debian.pp 6.61 KB
Newer Older
Adam Lewenberg's avatar
Adam Lewenberg committed
1
2
3
4
5
6
7
8
9
# Rules specific to Debian systems.  Try to keep this rule set to an absolute
# minimum.  Part of the goal of Puppet is to make our systems look as similar
# as possible given the inherent differences between the distributions, and
# that means that changes should be wrapped in conceptual packages that do
# equivalent things on both distributions.  This should hold only those things
# that configure a Debian OS as such, as distinct from Red Hat.

# We install filter-syslog rules, so make sure that newsyslog is always
# installed.
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#
# PARAMETERS
# ----------
#
# $apt_cache_notin_tmp: If you want apt to use a directory other than
# /tmp for its temporary cache, set this parameter to "true". This is needed
# if the /tmp partition is set to "noexec" (apt often needs to execture
# configuration files as part of an install or uninstall).
#
# If $apt_cache_notin_tmp is set to "true" and $apt_cache_directory is
# undefined, then apt will use /var/cache/apt/tmp for its temporary
# directory. If you want to specify a different directory, set
# the $apt_cache_tmp_dir.
#
# $apt_cache_tmp_dir: if $apt_cache_notin_tmp is set to "false" this
# parameter is ignored. If $apt_cache_notin_tmp is set to "true" then we
# configure apt to use $apt_cache_tmp_dir as apt's temporary directory
# during package installs and uninstalls.
#
# NOTE! If you use $apt_cache_tmp_dir to override the default, then you
# must have $apt_cache_tmp_dir as a file resource in your own Puppet
# code, otherwise Puppet will fail.

class base::os::debian (
  $apt_cache_notin_tmp = false,
  $apt_cache_tmp_dir   = '/var/cache/apt/tmp'
){
Adam Lewenberg's avatar
Adam Lewenberg committed
37
38
39
40
41
42
  include base::newsyslog

  # This really needs to be put somewhere else so that all possible uses of
  # package inherit from it.  Here, it only affects this particular class.
  Package {
    require => [ File['/etc/apt/apt.conf.d/10recommends'],
43
44
45
46
                  File['/etc/apt/preferences'],
                  File['/etc/apt/preferences.d'],
                  File['/etc/apt/sources.list'],
                  File['/etc/apt/sources.list.d'] ]
Adam Lewenberg's avatar
Adam Lewenberg committed
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
  }

  # Install basic configuration files.
  file {
    '/etc/apt/apt.conf.d/10recommends':
      source => 'puppet:///modules/base/os/etc/apt/apt.conf.d/10recommends';
    '/etc/default/rcS':
      source => 'puppet:///modules/base/os/etc/default/rcS';
    '/etc/filter-syslog/debian':
      source => 'puppet:///modules/base/os/etc/filter-syslog/debian';
  }

  # On wheezy, for right now we have to disable pdiffs due to problems with
  # the Translation files.
  if $::lsbdistcodename == 'wheezy' {
    file { '/etc/apt/apt.conf.d/30no-pdiffs':
      source => 'puppet:///modules/base/os/etc/apt/apt.conf.d/30no-pdiffs',
    }
  }

  # Install APT sources configuration.  This is generally handled via
  # templates.
  file {
    '/etc/apt/sources.list':
      content => template('base/os/sources/sources.list.erb'),
      notify  => Exec['aptitude update'];
    '/etc/apt/sources.list.d':
      ensure  => 'directory',
      recurse => true,
      purge   => true,
      notify  => Exec['aptitude update'];
    '/etc/apt/sources.list.d/backports.list':
      content => template('base/os/sources/backports.list.erb'),
      notify  => Exec['aptitude update'];
    '/etc/apt/sources.list.d/stanford.list':
      content => template('base/os/sources/stanford.list.erb'),
      notify  => Exec['aptitude update'];
  }

86
87
  # Install APT preferences.  We should never use /etc/apt/preferences
  # since the preferences.d directory is supported
Adam Lewenberg's avatar
Adam Lewenberg committed
88
89
90
91
92
  file { '/etc/apt/preferences.d':
    ensure  => directory,
    recurse => true,
    purge   => true,
  }
93
  if $::lsbdistcodename == 'wheezy' {
94
95
96
97
    file { '/etc/apt/preferences.d/rsyslog':
      content => template('base/os/preferences/rsyslog.erb')
    }
  }
98
99
100
101
102
  file {
    '/etc/apt/preferences':
      content => '';
    '/etc/apt/preferences.d/backports':
      content => template('base/os/preferences/backports.erb');
Adam Lewenberg's avatar
Adam Lewenberg committed
103
104
  }

105
106
107
108
109
110
111
112
113
  if ($apt_cache_notin_tmp) {
    # If we did NOT override the apt cache directory make sure that
    # '/var/cache/apt/tmp' exists.
    if ($apt_cache_tmp_dir == '/var/cache/apt/tmp') {
      file { $apt_cache_tmp_dir:
        ensure  => directory,
      }
    }

114
115
    file { '/etc/apt/apt.conf.d/apt_cache_tmp':
      content => template('base/os/etc/apt/apt.conf.d/apt_cache_tmp.erb'),
116
117
118
119
      require => File[$apt_cache_tmp_dir],
    }
  }

Adam Lewenberg's avatar
Adam Lewenberg committed
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
  # lsb-release pulls in all of lsb unless we disable recommends handling
  # first, so make sure that we've done that.  That should be handled by the
  # global Package require set above.
  package {
    'bsd-mailx':       ensure => present;
    'dmidecode':       ensure => present;
    'debconf-utils':   ensure => present;
    'locate':          ensure => present;
    'lsb-release':     ensure => present;
    'kstart':          ensure => present;
    'stanford-keyring':
      ensure => present,
      notify => Exec['aptitude update'];
  }

  # libstdc++5 and smbios-utils are required for Dell firmware updates, so
  # install them on physical machines.
  if $::virtual == 'vmware' {
    package {
      'libsmbios-bin': ensure => absent;
      'smbios-utils':  ensure => absent;
    }
  } else {
    include base::libstdc::v5

145
146
147
148
    package { 'libsmbios-bin': ensure => absent }
    package { 'smbios-utils':
      ensure  => present,
      require => Package['libsmbios-bin'],
Adam Lewenberg's avatar
Adam Lewenberg committed
149
150
151
152
153
154
155
156
157
158
    }
  }

  # For i686 systems, install the optimized version of glibc.
  if $::hardwaremodel == 'i686' {
    package { 'libc6-i686': ensure => present }
  }

  # Handle additional distribution-specific tweaks, usually related to the
  # default package set.
159
160
161
162
  case $::lsbdistcodename {
    'wheezy': { package { 'emacs23-nox': ensure => present } }
    'jessie': { package { 'emacs24-nox': ensure => present } }
  }
163

Adam Lewenberg's avatar
Adam Lewenberg committed
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
  # Ensure this file exists, containing only a comment.
  file { '/etc/default/locale':
    ensure  => present,
    content => "# Not used but required by PAM.\n",
  }

  # Our old daemontools build assumed /service, but the new packages
  # available from Debian use /etc/service.  Make the latter a symlink to
  # the former so that we don't have to move everything.
  file {
    '/etc/service':
      ensure => link,
      target => '/service';
    '/service':
      ensure => directory,
      mode   => '0755';
  }

  # Triggered to refresh local package lists.
  exec { 'aptitude update':
    command     => 'aptitude update',
Adam Lewenberg's avatar
Adam Lewenberg committed
185
    path        => '/usr/bin',
Adam Lewenberg's avatar
Adam Lewenberg committed
186
187
    refreshonly => true,
  }
188
189
190
191
192
193

  # allow non-root users to use ping in Jessie
  if ($::lsbdistcodename == 'jessie') {
    exec { 'setcap ping':
      path    => "/usr/bin:/usr/sbin:/bin:/sbin",
      command => 'setcap cap_net_raw+ep /bin/ping',
194
      unless  => "getcap /bin/ping | grep -q 'cap_net_raw+ep'",
195
196
197
    }
  }

198
}