5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
|
# File 'modules/base/manifests/standard_packages.pp', line 5
class base::standard_packages (
Boolean $remove_python2 = true,
Boolean $no_cron = false,
Array[String[1]] $additional_purged_packages = []
) {
ensure_packages ([
'acct', 'byobu', 'colordiff', 'curl', 'debian-goodies',
'ethtool', 'gdb', 'gdisk', 'git', 'htop', 'httpry', 'iotop', 'iperf', 'jq',
'libtemplate-perl', 'lldpd', 'lshw', 'molly-guard', 'moreutils', 'net-tools', 'numactl', 'ncdu',
'ngrep', 'pigz', 'psmisc', 'pv', 'python3', 'screen', 'strace', 'sysstat', 'tcpdump',
'tmux', 'tree', 'vim', 'vim-addon-manager', 'vim-scripts', 'wipe', 'xfsprogs', 'zsh',
'icdiff', 'linux-perf', 'bsd-mailx', 'ack', 'netcat-openbsd', 'tshark', 'fzf',
'ripgrep', 'fd-find', 'kitty-terminfo', 'mtr-tiny'
])
if debian::codename::lt('bullseye') {
# bullseye has version 2.30 which uses version 2 by default
git::systemconfig { 'protocol_v2':
settings => {
'protocol' => {
'version' => '2',
}
}
}
}
package { 'tzdata': ensure => latest }
ensure_packages(['python3-wmflib'])
if debian::codename::ge('bullseye') {
ensure_packages(['bat'])
}
# Starting with Ruby 3 (which is the default in bookworm), SortedSet is no longer part
# of the set implementation in the standard library, so needs to be installed separately
if debian::codename::ge('bookworm') {
ensure_packages(['ruby-sorted-set'])
}
# Much nicer to use than htop on modern machines with many cores,
# but only available in bookworm+
if debian::codename::ge('bookworm') {
ensure_packages(['btop'])
}
# Needs further work to work with Bookworm's binutils, revisit when Bookworm is stable
if debian::codename::lt('bookworm') {
ensure_packages('quickstack')
}
# Starting with Bullseye dnsutils is a transition package to bind9-dnsutils, so install
# it directly (and starting with trixie the transition package no longer exists)
if debian::codename::ge('bullseye') {
ensure_packages('bind9-dnsutils')
} else {
ensure_packages('dnsutils')
}
# Default sysctl settings by Debian, prior to Trixie these were partly set by procps
# and partly via Linux
if debian::codename::ge('trixie') {
ensure_packages(['linux-sysctl-defaults'])
}
# dstat is unmaintained and got removed from Debian trixie due to incompatibilties with
# current Python releases
if debian::codename::lt('trixie') {
ensure_packages('dstat')
}
# uninstall these packages
package { [
'apport', 'command-not-found', 'command-not-found-data', 'ecryptfs-utils',
'mlocate', 'os-prober', 'python3-apport', 'wpasupplicant']:
ensure => absent,
}
# purge these packages
# atop causes severe performance degradation T192551 debian:896767
package { [
'atop', 'apt-listchanges',
] + $additional_purged_packages:
ensure => purged,
}
# Python 2 is unsupported in Bullseye, but still included to build a few packages
# (like Chromium and Pypy). Absent it to ensure that they get pruned on dist-upgrades
# and to ensure that roles get fixed to strip Python 2 dependencies when moving to
# Bullseye
if debian::codename::eq('bullseye') and $remove_python2 {
package { [
'libpython2.7', 'libpython2.7-dev', 'libpython2.7-minimal', 'python2.7',
'libpython2.7-stdlib', 'python2.7-dev', 'python2.7-minimal', 'python2.7-dbg',
'python2.7-doc', 'python2.7-examples', 'libpython2.7-testsuite']:
ensure => absent,
}
}
# real-hardware specific
unless $facts['is_virtual'] {
# Starting with Bookworm, the Debian installer detects the type of CPU and
# installs amd64-microcode or intel-microcode accordingly
if debian::codename::eq('bullseye') {
if $::processor0 !~ /AMD/ {
ensure_packages('intel-microcode')
}
}
ensure_packages('rasdaemon')
service { 'rasdaemon':
ensure => 'running',
require => Package['rasdaemon'],
}
profile::auto_restarts::service { 'rasdaemon': }
}
case debian::codename() {
'buster': {
# A dist upgrade to buster leaves some old binary packages around, remove those
$absent_packages = [
'libbind9-140', 'libdns162', 'libevent-2.0-5', 'libisc160', 'libisccc140', 'libisccfg140',
'liblwres141', 'libonig4', 'libdns-export162', 'libhunspell-1.4-0', 'libisc-export160',
'libgdbm3', 'libyaml-cpp0.5v5', 'libperl5.24', 'ruby2.3', 'libruby2.3', 'libunbound2', 'git-core',
'libboost-atomic1.62.0', 'libboost-chrono1.62.0', 'libboost-date-time1.62.0',
'libboost-filesystem1.62.0', 'libboost-iostreams1.62.0', 'libboost-locale1.62.0',
'libboost-log1.62.0', 'libboost-program-options1.62.0', 'libboost-regex1.62.0',
'libboost-system1.62.0', 'libboost-thread1.62.0', 'libmpfr4', 'libprocps6', 'libunistring0',
'libbabeltrace-ctf1', 'libleatherman-data', 'apt-transport-https'
]
# mcelog is broken with the Linux kernel used in buster
$purged_packages = ['mcelog']
}
'bullseye': {
# A dist upgrade to bullseye leaves some old binary packages around, remove those
$absent_packages = [
'libsnmp30', 'libdns-export1104', 'libdns1104', 'libisc-export1100', 'libisc1100', 'multiarch-support',
'libjson-c3', 'libpython3.7', 'libpython3.7-minimal', 'libpython3.7-stdlib', 'python3.7', 'python3.7-minimal',
'libevent-2.1-6', 'libwireshark11', 'libwiretap8', 'libwsutil9', 'libwscodecs2', 'libperl5.28', 'libmpdec2',
'perl-modules-5.28', 'libhogweed4', 'libnettle6', 'libprocps7', 'libip6tc0', 'libip4tc0', 'libiptc0',
]
$purged_packages = []
}
'bookworm': {
# A dist upgrade to bookworm leaves some old binary packages around, remove those
# Starting with bookworm inetutils-telnet provides telnet and "telnet" is a transition package
$absent_packages = [
'libicu67', 'libwsutil12', 'libwireshark14', 'libopencsd0',
'libwiretap11', 'ruby2.7', 'python3.9-minimal', 'python3.9', 'perl-modules-5.32', 'libpython3.9',
'libperl5.32', 'libpython3.9-minimal', 'libpython3.9-stdlib', 'libidn11', 'libldap-2.4-2',
'liburing1', 'libwebp6', 'libcbor0', 'libusb-0.1-4', 'telnet', 'libruby2.7', 'libdns-export1110',
'libisc-export1105',
]
$purged_packages = []
}
default: {
$absent_packages = []
$purged_packages = []
}
}
package {$absent_packages: ensure => 'absent'}
package {$purged_packages: ensure => 'purged'}
profile::auto_restarts::service { 'lldpd': }
unless $no_cron {
profile::auto_restarts::service { 'cron': }
}
# Safe restarts are supported since systemd 219:
# * systemd now provides a way to store file descriptors
# per-service in PID 1. This is useful for daemons to ensure
# that fds they require are not lost during a daemon
# restart. The fds are passed to the daemon on the next
# invocation in the same way socket activation fds are
# passed. This is now used by journald to ensure that the
# various sockets connected to all the system's stdout/stderr
# are not lost when journald is restarted.
profile::auto_restarts::service { 'systemd-journald': }
# The hardware emulated by our Ganeti machine type includes a "CDROM"
# If d-i detects such a drive, it installs eject on the installed system
# (used by functionality which ejects the CDROM if installung from optical
# media. We don't need this, so uninstall it via Puppet
# Restrict this to production VMs, cloud-init as used in Cloud VPS
# depends on eject
if $facts['is_virtual'] and $::realm == 'production' {
package {'eject': ensure => 'absent'}
}
}
|