keith/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added modules

Browse source
This commit is contained in:
Ciaby 2014-07-11 13:30:23 -05:00
parent c53c931217
commit 59ec520742
646 changed files with 35182 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

59
modules/apt/manifests/backports.pp Normal file
View file

@ -0,0 +1,59 @@
# This adds the necessary components to get backports for ubuntu and debian
#
# == Parameters
#
# [*release*]
# The ubuntu/debian release name. Defaults to $lsbdistcodename. Setting this
# manually can cause undefined behavior. (Read: universe exploding)
#
# [*pin_priority*]
# _default_: 200
#
# The priority that should be awarded by default to all packages coming from
# the Debian Backports project.
#
# == Examples
#
# include apt::backports
#
# class { 'apt::backports':
# release => 'natty',
# }
#
# == Authors
#
# Ben Hughes, I think. At least blame him if this goes wrong.
# I just added puppet doc.
#
# == Copyright
#
# Copyright 2011 Puppet Labs Inc, unless otherwise noted.
class apt::backports(
$release = $::lsbdistcodename,
$location = $::apt::params::backports_location,
$pin_priority = 200,
) inherits apt::params {
if ! is_integer($pin_priority) {
fail('$pin_priority must be an integer')
}
$release_real = downcase($release)
$key = $::lsbdistid ? {
'debian' => '46925553',
'ubuntu' => '437D05B5',
}
$repos = $::lsbdistid ? {
'debian' => 'main contrib non-free',
'ubuntu' => 'main universe multiverse restricted',
}
apt::source { 'backports':
location => $location,
release => "${release_real}-backports",
repos => $repos,
key => $key,
key_server => 'pgp.mit.edu',
pin => $pin_priority,
}
}

16
modules/apt/manifests/builddep.pp Normal file
View file

@ -0,0 +1,16 @@
# builddep.pp
define apt::builddep() {
include apt::update
exec { "apt-builddep-${name}":
command => "/usr/bin/apt-get -y --force-yes build-dep ${name}",
logoutput => 'on_failure',
notify => Exec['apt_update'],
}
# Need anchor to provide containment for dependencies.
anchor { "apt::builddep::${name}":
require => Class['apt::update'],
}
}

18
modules/apt/manifests/conf.pp Normal file
View file

@ -0,0 +1,18 @@
define apt::conf (
$content,
$ensure = present,
$priority = '50'
) {
include apt::params
$apt_conf_d = $apt::params::apt_conf_d
file { "${apt_conf_d}/${priority}${name}":
ensure => $ensure,
content => $content,
owner => root,
group => root,
mode => '0644',
}
}

21
modules/apt/manifests/debian/testing.pp Normal file
View file

@ -0,0 +1,21 @@
# testing.pp
class apt::debian::testing {
include apt
# deb http://debian.mirror.iweb.ca/debian/ testing main contrib non-free
# deb-src http://debian.mirror.iweb.ca/debian/ testing main contrib non-free
# Key: 46925553 Server: subkeys.pgp.net
# debian-keyring
# debian-archive-keyring
apt::source { 'debian_testing':
location => 'http://debian.mirror.iweb.ca/debian/',
release => 'testing',
repos => 'main contrib non-free',
required_packages => 'debian-keyring debian-archive-keyring',
key => '46925553',
key_server => 'subkeys.pgp.net',
pin => '-10',
}
}

21
modules/apt/manifests/debian/unstable.pp Normal file
View file

@ -0,0 +1,21 @@
# unstable.pp
class apt::debian::unstable {
include apt
# deb http://debian.mirror.iweb.ca/debian/ unstable main contrib non-free
# deb-src http://debian.mirror.iweb.ca/debian/ unstable main contrib non-free
# Key: 46925553 Server: subkeys.pgp.net
# debian-keyring
# debian-archive-keyring
apt::source { 'debian_unstable':
location => 'http://debian.mirror.iweb.ca/debian/',
release => 'unstable',
repos => 'main contrib non-free',
required_packages => 'debian-keyring debian-archive-keyring',
key => '46925553',
key_server => 'subkeys.pgp.net',
pin => '-10',
}
}

42
modules/apt/manifests/force.pp Normal file
View file

@ -0,0 +1,42 @@
# force.pp
# force a package from a specific release
define apt::force(
$release = false,
$version = false,
$timeout = 300
) {
$provider = $apt::params::provider
$version_string = $version ? {
false => undef,
default => "=${version}",
}
$release_string = $release ? {
false => undef,
default => "-t ${release}",
}
if $version == false {
if $release == false {
$install_check = "/usr/bin/dpkg -s ${name} | grep -q 'Status: install'"
} else {
# If installed version and candidate version differ, this check returns 1 (false).
$install_check = "/usr/bin/test \$(/usr/bin/apt-cache policy -t ${release} ${name} | /bin/grep -E 'Installed|Candidate' | /usr/bin/uniq -s 14 | /usr/bin/wc -l) -eq 1"
}
} else {
if $release == false {
$install_check = "/usr/bin/dpkg -s ${name} | grep -q 'Version: ${version}'"
} else {
$install_check = "/usr/bin/apt-cache policy -t ${release} ${name} | /bin/grep -q 'Installed: ${version}'"
}
}
exec { "${provider} -y ${release_string} install ${name}${version_string}":
unless => $install_check,
logoutput => 'on_failure',
timeout => $timeout,
}
}

54
modules/apt/manifests/hold.pp Normal file
View file

@ -0,0 +1,54 @@
# == Define apt::hold
#
# This defined type allows you to hold a package based on the version you
# require. It's implemented by dropping an apt preferences file pinning the
# package to the version you require.
#
# === Parameters
#
# [*version*]
# The version at which you wish to pin a package.
#
# This can either be the full version, such as 4:2.11.8.1-5, or
# a partial version, such as 4:2.11.*
#
# [*package*]
# _default_: +$title+, the title/name of the resource.
#
# Name of the package that apt is to hold.
#
# [*priority*]
# _default_: +1001+
#
# The default priority of 1001 causes this preference to always win. By
# setting the priority to a number greater than 1000 apt will always install
# this version even if it means downgrading the currently installed version.
define apt::hold(
$version,
$ensure = 'present',
$package = $title,
$priority = 1001,
){
validate_string($title)
validate_re($ensure, ['^present|absent',])
validate_string($package)
validate_string($version)
if ! is_integer($priority) {
fail('$priority must be an integer')
}
if $ensure == 'present' {
::apt::pin { "hold ${package} at ${version}":
packages => $package,
version => $version,
priority => $priority,
}
} else {
::apt::pin { "hold ${package} at ${version}":
ensure => 'absent',
}
}
}

154
modules/apt/manifests/init.pp Normal file
View file

@ -0,0 +1,154 @@
# Class: apt
#
# This module manages the initial configuration of apt.
#
# Parameters:
# The parameters listed here are not required in general and were
# added for use cases related to development environments.
# disable_keys - disables the requirement for all packages to be signed
# always_apt_update - rather apt should be updated on every run (intended
# for development environments where package updates are frequent)
# purge_sources_list - Accepts true or false. Defaults to false If set to
# true, Puppet will purge all unmanaged entries from sources.list
# purge_sources_list_d - Accepts true or false. Defaults to false. If set
# to true, Puppet will purge all unmanaged entries from sources.list.d
# update_timeout - Overrides the exec timeout in seconds for apt-get update.
# If not set defaults to Exec's default (300)
# update_tries - Number of times that `apt-get update` will be tried. Use this
# to work around transient DNS and HTTP errors. By default, the command
# will only be run once.
#
# Actions:
#
# Requires:
# puppetlabs/stdlib
# Sample Usage:
# class { 'apt': }
class apt(
$always_apt_update = false,
$disable_keys = undef,
$proxy_host = undef,
$proxy_port = '8080',
$purge_sources_list = false,
$purge_sources_list_d = false,
$purge_preferences = false,
$purge_preferences_d = false,
$update_timeout = undef,
$update_tries = undef,
$sources = undef
) {
if $::osfamily != 'Debian' {
fail('This module only works on Debian or derivatives like Ubuntu')
}
include apt::params
include apt::update
validate_bool($purge_sources_list, $purge_sources_list_d,
$purge_preferences, $purge_preferences_d)
$sources_list_content = $purge_sources_list ? {
false => undef,
true => "# Repos managed by puppet.\n",
}
if $always_apt_update == true {
Exec <| title=='apt_update' |> {
refreshonly => false,
}
}
$root = $apt::params::root
$apt_conf_d = $apt::params::apt_conf_d
$sources_list_d = $apt::params::sources_list_d
$preferences_d = $apt::params::preferences_d
$provider = $apt::params::provider
file { 'sources.list':
ensure => present,
path => "${root}/sources.list",
owner => root,
group => root,
mode => '0644',
content => $sources_list_content,
notify => Exec['apt_update'],
}
file { 'sources.list.d':
ensure => directory,
path => $sources_list_d,
owner => root,
group => root,
purge => $purge_sources_list_d,
recurse => $purge_sources_list_d,
notify => Exec['apt_update'],
}
if $purge_preferences {
file { 'apt-preferences':
ensure => absent,
path => "${root}/preferences",
}
}
file { 'preferences.d':
ensure => directory,
path => $preferences_d,
owner => root,
group => root,
purge => $purge_preferences_d,
recurse => $purge_preferences_d,
}
case $disable_keys {
true: {
file { '99unauth':
ensure => present,
content => "APT::Get::AllowUnauthenticated 1;\n",
path => "${apt_conf_d}/99unauth",
}
}
false: {
file { '99unauth':
ensure => absent,
path => "${apt_conf_d}/99unauth",
}
}
undef: { } # do nothing
default: { fail('Valid values for disable_keys are true or false') }
}
$proxy_set = $proxy_host ? {
undef => absent,
default => present
}
file { '01proxy':
ensure => $proxy_set,
path => "${apt_conf_d}/01proxy",
content => "Acquire::http::Proxy \"http://${proxy_host}:${proxy_port}\";\n",
notify => Exec['apt_update'],
mode => '0644',
owner => root,
group => root,
}
file { 'old-proxy-file':
ensure => absent,
path => "${apt_conf_d}/proxy",
notify => Exec['apt_update'],
}
# Need anchor to provide containment for dependencies.
anchor { 'apt::update':
require => Class['apt::update'],
}
# manage sources if present
if $sources != undef {
validate_hash($sources)
create_resources('apt::source', $sources)
}
}

121
modules/apt/manifests/key.pp Normal file
View file

@ -0,0 +1,121 @@
# == Define: apt::key
#
# The apt::key defined type allows for keys to be added to apt's keyring
# which is used for package validation. This defined type uses the apt_key
# native type to manage keys. This is a simple wrapper around apt_key with
# a few safeguards in place.
#
# === Parameters
#
# [*key*]
# _default_: +$title+, the title/name of the resource
#
# Is a GPG key ID. This key ID is validated with a regex enforcing it
# to only contain valid hexadecimal characters, be precisely 8 or 16
# characters long and optionally prefixed with 0x.
#
# [*ensure*]
# _default_: +present+
#
# The state we want this key in, may be either one of:
# * +present+
# * +absent+
#
# [*key_content*]
# _default_: +undef+
#
# This parameter can be used to pass in a GPG key as a
# string in case it cannot be fetched from a remote location
# and using a file resource is for other reasons inconvenient.
#
# [*key_source*]
# _default_: +undef+
#
# This parameter can be used to pass in the location of a GPG
# key. This URI can take the form of a:
# * +URL+: ftp, http or https
# * +path+: absolute path to a file on the target system.
#
# [*key_server*]
# _default_: +undef+
#
# The keyserver from where to fetch our GPG key. It defaults to
# undef which results in apt_key's default keyserver being used,
# currently +keyserver.ubuntu.com+.
#
# [*key_options*]
# _default_: +undef+
#
# Additional options to pass on to `apt-key adv --keyserver-options`.
define apt::key (
$key = $title,
$ensure = present,
$key_content = undef,
$key_source = undef,
$key_server = undef,
$key_options = undef,
) {
validate_re($key, ['\A(0x)?[0-9a-fA-F]{8}\Z', '\A(0x)?[0-9a-fA-F]{16}\Z'])
validate_re($ensure, ['\Aabsent|present\Z',])
if $key_content {
validate_string($key_content)
}
if $key_source {
validate_re($key_source, ['\Ahttps?:\/\/', '\Aftp:\/\/', '\A\/\w+'])
}
if $key_server {
if !is_domain_name($key_server) {
fail('$key_server must be a valid domain name')
}
}
if $key_options {
validate_string($key_options)
}
case $ensure {
present: {
if defined(Anchor["apt_key ${key} absent"]){
fail("key with id ${key} already ensured as absent")
}
if !defined(Anchor["apt_key ${key} present"]) {
apt_key { $title:
ensure => $ensure,
id => $key,
source => $key_source,
content => $key_content,
server => $key_server,
keyserver_options => $key_options,
} ->
anchor { "apt_key ${key} present": }
}
}
absent: {
if defined(Anchor["apt_key ${key} present"]){
fail("key with id ${key} already ensured as present")
}
if !defined(Anchor["apt_key ${key} absent"]){
apt_key { $title:
ensure => $ensure,
id => $key,
source => $key_source,
content => $key_content,
server => $key_server,
keyserver_options => $key_options,
} ->
anchor { "apt_key ${key} absent": }
}
}
default: {
fail "Invalid 'ensure' value '${ensure}' for apt::key"
}
}
}

55
modules/apt/manifests/params.pp Normal file
View file

@ -0,0 +1,55 @@
class apt::params {
$root = '/etc/apt'
$provider = '/usr/bin/apt-get'
$sources_list_d = "${root}/sources.list.d"
$apt_conf_d = "${root}/apt.conf.d"
$preferences_d = "${root}/preferences.d"
case $::lsbdistid {
'debian': {
case $::lsbdistcodename {
'squeeze': {
$backports_location = 'http://backports.debian.org/debian-backports'
$legacy_origin = true
$origins = ['${distro_id} oldstable',
'${distro_id} ${distro_codename}-security']
}
'wheezy': {
$backports_location = 'http://ftp.debian.org/debian/'
$legacy_origin = false
$origins = ['origin=Debian,archive=stable,label=Debian-Security']
}
default: {
$backports_location = 'http://http.debian.net/debian/'
$legacy_origin = false
$origins = ['origin=Debian,archive=stable,label=Debian-Security']
}
}
}
'ubuntu': {
case $::lsbdistcodename {
'lucid': {
$backports_location = 'http://us.archive.ubuntu.com/ubuntu'
$ppa_options = undef
$legacy_origin = true
$origins = ['${distro_id} ${distro_codename}-security']
}
'precise', 'trusty': {
$backports_location = 'http://us.archive.ubuntu.com/ubuntu'
$ppa_options = '-y'
$legacy_origin = true
$origins = ['${distro_id}:${distro_codename}-security']
}
default: {
$backports_location = 'http://old-releases.ubuntu.com/ubuntu'
$ppa_options = '-y'
$legacy_origin = true
$origins = ['${distro_id}:${distro_codename}-security']
}
}
}
default: {
fail("Unsupported lsbdistid (${::lsbdistid})")
}
}
}

89
modules/apt/manifests/pin.pp Normal file
View file

@ -0,0 +1,89 @@
# pin.pp
# pin a release in apt, useful for unstable repositories
define apt::pin(
$ensure = present,
$explanation = "${caller_module_name}: ${name}",
$order = '',
$packages = '*',
$priority = 0,
$release = '', # a=
$origin = '',
$version = '',
$codename = '', # n=
$release_version = '', # v=
$component = '', # c=
$originator = '', # o=
$label = '' # l=
) {
include apt::params
$preferences_d = $apt::params::preferences_d
if $order != '' and !is_integer($order) {
fail('Only integers are allowed in the apt::pin order param')
}
$pin_release_array = [
$release,
$codename,
$release_version,
$component,
$originator,
$label]
$pin_release = join($pin_release_array, '')
# Read the manpage 'apt_preferences(5)', especially the chapter
# 'Thea Effect of APT Preferences' to understand the following logic
# and the difference between specific and general form
if is_array($packages) {
$packages_string = join($packages, ' ')
} else {
$packages_string = $packages
}
if $packages_string != '*' { # specific form
if ( $pin_release != '' and ( $origin != '' or $version != '' )) or
( $origin != '' and ( $pin_release != '' or $version != '' )) or
( $version != '' and ( $pin_release != '' or $origin != '' )) {
fail('parameters release, origin, and version are mutually exclusive')
}
} else { # general form
if $version != '' {
fail('parameter version cannot be used in general form')
}
if ( $pin_release != '' and $origin != '' ) or
( $origin != '' and $pin_release != '' ) {
fail('parmeters release and origin are mutually exclusive')
}
}
$path = $order ? {
'' => "${preferences_d}/${name}.pref",
default => "${preferences_d}/${order}-${name}.pref",
}
# According to man 5 apt_preferences:
# The files have either no or "pref" as filename extension
# and only contain alphanumeric, hyphen (-), underscore (_) and period
# (.) characters. Otherwise APT will print a notice that it has ignored a
# file, unless that file matches a pattern in the
# Dir::Ignore-Files-Silently configuration list - in which case it will
# be silently ignored.
$file_name = regsubst($title, '[^0-9a-z\-_\.]', '_', 'IG')
file { "${file_name}.pref":
ensure => $ensure,
path => $path,
owner => root,
group => root,
mode => '0644',
content => template('apt/pin.pref.erb'),
}
}

81
modules/apt/manifests/ppa.pp Normal file
View file

@ -0,0 +1,81 @@
# ppa.pp
define apt::ppa(
$ensure = 'present',
$release = $::lsbdistcodename,
$options = $apt::params::ppa_options,
) {
include apt::params
include apt::update
$sources_list_d = $apt::params::sources_list_d
if ! $release {
fail('lsbdistcodename fact not available: release parameter required')
}
if $::operatingsystem != 'Ubuntu' {
fail('apt::ppa is currently supported on Ubuntu only.')
}
$filename_without_slashes = regsubst($name, '/', '-', 'G')
$filename_without_dots = regsubst($filename_without_slashes, '\.', '_', 'G')
$filename_without_ppa = regsubst($filename_without_dots, '^ppa:', '', 'G')
$sources_list_d_filename = "${filename_without_ppa}-${release}.list"
if $ensure == 'present' {
$package = $::lsbdistrelease ? {
/^[1-9]\..*|1[01]\..*|12.04$/ => 'python-software-properties',
default => 'software-properties-common',
}
if ! defined(Package[$package]) {
package { $package: }
}
if defined(Class[apt]) {
$proxy_host = $apt::proxy_host
$proxy_port = $apt::proxy_port
case $proxy_host {
false, '': {
$proxy_env = []
}
default: {$proxy_env = ["http_proxy=http://${proxy_host}:${proxy_port}", "https_proxy=http://${proxy_host}:${proxy_port}"]}
}
} else {
$proxy_env = []
}
exec { "add-apt-repository-${name}":
environment => $proxy_env,
command => "/usr/bin/add-apt-repository ${options} ${name}",
unless => "/usr/bin/test -s ${sources_list_d}/${sources_list_d_filename}",
user => 'root',
logoutput => 'on_failure',
notify => Exec['apt_update'],
require => [
File['sources.list.d'],
Package[$package],
],
}
file { "${sources_list_d}/${sources_list_d_filename}":
ensure => file,
require => Exec["add-apt-repository-${name}"],
}
}
else {
file { "${sources_list_d}/${sources_list_d_filename}":
ensure => 'absent',
mode => '0644',
owner => 'root',
group => 'root',
notify => Exec['apt_update'],
}
}
# Need anchor to provide containment for dependencies.
anchor { "apt::ppa::${name}":
require => Class['apt::update'],
}
}

17
modules/apt/manifests/release.pp Normal file
View file

@ -0,0 +1,17 @@
# release.pp
class apt::release (
$release_id
) {
include apt::params
$root = $apt::params::root
file { "${root}/apt.conf.d/01release":
owner => root,
group => root,
mode => '0644',
content => "APT::Default-Release \"${release_id}\";"
}
}

87
modules/apt/manifests/source.pp Normal file
View file

@ -0,0 +1,87 @@
# source.pp
# add an apt source
define apt::source(
$ensure = present,
$location = '',
$release = 'UNDEF',
$repos = 'main',
$include_src = true,
$required_packages = false,
$key = undef,
$key_server = 'keyserver.ubuntu.com',
$key_content = undef,
$key_source = undef,
$pin = false,
$architecture = undef
) {
include apt::params
include apt::update
$sources_list_d = $apt::params::sources_list_d
$provider = $apt::params::provider
if $release == 'UNDEF' {
if $::lsbdistcodename == undef {
fail('lsbdistcodename fact not available: release parameter required')
} else {
$release_real = $::lsbdistcodename
}
} else {
$release_real = $release
}
file { "${name}.list":
ensure => $ensure,
path => "${sources_list_d}/${name}.list",
owner => root,
group => root,
mode => '0644',
content => template("${module_name}/source.list.erb"),
notify => Exec['apt_update'],
}
if ($pin != false) {
# Get the host portion out of the url so we can pin to origin
$url_split = split($location, '/')
$host = $url_split[2]
apt::pin { $name:
ensure => $ensure,
priority => $pin,
before => File["${name}.list"],
origin => $host,
}
}
if ($required_packages != false) and ($ensure == 'present') {
exec { "Required packages: '${required_packages}' for ${name}":
command => "${provider} -y install ${required_packages}",
logoutput => 'on_failure',
refreshonly => true,
tries => 3,
try_sleep => 1,
subscribe => File["${name}.list"],
before => Exec['apt_update'],
}
}
# We do not want to remove keys when the source is absent.
if $key and ($ensure == 'present') {
apt::key { "Add key: ${key} from Apt::Source ${title}":
ensure => present,
key => $key,
key_server => $key_server,
key_content => $key_content,
key_source => $key_source,
before => File["${name}.list"],
}
}
# Need anchor to provide containment for dependencies.
anchor { "apt::source::${name}":
require => Class['apt::update'],
}
}

69
modules/apt/manifests/unattended_upgrades.pp Normal file
View file

@ -0,0 +1,69 @@
# Class: apt::unattended_upgrades
#
# This class manages the unattended-upgrades package and related configuration
# files for ubuntu
#
# origins are the repositories to automatically upgrade included packages
# blacklist is a list of packages to not automatically upgrade
# update is how often to run "apt-get update" in days
# download is how often to run "apt-get upgrade --download-only" in days
# upgrade is how often to upgrade packages included in the origins list in days
# autoclean is how often to run "apt-get autoclean" in days
#
# information on the other options can be found in the 50unattended-upgrades
# file and in /etc/cron.daily/apt
#
class apt::unattended_upgrades (
$origins = $::apt::params::origins,
$blacklist = [],
$update = '1',
$download = '1',
$upgrade = '1',
$autoclean = '7',
$auto_fix = true,
$minimal_steps = false,
$install_on_shutdown = false,
$mail_to = 'NONE',
$mail_only_on_error = false,
$remove_unused = true,
$auto_reboot = false,
$dl_limit = 'NONE',
$enable = '1',
$backup_interval = '0',
$backup_level = '3',
$max_age = '0',
$min_age = '0',
$max_size = '0',
$download_delta = '0',
$verbose = '0',
) inherits ::apt::params {
validate_bool(
$auto_fix,
$minimal_steps,
$install_on_shutdown,
$mail_only_on_error,
$remove_unused,
$auto_reboot
)
validate_array($origins)
package { 'unattended-upgrades':
ensure => present,
}
File {
ensure => file,
owner => 'root',
group => 'root',
mode => '0644',
require => Package['unattended-upgrades'],
}
file {
'/etc/apt/apt.conf.d/50unattended-upgrades':
content => template('apt/50unattended-upgrades.erb');
'/etc/apt/apt.conf.d/10periodic':
content => template('apt/10periodic.erb');
}
}

12
modules/apt/manifests/update.pp Normal file
View file

@ -0,0 +1,12 @@
class apt::update {
include apt::params
exec { 'apt_update':
command => "${apt::params::provider} update",
logoutput => 'on_failure',
refreshonly => true,
timeout => $apt::update_timeout,
tries => $apt::update_tries,
try_sleep => 1
}
}