 From 2fbab4798f4683f5b4e70887b8d33c2f1bc97f40 Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Sun, 2 Jul 2017 02:13:54 -0400 Subject: lint preferences.pp that file is using multiple coding style elements that don't follow community best practices which are designed to make code easier to read. --- manifests/preferences.pp | 144 +++++++++++++++++++++++++---------------------- 1 file changed, 76 insertions(+), 68 deletions(-) diff --git a/manifests/preferences.pp b/manifests/preferences.pp index 04a09b0..0ec77cf 100644 --- a/manifests/preferences.pp +++ b/manifests/preferences.pp @@ -1,9 +1,16 @@ +# Configure basic pins for debian/Ubuntu codenames +# +# This all ensures that apt behaves as expected with regards to packages when +# we have more sources than just the one for the current codenamed release. +# +# This class should not be included directly. It is automatically called in by +# the 'apt' class. Thus you should use the apt class instead. +# class apt::preferences { file { '/etc/apt/preferences': - ensure => absent; + ensure => absent, } - # Remove the file that we were previously deploying. It's now been renamed to # current_codename file { '/etc/apt/preferences.d/stable': @@ -11,43 +18,44 @@ class apt::preferences { } if ($apt::manage_preferences == true) and ($apt::custom_preferences != undef) { - - file { - '/etc/apt/preferences.d/custom': - ensure => present, - alias => 'apt_config', - content => template($apt::custom_preferences), - require => File['/etc/apt/sources.list'], - owner => root, group => 0, mode => '0644'; - - '/etc/apt/preferences.d/current_codename': - ensure => absent; - - '/etc/apt/preferences.d/volatile': - ensure => absent; - - '/etc/apt/preferences.d/lts': - ensure => absent; - - '/etc/apt/preferences.d/nextcodename': - ensure => absent; + file { '/etc/apt/preferences.d/custom': + ensure => present, + alias => 'apt_config', + content => template($apt::custom_preferences), + owner => 'root', + group => 0, + mode => '0644', + require => File['/etc/apt/sources.list'], + } + file { '/etc/apt/preferences.d/current_codename': + ensure => absent, + } + file { '/etc/apt/preferences.d/volatile': + ensure => absent, + } + file { '/etc/apt/preferences.d/lts': + ensure => absent, + } + file { '/etc/apt/preferences.d/nextcodename': + ensure => absent, } } - elsif $apt::manage_preferences == true { - if $::operatingsystem == "Debian" { - - file { - '/etc/apt/preferences.d/current_codename': - ensure => present, - alias => 'apt_config', - content => template('apt/Debian/current_codename.erb'), - require => File['/etc/apt/sources.list'], - owner => root, group => 0, mode => '0644'; - - '/etc/apt/preferences.d/custom': - ensure => absent; + if $::operatingsystem == 'Debian' { + file { '/etc/apt/preferences.d/current_codename': + ensure => present, + alias => 'apt_config', + content => template('apt/Debian/current_codename.erb'), + owner => 'root', + group => 0, + mode => '0644', + require => File['/etc/apt/sources.list'], + } + # Cleanup for cases where users might switch from using + # custom_preferences to not using it anymore. + file { '/etc/apt/preferences.d/custom': + ensure => absent, } # This file ensures that all debian packages that don't have a # preference file shouldn't be considered for auto-install or upgrade at @@ -62,66 +70,66 @@ class apt::preferences { } if $apt::use_volatile { - file { '/etc/apt/preferences.d/volatile': ensure => present, content => template('apt/Debian/volatile.erb'), + owner => 'root', + group => 0, + mode => '0644', require => File['/etc/apt/sources.list'], - owner => root, group => 0, mode => '0644'; } } if $apt::use_lts { - file { '/etc/apt/preferences.d/lts': ensure => present, content => template('apt/Debian/lts.erb'), + owner => 'root', + group => 0, + mode => '0644', require => File['/etc/apt/sources.list'], - owner => root, group => 0, mode => '0644'; } } - if ($::debian_nextcodename) and ($::debian_nextcodename != "experimental") { - + if ($::debian_nextcodename) and ($::debian_nextcodename != 'experimental') { file { '/etc/apt/preferences.d/nextcodename': ensure => present, content => template('apt/Debian/nextcodename.erb'), + owner => 'root', + group => 0, + mode => '0644', require => File['/etc/apt/sources.list'], - owner => root, group => 0, mode => '0644'; } } } - - elsif $::operatingsystem == "Ubuntu" { - + elsif $::operatingsystem == 'Ubuntu' { file { '/etc/apt/preferences': - ensure => present, - alias => 'apt_config', - # only update together - content => template("apt/Ubuntu/preferences_${apt::codename}.erb"), - require => File['/etc/apt/sources.list'], - owner => root, group => 0, mode => '0644'; + ensure => present, + alias => 'apt_config', + # only update together + content => template("apt/Ubuntu/preferences_${apt::codename}.erb"), + owner => 'root', + group => 0, + mode => '0644', + require => File['/etc/apt/sources.list'], } } } - elsif $apt::manage_preferences == false { - - file { - '/etc/apt/preferences.d/custom': - ensure => absent; - - '/etc/apt/preferences.d/current_codename': - ensure => absent; - - '/etc/apt/preferences.d/volatile': - ensure => absent; - - '/etc/apt/preferences.d/lts': - ensure => absent; - - '/etc/apt/preferences.d/nextcodename': - ensure => absent; + file { '/etc/apt/preferences.d/custom': + ensure => absent, + } + file { '/etc/apt/preferences.d/current_codename': + ensure => absent, + } + file { '/etc/apt/preferences.d/volatile': + ensure => absent, + } + file { '/etc/apt/preferences.d/lts': + ensure => absent, + } + file { '/etc/apt/preferences.d/nextcodename': + ensure => absent, } } } -- cgit v1.2.3 From 16e62f85e11113ff88512456a73faf2d27940893 Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Sat, 24 Jun 2017 19:31:50 -0400 Subject: test: move release targets for debian In commit 8b45a8a, the release names were moved forward in order to follow the new Debian release. However, I didn't change the tests accordingly and thus the tests have been failing since then. --- spec/unit/custom_facts_spec.rb | 38 +++++++++++++++++++++++++++++++------- 1 file changed, 31 insertions(+), 7 deletions(-) diff --git a/spec/unit/custom_facts_spec.rb b/spec/unit/custom_facts_spec.rb index 9a28d92..c24b376 100644 --- a/spec/unit/custom_facts_spec.rb +++ b/spec/unit/custom_facts_spec.rb @@ -14,8 +14,8 @@ describe "Facter::Util::Fact" do Facter.fact(:lsbdistcodename).stubs(:value).returns("wheezy") end - it "debian_release = oldstable" do - expect(Facter.fact(:debian_release).value).to eq('oldstable') + it "debian_release = oldoldstable" do + expect(Facter.fact(:debian_release).value).to eq('oldoldstable') end it "debian_codename = wheezy" do @@ -26,8 +26,8 @@ describe "Facter::Util::Fact" do expect(Facter.fact(:debian_nextcodename).value).to eq('jessie') end - it "debian_nextrelease = stable" do - expect(Facter.fact(:debian_nextrelease).value).to eq('stable') + it "debian_nextrelease = oldstable" do + expect(Facter.fact(:debian_nextrelease).value).to eq('oldstable') end end @@ -38,8 +38,8 @@ describe "Facter::Util::Fact" do Facter.fact(:lsbdistcodename).stubs(:value).returns("jessie") end - it "debian_release = stable" do - expect(Facter.fact(:debian_release).value).to eq('stable') + it "debian_release = oldstable" do + expect(Facter.fact(:debian_release).value).to eq('oldstable') end it "debian_codename = jessie" do @@ -50,7 +50,31 @@ describe "Facter::Util::Fact" do expect(Facter.fact(:debian_nextcodename).value).to eq('stretch') end - it "debian_nextrelease = testing" do + it "debian_nextrelease = stable" do + expect(Facter.fact(:debian_nextrelease).value).to eq('stable') + end + end + + context 'Debian 9' do + before do + Facter.fact(:operatingsystem).stubs(:value).returns("Debian") + Facter.fact(:operatingsystemrelease).stubs(:value).returns("9.0") + Facter.fact(:lsbdistcodename).stubs(:value).returns("stretch") + end + + it "debian_release = stable" do + expect(Facter.fact(:debian_release).value).to eq('stable') + end + + it "debian_codename = stretch" do + expect(Facter.fact(:debian_codename).value).to eq('stretch') + end + + it "debian_nextcodename = stretch" do + expect(Facter.fact(:debian_nextcodename).value).to eq('buster') + end + + it "debian_nextrelease = stable" do expect(Facter.fact(:debian_nextrelease).value).to eq('testing') end end -- cgit v1.2.3 From 5f9ed88471a2aff0db4a90ba4dd7902c07e6a058 Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Sat, 24 Jun 2017 23:44:01 -0400 Subject: specs: manually define debian_nextcodename when expected to be used with puppet 4.x when you don't define the debian_nextcodename, compilation fails saying that the variable is unknown. since we have unit tests specifically for this fact's behaviour, we want to stub out the fact's value in other tests so that we can verify the logic of manifests is actually good. --- spec/classes/init_spec.rb | 17 +++++++++-------- spec/defines/conf_spec.rb | 17 +++++++++-------- spec/defines/preferences_snippet_spec.rb | 17 +++++++++-------- 3 files changed, 27 insertions(+), 24 deletions(-) diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 9ba554f..a3f19a0 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -5,14 +5,15 @@ describe 'apt', :type => :class do 'class { "apt": }' end let(:facts) { { - :lsbdistid => 'Debian', - :osfamily => 'Debian', - :operatingsystem => 'Debian', - :debian_release => 'jessie', - :debian_codename => 'jessie', - :lsbdistcodename => 'jessie', - :virtual => 'physical', - :puppetversion => Puppet.version, } } + :lsbdistid => 'Debian', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :debian_release => 'jessie', + :debian_codename => 'jessie', + :lsbdistcodename => 'jessie', + :debian_nextcodename => 'stretch', + :virtual => 'physical', + :puppetversion => Puppet.version, } } #it { is_expected.to compile.with_all_deps } it { is_expected.to compile } end diff --git a/spec/defines/conf_spec.rb b/spec/defines/conf_spec.rb index cc4fb1f..167b249 100644 --- a/spec/defines/conf_spec.rb +++ b/spec/defines/conf_spec.rb @@ -4,14 +4,15 @@ describe 'apt::apt_conf', :type => :define do 'class { "apt": }' end let(:facts) { { - :lsbdistid => 'Debian', - :osfamily => 'Debian', - :operatingsystem => 'Debian', - :debian_release => 'jessie', - :debian_codename => 'jessie', - :lsbdistcodename => 'jessie', - :virtual => 'physical', - :puppetversion => Puppet.version, } } + :lsbdistid => 'Debian', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :debian_release => 'jessie', + :debian_codename => 'jessie', + :lsbdistcodename => 'jessie', + :debian_nextcodename => 'stretch', + :virtual => 'physical', + :puppetversion => Puppet.version, } } let :title do 'norecommends' end diff --git a/spec/defines/preferences_snippet_spec.rb b/spec/defines/preferences_snippet_spec.rb index 012a5f6..6b1a23f 100644 --- a/spec/defines/preferences_snippet_spec.rb +++ b/spec/defines/preferences_snippet_spec.rb @@ -4,14 +4,15 @@ describe 'apt::preferences_snippet', :type => :define do 'class { "apt": }' end let(:facts) { { - :lsbdistid => 'Debian', - :osfamily => 'Debian', - :operatingsystem => 'Debian', - :debian_release => 'jessie', - :debian_codename => 'jessie', - :lsbdistcodename => 'jessie', - :virtual => 'physical', - :puppetversion => Puppet.version, } } + :lsbdistid => 'Debian', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :debian_release => 'jessie', + :debian_codename => 'jessie', + :lsbdistcodename => 'jessie', + :debian_nextcodename => 'stretch', + :virtual => 'physical', + :puppetversion => Puppet.version, } } let :title do 'test' end -- cgit v1.2.3 From b1563015d7a3336ca93fb290aafc41cc369b823c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Mon, 25 Sep 2017 17:37:14 -0400 Subject: replace old httpredir by new deb.debian.org --- manifests/params.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/params.pp b/manifests/params.pp index 3879c81..b67a85a 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -6,7 +6,7 @@ class apt::params () { $use_next_release = false $manage_preferences = true $custom_preferences = undef - $debian_url = 'http://httpredir.debian.org/debian/' + $debian_url = 'http://deb.debian.org/debian/' $security_url = 'http://security.debian.org/' $ubuntu_url = 'http://archive.ubuntu.com/ubuntu' $lts_url = $debian_url -- cgit v1.2.3 From 140a3227b4f4a8f81d8c6458aa39b6e968a0c00b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 7 Feb 2018 18:34:38 -0500 Subject: add UPGRADING.md, close issue #25 --- UPGRADING.md | 229 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 229 insertions(+) create mode 100644 UPGRADING.md diff --git a/UPGRADING.md b/UPGRADING.md new file mode 100644 index 0000000..ed4c355 --- /dev/null +++ b/UPGRADING.md @@ -0,0 +1,229 @@ +# Introduction + +This aims to document the replacement of the shared apt module by the [puppetlabs](https://github.com/puppetlabs/puppetlabs-apt) one. + +I've tried to look at all the classes supported by our shared module. + +## Some thoughts on moving to the puppetlabs module + +Whereas the shared module tried to be a coherent mass of code doing all the apt-related things we needed to do, the puppetlabs module takes a more modular approach. This means some of the features we had are not present and will never be added, since "they are not part of the main apt core functionalities"... + +This means we'll have to start using multiple modules as "plugins" to the main puppetlabs apt module. + +# Minor deprecations & warnings + +## lsb +One has to make sure `lsb-release` package is installed. Our shared apt module used to have a dependency on our `lsb` module that did that, but we deprecated that module. + +## `apt_updated` deprecation +The puppetlabs module uses the `apt_update` exec, whereas the shared module uses `apt_updated`. If you where calling this exec in other modules, you'll need to update this for the new exec name. + +## stdlib + +Make sure your version of stdlib is recent. Mine wasn't and the apt module was failing on the pin functions because the `length` function was missing. + +## Partial management of the config files by default +By default, the puppetlabs apt module only partially manages the apt configuration and will not purge configuration added by hand. This differs from the shared module behavior, where those modifications would get overwritten by our templates. + +To keep the old behavior, pass: + + class { 'apt': + purge => { + sources.list => true, + sources.list.d => true, + preferences => true, + preferences.d => true, + }, + } + +## apt sources + +By default, the puppetlabs module won't create any sources. To replicate the shared module template, use this: + + apt::source { + "${lsbdistcodename}": + location => 'http://deb.debian.org/debian', + repos => 'main contrib non-free'; + + "${lsbdistcodename}-security": + location => 'http://security.debian.org/debian-security', + repos => 'main contrib non-free', + release => "${lsbdistcodename}/updates"; + + "${lsbdistcodename}-backports": + location => 'http://deb.debian.org/debian', + repos => 'main contrib non-free', + release => "${lsbdistcodename}-backports"; + + 'testing': + location => 'http://deb.debian.org/debian', + repos => 'main contrib non-free', + release => "testing"; + } + +Sadly I can't find a way to iter the next codename from the facts :(. You can either use testing instead of "the next release" or specify it manually. + +# Classes comparison + +## apticron + +Apticron is not supported by the puppetlabs module either, but [this slightly out of date](https://github.com/dhoppe/puppet-apticron) module from the Forge (the most popular one), although it doesn't state support for Debian 9 and could profit from a little love. + +## dist_upgrade + +The behavior of the three `dist_upgrade` classes (`apt::cron::dist_upgrade`, `apt::dist_upgrade` and `apt::dist_upgrade::initiator`) are not supported by the puppetlabs module. + +Maybe consider moving to a workflow using `unattended-upgrades`? + +## dselect + +`dselect` is not supported and nothing seems to do what the shared module feature did. + +## apt-listchanges + +Sadly, `apt-listchanges` is not supported by the module. [Someone created a PR in 2014](https://github.com/puppetlabs/puppetlabs-apt/pull/379) but it was rejected. + +Nothing seems to do this on the Forge either, so we would have to make our own "add-on" module to manage this. We could recycle and tweak our existing code for this. + +## proxy + +Here is how you would configure an apt proxy: + + class { 'apt': + proxy => { + host => 'hostname', + port => '8080', + https => true, + ensure => file, + }, + } + +## reboot required + +The puppetlabs notice will not manage `reboot-required` like the shared one did, but it creates a fact named `apt_reboot_required` that could be used by some external monitoring system. + +Since it only looks at `/var/run/reboot-required`, it might be a better idea to use something like a combination of the `needrestart` package and an external monitoring system. + +The [needrestart](https://github.com/hetznerZA/hetzner-needrestart) module seems to work well. + +## unattended-upgrades + +The puppetlabs modules does not support `unattended-upgrades` natively anymore [it used to](https://tickets.puppetlabs.com/browse/MODULES-4943). + +The recommended way to setup this feature is to use the compatible [voxpopuli/unattended-upgrades](https://github.com/voxpupuli/puppet-unattended_upgrades) module. + +This modules does quite a lot and is quite complex. More to come on this. + +# Defines comparison + +## apt confs + +You can using the `apt::conf` define: + + class { 'apt::conf': + 'whatever_config': + ensure => present, + content => 'foo bar the config you want to see', + priority => '20', + notify_update => true, + } + +The content part can get quite long, so I would recommend using [heredocs](https://puppet.com/docs/puppet/4.8/lang_data_string.html#heredocs). + +## preferences_snippet + +The way to pin a package is now [much more fleshed out](https://github.com/puppetlabs/puppetlabs-apt#defined-type-aptpin) and looks like: + + apt::pin { 'certbot': + codename => 'buster', + packages => [ 'python3-certbot', 'python3-certbot-apache' ], + } + +Be aware, as by default if you don't specify a list of packages, this define pins all packages. + +## apt_packages (preseed) + +As far as I can see, there is nothing in the puppetlabs module that lets you preseed packages. + +## GPG key management + +The shared module simply used to push a `.gpg` file to `/etc/apt/trusted.gpg.d` to manage GPG keys. + +The puppetlabs module is a bit more sophisticated and lets you either import a key from a source (path, ftp, https, etc.) or fetches keys from a keyserver. + + apt::key { 'my_local_key': + id => '13C904F0CE085E7C36307985DECF849AA6357FB7', + source => "puppet://files/gpg/13C904F0CE085E7C36307985DECF849AA6357FB7.gpg", + } + + apt::key { 'puppetlabs': + id => '6F6B15509CF8E59E6E469F327F438280EF8D349F', + server => 'pgp.mit.edu', + options => 'http-proxy="http://proxyuser:proxypass@example.org:3128"', + } + +The heavy lifting is done by [these](https://github.com/puppetlabs/puppetlabs-apt/blob/dc3ead0ed5f4d735869565660c982983d379a519/lib/puppet/type/apt_key.rb) [two](https://github.com/puppetlabs/puppetlabs-apt/blob/dc3ead0ed5f4d735869565660c982983d379a519/lib/puppet/provider/apt_key/apt_key.rb) Ruby files. + +## upgrade_package + +This can be done by using `apt::pin` and specifying a version: + + apt::pin { 'perl': + packages => 'perl', + version => '5.26.1-4', + } + +## dpkg_statoverride + +Is there a reason you are using this instead of using `file`? + +## Facts + +There are a bunch of new and [interesting facts](https://github.com/puppetlabs/puppetlabs-apt#facts). + +# Contributing to the puppetlabs module + +[Submitting a patch seems to be feasible](https://docs.puppet.com/forge/contributing.html), but is also a lot more work than just creating a pull request. + +# Hiera + +Here's some sane Hiera config I'm using. + +``` +classes: + - apt + - needrestart + - unattended_upgrades + +apt::purge: + 'sources.list': true + 'sources.list.d': true + 'preferences': true + 'preferences.d': true + +apt::sources: + "%{facts.lsbdistcodename}": + comment: 'Stable' + pin: '990' + location: 'http://deb.debian.org/debian/' + repos: 'main contrib non-free' + "%{facts.lsbdistcodename}-security": + comment: 'Stable security' + location: 'http://security.debian.org/debian-security' + repos: 'main contrib non-free' + release: "%{facts.lsbdistcodename}/updates" + "%{facts.lsbdistcodename}-backports": + comment: 'Backports' + pin: 200 + location: 'http://deb.debian.org/debian/' + repos: 'main contrib non-free' + release: "%{facts.lsbdistcodename}-backports" + 'buster': + comment: 'Buster' + pin: 2 + location: 'http://deb.debian.org/debian/' + repos: 'main contrib non-free' + release: 'buster' + +needrestart::action: automatic +``` -- cgit v1.2.3 From 53096b4c212878f102d4c414c860146b03d5d270 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Tue, 20 Feb 2018 19:21:47 +0000 Subject: mention new apt_listchanges module. --- UPGRADING.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/UPGRADING.md b/UPGRADING.md index ed4c355..7085f06 100644 --- a/UPGRADING.md +++ b/UPGRADING.md @@ -81,9 +81,11 @@ Maybe consider moving to a workflow using `unattended-upgrades`? ## apt-listchanges -Sadly, `apt-listchanges` is not supported by the module. [Someone created a PR in 2014](https://github.com/puppetlabs/puppetlabs-apt/pull/379) but it was rejected. +I ported and upgraded our modules `apt::listchanges` code to a +[separate module](https://gitlab.com/baldurmen/puppet-apt_listchanges). -Nothing seems to do this on the Forge either, so we would have to make our own "add-on" module to manage this. We could recycle and tweak our existing code for this. +It basically does the same thing, but in a more modern style. Check the +parameters list as types are now defined. ## proxy -- cgit v1.2.3 From 4334f9f2b9adb2e7881192494bcbd882dc1e2456 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Tue, 6 Mar 2018 21:13:17 +0000 Subject: Clarify how to use apt::pin and add `create_ressources` example --- UPGRADING.md | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/UPGRADING.md b/UPGRADING.md index 7085f06..7054637 100644 --- a/UPGRADING.md +++ b/UPGRADING.md @@ -60,6 +60,15 @@ By default, the puppetlabs module won't create any sources. To replicate the sha repos => 'main contrib non-free', release => "testing"; } + apt::pin { + "${lsbdistcodename}": + priority => 990; + "${lsbdistcodename}-backports": + priority => 200; + 'buster': + priority => 2; + } + Sadly I can't find a way to iter the next codename from the facts :(. You can either use testing instead of "the next release" or specify it manually. @@ -189,7 +198,12 @@ There are a bunch of new and [interesting facts](https://github.com/puppetlabs/p # Hiera -Here's some sane Hiera config I'm using. +Here's some sane Hiera config I'm using. You'll need to specify a `create_ressources` statement somewhere since `apt::pin` is a define: + +``` +$aptpins = hiera('apt::pin', {}) +create_resources(apt::pin, $aptpins) +``` ``` classes: @@ -206,7 +220,6 @@ apt::purge: apt::sources: "%{facts.lsbdistcodename}": comment: 'Stable' - pin: '990' location: 'http://deb.debian.org/debian/' repos: 'main contrib non-free' "%{facts.lsbdistcodename}-security": @@ -216,16 +229,22 @@ apt::sources: release: "%{facts.lsbdistcodename}/updates" "%{facts.lsbdistcodename}-backports": comment: 'Backports' - pin: 200 location: 'http://deb.debian.org/debian/' repos: 'main contrib non-free' release: "%{facts.lsbdistcodename}-backports" 'buster': comment: 'Buster' - pin: 2 location: 'http://deb.debian.org/debian/' repos: 'main contrib non-free' release: 'buster' + +apt::pin: + "%{facts.lsbdistcodename}": + priority: 990 + "%{facts.lsbdistcodename}-backports": + priority: 200 + 'buster': + priority: 2 needrestart::action: automatic ``` -- cgit v1.2.3 From f500d5a65e34f25eed062b2087c28a1e397c9c9a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Thu, 8 Mar 2018 04:05:07 +0000 Subject: Make sure you are using testing instead of buster, as it seems the apt preferences pin for buster are not working properly... --- UPGRADING.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/UPGRADING.md b/UPGRADING.md index 7054637..505a29b 100644 --- a/UPGRADING.md +++ b/UPGRADING.md @@ -65,7 +65,7 @@ By default, the puppetlabs module won't create any sources. To replicate the sha priority => 990; "${lsbdistcodename}-backports": priority => 200; - 'buster': + 'testing': priority => 2; } @@ -232,18 +232,18 @@ apt::sources: location: 'http://deb.debian.org/debian/' repos: 'main contrib non-free' release: "%{facts.lsbdistcodename}-backports" - 'buster': - comment: 'Buster' + 'testing': + comment: 'Testing' location: 'http://deb.debian.org/debian/' repos: 'main contrib non-free' - release: 'buster' + release: 'testing' apt::pin: "%{facts.lsbdistcodename}": priority: 990 "%{facts.lsbdistcodename}-backports": priority: 200 - 'buster': + 'testing': priority: 2 needrestart::action: automatic -- cgit v1.2.3 From 386804ccb21903a030be39c3a4b4f4513018fe23 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Tue, 13 Mar 2018 16:13:25 +0000 Subject: Add more details on unattended_upgrades --- UPGRADING.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/UPGRADING.md b/UPGRADING.md index 505a29b..2d31516 100644 --- a/UPGRADING.md +++ b/UPGRADING.md @@ -123,7 +123,12 @@ The puppetlabs modules does not support `unattended-upgrades` natively anymore [ The recommended way to setup this feature is to use the compatible [voxpopuli/unattended-upgrades](https://github.com/voxpupuli/puppet-unattended_upgrades) module. -This modules does quite a lot and is quite complex. More to come on this. +The default configuration is quite sane, but you might want to set up automatic upgrades for the stable release too (and not just stable security): + + class { 'unattended_upgrades': + origins => [ 'origin=Debian,archive=stable', + 'origin=Debian,archive=stable,label=Debian-Security' ] + } # Defines comparison @@ -247,4 +252,8 @@ apt::pin: priority: 2 needrestart::action: automatic + +unattended_upgrades::origins: + - origin=Debian,archive=stable + - origin=Debian,archive=stable,label=Debian-Security ``` -- cgit v1.2.3 From 9f43d3f74a0464b7d9f4b4da5afaee780dbdb8ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Charaoui?= Date: Tue, 19 Jun 2018 11:55:07 -0400 Subject: Fix variable scope warnings in examples --- UPGRADING.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/UPGRADING.md b/UPGRADING.md index 2d31516..1a89e30 100644 --- a/UPGRADING.md +++ b/UPGRADING.md @@ -41,16 +41,16 @@ To keep the old behavior, pass: By default, the puppetlabs module won't create any sources. To replicate the shared module template, use this: apt::source { - "${lsbdistcodename}": + $::lsbdistcodename: location => 'http://deb.debian.org/debian', repos => 'main contrib non-free'; - "${lsbdistcodename}-security": + "${::lsbdistcodename}-security": location => 'http://security.debian.org/debian-security', repos => 'main contrib non-free', release => "${lsbdistcodename}/updates"; - "${lsbdistcodename}-backports": + "${::lsbdistcodename}-backports": location => 'http://deb.debian.org/debian', repos => 'main contrib non-free', release => "${lsbdistcodename}-backports"; @@ -61,9 +61,9 @@ By default, the puppetlabs module won't create any sources. To replicate the sha release => "testing"; } apt::pin { - "${lsbdistcodename}": + "${::lsbdistcodename}": priority => 990; - "${lsbdistcodename}-backports": + "${::lsbdistcodename}-backports": priority => 200; 'testing': priority => 2; -- cgit v1.2.3 From 7d4d086c6f272aa5f0d3823a7266632c8d3debb1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Charaoui?= Date: Tue, 19 Jun 2018 12:02:44 -0400 Subject: Improve backports example --- UPGRADING.md | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/UPGRADING.md b/UPGRADING.md index 1a89e30..a8f094e 100644 --- a/UPGRADING.md +++ b/UPGRADING.md @@ -50,11 +50,6 @@ By default, the puppetlabs module won't create any sources. To replicate the sha repos => 'main contrib non-free', release => "${lsbdistcodename}/updates"; - "${::lsbdistcodename}-backports": - location => 'http://deb.debian.org/debian', - repos => 'main contrib non-free', - release => "${lsbdistcodename}-backports"; - 'testing': location => 'http://deb.debian.org/debian', repos => 'main contrib non-free', @@ -63,8 +58,6 @@ By default, the puppetlabs module won't create any sources. To replicate the sha apt::pin { "${::lsbdistcodename}": priority => 990; - "${::lsbdistcodename}-backports": - priority => 200; 'testing': priority => 2; } @@ -72,6 +65,15 @@ By default, the puppetlabs module won't create any sources. To replicate the sha Sadly I can't find a way to iter the next codename from the facts :(. You can either use testing instead of "the next release" or specify it manually. +## backports + +The module provides a class specifically for deploying the backports repository and pin. + + class { 'apt::backports': + pin => 200, + location => 'http://deb.debian.org/debian', + } + # Classes comparison ## apticron -- cgit v1.2.3 From 145b5238258827702ad3ac4a0a9713981209e1bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Charaoui?= Date: Tue, 19 Jun 2018 14:15:28 -0400 Subject: Fix another fact var scope issue in upgrade example --- UPGRADING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/UPGRADING.md b/UPGRADING.md index a8f094e..e6ed719 100644 --- a/UPGRADING.md +++ b/UPGRADING.md @@ -48,7 +48,7 @@ By default, the puppetlabs module won't create any sources. To replicate the sha "${::lsbdistcodename}-security": location => 'http://security.debian.org/debian-security', repos => 'main contrib non-free', - release => "${lsbdistcodename}/updates"; + release => "${::lsbdistcodename}/updates"; 'testing': location => 'http://deb.debian.org/debian', -- cgit v1.2.3