--- /dev/null
- // we don't want the kernel to be updated so nagios still can give a warnig if there is
+ // this file is managed by puppet !
+ //
+ //See https://wiki.ubuntu.com/AutomaticUpdates for more details about this feature.
+
+ // allowed (origin, archive) pairs
+ Unattended-Upgrade::Allowed-Origins {
+ "Debian stable";
+ "Debian-Security stable";
+ // "Debian testing";
+ };
+
+ APT::Periodic::Update-Package-Lists "1";
+ APT::Periodic::Unattended-Upgrade "1";
+ Unattended-Upgrade::Mail "root";
+
+ APT::UnattendedUpgrades::LogDir "/var/log/";
+ APT::UnattendedUpgrades::LogFile "unattended_upgrades.log";
+
+ Unattended-Upgrade::Package-Blacklist {
-
++ // we don't want the kernel to be updated so nagios still can give a warning if there is
+ // a manual update (and reboot) left
-
++
+ "linux-image-*";
-
++
+ // unfortunately there seems to be a bug in unattended-upgrades <= 0.25.1 that wildcards aren't recognized:
+ //2009-12-11 13:41:43,267 INFO Initial blacklisted packages: linux-image-*
+ //2009-12-11 13:41:43,267 INFO Starting unattended upgrades script
+ //2009-12-11 13:41:43,267 INFO Allowed origins are: ["['Debian', 'stable']", "['Debian-Security', 'stable']"]
+ //2009-12-11 13:41:45,233 INFO Packages that are upgraded: linux-image-2.6.26-2-amd64
+ //2009-12-11 13:41:45,233 INFO Writing dpkg log to '/var/log/unattended-upgrades-dpkg_2009-12-11_13:41:45.233713.log'
+ //2009-12-11 13:42:11,988 INFO All upgrades installed
-
++
+ // lenny
+ "linux-image-2.6.26-1-686";
+ "linux-image-2.6.26-1-amd64";
+ "linux-image-2.6.26-1-xen-686";
+ "linux-image-2.6.26-1-xen-amd64";
+ "linux-image-2.6.26-1-vserver-686";
+ "linux-image-2.6.26-1-vserver-amd64";
++
+ "linux-image-2.6.26-2-686";
+ "linux-image-2.6.26-2-amd64";
+ "linux-image-2.6.26-2-xen-686";
+ "linux-image-2.6.26-2-xen-amd64";
++ "linux-image-2.6.26-2-vserver-686";
+ "linux-image-2.6.26-2-vserver-amd64";
+
++ // squeeze
++ "linux-image-2.6.32-5-686";
++ "linux-image-2.6.32-5-amd64";
++ "linux-image-2.6.32-5-xen-686";
++ "linux-image-2.6.32-5-xen-amd64";
++ "linux-image-2.6.32-5-vserver-686";
++ "linux-image-2.6.32-5-vserver-amd64";
++
+ };
+
--- /dev/null
- exec { "/usr/bin/apt-get update":
+ define apt::custom_sources_template ($sources_file = "") {
+ file { "/etc/apt/sources.list.d/$sources_file":
+ content => template($name),
+ }
- refreshonly => true,
++ exec { "/usr/bin/apt-get update":
+ subscribe => File["/etc/apt/sources.list.d/$sources_file"],
++ refreshonly => true,
+ }
+ }
+
class apt::default_preferences {
- config_file {
- # this just pins unstable and testing to very low values
- "/etc/apt/preferences":
- content => template("apt/preferences.erb"),
- # use File[apt_config] to reference a completed configuration
- # See "The Puppet Semaphor" 2007-06-25 on the puppet-users ML
- alias => apt_config,
- # only update together
- require => File["/etc/apt/sources.list"];
- # little default settings which keep the system sane
- "/etc/apt/apt.conf.d/99from_puppet":
- content => "APT::Get::Show-Upgraded true;\nDSelect::Clean $real_apt_clean;\n",
- before => Config_file[apt_config];
+ case $operatingsystem {
+ 'debian': {
+ config_file {
+ "/etc/apt/preferences":
+ content => template("apt/${operatingsystem}/preferences_${codename}.erb"),
+ # use File[apt_config] to reference a completed configuration
+ # See "The Puppet Semaphor" 2007-06-25 on the puppet-users ML
+ alias => apt_config,
+ # only update together
+ require => File["/etc/apt/sources.list"];
+ # little default settings which keep the system sane
- "/etc/apt/apt.conf.d/from_puppet":
++ "/etc/apt/apt.conf.d/99from_puppet":
+ content => "APT::Get::Show-Upgraded true;\nDSelect::Clean $real_apt_clean;\n",
+ before => Config_file[apt_config];
+ }
+ }
+ 'ubuntu': {
+ notice('There is no support for default Ubuntu APT preferences')
+ }
}
}
# include main, security and backports
# additional sources could be included via an array
"/etc/apt/sources.list":
- content => template( "apt/$operatingsystem/sources.list.erb"),
+ content => template("apt/${operatingsystem}/sources.list.erb"),
+ require => Package['lsb'];
}
}
class apt {
-
+ import "custom_sources.pp"
++
# See README
$real_apt_clean = $apt_clean ? {
'' => 'auto',
## This package should really always be current
package { "debian-archive-keyring": ensure => latest }
-
- case $lsbdistcodename {
- etch: {
- package { "debian-backports-keyring": ensure => latest }
-
- # This key was downloaded from
- # http://backports.org/debian/archive.key
- # and is needed to bootstrap the backports trustpath
- file { "${apt_base_dir}/backports.org.key":
- source => "puppet:///modules/apt/backports.org.key",
- mode => 0444, owner => root, group => root,
- }
- exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update":
- alias => "backports_key",
- refreshonly => true,
- subscribe => File["${apt_base_dir}/backports.org.key"],
- before => [ File[apt_config], Package["debian-backports-keyring"] ]
- }
- }
- lenny: {
- package { "debian-backports-keyring": ensure => latest }
-
- # This key was downloaded from
- # http://backports.org/debian/archive.key
- # and is needed to bootstrap the backports trustpath
- file { "${apt_base_dir}/backports.org.key":
- source => "puppet:///modules/apt/backports.org.key",
- mode => 0444, owner => root, group => root,
- }
- exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update":
- alias => "backports_key",
- refreshonly => true,
- subscribe => File["${apt_base_dir}/backports.org.key"],
- before => [ Config_file[apt_config], Package["debian-backports-keyring"] ]
- }
- }
- }
+ # backports uses the normal archive key now
+ package { "debian-backports-keyring": ensure => absent }
-
- case $custom_key_dir {
- '': {
- exec { "/bin/true # no_custom_keydir": }
+
+ if $custom_key_dir {
+ file { "${apt_base_dir}/keys.d":
+ source => "$custom_key_dir",
+ recurse => true,
+ mode => 0755, owner => root, group => root,
}
- default: {
- file { "${apt_base_dir}/keys.d":
- source => "$custom_key_dir",
- recurse => true,
- mode => 0755, owner => root, group => root,
- }
- exec { "find ${apt_base_dir}/keys.d -type f -exec apt-key add '{}' \\; && apt-get update":
- alias => "custom_keys",
- subscribe => File["${apt_base_dir}/keys.d"],
- refreshonly => true,
- before => Config_file["apt_config"];
- }
+ exec { "find ${apt_base_dir}/keys.d -type f -exec apt-key add '{}' \\; && apt-get update":
+ alias => "custom_keys",
+ subscribe => File["${apt_base_dir}/keys.d"],
+ refreshonly => true,
+ before => Config_file[apt_config];
}
}
# workaround for preseeded_package component
- file { "/var/cache": ensure => directory }
- file { "/var/cache/local": ensure => directory }
- file { "/var/cache/local/preseeding": ensure => directory }
- }
+ file { [ "/var/cache", "/var/cache/local", "/var/cache/local/preseeding" ]: ensure => directory }
-}
++}
}
config_file {
- "/etc/apt/apt.conf.d/unattended_upgrades":
- content => 'APT::Periodic::Update-Package-Lists "1";
- APT::Periodic::Unattended-Upgrade "1";
- ',
- before => Config_file[apt_config],
- require => Package['unattended-upgrades'],
- "/etc/apt/apt.conf.d/50unattended-upgrades":
- source => ["puppet:///modules/site-apt/50unattended-upgrades",
- "puppet:///modules/apt/50unattended-upgrades" ],
-
++ "/etc/apt/apt.conf.d/50unattended-upgrades":
++ source => ["puppet:///modules/site-apt/50unattended-upgrades",
++ "puppet:///modules/apt/50unattended-upgrades" ],
++
+ before => Config_file[apt_config],
+ require => Package['unattended-upgrades'],
}
}
# security suppport
deb http://de.archive.ubuntu.com/ubuntu <%= lsbdistcodename %>-security main restricted universe multiverse
+<% if include_src then -%>
+deb-src http://de.archive.ubuntu.com/ubuntu <%= lsbdistcodename %>-security main restricted universe multiverse
+<% end -%>
-
+# backports
+deb http://archive.ubuntu.com/ubuntu <%= lsbdistcodename %>-backports main universe multiverse restricted
++<% if include_src then -%>
++deb-src http://archive.ubuntu.com/ubuntu <%= lsbdistcodename %>-backports main universe multiverse restricted
++<% end -%>
projects / puppet-apt.git / commitdiff