X-Git-Url: https://review.fuel-infra.org/gitweb?a=blobdiff_plain;f=manifests%2Finit.pp;h=d95bbe60b2225c20e9c40b236f73a22ee7d1e5e9;hb=627eb0b0ce674f6d47c513ba6a96c625ef9ed917;hp=48c4f53050e8c8baaac5e3a86c307fbc0a38dc36;hpb=a1907ff5a61d565fc27a32f1ea4d9eab60402b8a;p=puppet-modules%2Fpuppetlabs-apt.git diff --git a/manifests/init.pp b/manifests/init.pp index 48c4f53..d95bbe6 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,73 +1,198 @@ +# @summary Main class, includes all other classes. # -class apt( - $update = {}, - $purge = {}, - $proxy = {}, - $sources = {}, - $keys = {}, - $ppas = {}, - $settings = {}, -) inherits ::apt::params { - - $frequency_options = ['always','daily','weekly','reluctantly'] - validate_hash($update) +# @see https://docs.puppetlabs.com/references/latest/function.html#createresources for the create resource function +# +# @param provider +# Specifies the provider that should be used by apt::update. +# +# @param keyserver +# Specifies a keyserver to provide the GPG key. Valid options: a string containing a domain name or a full URL (http://, https://, or +# hkp://). +# +# @param ppa_options +# Supplies options to be passed to the `add-apt-repository` command. +# +# @param ppa_package +# Names the package that provides the `apt-add-repository` command. +# +# @param backports +# Specifies some of the default parameters used by apt::backports. Valid options: a hash made up from the following keys: +# +# @option backports [String] :location +# See apt::backports for documentation. +# +# @option backports [String] :repos +# See apt::backports for documentation. +# +# @option backports [String] :key +# See apt::backports for documentation. +# +# @param confs +# Creates new `apt::conf` resources. Valid options: a hash to be passed to the create_resources function linked above. +# +# @param update +# Configures various update settings. Valid options: a hash made up from the following keys: +# +# @option update [String] :frequency +# Specifies how often to run `apt-get update`. If the exec resource `apt_update` is notified, `apt-get update` runs regardless of this value. +# Valid options: 'always' (at every Puppet run); 'daily' (if the value of `apt_update_last_success` is less than current epoch time minus 86400); +# 'weekly' (if the value of `apt_update_last_success` is less than current epoch time minus 604800); and 'reluctantly' (only if the exec resource +# `apt_update` is notified). Default: 'reluctantly'. +# +# @option update [Integer] :loglevel +# Specifies the log level of logs outputted to the console. Default: undef. +# +# @option update [Integer] :timeout +# Specifies how long to wait for the update to complete before canceling it. Valid options: an integer, in seconds. Default: undef. +# +# @option update [Integer] :tries +# Specifies how many times to retry the update after receiving a DNS or HTTP error. Default: undef. +# +# @param purge +# Specifies whether to purge any existing settings that aren't managed by Puppet. Valid options: a hash made up from the following keys: +# +# @option purge [Boolean] :sources.list +# Specifies whether to purge any unmanaged entries from sources.list. Default false. +# +# @option purge [Boolean] :sources.list.d +# Specifies whether to purge any unmanaged entries from sources.list.d. Default false. +# +# @option purge [Boolean] :preferences +# Specifies whether to purge any unmanaged entries from preferences. Default false. +# +# @option purge [Boolean] :preferences.d. +# Specifies whether to purge any unmanaged entries from preferences.d. Default false. +# +# @param proxy +# Configures Apt to connect to a proxy server. Valid options: a hash matching the locally defined type apt::proxy. +# +# @param sources +# Creates new `apt::source` resources. Valid options: a hash to be passed to the create_resources function linked above. +# +# @param keys +# Creates new `apt::key` resources. Valid options: a hash to be passed to the create_resources function linked above. +# +# @param ppas +# Creates new `apt::ppa` resources. Valid options: a hash to be passed to the create_resources function linked above. +# +# @param pins +# Creates new `apt::pin` resources. Valid options: a hash to be passed to the create_resources function linked above. +# +# @param settings +# Creates new `apt::setting` resources. Valid options: a hash to be passed to the create_resources function linked above. +# +# @param manage_auth_conf +# Specifies whether to manage the /etc/apt/auth.conf file. When true, the file will be overwritten with the entries specified in +# the auth_conf_entries parameter. When false, the file will be ignored (note that this does not set the file to absent. +# +# @param auth_conf_entries +# An optional array of login configuration settings (hashes) that are recorded in the file /etc/apt/auth.conf. This file has a netrc-like +# format (similar to what curl uses) and contains the login configuration for APT sources and proxies that require authentication. See +# https://manpages.debian.org/testing/apt/apt_auth.conf.5.en.html for details. If specified each hash must contain the keys machine, login and +# password and no others. Specifying manage_auth_conf and not specifying this parameter will set /etc/apt/auth.conf to absent. +# +# @param auth_conf_owner +# The owner of the file /etc/apt/auth.conf. Default: '_apt' or 'root' on old releases. +# +# @param root +# Specifies root directory of Apt executable. +# +# @param sources_list +# Specifies the path of the sources_list file to use. +# +# @param sources_list_d +# Specifies the path of the sources_list.d file to use. +# +# @param conf_d +# Specifies the path of the conf.d file to use. +# +# @param preferences +# Specifies the path of the preferences file to use. +# +# @param preferences_d +# Specifies the path of the preferences.d file to use. +# +# @param config_files +# A hash made up of the various configuration files used by Apt. +# +class apt ( + Hash $update_defaults = $apt::params::update_defaults, + Hash $purge_defaults = $apt::params::purge_defaults, + Hash $proxy_defaults = $apt::params::proxy_defaults, + Hash $include_defaults = $apt::params::include_defaults, + String $provider = $apt::params::provider, + String $keyserver = $apt::params::keyserver, + Optional[String] $ppa_options = $apt::params::ppa_options, + Optional[String] $ppa_package = $apt::params::ppa_package, + Optional[Hash] $backports = $apt::params::backports, + Hash $confs = $apt::params::confs, + Hash $update = $apt::params::update, + Hash $purge = $apt::params::purge, + Apt::Proxy $proxy = $apt::params::proxy, + Hash $sources = $apt::params::sources, + Hash $keys = $apt::params::keys, + Hash $ppas = $apt::params::ppas, + Hash $pins = $apt::params::pins, + Hash $settings = $apt::params::settings, + Boolean $manage_auth_conf = $apt::params::manage_auth_conf, + Array[Apt::Auth_conf_entry] + $auth_conf_entries = $apt::params::auth_conf_entries, + String $auth_conf_owner = $apt::params::auth_conf_owner, + String $root = $apt::params::root, + String $sources_list = $apt::params::sources_list, + String $sources_list_d = $apt::params::sources_list_d, + String $conf_d = $apt::params::conf_d, + String $preferences = $apt::params::preferences, + String $preferences_d = $apt::params::preferences_d, + Hash $config_files = $apt::params::config_files, + Hash $source_key_defaults = $apt::params::source_key_defaults, +) inherits apt::params { + + if $facts['osfamily'] != 'Debian' { + fail(translate('This module only works on Debian or derivatives like Ubuntu')) + } + if $update['frequency'] { - validate_re($update['frequency'], $frequency_options) + assert_type( + Enum['always','daily','weekly','reluctantly'], + $update['frequency'], + ) } if $update['timeout'] { - unless is_integer($update['timeout']) { - fail('timeout value for update must be an integer') - } + assert_type(Integer, $update['timeout']) } if $update['tries'] { - unless is_integer($update['tries']) { - fail('tries value for update must be an integer') - } + assert_type(Integer, $update['tries']) } $_update = merge($::apt::update_defaults, $update) - include apt::update + include ::apt::update - validate_hash($purge) if $purge['sources.list'] { - validate_bool($purge['sources.list']) + assert_type(Boolean, $purge['sources.list']) } if $purge['sources.list.d'] { - validate_bool($purge['sources.list.d']) + assert_type(Boolean, $purge['sources.list.d']) } if $purge['preferences'] { - validate_bool($purge['preferences']) + assert_type(Boolean, $purge['preferences']) } if $purge['preferences.d'] { - validate_bool($purge['preferences.d']) + assert_type(Boolean, $purge['preferences.d']) } $_purge = merge($::apt::purge_defaults, $purge) - - validate_hash($proxy) - if $proxy['host'] { - validate_string($proxy['host']) - } - if $proxy['port'] { - unless is_integer($proxy['port']) { - fail('$proxy port must be an integer') - } - } - if $proxy['https'] { - validate_bool($proxy['https']) - } - $_proxy = merge($apt::proxy_defaults, $proxy) - validate_hash($sources) - validate_hash($keys) - validate_hash($settings) - validate_hash($ppas) + $confheadertmp = epp('apt/_conf_header.epp') + $proxytmp = epp('apt/proxy.epp', {'proxies' => $_proxy}) + $updatestamptmp = epp('apt/15update-stamp.epp') - if $proxy['host'] { + if $_proxy['ensure'] == 'absent' or $_proxy['host'] { apt::setting { 'conf-proxy': + ensure => $_proxy['ensure'], priority => '01', - content => template('apt/_conf_header.erb', 'apt/proxy.erb'), + content => "${confheadertmp}${proxytmp}", } } @@ -89,7 +214,7 @@ class apt( apt::setting { 'conf-update-stamp': priority => 15, - content => template('apt/_conf_header.erb', 'apt/15update-stamp.erb'), + content => "${confheadertmp}${updatestamptmp}", } file { 'sources.list': @@ -99,7 +224,7 @@ class apt( group => root, mode => '0644', content => $sources_list_content, - notify => Exec['apt_update'], + notify => Class['apt::update'], } file { 'sources.list.d': @@ -110,7 +235,7 @@ class apt( mode => '0644', purge => $_purge['sources.list.d'], recurse => $_purge['sources.list.d'], - notify => Exec['apt_update'], + notify => Class['apt::update'], } file { 'preferences': @@ -119,7 +244,7 @@ class apt( owner => root, group => root, mode => '0644', - notify => Exec['apt_update'], + notify => Class['apt::update'], } file { 'preferences.d': @@ -130,11 +255,12 @@ class apt( mode => '0644', purge => $_purge['preferences.d'], recurse => $_purge['preferences.d'], - notify => Exec['apt_update'], + notify => Class['apt::update'], } - anchor { 'apt_first': } -> Class['apt::update'] -> anchor { 'apt_last': } - + if $confs { + create_resources('apt::conf', $confs) + } # manage sources if present if $sources { create_resources('apt::source', $sources) @@ -151,4 +277,30 @@ class apt( if $settings { create_resources('apt::setting', $settings) } + + if $manage_auth_conf { + $auth_conf_ensure = $auth_conf_entries ? { + [] => 'absent', + default => 'present', + } + + $auth_conf_tmp = epp('apt/auth_conf.epp') + + file { '/etc/apt/auth.conf': + ensure => $auth_conf_ensure, + owner => $auth_conf_owner, + group => 'root', + mode => '0600', + content => "${confheadertmp}${auth_conf_tmp}", + notify => Class['apt::update'], + } + } + + # manage pins if present + if $pins { + create_resources('apt::pin', $pins) + } + + # required for adding GPG keys on Debian 9 (and derivatives) + ensure_packages(['dirmngr']) }