modules/debian_org/manifests/apt.pp

   1 # == Class: debian_org
   2 #
   3 # Stuff common to all debian.org servers
   4 #
   5 class debian_org::apt {
   6         $fallbackmirror = 'http://deb.debian.org/debian/'
   7
   8         if getfromhash($site::nodeinfo, 'hoster', 'mirror-debian') {
   9                 $mirror = [ getfromhash($site::nodeinfo, 'hoster', 'mirror-debian'), $fallbackmirror ]
  10         } else {
  11                 $mirror = [ $fallbackmirror ]
  12         }
  13
  14         # jessie
  15         if versioncmp($::lsbmajdistrelease, '8') <= 0 {
  16                 base::aptrepo { 'debian':
  17                         url        => $mirror,
  18                         suite      => [ $::lsbdistcodename ],
  19                         components => ['main','contrib','non-free']
  20                 }
  21         # stretch or buster
  22         } else {
  23                 base::aptrepo { 'debian':
  24                         url        => $mirror,
  25                         suite      => [ $::lsbdistcodename, "${::lsbdistcodename}-backports", "${::lsbdistcodename}-updates" ],
  26                         components => ['main','contrib','non-free']
  27                 }
  28         }
  29
  30         base::aptrepo { 'security':
  31                 url        => [ 'http://security.debian.org/' ],
  32                 suite      => "${::lsbdistcodename}/updates",
  33                 components => ['main','contrib','non-free']
  34         }
  35
  36         # ca-certificates is installed by the ssl module
  37         if versioncmp($::lsbmajdistrelease, '9') <= 0 {
  38                 package { 'apt-transport-https':
  39                         ensure => installed,
  40                 }
  41         } else {
  42                 # transitional package in buster
  43                 package { 'apt-transport-https':
  44                         ensure => purged,
  45                 }
  46         }
  47         $dbdosuites = [ 'debian-all', $::lsbdistcodename ]
  48         base::aptrepo { 'db.debian.org':
  49                 url        => 'https://db.debian.org/debian-admin',
  50                 suite      => $dbdosuites,
  51                 components => 'main',
  52                 key        => 'puppet:///modules/debian_org/db.debian.org.gpg',
  53         }
  54
  55         if ($::hostname in []) {
  56                 base::aptrepo { 'proposed-updates':
  57                         url        => $mirror,
  58                         suite      => "${::lsbdistcodename}-proposed-updates",
  59                         components => ['main','contrib','non-free']
  60                 }
  61         } else {
  62                 base::aptrepo { 'proposed-updates':
  63                         ensure => absent,
  64                 }
  65         }
  66
  67         base::aptrepo { 'debian-cdn':
  68                 ensure => absent,
  69         }
  70         base::aptrepo { 'debian.org':
  71                 ensure => absent,
  72         }
  73         base::aptrepo { 'debian2':
  74                 ensure => absent,
  75         }
  76         base::aptrepo { 'backports2.debian.org':
  77                 ensure => absent,
  78         }
  79         base::aptrepo { 'backports.debian.org':
  80                 ensure => absent,
  81         }
  82         base::aptrepo { 'volatile':
  83                 ensure => absent,
  84         }
  85         base::aptrepo { 'db.debian.org-suite':
  86                 ensure => absent,
  87         }
  88         base::aptrepo { 'debian-lts':
  89                 ensure => absent,
  90         }
  91
  92
  93
  94
  95         file { '/etc/apt/trusted-keys.d':
  96                 ensure => absent,
  97                 force  => true,
  98         }
  99
 100         file { '/etc/apt/trusted.gpg':
 101                 mode    => '0600',
 102                 content => "",
 103         }
 104
 105         file { '/etc/apt/preferences':
 106                 source => 'puppet:///modules/debian_org/apt.preferences',
 107         }
 108         file { '/etc/apt/apt.conf.d/local-compression':
 109                 source => 'puppet:///modules/debian_org/apt.conf.d/local-compression',
 110         }
 111         file { '/etc/apt/apt.conf.d/local-recommends':
 112                 source => 'puppet:///modules/debian_org/apt.conf.d/local-recommends',
 113         }
 114         file { '/etc/apt/apt.conf.d/local-pdiffs':
 115                 source => 'puppet:///modules/debian_org/apt.conf.d/local-pdiffs',
 116         }
 117         file { '/etc/apt/apt.conf.d/local-langs':
 118                 source => 'puppet:///modules/debian_org/apt.conf.d/local-langs',
 119         }
 120         file { '/etc/apt/apt.conf.d/local-cainfo':
 121                 source => 'puppet:///modules/debian_org/apt.conf.d/local-cainfo',
 122         }
 123         file { '/etc/apt/apt.conf.d/local-pkglist':
 124                 source => 'puppet:///modules/debian_org/apt.conf.d/local-pkglist',
 125         }
 126
 127         exec { 'dpkg list':
 128                 command => 'dpkg-query -W -f \'${Package}\n\' > /var/lib/misc/thishost/pkglist',
 129                 creates => '/var/lib/misc/thishost/pkglist',
 130         }
 131
 132         exec { 'apt-get update':
 133                 path    => '/usr/bin:/usr/sbin:/bin:/sbin',
 134                 onlyif  => '/usr/local/bin/check_for_updates',
 135                 require => File['/usr/local/bin/check_for_updates']
 136         }
 137         Exec['apt-get update']->Package<| tag == extra_repo |>
 138 }