1 # @summary Main class, includes all other classes.
3 # @see https://docs.puppetlabs.com/references/latest/function.html#createresources for the create resource function
6 # Specifies the provider that should be used by apt::update.
9 # Specifies a keyserver to provide the GPG key. Valid options: a string containing a domain name or a full URL (http://, https://, or
13 # Specifies the default options for apt::key resources.
16 # Supplies options to be passed to the `add-apt-repository` command.
19 # Names the package that provides the `apt-add-repository` command.
22 # Specifies some of the default parameters used by apt::backports. Valid options: a hash made up from the following keys:
24 # @option backports [String] :location
25 # See apt::backports for documentation.
27 # @option backports [String] :repos
28 # See apt::backports for documentation.
30 # @option backports [String] :key
31 # See apt::backports for documentation.
34 # Creates new `apt::conf` resources. Valid options: a hash to be passed to the create_resources function linked above.
37 # Configures various update settings. Valid options: a hash made up from the following keys:
39 # @option update [String] :frequency
40 # Specifies how often to run `apt-get update`. If the exec resource `apt_update` is notified,
41 # `apt-get update` runs regardless of this value.
43 # 'always' (at every Puppet run);
44 # daily' (if the value of `apt_update_last_success` is less than current epoch time minus 86400);
45 # 'weekly' (if the value of `apt_update_last_success` is less than current epoch time minus 604800);
46 # 'reluctantly' (only if the exec resource `apt_update` is notified).
47 # Default: 'reluctantly'.
49 # @option update [Integer] :loglevel
50 # Specifies the log level of logs outputted to the console. Default: undef.
52 # @option update [Integer] :timeout
53 # Specifies how long to wait for the update to complete before canceling it. Valid options: an integer, in seconds. Default: undef.
55 # @option update [Integer] :tries
56 # Specifies how many times to retry the update after receiving a DNS or HTTP error. Default: undef.
58 # @param update_defaults
59 # The default update settings that are combined and merged with the passed `update` value
62 # Specifies whether to purge any existing settings that aren't managed by Puppet. Valid options: a hash made up from the following keys:
64 # @option purge [Boolean] :sources.list
65 # Specifies whether to purge any unmanaged entries from sources.list. Default false.
67 # @option purge [Boolean] :sources.list.d
68 # Specifies whether to purge any unmanaged entries from sources.list.d. Default false.
70 # @option purge [Boolean] :preferences
71 # Specifies whether to purge any unmanaged entries from preferences. Default false.
73 # @option purge [Boolean] :preferences.d.
74 # Specifies whether to purge any unmanaged entries from preferences.d. Default false.
76 # @param purge_defaults
77 # The default purge settings that are combined and merged with the passed `purge` value
80 # Configures Apt to connect to a proxy server. Valid options: a hash matching the locally defined type apt::proxy.
82 # @param proxy_defaults
83 # The default proxy settings that are combined and merged with the passed `proxy` value
86 # Creates new `apt::source` resources. Valid options: a hash to be passed to the create_resources function linked above.
89 # Creates new `apt::key` resources. Valid options: a hash to be passed to the create_resources function linked above.
92 # Creates new `apt::ppa` resources. Valid options: a hash to be passed to the create_resources function linked above.
95 # Creates new `apt::pin` resources. Valid options: a hash to be passed to the create_resources function linked above.
98 # Creates new `apt::setting` resources. Valid options: a hash to be passed to the create_resources function linked above.
100 # @param manage_auth_conf
101 # Specifies whether to manage the /etc/apt/auth.conf file. When true, the file will be overwritten with the entries specified in
102 # the auth_conf_entries parameter. When false, the file will be ignored (note that this does not set the file to absent.
104 # @param auth_conf_entries
105 # An optional array of login configuration settings (hashes) that are recorded in the file /etc/apt/auth.conf. This file has a netrc-like
106 # format (similar to what curl uses) and contains the login configuration for APT sources and proxies that require authentication. See
107 # https://manpages.debian.org/testing/apt/apt_auth.conf.5.en.html for details. If specified each hash must contain the keys machine, login and
108 # password and no others. Specifying manage_auth_conf and not specifying this parameter will set /etc/apt/auth.conf to absent.
110 # @param auth_conf_owner
111 # The owner of the file /etc/apt/auth.conf. Default: '_apt' or 'root' on old releases.
114 # Specifies root directory of Apt executable.
116 # @param sources_list
117 # Specifies the path of the sources_list file to use.
119 # @param sources_list_d
120 # Specifies the path of the sources_list.d file to use.
123 # Specifies the path of the conf.d file to use.
126 # Specifies the path of the preferences file to use.
128 # @param preferences_d
129 # Specifies the path of the preferences.d file to use.
131 # @param config_files
132 # A hash made up of the various configuration files used by Apt.
134 # @param sources_list_force
135 # Specifies whether to perform force purge or delete. Default false.
137 # @param include_defaults
140 # The path to the file `apt.conf.d`
142 # @param source_key_defaults
143 # The fault `source_key` settings
146 Hash $update_defaults = $apt::params::update_defaults,
147 Hash $purge_defaults = $apt::params::purge_defaults,
148 Hash $proxy_defaults = $apt::params::proxy_defaults,
149 Hash $include_defaults = $apt::params::include_defaults,
150 String $provider = $apt::params::provider,
151 String $keyserver = $apt::params::keyserver,
152 Optional[String] $key_options = $apt::params::key_options,
153 Optional[Array[String]] $ppa_options = $apt::params::ppa_options,
154 Optional[String] $ppa_package = $apt::params::ppa_package,
155 Optional[Hash] $backports = $apt::params::backports,
156 Hash $confs = $apt::params::confs,
157 Hash $update = $apt::params::update,
158 Hash $purge = $apt::params::purge,
159 Apt::Proxy $proxy = $apt::params::proxy,
160 Hash $sources = $apt::params::sources,
161 Hash $keys = $apt::params::keys,
162 Hash $ppas = $apt::params::ppas,
163 Hash $pins = $apt::params::pins,
164 Hash $settings = $apt::params::settings,
165 Boolean $manage_auth_conf = $apt::params::manage_auth_conf,
166 Array[Apt::Auth_conf_entry] $auth_conf_entries = $apt::params::auth_conf_entries,
167 String $auth_conf_owner = $apt::params::auth_conf_owner,
168 String $root = $apt::params::root,
169 String $sources_list = $apt::params::sources_list,
170 String $sources_list_d = $apt::params::sources_list_d,
171 String $conf_d = $apt::params::conf_d,
172 String $preferences = $apt::params::preferences,
173 String $preferences_d = $apt::params::preferences_d,
174 String $apt_conf_d = $apt::params::apt_conf_d,
175 Hash $config_files = $apt::params::config_files,
176 Boolean $sources_list_force = $apt::params::sources_list_force,
178 Hash $source_key_defaults = {
179 'server' => $keyserver,
185 ) inherits apt::params {
186 if $facts['os']['family'] != 'Debian' {
187 fail('This module only works on Debian or derivatives like Ubuntu')
190 if $update['frequency'] {
192 Enum['always','daily','weekly','reluctantly'],
193 $update['frequency'],
196 if $update['timeout'] {
197 assert_type(Integer, $update['timeout'])
199 if $update['tries'] {
200 assert_type(Integer, $update['tries'])
203 $_update = merge($apt::update_defaults, $update)
206 if $purge['sources.list'] {
207 assert_type(Boolean, $purge['sources.list'])
209 if $purge['sources.list.d'] {
210 assert_type(Boolean, $purge['sources.list.d'])
212 if $purge['preferences'] {
213 assert_type(Boolean, $purge['preferences'])
215 if $purge['preferences.d'] {
216 assert_type(Boolean, $purge['preferences.d'])
218 if $sources_list_force {
219 assert_type(Boolean, $sources_list_force)
221 if $purge['apt.conf.d'] {
222 assert_type(Boolean, $purge['apt.conf.d'])
225 $_purge = merge($apt::purge_defaults, $purge)
227 if $proxy['perhost'] {
228 $_perhost = $proxy['perhost'].map |$item| {
229 $_item = merge($apt::proxy_defaults, $item)
230 $_scheme = $_item['https'] ? {
234 $_port = $_item['port'] ? {
235 Integer => ":${_item['port']}",
238 $_target = $_item['direct'] ? {
240 default => "${_scheme}://${_item['host']}${_port}/",
243 'scheme' => $_scheme,
244 'target' => $_target,
252 $_proxy = merge($apt::proxy_defaults, $proxy, { 'perhost' => $_perhost })
254 $confheadertmp = epp('apt/_conf_header.epp')
255 $proxytmp = epp('apt/proxy.epp', { 'proxies' => $_proxy })
256 $updatestamptmp = epp('apt/15update-stamp.epp')
258 if $_proxy['ensure'] == 'absent' or $_proxy['host'] {
259 apt::setting { 'conf-proxy':
260 ensure => $_proxy['ensure'],
262 content => "${confheadertmp}${proxytmp}",
266 if $sources_list_force {
267 $sources_list_ensure = $_purge['sources.list'] ? {
271 $sources_list_content = $_purge['sources.list'] ? {
276 $sources_list_ensure = $_purge['sources.list'] ? {
280 $sources_list_content = $_purge['sources.list'] ? {
281 true => "# Repos managed by puppet.\n",
286 $preferences_ensure = $_purge['preferences'] ? {
291 apt::setting { 'conf-update-stamp':
293 content => "${confheadertmp}${updatestamptmp}",
296 file { 'sources.list':
297 ensure => $sources_list_ensure,
298 path => $apt::sources_list,
301 content => $sources_list_content,
302 notify => Class['apt::update'],
305 file { 'sources.list.d':
307 path => $apt::sources_list_d,
310 purge => $_purge['sources.list.d'],
311 recurse => $_purge['sources.list.d'],
312 notify => Class['apt::update'],
315 file { 'preferences':
316 ensure => $preferences_ensure,
317 path => $apt::preferences,
320 notify => Class['apt::update'],
323 file { 'preferences.d':
325 path => $apt::preferences_d,
328 purge => $_purge['preferences.d'],
329 recurse => $_purge['preferences.d'],
330 notify => Class['apt::update'],
335 path => $apt::apt_conf_d,
338 purge => $_purge['apt.conf.d'],
339 recurse => $_purge['apt.conf.d'],
340 notify => Class['apt::update'],
344 create_resources('apt::conf', $confs)
346 # manage sources if present
348 create_resources('apt::source', $sources)
350 # manage keys if present
352 create_resources('apt::key', $keys)
354 # manage ppas if present
356 create_resources('apt::ppa', $ppas)
358 # manage settings if present
360 create_resources('apt::setting', $settings)
363 if $manage_auth_conf {
364 $auth_conf_ensure = $auth_conf_entries ? {
366 default => 'present',
369 $auth_conf_tmp = epp('apt/auth_conf.epp')
371 file { '/etc/apt/auth.conf':
372 ensure => $auth_conf_ensure,
373 owner => $auth_conf_owner,
376 content => Sensitive("${confheadertmp}${auth_conf_tmp}"),
377 notify => Class['apt::update'],
381 # manage pins if present
383 create_resources('apt::pin', $pins)
386 case $facts['os']['name'] {
388 if versioncmp($facts['os']['release']['major'], '9') >= 0 {
389 ensure_packages(['gnupg'])
393 if versioncmp($facts['os']['release']['full'], '17.04') >= 0 {
394 ensure_packages(['gnupg'])