The apt module automates obtaining and installing software packages on \*nix systems.
-**Note**: While this module allows the use of short keys, **we urge you NOT to use short keys**, as they pose a serious security issue by opening you up to collision attacks.
+**Note**: While this module allows the use of short keys, **warnings are thrown if a full fingerprint is not used**, as they pose a serious security issue by opening you up to collision attacks.
## Setup
```
class { 'apt::unattended_upgrades':
- origins => $::apt::params::origins,
- blacklist => [],
- update => '1',
- download => '1',
- upgrade => '1',
- autoclean => '7',
+ blacklist => [],
+ update => '1',
+ download => '1',
+ upgrade => '1',
+ autoclean => '7',
}
```
```
apt_key { 'puppetlabs':
ensure => 'present',
- id => '1054B7A24BD6EC30',
+ id => '47B320EB4C7C375AA9DAE1A01054B7A24BD6EC30',
}
```
```
apt::key { 'puppetlabs':
- key => '1054B7A24BD6EC30',
+ key => '47B320EB4C7C375AA9DAE1A01054B7A24BD6EC30',
key_server => 'pgp.mit.edu',
}
apt::key { 'jenkins':
- key => '9B7D32F2D50582E6',
+ key => '150FDE3F7787E7D11EF4E12A9B7D32F2D50582E6',
key_source => 'http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key',
}
```
release => 'unstable',
repos => 'main contrib non-free',
required_packages => 'debian-keyring debian-archive-keyring',
- key => '8B48AD6246925553',
+ key => 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553',
key_server => 'subkeys.pgp.net',
pin => '-10',
include_src => true,
```
apt::source { 'puppetlabs':
location => 'http://apt.puppetlabs.com',
- repos => 'main',
- key => '1054B7A24BD6EC30',
+ repos => 'main dependencies',
+ key => '47B320EB4C7C375AA9DAE1A01054B7A24BD6EC30',
key_server => 'pgp.mit.edu',
- }
+ }
```
### Facts
'puppetlabs':
location: 'http://apt.puppetlabs.com'
- repos: 'main'
- key: '1054B7A24BD6EC30'
+ repos: 'main dependencies'
+ key: '47B320EB4C7C375AA9DAE1A01054B7A24BD6EC30'
key_server: 'pgp.mit.edu'
</pre>
```
####apt::unattended_upgrades
-* `origins`: The repositories from which to automatically upgrade included packages.
-* `blacklist`: A list of packages to **not** automatically upgrade.
-* `update`: How often, in days, to run `apt-get update`.
-* `download`: How often, in days, to run `apt-get upgrade --download-only`.
-* `upgrade`: How often, in days, to upgrade packages included in the origins list.
-* `autoclean`: How often, in days, to run `apt-get autoclean`.
-* `randomsleep`: How long, in seconds, to randomly wait before applying upgrades.
+* `legacy_origin`: If set to true, use the old `Unattended-Upgrade::Allowed-Origins` variable. If false, use `Unattended-Upgrade::Origins-Pattern`. OS-dependent defaults are defined in `apt::params`.
+* `origins`: The repositories from which to automatically upgrade included packages. OS-dependent defaults are defined in `apt::params`. (Usually only security updates are enabled by default)
+* `blacklist`: A list of packages to **not** automatically upgrade. This list is empty by default.
+* `update`: How often, in days, to run `apt-get update`. Defaults to '1'.
+* `download`: How often, in days, to run `apt-get upgrade --download-only`. Defaults to '1'.
+* `upgrade`: How often, in days, to upgrade packages included in the origins list. Defaults to '1'.
+* `autoclean`: How often, in days, to run `apt-get autoclean`. Defaults to '7'.
+* `auto_fix`: Tries to automatically fix interrupted package installations. Defaults to 'true'.
+* `minimal_steps`: Split the upgrade process into sections to allow shutdown during upgrade. Defaults to 'false'.
+* `install_on_shutdown`: Install updates on shutdown instead of in the background. Defaults to 'false'.
+* `mail_to`: Send e-mail to this address about packages upgrades or errors. This is not set by default.
+* `mail_only_on_error`: Send e-mail only in case of error, not on successful upgrade. Defaults to 'false'.
+* `remove_unused`: Removes unused dependencies. Defaults to 'true'.
+* `auto_reboot`: Reboot the system **without confirmation** if an update requires rebooting. Defaults to 'false'.
+* `dl_limit`: Use a bandwidth limit for downloading, specified in kb/sec. This is not set by default.
+* `randomsleep`: How long, in seconds, to randomly wait before applying upgrades. This is not set by default.
####apt::source
It is recommended to read the manpage 'apt_preferences(5)'
+####apt::ppa
+
+* `ensure`: Whether we are adding or removing the PPA. Can be 'present' or 'absent'. Defaults to 'present'.
+* `release`: The codename for the operating system you're running. Defaults to `$lsbdistcodename`. Required if lsb-release is not installed.
+* `options`: Options to be passed to the `apt-add-repository` command. OS-dependent defaults are set in `apt::params`.
+* `package_name`: The package that provides the `apt-add-repository` command. OS-dependent defaults are set in `apt::params`.
+* `package_manage`: Whether or not to manage the package providing `apt-add-repository`. Defaults to true.
+
### Testing
The apt module is mostly a collection of defined resource types, which provide reusable logic for managing Apt. It provides smoke tests for testing functionality on a target system, as well as spec tests for checking a compiled catalog against an expected set of resources.
This test sets up a Puppet Labs Apt repository. Start by creating a new smoke test, called puppetlabs-apt.pp, in the apt module's test folder. In this test, declare a single resource representing the Puppet Labs Apt source and GPG key:
```
+class { 'apt': }
+
apt::source { 'puppetlabs':
location => 'http://apt.puppetlabs.com',
- repos => 'main',
- key => '1054B7A24BD6EC30',
+ repos => 'main dependencies',
+ key => '47B320EB4C7C375AA9DAE1A01054B7A24BD6EC30',
key_server => 'pgp.mit.edu',
}
```
notice: /Stage[main]//Apt::Source[puppetlabs]/Exec[puppetlabs apt update]: Triggered 'refresh' from 1 events>
```
-The above example uses a smoke test to lay out a resource declaration and apply it on your system. In production, you might want to declare your Apt sources inside the classes where they’re needed.
+The above example uses a smoke test to lay out a resource declaration and apply it on your system. In production, you might want to declare your Apt sources inside the classes where they're needed.
Limitations
-----------
Development
------------
-Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve.
+Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can't access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve.
We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.
Code Review / puppet-modules / puppetlabs-apt.git / blobdiff