summaryrefslogtreecommitdiff
path: root/code/environments/production/modules/unattended_upgrades/manifests
diff options
context:
space:
mode:
authorroot <root@localhost>2018-09-16 22:21:28 +0200
committerMike Gabriel <mike.gabriel@das-netzwerkteam.de>2018-09-16 22:26:55 +0200
commitb9c90f087cb54a0b8be222dbdcd88c8a73ef4f57 (patch)
tree51f19339b7cb1da0633bca404ff31f87584351fd /code/environments/production/modules/unattended_upgrades/manifests
parentbb00f4ab450131094096b7ae74cf3edcdaa224db (diff)
downloadpuppet.DEV-b9c90f087cb54a0b8be222dbdcd88c8a73ef4f57.tar.gz
puppet.DEV-b9c90f087cb54a0b8be222dbdcd88c8a73ef4f57.tar.bz2
puppet.DEV-b9c90f087cb54a0b8be222dbdcd88c8a73ef4f57.zip
Add voxpopulis's unattended_upgrade module.
Diffstat (limited to 'code/environments/production/modules/unattended_upgrades/manifests')
-rw-r--r--code/environments/production/modules/unattended_upgrades/manifests/init.pp77
-rw-r--r--code/environments/production/modules/unattended_upgrades/manifests/params.pp150
-rw-r--r--code/environments/production/modules/unattended_upgrades/manifests/params.pp.testing147
3 files changed, 374 insertions, 0 deletions
diff --git a/code/environments/production/modules/unattended_upgrades/manifests/init.pp b/code/environments/production/modules/unattended_upgrades/manifests/init.pp
new file mode 100644
index 0000000..35915a6
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/manifests/init.pp
@@ -0,0 +1,77 @@
+class unattended_upgrades (
+ Unattended_upgrades::Age $age = {},
+ Unattended_upgrades::Auto $auto = { 'fix_interrupted_dpkg' => true, 'remove' => false, 'reboot' => true, 'reboot_time' => '02:00', },
+ Unattended_upgrades::Backup $backup = {},
+ Array $blacklist = [],
+ Optional[Integer[0]] $dl_limit = undef,
+ Integer[0, 1] $enable = 1,
+ Boolean $install_on_shutdown = false,
+ Boolean $legacy_origin = $::unattended_upgrades::params::legacy_origin,
+ Unattended_upgrades::Mail $mail = {},
+ Boolean $minimal_steps = true,
+ Array $origins = $::unattended_upgrades::params::origins,
+ String $package_ensure = installed,
+ Optional[Integer[0]] $random_sleep = undef,
+ Optional[String] $sender = undef,
+ Integer[0] $size = 0,
+ Integer[0] $update = 1,
+ Integer[0] $upgrade = 1,
+ Unattended_upgrades::Upgradeable_packages $upgradeable_packages = {},
+ Integer[0] $verbose = 0,
+ Boolean $notify_update = false,
+ Unattended_upgrades::Options $options = {},
+) inherits ::unattended_upgrades::params {
+
+ # apt::conf settings require the apt class to work
+ include apt
+
+ $_age = merge($::unattended_upgrades::default_age, $age)
+ assert_type(Unattended_upgrades::Age, $_age)
+
+ $_auto = merge($::unattended_upgrades::default_auto, $auto)
+ assert_type(Unattended_upgrades::Auto, $_auto)
+
+ $_backup = merge($::unattended_upgrades::default_backup, $backup)
+ assert_type(Unattended_upgrades::Backup, $_backup)
+
+ $_mail = merge($::unattended_upgrades::default_mail, $mail)
+ assert_type(Unattended_upgrades::Mail, $_mail)
+
+ $_upgradeable_packages = merge($::unattended_upgrades::default_upgradeable_packages, $upgradeable_packages)
+ assert_type(Unattended_upgrades::Upgradeable_packages, $_upgradeable_packages)
+
+ $_options = merge($unattended_upgrades::default_options, $options)
+ assert_type(Unattended_upgrades::Options, $_options)
+
+ package { 'unattended-upgrades':
+ ensure => $package_ensure,
+ }
+
+ apt::conf { 'unattended-upgrades':
+ priority => 50,
+ content => template("${module_name}/unattended-upgrades.erb"),
+ require => Package['unattended-upgrades'],
+ notify_update => $notify_update,
+ }
+
+ apt::conf { 'periodic':
+ priority => 10,
+ content => template("${module_name}/periodic.erb"),
+ require => Package['unattended-upgrades'],
+ notify_update => $notify_update,
+ }
+
+ apt::conf { 'auto-upgrades':
+ ensure => absent,
+ priority => 20,
+ require => Package['unattended-upgrades'],
+ notify_update => $notify_update,
+ }
+ apt::conf { 'options':
+ priority => 10,
+ content => template("${module_name}/options.erb"),
+ require => Package['unattended-upgrades'],
+ notify_update => $notify_update,
+ }
+
+}
diff --git a/code/environments/production/modules/unattended_upgrades/manifests/params.pp b/code/environments/production/modules/unattended_upgrades/manifests/params.pp
new file mode 100644
index 0000000..1457c28
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/manifests/params.pp
@@ -0,0 +1,150 @@
+#
+class unattended_upgrades::params {
+
+ if $::osfamily != 'Debian' {
+ fail('This module only works on Debian or derivatives like Ubuntu')
+ }
+
+ $default_auto = { 'fix_interrupted_dpkg' => true, 'remove' => true, 'reboot' => false, 'clean' => 0, 'reboot_time' => 'now', }
+ $default_mail = { 'only_on_error' => true, }
+ $default_backup = { 'archive_interval' => 0, 'level' => 3, }
+ $default_age = { 'min' => 2, 'max' => 0, }
+ $default_upgradeable_packages = { 'download_only' => 0, 'debdelta' => 1, }
+ $default_options = { 'force_confdef' => true,
+ 'force_confold' => true,
+ 'force_confnew' => false,
+ 'force_confmiss' => false, }
+ # prior to puppet 3.5.0, defined couldn't test if a variable was defined
+ # strict variables wasn't added until 3.5.0, so this should be fine.
+ if ! $::settings::strict_variables {
+ $xfacts = {
+ 'lsbdistid' => $::lsbdistid,
+ 'lsbdistcodename' => $::lsbdistcodename,
+ 'lsbmajdistrelease' => $::lsbmajdistrelease,
+ 'lsbdistrelease' => $::lsbdistrelease,
+ }
+ } else {
+ # Strict variables facts lookup compatibility
+ $xfacts = {
+ 'lsbdistid' => defined('$lsbdistid') ? {
+ true => $::lsbdistid,
+ default => undef,
+ },
+ 'lsbdistcodename' => defined('$lsbdistcodename') ? {
+ true => $::lsbdistcodename,
+ default => undef,
+ },
+ 'lsbmajdistrelease' => defined('$lsbmajdistrelease') ? {
+ true => $::lsbmajdistrelease,
+ default => undef,
+ },
+ 'lsbdistrelease' => defined('$lsbdistrelease') ? {
+ true => $::lsbdistrelease,
+ default => undef,
+ },
+ }
+ }
+
+ case $xfacts['lsbdistid'] {
+ 'debian', 'raspbian': {
+ case $xfacts['lsbdistcodename'] {
+ 'squeeze': {
+ $legacy_origin = true
+ $origins = ['${distro_id} ${distro_codename}-security', #lint:ignore:single_quote_string_with_variables
+ '${distro_id} ${distro_codename}-lts',] #lint:ignore:single_quote_string_with_variables
+ }
+ 'wheezy': {
+ $legacy_origin = false
+ $origins = [
+ 'origin=Debian,archive=oldoldstable,label=Debian-Security',
+ ]
+ }
+ 'jessie': {
+ $legacy_origin = false
+ $origins = [
+ 'origin=Debian,archive=oldstable,label=Debian-Security',
+ ]
+ }
+ 'stretch': {
+ $legacy_origin = false
+ $origins = [
+ 'origin=Debian,codename=${distro_codename}',
+ 'origin=Debian,codename=${distro_codename}-updates',
+ 'origin=Debian,archive=${distro_codename},label=Debian-Security',
+ 'origin=IT-Zukunft-Schule,archive=${distro_codename},label=IT-Zukunft-Schule',
+ ]
+ }
+ default: {
+ $legacy_origin = false
+ $origins = ['origin=Debian,codename=${distro_codename},label=Debian-Security',] #lint:ignore:single_quote_string_with_variables
+ }
+ }
+ }
+ 'ubuntu': {
+ case $xfacts['lsbdistcodename'] {
+ 'precise': {
+ $legacy_origin = true
+ $origins = [
+ '${distro_id}:${distro_codename}-security', #lint:ignore:single_quote_string_with_variables
+ ]
+
+ }
+ 'trusty', 'wily': {
+ $legacy_origin = true
+ $origins = [
+ '${distro_id}:${distro_codename}-security', #lint:ignore:single_quote_string_with_variables
+ ]
+ }
+ 'xenial', 'yakkety', 'zesty', 'artful', 'bionic': {
+ $legacy_origin = true
+ $origins = [
+ '${distro_id}:${distro_codename}', #lint:ignore:single_quote_string_with_variables
+ '${distro_id}:${distro_codename}-security', #lint:ignore:single_quote_string_with_variables
+ ]
+ }
+ default: {
+ warning("Ubuntu ${xfacts['lsbdistrelease']} \"${xfacts['lsbdistcodename']}\" has reached End of Life - please upgrade!")
+ $legacy_origin = true
+ $origins = [
+ '${distro_id}:${distro_codename}-security', #lint:ignore:single_quote_string_with_variables
+ ]
+ }
+ }
+ }
+ 'LinuxMint': {
+ case $xfacts['lsbmajdistrelease'] {
+ # Linux Mint 13 is based on Ubuntu 12.04
+ '13': {
+ $legacy_origin = true
+ $origins = [
+ 'Ubuntu:precise-security',
+ ]
+ }
+ # Linux Mint 17* is based on Ubuntu 14.04.
+ '17': {
+ $legacy_origin = true
+ $origins = [
+ 'Ubuntu:trusty-security',
+ ]
+ }
+ # Linux Mint 18* is based on Ubuntu 16.04
+ '18': {
+ $legacy_origin = true
+ $origins = [
+ 'Ubuntu:xenial-security',
+ ]
+ }
+ default: {
+ $legacy_origin = true
+ $origins = [
+ '${distro_id}:${distro_codename}-security', #lint:ignore:single_quote_string_with_variables
+ ]
+ }
+ }
+ }
+ default: {
+ $legacy_origin = undef
+ $origins = undef
+ }
+ }
+}
diff --git a/code/environments/production/modules/unattended_upgrades/manifests/params.pp.testing b/code/environments/production/modules/unattended_upgrades/manifests/params.pp.testing
new file mode 100644
index 0000000..2cef999
--- /dev/null
+++ b/code/environments/production/modules/unattended_upgrades/manifests/params.pp.testing
@@ -0,0 +1,147 @@
+#
+class unattended_upgrades::params {
+
+ if $::osfamily != 'Debian' {
+ fail('This module only works on Debian or derivatives like Ubuntu')
+ }
+
+ $default_auto = { 'fix_interrupted_dpkg' => true, 'remove' => true, 'reboot' => false, 'clean' => 0, 'reboot_time' => 'now', }
+ $default_mail = { 'only_on_error' => true, }
+ $default_backup = { 'archive_interval' => 0, 'level' => 3, }
+ $default_age = { 'min' => 2, 'max' => 0, }
+ $default_upgradeable_packages = { 'download_only' => 0, 'debdelta' => 1, }
+ $default_options = { 'force_confdef' => true,
+ 'force_confold' => true,
+ 'force_confnew' => false,
+ 'force_confmiss' => false, }
+ # prior to puppet 3.5.0, defined couldn't test if a variable was defined
+ # strict variables wasn't added until 3.5.0, so this should be fine.
+ if ! $::settings::strict_variables {
+ $xfacts = {
+ 'lsbdistid' => $::lsbdistid,
+ 'lsbdistcodename' => $::lsbdistcodename,
+ 'lsbmajdistrelease' => $::lsbmajdistrelease,
+ 'lsbdistrelease' => $::lsbdistrelease,
+ }
+ } else {
+ # Strict variables facts lookup compatibility
+ $xfacts = {
+ 'lsbdistid' => defined('$lsbdistid') ? {
+ true => $::lsbdistid,
+ default => undef,
+ },
+ 'lsbdistcodename' => defined('$lsbdistcodename') ? {
+ true => $::lsbdistcodename,
+ default => undef,
+ },
+ 'lsbmajdistrelease' => defined('$lsbmajdistrelease') ? {
+ true => $::lsbmajdistrelease,
+ default => undef,
+ },
+ 'lsbdistrelease' => defined('$lsbdistrelease') ? {
+ true => $::lsbdistrelease,
+ default => undef,
+ },
+ }
+ }
+
+ case $xfacts['lsbdistid'] {
+ 'debian', 'raspbian': {
+ case $xfacts['lsbdistcodename'] {
+ 'squeeze': {
+ $legacy_origin = true
+ $origins = ['${distro_id} ${distro_codename}-security', #lint:ignore:single_quote_string_with_variables
+ '${distro_id} ${distro_codename}-lts',] #lint:ignore:single_quote_string_with_variables
+ }
+ 'wheezy': {
+ $legacy_origin = false
+ $origins = [
+ 'origin=Debian,archive=oldoldstable,label=Debian-Security',
+ ]
+ }
+ 'jessie': {
+ $legacy_origin = false
+ $origins = [
+ 'origin=Debian,archive=oldstable,label=Debian-Security',
+ ]
+ }
+ 'stretch': {
+ $legacy_origin = false
+ $origins = [
+ 'origin=Debian,archive=${distro_codename},label=Debian-Security',
+ ]
+ }
+ default: {
+ $legacy_origin = false
+ $origins = ['origin=Debian,codename=${distro_codename},label=Debian-Security',] #lint:ignore:single_quote_string_with_variables
+ }
+ }
+ }
+ 'ubuntu': {
+ case $xfacts['lsbdistcodename'] {
+ 'precise': {
+ $legacy_origin = true
+ $origins = [
+ '${distro_id}:${distro_codename}-security', #lint:ignore:single_quote_string_with_variables
+ ]
+
+ }
+ 'trusty', 'wily': {
+ $legacy_origin = true
+ $origins = [
+ '${distro_id}:${distro_codename}-security', #lint:ignore:single_quote_string_with_variables
+ ]
+ }
+ 'xenial', 'yakkety', 'zesty', 'artful', 'bionic': {
+ $legacy_origin = true
+ $origins = [
+ '${distro_id}:${distro_codename}', #lint:ignore:single_quote_string_with_variables
+ '${distro_id}:${distro_codename}-security', #lint:ignore:single_quote_string_with_variables
+ ]
+ }
+ default: {
+ warning("Ubuntu ${xfacts['lsbdistrelease']} \"${xfacts['lsbdistcodename']}\" has reached End of Life - please upgrade!")
+ $legacy_origin = true
+ $origins = [
+ '${distro_id}:${distro_codename}-security', #lint:ignore:single_quote_string_with_variables
+ ]
+ }
+ }
+ }
+ 'LinuxMint': {
+ case $xfacts['lsbmajdistrelease'] {
+ # Linux Mint 13 is based on Ubuntu 12.04
+ '13': {
+ $legacy_origin = true
+ $origins = [
+ 'Ubuntu:precise-security',
+ ]
+ }
+ # Linux Mint 17* is based on Ubuntu 14.04.
+ '17': {
+ $legacy_origin = true
+ $origins = [
+ 'Ubuntu:trusty-security',
+ ]
+ }
+ # Linux Mint 18* is based on Ubuntu 16.04
+ '18': {
+ $legacy_origin = true
+ $origins = [
+ 'Ubuntu:xenial-security',
+ ]
+ }
+ default: {
+ $legacy_origin = true
+ $origins = [
+ '${distro_id}:${distro_codename}-security', #lint:ignore:single_quote_string_with_variables
+ ]
+ }
+ }
+ }
+ default: {
+ $legacy_origin = undef
+ $origins = undef
+ }
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-30 09:28:58 +0000