summaryrefslogtreecommitdiff
path: root/README
blob: b786b9d53f99a3a826c3b13e795c815c855439fa (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194

Overview
========

This module manages apt on Debian.

It keeps dpkg's and apt's databases as well as the keyrings for securing
package download current.

backports.debian.org is added.

dselect is switched to expert mode to suppress superfluous help screens.

sources.list and apt_preferences are managed. More recent Debian
releases are pinned to very low values by default to prevent
accidental upgrades.

Ubuntu support is lagging behind but not absent either.

This module needs:

- lsb-release installed
- the common module: git://labs.riseup.net/shared-common


Variables
=========

$apt_clean
----------
Sets DSelect::Clean, defaults to 'auto' on normal hosts and 'pre-auto'
in vservers, since the latter are usually more space-bound and have
better recovery mechanisms via the host:

From apt.conf(5), 0.7.2: 
     "Cache Clean mode; this value may be one of always, prompt, auto,
     pre-auto and never. always and prompt will remove all packages
     from the cache after upgrading, prompt (the default) does so
     conditionally.  auto removes only those packages which are no
     longer downloadable (replaced with a new version for
     instance). pre-auto performs this action before downloading new
     packages."

$lsbdistcodename
---------------- 	
Contains the codename ("etch", "lenny", ...) of the client's
release. While these values come from lsb-release by default, this
value can be set manually too, e.g. to enable forced upgrades

$custom_sources_list
--------------------
By default this module will use a basic apt/sources.list.
If you need to set more specific sources, e.g. for proxies, etc. you
can set this variable to the location of your sources.list template.
For example, setting the following variable before including this
class will pull in the templates/apt/sources.list file:
$custom_sources_list ='template("apt/sources.list")'
		       
$custom_preferences	
--------------------
By default this module will use a basic apt/preferences file with
more recent releases pinned to very low values so that any package
installation will not accidentally pull in packages from those suites
unless you explicitly specify the version number. You can set this
variable to pull in a customized apt/preferences template, for
example, setting the following variable before including this class
will pull in the templates/apt/preferences file: 
$custom_preferences = 'template("apt/preferences")'

$custom_key_dir
---------------
If you have different apt-key files that you want to get added to your
apt keyring, you can set this variable to a path in your fileserver
where individual key files can be placed. If this is set and keys
exist there, this module will apt-key add each key

$apt_unattended_upgrades
------------------------

If this variable is set to true apt::unattended_upgrades is included,
which will install the package unattended-upgrades and configure it to
daily upgrade the system.

$apt_volatile_enabled
-----------------

If this variable is set to true the Debian Volatile sources are added.
By default this is false for backward compatibility with older
versions of this module.

$apt_include_src
----------------

If this variable is set to true a deb-src source is added for every
added binary archive source.
By default this is false for backward compatibility with older
versions of this module.

$apt_use_next_release
---------------------

If this variable is set to true the sources for the next Debian
release are added. The default pinning configuration pins it to very
low values.
By default this is false for backward compatibility with older
versions of this module.

$apt_debian_url, $apt_security_url, $apt_backports_url, $apt_volatile_url
-------------------------------------------------------------------------

These variables allow to override the default APT mirrors respectively
used for the standard Debian archives, the Debian security archive,
the Debian official backports and the Debian Volatile archive.

$apt_repos
----------

If this variable is set the default repositories list ("main contrib non-free")
is overriden.

Classes
=======

apt
---

The apt class sets up all documented functionality but cron-apt.

apt::cron::download
-------------------

This class sets up cron-apt so that it downloads upgradable packages,
does not actually do any upgrade and email when the output changes.

apt::cron::dist-upgrade
-----------------------

This class sets up cron-apt so that it dist-upgrades the system and
email when upgrades are performed.

Resources
=========

File[apt_config]
----------------
Use this resource to depend on or add to a completed apt configuration

Exec[apt_updated]
-----------------
After this point, current packages can installed via apt, usually used
like this: 

Package { require => Exec[apt_updated] }

apt::preseeded_package
----------------------
This simplifies installation of packages that you wish to preseed the
answers to debconf. For example, if you wish to provide a preseed file
for the locales package, you would place the locales.seed file in 
templates/$debian_version/locales.seeds and then include the following
in your manifest:

apt::preseeded_package { locales: }

apt::upgrade_package
--------------------
This simplifies upgrades for DSA security announcements or point-releases. This
will ensure that the named package is upgrade to the version specified, only if the
package is installed, otherwise nothing happens. If the specified version is 'latest' (the
default), then the package is ensured to be upgraded to the latest package revision when
it becomes available.  

For example, the following upgrades the perl package to version 5.8.8-7etch1 (if it is
installed), it also upgrades the syslog-ng and perl-modules packages to their latest (also,
only if they are installed):

upgrade_package { "perl":
			version => '5.8.8-7etch1';
		  "syslog-ng":
			version => latest;
		  "perl-modules":
}

TODO
====

Enable debian-archive-keyring handling for sarge, lenny and sid.

Currently this module updates the caches on every run. Running dselect update is
a expensive operation and should be done only on schedule by using apticron.
Sometimes -- especially when initially starting management or deploying new
packages -- a immediate update is really needed to be able to install the right
packages without errors. Thus a method should be devised to be able to specify
with high fidelity when a update should be run and when it is not needed.