diff --git a/Puppetfile b/Puppetfile index 94caeb9..5995d48 100644 --- a/Puppetfile +++ b/Puppetfile @@ -14,3 +14,4 @@ mod 'puppet-chrony', '2.6.0' mod 'puppetlabs-vcsrepo', '6.1.0' mod 'puppetlabs-yumrepo_core', '2.0.0' mod 'puppet-yum', '7.0.0' +mod 'puppetlabs-apt', '9.1.0' diff --git a/hieradata/os/Debian/Debian11.yaml b/hieradata/os/Debian/Debian11.yaml new file mode 100644 index 0000000..8ed26ec --- /dev/null +++ b/hieradata/os/Debian/Debian11.yaml @@ -0,0 +1,12 @@ +# hieradata/os/Debian/Debian11.yaml +--- +profiles::apt::managed_repos: + - 'base' + - 'security' + - 'updates' + - 'puppet7' + +profiles::apt::components: + - contrib + - main + - non-free diff --git a/hieradata/os/Debian/Debian12.yaml b/hieradata/os/Debian/Debian12.yaml index 9b25537..7063126 100644 --- a/hieradata/os/Debian/Debian12.yaml +++ b/hieradata/os/Debian/Debian12.yaml @@ -5,3 +5,9 @@ profiles::apt::managed_repos: - 'security' - 'updates' - 'puppet7' + +profiles::apt::components: + - contrib + - main + - non-free + - non-free-firmware diff --git a/hieradata/os/Debian/all_releases.yaml b/hieradata/os/Debian/all_releases.yaml index 1e30c28..aa8a5bf 100644 --- a/hieradata/os/Debian/all_releases.yaml +++ b/hieradata/os/Debian/all_releases.yaml @@ -1,3 +1,7 @@ # hieradata/os/debian/all_releases.yaml --- -profiles::apt::base::baseurl: http://debian.mirror.digitalpacific.com.au/debian +profiles::apt::base::mirrorurl: http://debian.mirror.digitalpacific.com.au/debian +profiles::apt::base::secureurl: http://security.debian.org/debian-security +profiles::apt::puppet7::mirror: http://apt.puppetlabs.com +profiles::apt::puppet7::repo: puppet7 +profiles::apt::puppet7::dist: bullseye diff --git a/site/profiles/manifests/apt/base.pp b/site/profiles/manifests/apt/base.pp index bb71aa7..584acdc 100644 --- a/site/profiles/manifests/apt/base.pp +++ b/site/profiles/manifests/apt/base.pp @@ -1,36 +1,71 @@ +# This class manages the configuration of base APT repositories +# +# Parameters: +# - $managed_repos: An array of repositories to manage, such as 'base', 'security', +# 'updates', 'backports' (optional) +# - $components: An array of components for the repositories (e.g., 'main', 'contrib') +# - $mirrorurl: The base URL of the mirror for the base repository +# - $secureurl: The base URL of the mirror for the security repository +# +# Dependencies: +# - Puppet facts: The class relies on certain facts about the target system, +# including the OS architecture and distribution codename. +# +# Description: +# This class manages the configuration of base APT repositories on the target system. +# It supports the management of repositories specified in the $managed_repos parameter, +# including 'base', 'security', 'updates', and 'backports'. The class retrieves necessary +# information from Puppet facts, such as the OS architecture and distribution codename. +# It creates apt::source resources for each repository, setting the appropriate location, +# repos, and release values based on the provided parameters. +# +# Example usage: +# class { 'profiles::apt::base': +# managed_repos => ['base', 'security'], +# components => ['main', 'contrib'], +# mirrorurl => 'http://mirror.example.com', +# secureurl => 'http://security.example.com', +# } class profiles::apt::base ( Array[String] $managed_repos, Array[String] $components, - String $baseurl, + String $mirrorurl, + String $secureurl, ) { - $releasever = $facts['os']['release']['major'] - $basearch = $facts['os']['architecture'] $codename = $facts['os']['distro']['codename'] # Join the array into a space-separated string $repo_components = join($components, ' ') - apt::source { "deb.debian.org-${codename}": - location => $baseurl, - repos => $repo_components, - release => $codename, + if 'base' in $managed_repos { + apt::source { 'base': + location => $mirrorurl, + repos => $repo_components, + release => $codename, + } } - apt::source { "deb.debian.org-${codename}-security": - location => $baseurl, - repos => $repo_components, - release => "${codename}-security", + if 'security' in $managed_repos { + apt::source { 'security': + location => $secureurl, + repos => $repo_components, + release => "${codename}-security", + } } - apt::source { "deb.debian.org-${codename}-updates": - location => $baseurl, - repos => $repo_components, - release => "${codename}-updates", + if 'updates' in $managed_repos { + apt::source { 'updates': + location => $mirrorurl, + repos => $repo_components, + release => "${codename}-updates", + } } - apt::source { "deb.debian.org-${codename}-backports": - location => $baseurl, - repos => $repo_components, - release => "${codename}-backports", + if 'backports' in $managed_repos { + apt::source { 'backports': + location => $mirrorurl, + repos => $repo_components, + release => "${codename}-backports", + } } } diff --git a/site/profiles/manifests/apt/global.pp b/site/profiles/manifests/apt/global.pp index 574c668..58845bb 100644 --- a/site/profiles/manifests/apt/global.pp +++ b/site/profiles/manifests/apt/global.pp @@ -22,9 +22,7 @@ # Manages all .list files under /etc/apt/sources.list.d. All the repositories listed # in $managed_repos will have their corresponding .list files preserved. Any # .list file that is not listed in $managed_repos will be removed. -# Creates and maintains a /etc/apt/sources.list.d/.managed file that lists all the -# .list files that should be managed by Puppet. -# Manages /etc/apt/sources.list file to include the .list files in /etc/apt/sources.list.d. +# Manages /etc/apt/sources.list file to be empty. # # Example usage: # -------------- @@ -41,7 +39,12 @@ class profiles::apt::global ( Array[String] $components = lookup('profiles::apt::components'), ){ class { 'apt': - update => { + sources_list_force => true, + purge => { + 'sources.list' => true, + 'sources.list.d' => true, + }, + update => { frequency => 'daily', loglevel => 'debug', }, @@ -54,35 +57,6 @@ class profiles::apt::global ( }, } - # Generate the content for the .managed file - $managed_file_content = $managed_repos.map |$repo_name| { "${repo_name}.repo" }.join("\n") - - # Create the .managed file - file { '/etc/apt/sources.list.d/.managed': - ensure => file, - content => $managed_file_content, - } - - # Define exec resource to remove .list files not listed in .managed - exec { 'cleanup_apt_repos': - command => '/bin/bash -c "comm -23 <(ls /etc/apt/sources.list.d | sort) - <(sort /etc/apt/sources.list.d/.managed) | - xargs -n1 rm -f /etc/apt/sources.list.d/{}"', - path => ['/bin', '/usr/bin'], - onlyif => '/bin/bash -c "comm -23 <(ls /etc/apt/sources.list.d | sort) - <(sort /etc/apt/sources.list.d/.managed) | grep .list"', - } - - file { '/etc/apt/sources.list': - ensure => 'file', - owner => 'root', - group => 'root', - mode => '0644', - content => @(END) - ## Apt is managed by Puppet, do not edit this file - END - } - # Setup base repos class { 'profiles::apt::base': managed_repos => $managed_repos, @@ -92,6 +66,5 @@ class profiles::apt::global ( # Setup puppet7 if included in managed_repos class { 'profiles::apt::puppet7': managed_repos => $managed_repos, - components => $components, } } diff --git a/site/profiles/manifests/apt/puppet7.pp b/site/profiles/manifests/apt/puppet7.pp index e69de29..aa7d45a 100644 --- a/site/profiles/manifests/apt/puppet7.pp +++ b/site/profiles/manifests/apt/puppet7.pp @@ -0,0 +1,72 @@ +# This class manages the installation and configuration of Puppet 7 +# +# Parameters: +# - $managed_repos: An array of additional repositories to manage (optional) +# - $mirror: The base URL of the repository mirror +# - $repo: The repository name +# - $release: The release name +# +# Dependencies: +# - Puppet facts: The class relies on certain facts about the target system, +# including the OS release, architecture, and distribution codename. +# +# Description: +# This class installs Puppet 7 on the target system by managing the repository +# configuration and installing the appropriate package. It also supports the +# management of additional repositories specified in the $managed_repos parameter. +# The class retrieves necessary information from Puppet facts, such as the OS +# release version, architecture, and distribution codename. It downloads the +# Puppet release deb file from the specified mirror and installs it using dpkg. +# Additionally, it configures the main Puppet repository using the apt::source resource. +# +# Example usage: +# class { 'profiles::apt::puppet7': +# managed_repos => ['extra-repo'], +# mirror => 'http://mirror.example.com', +# release => 'puppet7', +# repo => 'bullseye', +# } +class profiles::apt::puppet7 ( + Array[String] $managed_repos, + String $mirror, + String $repo, + String $dist, +) { + + $codename = $facts['os']['distro']['codename'] + + if 'puppet7' in $managed_repos { + # Path to store the downloaded deb file + $puppet_release = "/root/${repo}-${dist}.deb" + $puppet_source = "${mirror}/${repo}-release-${dist}.deb" + + # Check if the deb file exists + if !defined(File[$puppet_release]) { + # Download the deb file + file { $puppet_release: + ensure => present, + source => $puppet_source, + mode => '0644', + } + } + + # Install the puppet release using dpkg + package { "${repo}-${dist}": + ensure => installed, + provider => dpkg, + source => $puppet_release, + require => File[$puppet_release], + } + + # deb http://apt.puppet.com bullseye puppet7 + apt::source { 'puppet7': + location => $mirror, + repos => $repo, + release => $dist, + include => { + 'src' => false, + 'deb' => true, + }, + } + } +}