Puppet Class: base::standard_packages

Defined in:
modules/base/manifests/standard_packages.pp

Overview



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
# File 'modules/base/manifests/standard_packages.pp', line 1

class base::standard_packages {

    # create standard directories
    file { ['/usr/local/sbin', '/usr/local/share/bash']:
        ensure => directory,
        owner  => 'root',
        group  => 'root',
        mode   => '0755',
    }

    ensure_packages ([
        'acct', 'byobu', 'colordiff', 'curl', 'debian-goodies', 'dnsutils', 'dstat',
        'ethtool', 'gdb', 'gdisk', 'git', 'htop', 'httpry', 'iotop', 'iperf', 'jq',
        'libtemplate-perl', 'lldpd', 'lshw', 'molly-guard', 'moreutils', 'net-tools', 'numactl', 'ncdu',
        'ngrep', 'pigz', 'psmisc', 'pv', 'python3', 'quickstack', 'screen', 'strace', 'sysstat', 'tcpdump',
        'tmux', 'tree', 'vim', 'vim-addon-manager', 'vim-scripts', 'wipe', 'xfsprogs', 'zsh',
        'icdiff', 'linux-perf', 'bsd-mailx', 'ack', 'netcat-openbsd',
    ])
    if debian::codename::lt('bullseye') {
        # bullseye has version 2.30 which uses version 2 by default
        git::systemconfig { 'protocol_v2':
            settings => {
                'protocol' => {
                    'version' => '2',
                }
            }
        }
    }
    package { 'tzdata': ensure => latest }

    # Pulled in via tshark below, defaults to "no"
    debconf::seen { 'wireshark-common/install-setuid': }
    package { 'tshark': ensure => present }

    # packages only available in buster and later
    if debian::codename::ge('buster') {
        ensure_packages(['python3-wmflib'])
    }

    # git-fat hasn't been ported to Python 3 yet, T279509
    if debian::codename::lt('bullseye') {
        ensure_packages('git-fat')
    }

    # pxz was removed in buster. In xz >= 5.2 (so stretch and later), xz has
    #      builtin threading support using the -T option, so pxz was removed
    # apt-transport-https is a transition package in Buster, apt has HTTPS support by default
    if debian::codename::lt('buster') {
        ensure_packages('pxz')
        ensure_packages('apt-transport-https')
    }

    # uninstall these packages
    package { [
        'apport', 'command-not-found', 'command-not-found-data',
        'ecryptfs-utils', 'mlocate', 'os-prober', 'python3-apport', 'wpasupplicant']:
            ensure => absent,
    }

    # purge these packages
    # atop causes severe performance degradation T192551 debian:896767
    package { [
            'atop', 'apt-listchanges',
        ]:
        ensure => purged,
    }

    # Python 2 is unsupported in Bullseye, but still included to build a few packages
    # (like Chromium and Pypy). Absent it to ensure that they get pruned on dist-upgrades
    # and to ensure that roles get fixed to strip Python 2 dependencies when moving to
    # Bullseye
    if debian::codename::eq('bullseye') {
        package { [
            'libpython2.7', 'libpython2.7-dev', 'libpython2.7-minimal', 'python2.7',
            'libpython2.7-stdlib', 'python2.7-dev', 'python2.7-minimal', 'python2.7-dbg',
            'python2.7-doc', 'python2.7-examples', 'libpython2.7-testsuite']:
                ensure => absent,
        }
    }

    # real-hardware specific
    unless $facts['is_virtual'] {
        # As of September 2015, mcelog still does not support newer AMD processors.
        # See <https://www.mcelog.org/faq.html#18>.
        if $::processor0 !~ /AMD/ {
            ensure_packages('intel-microcode')
            if debian::codename::le('stretch') {
                $mcelog_ensure = versioncmp($::kernelversion, '4.12') ? {
                    -1      => 'present',
                    default => 'absent',
                }
                package { 'mcelog':
                    ensure => $mcelog_ensure,
                }
                profile::auto_restarts::service { 'mcelog':
                    ensure => $mcelog_ensure,
                }
            }
        }
        # rasdaemon replaces mcelog on buster
        if debian::codename::eq('buster') {
            ensure_packages('rasdaemon')
            profile::auto_restarts::service { 'rasdaemon': }
        }

        # for HP servers only - install the backplane health service and CLI
        # As of February 2018, we are using a version of Facter where manufacturer
        # is a current fact.  In a future upgrade, it will be a legacy fact and
        # should be replaced with a parse of the dmi fact (which will be a map not
        # a string).
        if $facts['manufacturer'] == 'HP' {
            ensure_packages('hp-health')
        }
    }

    case debian::codename() {
        'stretch': {
            # A dist upgrade to stretch leaves some old binary packages around, remove those
            $absent_packages = [
                'libapt-inst1.5', 'libapt-pkg4.12', 'libdns-export100', 'libirs-export91',
                'libisc-export95', 'libisccfg-export90', 'liblwres90', 'libgnutls-deb0-28',
                'libhogweed2', 'libjasper1', 'libnettle4', 'libruby2.1', 'ruby2.1', 'libpsl0',
                'libwiretap4', 'libwsutil4', 'libbind9-90', 'libdns100', 'libisc95', 'libisccc90',
                'libisccfg90', 'python-reportbug', 'libpng12-0'
            ]
            $purged_packages = []
        }
        'buster': {
            # An dist upgrade to buster leaves some old binary packages around, remove those
            $absent_packages = [
                'libbind9-140', 'libdns162', 'libevent-2.0-5', 'libisc160', 'libisccc140', 'libisccfg140',
                'liblwres141', 'libonig4', 'libdns-export162', 'libhunspell-1.4-0', 'libisc-export160',
                'libgdbm3', 'libyaml-cpp0.5v5', 'libperl5.24', 'ruby2.3', 'libruby2.3', 'libunbound2', 'git-core',
                'libboost-atomic1.62.0', 'libboost-chrono1.62.0', 'libboost-date-time1.62.0',
                'libboost-filesystem1.62.0', 'libboost-iostreams1.62.0', 'libboost-locale1.62.0',
                'libboost-log1.62.0', 'libboost-program-options1.62.0', 'libboost-regex1.62.0',
                'libboost-system1.62.0', 'libboost-thread1.62.0', 'libmpfr4', 'libprocps6', 'libunistring0',
                'libbabeltrace-ctf1', 'libleatherman-data', 'apt-transport-https'
            ]
            # mcelog is broken with the Linux kernel used in buster
            $purged_packages = ['mcelog']
        }
        default: {
            $absent_packages = []
            $purged_packages = []
        }
    }
    package {$absent_packages: ensure => 'absent'}
    package {$purged_packages: ensure => 'purged'}

    profile::auto_restarts::service { 'lldpd': }
    profile::auto_restarts::service { 'cron': }

    # Safe restarts are supported since systemd 219:
    # * systemd now provides a way to store file descriptors
    # per-service in PID 1. This is useful for daemons to ensure
    # that fds they require are not lost during a daemon
    # restart. The fds are passed to the daemon on the next
    # invocation in the same way socket activation fds are
    # passed. This is now used by journald to ensure that the
    # various sockets connected to all the system's stdout/stderr
    # are not lost when journald is restarted.
    if debian::codename::ge('stretch') {
        profile::auto_restarts::service { 'systemd-journald': }
    }
}