debian.pp

# Rules specific to Debian systems.  Try to keep this rule set to an absolute
# minimum.  Part of the goal of Puppet is to make our systems look as similar
# as possible given the inherent differences between the distributions, and
# that means that changes should be wrapped in conceptual packages that do
# equivalent things on both distributions.  This should hold only those things
# that configure a Debian OS as such, as distinct from Red Hat.

# We install filter-syslog rules, so make sure that newsyslog is always
# installed.
class base::os::debian {
  include base::newsyslog

  # This really needs to be put somewhere else so that all possible uses of
  # package inherit from it.  Here, it only affects this particular class.
  Package {
    require => [ File['/etc/apt/apt.conf.d/10recommends'],
                  File['/etc/apt/preferences'],
                  File['/etc/apt/preferences.d'],
                  File['/etc/apt/sources.list'],
                  File['/etc/apt/sources.list.d'] ]
  }

  # Install basic configuration files.
  file {
    '/etc/apt/apt.conf.d/10recommends':
      source => 'puppet:///modules/base/os/etc/apt/apt.conf.d/10recommends';
    '/etc/default/rcS':
      source => 'puppet:///modules/base/os/etc/default/rcS';
    '/etc/filter-syslog/debian':
      source => 'puppet:///modules/base/os/etc/filter-syslog/debian';
  }

  # On wheezy, for right now we have to disable pdiffs due to problems with
  # the Translation files.
  if $::lsbdistcodename == 'wheezy' {
    file { '/etc/apt/apt.conf.d/30no-pdiffs':
      source => 'puppet:///modules/base/os/etc/apt/apt.conf.d/30no-pdiffs',
    }
  }

  # Install APT sources configuration.  This is generally handled via
  # templates.
  file {
    '/etc/apt/sources.list':
      content => template('base/os/sources/sources.list.erb'),
      notify  => Exec['aptitude update'];
    '/etc/apt/sources.list.d':
      ensure  => 'directory',
      recurse => true,
      purge   => true,
      notify  => Exec['aptitude update'];
    '/etc/apt/sources.list.d/backports.list':
      content => template('base/os/sources/backports.list.erb'),
      notify  => Exec['aptitude update'];
    '/etc/apt/sources.list.d/stanford.list':
      content => template('base/os/sources/stanford.list.erb'),
      notify  => Exec['aptitude update'];
  }

  # Install APT preferences.  We should never use /etc/apt/preferences
  # since the preferences.d directory is supported
  file { '/etc/apt/preferences.d':
    ensure  => directory,
    recurse => true,
    purge   => true,
  }
  if $::lsbdistcodename == 'wheezy' {
    file { '/etc/apt/preferences.d/rsyslog':
      content => template('base/os/preferences/rsyslog.erb')
    }
  }
  file {
    '/etc/apt/preferences':
      content => '';
    '/etc/apt/preferences.d/backports':
      content => template('base/os/preferences/backports.erb');
  }

  # lsb-release pulls in all of lsb unless we disable recommends handling
  # first, so make sure that we've done that.  That should be handled by the
  # global Package require set above.
  package {
    'bsd-mailx':       ensure => present;
    'dmidecode':       ensure => present;
    'debconf-utils':   ensure => present;
    'locate':          ensure => present;
    'lsb-release':     ensure => present;
    'kstart':          ensure => present;
    'stanford-keyring':
      ensure => present,
      notify => Exec['aptitude update'];
  }

  # libstdc++5 and smbios-utils are required for Dell firmware updates, so
  # install them on physical machines.
  if $::virtual == 'vmware' {
    package {
      'libsmbios-bin': ensure => absent;
      'smbios-utils':  ensure => absent;
    }
  } else {
    include base::libstdc::v5

    package { 'libsmbios-bin': ensure => absent }
    package { 'smbios-utils':
      ensure  => present,
      require => Package['libsmbios-bin'],
    }
  }

  # For i686 systems, install the optimized version of glibc.
  if $::hardwaremodel == 'i686' {
    package { 'libc6-i686': ensure => present }
  }

  # Handle additional distribution-specific tweaks, usually related to the
  # default package set.
  case $::lsbdistcodename {
    'wheezy': { package { 'emacs23-nox': ensure => present } }
    'jessie': { package { 'emacs24-nox': ensure => present } }
  }
  
  # Ensure this file exists, containing only a comment.
  file { '/etc/default/locale':
    ensure  => present,
    content => "# Not used but required by PAM.\n",
  }

  # Our old daemontools build assumed /service, but the new packages
  # available from Debian use /etc/service.  Make the latter a symlink to
  # the former so that we don't have to move everything.
  file {
    '/etc/service':
      ensure => link,
      target => '/service';
    '/service':
      ensure => directory,
      mode   => '0755';
  }

  # Triggered to refresh local package lists.
  exec { 'aptitude update':
    command     => 'aptitude update',
    refreshonly => true,
  }

  # allow non-root users to use ping in Jessie
  if ($::lsbdistcodename == 'jessie') {
    exec { 'setcap ping':
      path    => "/usr/bin:/usr/sbin:/bin:/sbin",
      command => 'setcap cap_net_raw+ep /bin/ping',
      unless  => "getcap /bin/ping | grep -q 'cap_net_raw+ep'",
    }
  }

}