modularised apt

git-svn-id: http://club.black.co.at:82/svn/manifests/trunk@58 f03ff2f1-f02d-0410-970d-b9634babeaa1

diff --git a/README b/README
new file mode 100644 (file)
index 0000000..8034a4f
--- /dev/null
+++ b/README
@@ -0,0 +1,19 @@
+Variables:
+       $apt_clean: Sets DSelect::Clean, defaults to 'auto' on normal hosts and
+               'pre-auto' in vservers, since the latter are usually more space-bound and
+               have better recovery mechanisms via the host
+               From apt.conf(5), 0.7.2: "Cache Clean mode; this value may be one of
+                       always, prompt, auto, pre-auto and never. always and prompt will
+                       remove all packages from the cache after upgrading, prompt (the
+                       default) does so conditionally.  auto removes only those packages
+                       which are no longer downloadable (replaced with a new version for
+                       instance). pre-auto performs this action before downloading new
+                       packages."
+
+Provided Resources:
+       File[apt_config]: Use this resource to depend on or add to a completed apt
+               configuration
+       Exec[apt_updated]: After this point, current packages can installed via apt,
+               usually used like this:
+               Package { require => Exec[apt_updated] }
+

diff --git a/files/backports.org.key b/files/backports.org.key
new file mode 100644 (file)
index 0000000..6e66404
--- /dev/null
+++ b/files/backports.org.key
@@ -0,0 +1,33 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.3 (GNU/Linux)
+
+mQGiBEMIgw4RBADueqAzlq+rQT9JYSSWnNzo6C+9crI8lzW/fcl2Q3PO97MOQTOx
+Qsf/lOh0Ku7O+VdBa+BwVPuUkSw6wTY5Ku1y/6r1BQzJ9oHkryDDJXsHzKhpdyFc
+/lD4hNGqRkiNg5ulwAI0O1eqffPWDmeR9ZzSsqM40f1U4TNLfPAu1viWxwCgnbWz
+onY6RqSYlRsDQaPsNTwieVEEAJeX2FGgNepD1SvfEremAkWCrYYlSZI76iTIf6bd
+kGkWqIT0vJyE2MNenhDJ2ebbHJVFmL9x8S3m1daC4Zwnacm7aoCY/QgMJ+Js1Fex
+Acev48W9KHgpVbFMd1t8KAwRbmFcQf0C/FZUbE7xScpTxS4z3SsMOuRyfnGpDOi6
+m/SnA/9wpquf3pPwbPykzKWNJEDouiJgt0zaFLauKDPeyTWeJ6htaAPDglArewdq
+bJ9M8QgLFtzjhg/fBQlRRUk7YP4OYtp1OdPkg2D/1rPQNySWlDf21T3N/K8ydKhR
+bYi+AsPuJLQUi3d+lVTFOebaL9felePvDC2/Eod7PSD1/rnkZ7Q0QmFja3BvcnRz
+Lm9yZyBBcmNoaXZlIEtleSA8ZnRwLW1hc3RlckBiYWNrcG9ydHMub3JnPohGBBAR
+AgAGBQJDgImkAAoJEHFe1qB+e4rJ2x4An2oI4xJpDvOx8uDIo9ihG1M0MpUqAJ9S
+cqVUmiyYSPtu8MwcZecy9kmOIYheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD
+FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AniaEBvlr4oVFMrGgPiye7iE/jv68AJ48
+OkIfwcKJt7N8ImPAboeimFvWgIheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD
+FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AnjdB14rGa/rzz1ohwsi1oEnDRYuyAJ44
+Nv8MTPjOaeEZArQ0flg8OXwF37kCDQRDCIMREAgAzXu6DGSDAz4JH+mlthtiQwNZ
+FU8bjWanGT3DL6zubxwc3ZQmRaMOiVuvJUuaJv8fdGRSvp09dP2/x5mzq2rACiEn
+DwZssNSK5sigxgy2W9zeO9bOtg6bhqZLwlsL8Y2xZhyGL3qGeP4zL1QbXZ1QdJuO
+90Xu7GWYS6Wsj+Y6dUsZFYvTZwSiLkEmgFUTxkNue3DQtZ/KNkwoKc+aqU+S7gDN
+StQDvTNtR6IV11KbKcY1iQ0B2bkh4zShWwloIr83V6huAhfH8GA7UW6saRJAof5D
+JWUb+PRmU2TAOOlyZoM4nMH+sFFDPOeG8fbecwlox5BRTMqcCB5ELbQXoVZT+wAD
+BQf/ffI9R53f9USQkhsSak+k82JjRo9hqKAvPwBv3fDhMYqX3XRmwgNeax2y6Ub0
+AQkDhIC6eJILP5hTb2gjpmYYP7YE/7F1h37lUg7dDYeyPQF54mUXPnIg3uQ/V9HB
+TY+ZW8rsVe1KRvPAuVFU77FfCvIFdLSXVi1HSUcGv9Y7Kk4Tkr7vzKshlcIp6zZr
+O0Y3t/+ekBwTTQqEoUylVYkCSt3z6bjpVWbepkL88rbqJnPueTATw9shjbFYaND8
+cXZox9tQmlOIZ6gDeH1YvFf7ObRLxULm7C6hwik6agtXWkNABVXSxM6MB4hcP9QC
++FEhK6y/7wC3SyNRBuFujDG1aohJBBgRAgAJBQJDCIMRAhsMAAoJEOqOiyEWuhNs
+VVMAoJ1gbL0PHVf7yDwMjO3HuJBErxLdAJ4v9ojJnvJu2yUl4W586soBm+wsLg==
+=fBrI
+-----END PGP PUBLIC KEY BLOCK-----

diff --git a/manifests/init.pp b/manifests/init.pp
new file mode 100644 (file)
index 0000000..c9e61bc
--- /dev/null
+++ b/manifests/init.pp
@@ -0,0 +1,91 @@
+# apt.pp - common components and defaults for handling apt
+# Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at>
+# See LICENSE for the full license granted to you.
+#
+# With hints from
+#  Micah Anderson <micah@riseup.net>
+#  * backports key
+
+class apt {
+
+       # See README
+       $real_apt_clean = $apt_clean ? {
+               '' => 'auto',
+               default => $apt_clean,
+       }
+
+       # a few templates need lsbdistcodename
+       include assert_lsbdistcodename
+
+       config_file {
+               # include main, security and backports
+               # additional sources could be included via an array
+               "/etc/apt/sources.list":
+                       content => template("apt/sources.list.erb"),
+                       require => Exec[assert_lsbdistcodename];
+               # this just pins unstable and testing to very low values
+               "/etc/apt/preferences":
+                       content => template("apt/preferences.erb"),
+                       # use File[apt_config] to reference a completed configuration
+                       # See "The Puppet Semaphor" 2007-06-25 on the puppet-users ML
+                       alias => apt_config,
+                       # only update together
+                       require => File["/etc/apt/sources.list"];
+               # little default settings which keep the system sane
+               "/etc/apt/apt.conf.d/from_puppet":
+                       content => "APT::Get::Show-Upgraded true;\nDSelect::Clean $real_apt_clean;\n",
+                       before => File[apt_config];
+       }
+
+       $base_dir = "/var/lib/puppet/modules/apt"
+       file {
+               # remove my legacy files
+               [ "/etc/apt/backports.key", "/etc/apt/apt.conf.d/local-conf" ]:
+                       ensure => removed;
+               # create new modules dir
+               $base_dir: ensure => directory;
+               # watch apt.conf.d
+               "/etc/apt/apt.conf.d": ensure => directory, checksum => mtime;
+       }
+
+       # suppress annoying help texts of dselect
+       line { dselect_expert:
+               file => "/etc/dpkg/dselect.cfg",
+               line => "expert",
+               ensure => present,
+       }
+
+       exec {
+               "/usr/bin/apt-get -y update #on refresh":
+                       refreshonly => true,
+                       subscribe => [ File["/etc/apt/sources.list"],
+                               File["/etc/apt/preferences"], File["/etc/apt/apt.conf.d"],
+                               File[apt_config] ];
+               "/usr/bin/apt-get -y update && /usr/bin/apt-get autoclean #hourly":
+                       require => [ File["/etc/apt/sources.list"],
+                               File["/etc/apt/preferences"], File[apt_config] ],
+                       # Another Semaphor for all packages to reference
+                       alias => apt_updated;
+       }
+
+       case $lsbdistcodename {
+               etch: {
+                       ## This package should really always be current
+                       package { "debian-archive-keyring": ensure => latest, }
+
+                       # This key was downloaded from
+                       # http://backports.org/debian/archive.key
+                       # and is needed to verify the backports
+                       file { "${base_dir}/backports.org.key":
+                               source => "puppet://$servername/apt/backports.org.key",
+                               mode => 0444, owner => root, group => root,
+                               before => File[apt_config],
+                       }
+                       exec { "/usr/bin/apt-key add ${base_dir}/backports.org.key":
+                               refreshonly => true,
+                               subscribe => File["${base_dir}/backports.org.key"],
+                               before => File[apt_config],
+                       }
+               }
+       }
+}

diff --git a/templates/preferences.erb b/templates/preferences.erb
new file mode 100644 (file)
index 0000000..ac71582
--- /dev/null
+++ b/templates/preferences.erb
@@ -0,0 +1,7 @@
+Package: *
+Pin: release a=unstable
+Pin-Priority: 1
+
+Package: *
+Pin: release a=testing
+Pin-Priority: 2

diff --git a/templates/sources.list.erb b/templates/sources.list.erb
new file mode 100644 (file)
index 0000000..a3880c5
--- /dev/null
+++ b/templates/sources.list.erb
@@ -0,0 +1,14 @@
+# This file is brought to you by puppet
+
+# basic <%= dv %>
+deb http://ftp.at.debian.org/debian <%= dv %> main
+# security suppport
+deb http://security.debian.org/ <%= dv %>/updates main
+# local packages
+#deb http://puppetmaster:81/ /
+
+# additional packages, see preferences
+#deb http://ftp.at.debian.org/debian sid main
+
+# backports
+deb http://www.backports.org/debian/ <%= dv %>-backports main