Puppet Class: apt
- Defined in:
- puppet/modules/apt/manifests/init.pp
Overview
Class: apt
This Puppet class configures Advanced Packaging Tool (APT), Debian's package management toolset, to catalog and install packages from supplementary sources.
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 |
# File 'puppet/modules/apt/manifests/init.pp', line 7
class apt {
# Elaborate apt-get update trigger machanism ahead. We want apt-get update
# to be run on initial provision of a new VM (easy), once a day
# thereafter (not too hard with "schedule => daily"), AND any time that
# a new apt::pin or apt::repository define shows up in the Puppet graph.
# The first 2 can be handled simply via an Exec with the schedule attribure.
# That setup however keeps the 3rd use case from working as desired.
#
# The more complex replacement is a state file (/etc/apt/.update),
# a schedule=>daily exec to update that file, and a refreshonly
# Exec['apt-get update'] resource.
file { '/etc/apt/.update':
ensure => 'present',
owner => 'root',
group => 'root',
mode => '0444',
content => '',
replace => false,
notify => Exec['apt-get update'],
}
exec { 'Daily apt-get update':
command => '/bin/date > /etc/apt/.update',
schedule => 'daily',
}
exec { 'apt-get update':
command => '/usr/bin/apt-get update',
timeout => 240,
returns => [ 0, 100 ],
refreshonly => true,
subscribe => File['/etc/apt/.update'],
}
# Directory used to store keys added with apt::repository
file { '/var/lib/apt/keys':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0700',
recurse => true,
purge => true,
}
# Make sure we can fetch apt over HTTPS
exec { 'ins-apt-transport-https':
command => '/usr/bin/apt-get update && /usr/bin/apt-get install -y --force-yes apt-transport-https',
environment => 'DEBIAN_FRONTEND=noninteractive',
unless => '/usr/bin/dpkg -l apt-transport-https',
}
# Trigger before we add any repos that are using HTTPS
Exec['ins-apt-transport-https'] -> Apt::Repository <| |>
# T175055: Set a default sources.list to smooth over differences caused by
# different base images
file { '/etc/apt/sources.list':
ensure => 'present',
owner => 'root',
group => 'root',
mode => '0444',
content => template('apt/sources.list.erb'),
notify => Exec['apt-get update'],
}
apt::repository { 'wikimedia':
uri => 'https://apt.wikimedia.org/wikimedia',
dist => "${::lsbdistcodename}-wikimedia",
components => 'main',
keyfile => 'puppet:///modules/apt/wikimedia-pubkey.asc',
comment_old => true,
}
apt::repository { 'debian-backports':
uri => 'https://mirrors.wikimedia.org/debian/',
dist => "${::lsbdistcodename}-backports",
components => 'main contrib non-free',
comment_old => true,
}
# T125760 - mw-vagrant only apt repo
apt::repository { 'mwv-apt':
uri => 'https://mwv-apt.wmflabs.org/repo',
dist => "${::lsbdistcodename}-mwv-apt",
components => 'main',
can_trust => true,
source => false,
}
# Prefer Wikimedia APT repository packages in all cases
apt::pin { 'wikimedia':
package => '*',
pin => 'release o=Wikimedia',
priority => 1001,
}
if $::shared_apt_cache {
file { '/etc/apt/apt.conf.d/20shared-cache':
content => "Dir::Cache::archives \"${::shared_apt_cache}\";\n",
}
}
# apt-get should not install recommended packages
file { '/etc/apt/apt.conf.d/01no-recommended':
source => 'puppet:///modules/apt/01no-recommended',
owner => 'root',
group => 'root',
mode => '0444',
}
Class['apt'] -> Package <| |>
}
|