Added apt::unattended_upgrades class, and extra template for "deb-src"

diff --git a/README b/README
index 8299c02a5ec37b9c83897e06ea5777a056049ef4..72afcfc850c032e3aeea538fbab8088416b8df92 100644 (file)
--- a/README
+++ b/README
@@ -72,11 +72,30 @@ apt keyring, you can set this variable to a path in your fileserver
 where individual key files can be placed. If this is set and keys
 exist there, this module will apt-key add each key
 
+$backports_enabled
+------------------
+If set to true, the debian backports repository is enabled through a 
+file in /etc/apt/sources.d/. Defaults to false.
+
+$apt_deb_src_enabled
+--------------------
+If set to true, the debian sources repository is enabled through a 
+file in /etc/apt/sources.d/. Defaults to false.
+
+
 Classes
 =======
-
-This module contains only the apt class, which sets up all described
-functionality.
+apt
+---
+Sets up the basic apt package management.
+
+apt::unattended_upgrades
+------------------------
+Sets up the unattended-upgrades package, and configures it mostly through 
+the file /etc/apt/apt.conf.d/50unattended-upgrades.
+Unfortunately there seems to be a bug in unattended-upgrades <= 0.25.1 that 
+wildcards aren't recognized, so use it with care !
+http://packages.debian.org/de/lenny/unattended-upgrades
 
 
 Resources

diff --git a/files/50unattended-upgrades b/files/50unattended-upgrades
new file mode 100644 (file)
index 0000000..06036bf
--- /dev/null
+++ b/files/50unattended-upgrades
@@ -0,0 +1,43 @@
+// this file is managed by puppet !
+//
+//See https://wiki.ubuntu.com/AutomaticUpdates for more details about this feature.
+
+// allowed (origin, archive) pairs
+Unattended-Upgrade::Allowed-Origins {
+       "Debian stable";
+       "Debian-Security stable";
+//     "Debian testing";
+};
+
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Unattended-Upgrade "1";
+Unattended-Upgrade::Mail "root";
+
+APT::UnattendedUpgrades::LogDir "/var/log/";
+APT::UnattendedUpgrades::LogFile "unattended_upgrades.log";
+
+Unattended-Upgrade::Package-Blacklist {
+       // we don't want the kernel to be updated so nagios still can give a warnig if there is 
+       // a manual update (and reboot) left
+       
+        "linux-image-*";
+       
+       // unfortunately there seems to be a bug in unattended-upgrades <= 0.25.1 that wildcards aren't recognized:
+       //2009-12-11 13:41:43,267 INFO Initial blacklisted packages: linux-image-*
+       //2009-12-11 13:41:43,267 INFO Starting unattended upgrades script
+       //2009-12-11 13:41:43,267 INFO Allowed origins are: ["['Debian', 'stable']", "['Debian-Security', 'stable']"]
+       //2009-12-11 13:41:45,233 INFO Packages that are upgraded: linux-image-2.6.26-2-amd64
+       //2009-12-11 13:41:45,233 INFO Writing dpkg log to '/var/log/unattended-upgrades-dpkg_2009-12-11_13:41:45.233713.log'
+       //2009-12-11 13:42:11,988 INFO All upgrades installed
+        
+       "linux-image-2.6.18-5-vserver-686";
+       "linux-image-2.6.18-5-xen-vserver-686";
+        "linux-image-2.6.18-6-vserver-686";
+       "linux-image-2.6.18-6-xen-vserver-686";
+        "linux-image-2.6.24.3";
+        "linux-image-2.6.26-1-686";
+        "linux-image-2.6.26-2-xen-amd64";
+        "linux-image-2.6.26-2-xen-686";
+       "linux-image-2.6.26-2-amd64";
+};
+

diff --git a/manifests/init.pp b/manifests/init.pp
index 1af6e1fc760b0f94c79ac1d63a4d483225f01569..07b6c2b0394a6f66cb73f0a48ace839101107b19 100644 (file)
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -3,6 +3,7 @@
 # Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at>
 # See LICENSE for the full license granted to you.
 
+
 class apt {
 
        # See README
@@ -15,6 +16,11 @@ class apt {
                '' => 'false',
                default => $backports_enabled,
        }
+       
+       $apt_deb_src_enabled = $apt_deb_src_enabled ? {
+               'true' => 'true',
+               default => $apt_deb_src_enabled,
+       }
 
        package { apt: ensure => installed }
 
@@ -150,7 +156,17 @@ class apt {
          default: { }
        }
 
-    
+       case $apt_deb_src_enabled {
+         'true': {   
+             config_file {
+                     # deb-src
+                     "/etc/apt/sources.list.d/debian-sources.list":
+                             content => template("apt/sources.list.deb-src.erb"),
+                             require => Exec[assert_lsbdistcodename];
+             }
+         }             
+         default: {}
+       }
 
         case $custom_key_dir {
           '': {
@@ -226,3 +242,18 @@ class dselect {
 
        package { dselect: ensure => installed }
 }
+
+
+class apt::unattended_upgrades {
+    case $operatingsystem {
+        debian,ubuntu: { 
+                package {       unattended-upgrades : ensure => latest; }
+                file { "/etc/apt/apt.conf.d/50unattended-upgrades": 
+                        source  => "puppet://$server/modules/apt/50unattended-upgrades" }
+        }
+
+        default: { notice "unknown operatingsystem: $operatingsystem for class apt::unattended_upgrades" }
+    }
+
+}
+

diff --git a/templates/sources.list.deb-src.erb b/templates/sources.list.deb-src.erb
new file mode 100644 (file)
index 0000000..6811eca
--- /dev/null
+++ b/templates/sources.list.deb-src.erb
@@ -0,0 +1,11 @@
+# This file is brought to you by puppet
+
+# basic <%= lsbdistcodename %>
+deb-src http://ftp.debian.org/debian/ <%= lsbdistcodename %> main contrib non-free
+# security suppport
+<% if (lsbdistcodename == "sid" || lsbdistcodename == "unstable") -%>
+# There is no security mirror for <%= lsbdistcodename %>
+<% else -%>
+deb-src http://security.debian.org/ <%= lsbdistcodename %>/updates main contrib non-free
+<% end -%>
+