diff options
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/apt_conf.pp | 31 | ||||
| -rw-r--r-- | manifests/apticron.pp | 54 | ||||
| -rw-r--r-- | manifests/cron/base.pp | 20 | ||||
| -rw-r--r-- | manifests/cron/dist-upgrade.pp | 23 | ||||
| -rw-r--r-- | manifests/cron/download.pp | 21 | ||||
| -rw-r--r-- | manifests/dist_upgrade.pp | 11 | ||||
| -rw-r--r-- | manifests/dist_upgrade/initiator.pp | 23 | ||||
| -rw-r--r-- | manifests/dselect.pp | 10 | ||||
| -rw-r--r-- | manifests/init.pp | 384 | ||||
| -rw-r--r-- | manifests/listchanges.pp | 38 | ||||
| -rw-r--r-- | manifests/preferences.pp | 26 | ||||
| -rw-r--r-- | manifests/preferences/absent.pp | 6 | ||||
| -rw-r--r-- | manifests/preferences_snippet.pp | 36 | ||||
| -rw-r--r-- | manifests/preseeded_package.pp | 18 | ||||
| -rw-r--r-- | manifests/proxy_client.pp | 16 | ||||
| -rw-r--r-- | manifests/reboot_required_notify.pp | 21 | ||||
| -rw-r--r-- | manifests/sources_list.pp | 30 | ||||
| -rw-r--r-- | manifests/unattended_upgrades.pp | 19 | ||||
| -rw-r--r-- | manifests/update.pp | 12 | ||||
| -rw-r--r-- | manifests/upgrade_package.pp | 33 |
20 files changed, 590 insertions, 242 deletions
diff --git a/manifests/apt_conf.pp b/manifests/apt_conf.pp new file mode 100644 index 0000000..c484ec3 --- /dev/null +++ b/manifests/apt_conf.pp @@ -0,0 +1,31 @@ +define apt::apt_conf( + $ensure = 'present', + $source = '', + $content = undef ) +{ + + if $source == '' and $content == undef { + fail("One of \$source or \$content must be specified for apt_conf ${name}") + } + + if $source != '' and $content != undef { + fail("Only one of \$source or \$content must specified for apt_conf ${name}") + } + + file { "/etc/apt/apt.conf.d/${name}": + ensure => $ensure, + notify => Exec["refresh_apt"], + owner => root, group => 0, mode => 0644; + } + + if $source { + File["/etc/apt/apt.conf.d/${name}"] { + source => $source, + } + } + else { + File["/etc/apt/apt.conf.d/${name}"] { + content => $content, + } + } +} diff --git a/manifests/apticron.pp b/manifests/apticron.pp new file mode 100644 index 0000000..2fe8e44 --- /dev/null +++ b/manifests/apticron.pp @@ -0,0 +1,54 @@ +class apt::apticron { + + case $apticron_ensure_version { + '': { $apticron_ensure_version = "present" } + } + + case $apticron_config { + '': { $apticron_config = "apt/${operatingsystem}/apticron_${lsbdistcodename}.erb" } + } + + case $apticron_email { + '': { $apticron_email = "root" } + } + + case $apticron_diff_only { + '': { $apticron_diff_only = "1" } + } + + case $apticron_listchanges_profile { + '': { $apticron_listchanges_profile = "apticron" } + } + + case $apticron_system { + '': { $apticron_system = false } + } + + case $apticron_ipaddressnum { + '': { $apticron_ipaddressnum = false } + } + + case $apticron_ipaddresses { + '': { $apticron_ipaddresses = false } + } + + case $apticron_notifyholds { + '': { $apticron_notifyholds = "0" } + } + + case $apticron_notifynew { + '': { $apticron_notifynew = "0" } + } + + case $apticron_customsubject { + '': { $apticron_customsubject = "" } + } + + package { apticron: ensure => $apticron_ensure_version } + + file { "/etc/apticron/apticron.conf": + content => template($apticron_config), + mode => 0644, owner => root, group => root, + require => Package["apticron"]; + } +} diff --git a/manifests/cron/base.pp b/manifests/cron/base.pp new file mode 100644 index 0000000..7ccfce6 --- /dev/null +++ b/manifests/cron/base.pp @@ -0,0 +1,20 @@ +class apt::cron::base { + + package { cron-apt: ensure => installed } + + case $apt_cron_hours { + '': {} + default: { + # cron-apt defaults to run every night at 4 o'clock + # so we try not to run at the same time. + cron { 'apt_cron_every_N_hours': + command => 'test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt', + user => root, + hour => "${apt_cron_hours}", + minute => 10, + require => Package['cron-apt'], + } + } + } + +} diff --git a/manifests/cron/dist-upgrade.pp b/manifests/cron/dist-upgrade.pp new file mode 100644 index 0000000..3d7cf16 --- /dev/null +++ b/manifests/cron/dist-upgrade.pp @@ -0,0 +1,23 @@ +class apt::cron::dist-upgrade inherits apt::cron::base { + + $action = "autoclean -y +dist-upgrade -y -o APT::Get::Show-Upgraded=true +" + + file { "/etc/cron-apt/action.d/3-download": + ensure => absent, + } + + package { "apt-listbugs": ensure => absent } + + config_file { "/etc/cron-apt/action.d/4-dist-upgrade": + content => $action, + require => Package[cron-apt] + } + + config_file { "/etc/cron-apt/config.d/MAILON": + content => "MAILON=upgrade\n", + require => Package[cron-apt] + } + +} diff --git a/manifests/cron/download.pp b/manifests/cron/download.pp new file mode 100644 index 0000000..a27967d --- /dev/null +++ b/manifests/cron/download.pp @@ -0,0 +1,21 @@ +class apt::cron::download inherits apt::cron::base { + + $action = "autoclean -y +dist-upgrade -d -y -o APT::Get::Show-Upgraded=true +" + + file { "/etc/cron-apt/action.d/4-dist-upgrade": + ensure => absent, + } + + config_file { "/etc/cron-apt/action.d/3-download": + content => $action, + require => Package[cron-apt] + } + + config_file { "/etc/cron-apt/config.d/MAILON": + content => "MAILON=changes\n", + require => Package[cron-apt] + } + +} diff --git a/manifests/dist_upgrade.pp b/manifests/dist_upgrade.pp new file mode 100644 index 0000000..9e26769 --- /dev/null +++ b/manifests/dist_upgrade.pp @@ -0,0 +1,11 @@ +class apt::dist_upgrade { + + include apt::update + + exec { 'apt_dist-upgrade': + command => "/usr/bin/apt-get -q -y -o 'DPkg::Options::=--force-confold' dist-upgrade", + refreshonly => true, + require => Exec['apt_updated'], + } + +} diff --git a/manifests/dist_upgrade/initiator.pp b/manifests/dist_upgrade/initiator.pp new file mode 100644 index 0000000..6d57947 --- /dev/null +++ b/manifests/dist_upgrade/initiator.pp @@ -0,0 +1,23 @@ +class apt::dist_upgrade::initiator inherits apt::dist_upgrade { + + $initiator = 'upgrade_initiator' + $initiator_abs = "${apt::apt_base_dir}/${initiator}" + + file { 'apt_upgrade_initiator': + mode => 0644, + owner => root, + group => 0, + path => "${initiator_abs}", + checksum => md5, + source => [ + "puppet:///modules/site-apt/${fqdn}/${initiator}", + "puppet:///modules/site-apt/${initiator}", + "puppet:///modules/apt/${initiator}", + ], + } + + Exec['apt_dist-upgrade'] { + subscribe +> File['apt_upgrade_initiator'], + } + +} diff --git a/manifests/dselect.pp b/manifests/dselect.pp new file mode 100644 index 0000000..44f0e19 --- /dev/null +++ b/manifests/dselect.pp @@ -0,0 +1,10 @@ +class apt::dselect { + + # suppress annoying help texts of dselect + line { dselect_expert: + file => "/etc/dpkg/dselect.cfg", + line => "expert", + } + + package { dselect: ensure => installed } +} diff --git a/manifests/init.pp b/manifests/init.pp index c431b59..b5be91f 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -5,273 +5,173 @@ class apt { - # See README - $real_apt_clean = $apt_clean ? { - '' => 'auto', - default => $apt_clean, - } - - $backports_enabled = $backports_enabled ? { - '' => 'false', - default => $backports_enabled, - } - - $apt_update_method = $apt_update_method ? { - '' => 'exec', - default => $apt_update_method, + $use_volatile = $apt_volatile_enabled ? { + '' => false, + default => $apt_volatile_enabled, } - $apt_http_proxy = $apt_http_proxy ? { + $include_src = $apt_include_src ? { '' => false, - default => $apt_http_proxy, + default => $apt_include_src, } - $apt_ftp_proxy = $apt_ftp_proxy ? { + $use_next_release = $apt_use_next_release ? { '' => false, - default => $apt_ftp_proxy, + default => $apt_use_next_release, } - package { apt: ensure => installed } - - # a few templates need lsbdistcodename - include lsb - - case $custom_sources_list { - '': { - include default_sources_list - } - default: { - config_file { "/etc/apt/sources.list": - content => $custom_sources_list, - } - } - } + $debian_url = $apt_debian_url ? { + '' => 'http://cdn.debian.net/debian/', + default => "${apt_debian_url}", + } + $security_url = $apt_security_url ? { + '' => 'http://security.debian.org/', + default => "${apt_security_url}", + } + $backports_url = $apt_backports_url ? { + '' => 'http://backports.debian.org/debian-backports/', + default => "${apt_backports_url}", + } + $volatile_url = $apt_volatile_url ? { + '' => 'http://volatile.debian.org/debian-volatile/', + default => "${apt_volatile_url}", + } + $ubuntu_url = $apt_ubuntu_url ? { + '' => 'http://archive.ubuntu.com/ubuntu', + default => "${apt_ubuntu_url}", + } + case $operatingsystem { + 'debian': { + $repos = $apt_repos ? { + '' => 'main contrib non-free', + default => "${apt_repos}", + } + } + 'ubuntu': { + $repos = $apt_repos ? { + '' => 'main restricted universe multiverse', + default => "${apt_repos}", + } + } + } - class default_sources_list { - config_file { - # include main, security and backports - # additional sources could be included via an array - "/etc/apt/sources.list": - content => template("apt/sources.list.erb"), - } - } + package { apt: + ensure => installed, + require => undef, + } - case $custom_preferences { - '': { - include default_preferences - } - default: { - config_file { "/etc/apt/preferences": - content => $custom_preferences, - alias => "apt_config", - require => File["/etc/apt/sources.list"]; - } - } - } - class default_preferences { - config_file { - # this just pins unstable and testing to very low values - "/etc/apt/preferences": - content => template("apt/preferences.erb"), - # use Config_File["apt_config"] to reference a completed configuration - # See "The Puppet Semaphor" 2007-06-25 on the puppet-users ML - alias => "apt_config", - # only update together - require => File["/etc/apt/sources.list"]; - # little default settings which keep the system sane - "/etc/apt/apt.conf.d/from_puppet": - content => "APT::Get::Show-Upgraded true;\nDSelect::Clean $real_apt_clean;\n", - before => Config_File["apt_config"]; - } - } + include lsb - $apt_base_dir = "${common::moduledir::module_dir_path}/apt" - module_dir { apt: } - # watch apt.conf.d - file { "/etc/apt/apt.conf.d": ensure => directory, checksum => mtime; } + # init $release, $next_release, $codename, $next_codename, $release_version + case $lsbdistcodename { + '': { + $codename = $lsbdistcodename + $release = $lsbdistrelease + } + default: { + $codename = $lsbdistcodename + $release = debian_release($codename) + } + } + $release_version = debian_release_version($codename) + $next_codename = debian_nextcodename($codename) + $next_release = debian_nextrelease($release) + + config_file { + # include main, security and backports + # additional sources should be included via the apt::sources_list define + "/etc/apt/sources.list": + content => $custom_sources_list ? { + '' => template( "apt/$operatingsystem/sources.list.erb"), + default => $custom_sources_list + }, + require => Package['lsb']; + } - exec { - # "&& sleep 1" is workaround for older(?) clients - "/usr/bin/apt-get update && sleep 1 #on refresh": - refreshonly => true, - subscribe => [ File["/etc/apt/sources.list"], - File["/etc/apt/preferences"], File["/etc/apt/apt.conf.d"], - Config_File["apt_config"] ], + apt_conf { "02show_upgraded": + source => [ "puppet:///modules/site-apt/${fqdn}/02show_upgraded", + "puppet:///modules/site-apt/02show_upgraded", + "puppet:///modules/apt/02show_upgraded" ] } - if $apt_update_method == 'exec' { - exec { "/usr/bin/apt-get update > /dev/null 2>&1 && /usr/bin/apt-get autoclean > /dev/null 2>&1 #hourly": - require => [ File["/etc/apt/sources.list"], File["/etc/apt/preferences"], Config_File["apt_config"] ], - # Another Semaphor for all packages to reference - alias => apt_updated, - } - } else { - cron { "apt_updated": - command => "/usr/bin/apt-get update > /dev/null 2>&1 && /usr/bin/apt-get autoclean > /dev/null 2>&1", - user => root, - hour => "*/1", - minute => "0", - ensure => present, - require => [ File["/etc/apt/sources.list"], File["/etc/apt/preferences"], Config_File["apt_config"] ], + if ( $virtual == "vserver" ) { + apt_conf { "03clean_vserver": + source => [ "puppet:///modules/site-apt/${fqdn}/03clean_vserver", + "puppet:///modules/site-apt/03clean_vserver", + "puppet:///modules/apt/03clean_vserver" ], + alias => "03clean"; } } - - ## This package should really always be current - package { "debian-archive-keyring": - ensure => latest, - } - - case $volatile_enabled { - true: { - config_file { "/etc/apt/sources.list.d/debian-volatile.list": - content => template("apt/sources.list.volatile.erb"), - } + else { + apt_conf { "03clean": + source => [ "puppet:///modules/site-apt/${fqdn}/03clean", + "puppet:///modules/site-apt/03clean", + "puppet:///modules/apt/03clean" ] } - default: { - config_file { "/etc/apt/sources.list.d/debian-volatile.list": - ensure => absent, - } + } + + case $custom_preferences { + false: { + include apt::preferences::absent + } + default: { + # When squeeze becomes the stable branch, transform this file's header + # into a preferences.d file + include apt::preferences } } - case $backports_enabled { - true: { - config_file { - # backports - "/etc/apt/sources.list.d/debian-backports.list": - content => template("apt/sources.list.backports.erb"), - } - - case $lsbdistcodename { - etch: { - package { "debian-backports-keyring": - ensure => latest, - } - - # This key was downloaded from - # http://backports.org/debian/archive.key - # and is needed to bootstrap the backports trustpath - file { "${apt_base_dir}/backports.org.key": - source => "puppet://$server/modules/apt/backports.org.key", - mode => 0444, owner => root, group => root, - } - exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update": - alias => "backports_key", - refreshonly => true, - subscribe => File["${apt_base_dir}/backports.org.key"], - before => [ Config_File["apt_config"], Package["debian-backports-keyring"] ] - } - } - lenny: { - package { "debian-backports-keyring": - ensure => latest, - } - - # This key was downloaded from - # http://backports.org/debian/archive.key - # and is needed to bootstrap the backports trustpath - file { "${apt_base_dir}/backports.org.key": - source => "puppet://$server/modules/apt/backports.org.key", - mode => 0444, owner => root, group => root, - } - exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update": - alias => "backports_key", - refreshonly => true, - subscribe => File["${apt_base_dir}/backports.org.key"], - before => [ Config_File["apt_config"], Package["debian-backports-keyring"] ] - } - } - } - - } - default: { } - } - - + # backward compatibility: upgrade from previous versions of this module. + file { + [ "/etc/apt/apt.conf.d/from_puppet", "/etc/apt/apt.conf.d/99from_puppet" ]: + ensure => 'absent', + require => [ Apt_conf['02show_upgraded'], Apt_conf['03clean'] ]; + } - case $custom_key_dir { - '': { } - default: { - file { "${apt_base_dir}/keys.d": - source => "$custom_key_dir", - recurse => true, - mode => 0755, owner => root, group => root, - } - exec { "find ${apt_base_dir}/keys.d -type f -exec apt-key add '{}' \\; && apt-get update": - alias => "custom_keys", - subscribe => File["${apt_base_dir}/keys.d"], - refreshonly => true, - before => Config_File["apt_config"]; - } - } - } + # watch .d directories and ensure they are present + file { "/etc/apt/apt.conf.d": ensure => directory, checksum => mtime; } + file { "/etc/apt/sources.list.d": + ensure => directory, + checksum => mtime, + notify => Exec['refresh_apt'], + } - # workaround for preseeded_package component - file { "/var/cache": ensure => directory } - file { "/var/cache/local": ensure => directory } - file { "/var/cache/local/preseeding/": ensure => directory } + exec { + # "&& sleep 1" is workaround for older(?) clients + 'refresh_apt': + command => '/usr/bin/apt-get update && sleep 1', + refreshonly => true, + subscribe => [ File['/etc/apt/apt.conf.d'], Config_file['/etc/apt/sources.list'] ]; + } - define preseeded_package ($content = "", $ensure = "installed") { - $seedfile = "/var/cache/local/preseeding/$name.seeds" - $real_content = $content ? { - "" => template ( "$debian_version/$name.seeds" ), - Default => $content - } - - file{ $seedfile: - content => $real_content, - mode => 0600, owner => root, group => root, - } - - package { $name: - ensure => $ensure, - responsefile => $seedfile, - require => File[$seedfile], - } - } + ## This package should really always be current + package { "debian-archive-keyring": ensure => latest } - define upgrade_package ($version = "") { - case $version { - '': { - exec { "aptitude -y install $name": - onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ], - } - } - 'latest': { - exec { "aptitude -y install $name": - onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ], - } - } - default: { - exec { "aptitude -y install $name=$version": - onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ], - } - } - } - } + # backports uses the normal archive key now + package { "debian-backports-keyring": ensure => absent } - if $apt_http_proxy or $apt_ftp_proxy { - file { "/etc/apt/apt.conf.d/proxy": - owner => root, - group => root, - mode => 0644, - content => template("apt/proxy.erb"), - require => Config_File["apt_config"], - } - } else { - file { "/etc/apt/apt.conf.d/proxy": - ensure => absent, - } - } -} + include common::moduledir + $apt_base_dir = "${common::moduledir::module_dir_path}/apt" + modules_dir { apt: } -class dselect { - # suppress annoying help texts of dselect - line { dselect_expert: - file => "/etc/dpkg/dselect.cfg", - line => "expert", - ensure => present, - } + if $custom_key_dir { + file { "${apt_base_dir}/keys.d": + source => "$custom_key_dir", + recurse => true, + mode => 0755, owner => root, group => root, + } + exec { "custom_keys": + command => "find ${apt_base_dir}/keys.d -type f -exec apt-key add '{}' \\; && /usr/bin/apt-get update", + subscribe => File["${apt_base_dir}/keys.d"], + refreshonly => true, + } + if $custom_preferences != false { + Exec["custom_keys"] { + before => Concatenated_file[apt_config], + } + } + } - package { dselect: ensure => installed } + # workaround for preseeded_package component + file { [ "/var/cache", "/var/cache/local", "/var/cache/local/preseeding" ]: ensure => directory } } diff --git a/manifests/listchanges.pp b/manifests/listchanges.pp new file mode 100644 index 0000000..038d5c9 --- /dev/null +++ b/manifests/listchanges.pp @@ -0,0 +1,38 @@ +class apt::listchanges { + + case $apt_listchanges_version { + '': { $apt_listchanges_version = "present" } + } + + case $apt_listchanges_config { + '': { $apt_listchanges_config = "apt/${operatingsystem}/listchanges_${lsbdistcodename}.erb" } + } + + case $apt_listchanges_frontend { + '': { $apt_listchanges_frontend = "mail" } + } + + case $apt_listchanges_email { + '': { $apt_listchanges_email = "root" } + } + + case $apt_listchanges_confirm { + '': { $apt_listchanges_confirm = "0" } + } + + case $apt_listchanges_saveseen { + '': { $apt_listchanges_saveseen = "/var/lib/apt/listchanges.db" } + } + + case $apt_listchanges_which { + '': { $apt_listchanges_which = "both" } + } + + package { apt-listchanges: ensure => $apt_listchanges_ensure_version } + + file { "/etc/apt/listchanges.conf": + content => template($apt_listchanges_config), + mode => 0644, owner => root, group => root, + require => Package["apt-listchanges"]; + } +} diff --git a/manifests/preferences.pp b/manifests/preferences.pp new file mode 100644 index 0000000..4c93542 --- /dev/null +++ b/manifests/preferences.pp @@ -0,0 +1,26 @@ +class apt::preferences { + + include common::moduledir + $apt_preferences_dir = "${common::moduledir::module_dir_path}/apt/preferences" + module_dir{'apt/preferences': } + file { "${apt_preferences_dir}_header": + content => $custom_preferences ? { + '' => $operatingsystem ? { + 'debian' => template("apt/${operatingsystem}/preferences_${codename}.erb"), + 'ubuntu' => '', + }, + default => $custom_preferences + }, + } + + concatenated_file { '/etc/apt/preferences': + dir => $apt_preferences_dir, + header => "${apt_preferences_dir}_header", + # use Concatenated_file[apt_config] to reference a completed configuration + # See "The Puppet Semaphor" 2007-06-25 on the puppet-users ML + alias => apt_config, + # only update together + require => File["/etc/apt/sources.list"]; + } + +} diff --git a/manifests/preferences/absent.pp b/manifests/preferences/absent.pp new file mode 100644 index 0000000..0e96119 --- /dev/null +++ b/manifests/preferences/absent.pp @@ -0,0 +1,6 @@ +class apt::preferences::absent { + + file { '/etc/apt/preferences': + ensure => absent, + } +} diff --git a/manifests/preferences_snippet.pp b/manifests/preferences_snippet.pp new file mode 100644 index 0000000..4b8e575 --- /dev/null +++ b/manifests/preferences_snippet.pp @@ -0,0 +1,36 @@ +define apt::preferences_snippet( + $ensure = 'present', + $source = '', + $release, + $priority ) +{ + + if $custom_preferences == false { + fail("Trying to define a preferences_snippet with \$custom_preferences set to false.") + } + + include apt::preferences + + file { "${apt::preferences::apt_preferences_dir}/${name}": + ensure => $ensure, + #TODO this template is somewhat limited + notify => Exec["concat_${apt::preferences::apt_preferences_dir}"], + owner => root, group => 0, mode => 0600; + } + + # This should really work in the same manner as sources_list and apt_conf + # snippets, but since the preferences.d directory cannot be used in Debian + # lenny, we can't generalize without going into ugly special-casing. + case $source { + '': { + File["${apt::preferences::apt_preferences_dir}/${name}"] { + content => template("apt/preferences_snippet.erb") + } + } + default: { + File["${apt::preferences::apt_preferences_dir}/${name}"] { + source => $source + } + } + } +} diff --git a/manifests/preseeded_package.pp b/manifests/preseeded_package.pp new file mode 100644 index 0000000..839f200 --- /dev/null +++ b/manifests/preseeded_package.pp @@ -0,0 +1,18 @@ +define apt::preseeded_package ($content = "", $ensure = "installed") { + $seedfile = "/var/cache/local/preseeding/$name.seeds" + $real_content = $content ? { + "" => template ( "site-apt/$lsbdistcodename/$name.seeds" ), + default => $content + } + + file { $seedfile: + content => $real_content, + mode => 0600, owner => root, group => root, + } + + package { $name: + ensure => $ensure, + responsefile => $seedfile, + require => File[$seedfile], + } +} diff --git a/manifests/proxy_client.pp b/manifests/proxy_client.pp new file mode 100644 index 0000000..23e9bd1 --- /dev/null +++ b/manifests/proxy_client.pp @@ -0,0 +1,16 @@ +class apt::proxy_client { + + $real_apt_proxy = $apt_proxy ? { + "" => "http://localhost", + default => $apt_proxy + } + + $real_apt_proxy_port = $apt_proxy_port ? { + "" => "3142", + default => $apt_proxy_port + } + + apt_conf { "20proxy": + content => template("apt/20proxy.erb"), + } +} diff --git a/manifests/reboot_required_notify.pp b/manifests/reboot_required_notify.pp new file mode 100644 index 0000000..3603aa2 --- /dev/null +++ b/manifests/reboot_required_notify.pp @@ -0,0 +1,21 @@ +class apt::reboot_required_notify { + + # This package installs the script that created /var/run/reboot-required*. + # This script (/usr/share/update-notifier/notify-reboot-required) is + # triggered e.g. by kernel packages. + package { update-notifier-common: + ensure => installed, + } + + # cron-apt defaults to run every night at 4 o'clock + # plus some random time <1h. + # so we check if a reboot is required a bit later. + cron { 'apt_reboot_required_notify': + command => 'if [ -f /var/run/reboot-required ]; then echo "Reboot required\n" ; cat /var/run/reboot-required.pkgs ; fi', + user => root, + hour => 5, + minute => 20, + require => Package['update-notifier-common'], + } + +} diff --git a/manifests/sources_list.pp b/manifests/sources_list.pp new file mode 100644 index 0000000..86b35a7 --- /dev/null +++ b/manifests/sources_list.pp @@ -0,0 +1,30 @@ +define apt::sources_list ( + $ensure = 'present', + $source = '', + $content = undef ) +{ + + if $source == '' and $content == undef { + fail("One of \$source or \$content must be specified for apt_sources_snippet ${name}") + } + if $source != '' and $content != undef { + fail("Only one of \$source or \$content must specified for apt_sources_snippet ${name}") + } + + file { "/etc/apt/sources.list.d/${name}": + ensure => $ensure, + owner => root, group => 0, mode => 0644; + } + + if $source { + File["/etc/apt/sources.list.d/${name}"] { + source => $source, + } + } + else { + File["/etc/apt/sources.list.d/${name}"] { + content => $content, + } + } +} + diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp new file mode 100644 index 0000000..e2992f8 --- /dev/null +++ b/manifests/unattended_upgrades.pp @@ -0,0 +1,19 @@ +class apt::unattended_upgrades { + + package { 'unattended-upgrades': + ensure => present, + require => undef, + } + + apt_conf { "50unattended-upgrades": + source => ["puppet:///modules/site-apt/50unattended-upgrades", + "puppet:///modules/apt/50unattended-upgrades" ], + require => Package['unattended-upgrades'], + } + + if $custom_preferences != false { + Apt_conf["50unattended-upgrades"] { + before => Concatenated_file[apt_config], + } + } +} diff --git a/manifests/update.pp b/manifests/update.pp new file mode 100644 index 0000000..ae992f4 --- /dev/null +++ b/manifests/update.pp @@ -0,0 +1,12 @@ +class apt::update { + + exec { 'update_apt': + command => '/usr/bin/apt-get update && /usr/bin/apt-get autoclean', + require => [ File['/etc/apt/apt.conf.d', '/etc/apt/preferences' ], + Config_file['/etc/apt/sources.list'] ], + loglevel => info, + # Another Semaphor for all packages to reference + alias => "apt_updated" + } + +} diff --git a/manifests/upgrade_package.pp b/manifests/upgrade_package.pp new file mode 100644 index 0000000..9202624 --- /dev/null +++ b/manifests/upgrade_package.pp @@ -0,0 +1,33 @@ +define apt::upgrade_package ($version = "") { + + include apt::update + + $version_suffix = $version ? { + '' => '', + 'latest' => '', + default => "=${version}", + } + + if !defined(Package['apt-show-versions']) { + package { 'apt-show-versions': + ensure => installed, + require => undef, + } + } + + if !defined(Package['dctrl-tools']) { + package { 'dctrl-tools': + ensure => installed, + require => undef, + } + } + + exec { "apt-get -q -y -o 'DPkg::Options::=--force-confold' install ${name}${version_suffix}": + onlyif => [ "grep-status -F Status installed -a -P $name -q", "apt-show-versions -u $name | grep -q upgradeable" ], + require => [ + Exec['apt_updated'], + Package['apt-show-versions', 'dctrl-tools'], + ], + } + +} |