# Rules specific to Debian systems. Try to keep this rule set to an absolute
# minimum. Part of the goal of Puppet is to make our systems look as similar
# as possible given the inherent differences between the distributions, and
# that means that changes should be wrapped in conceptual packages that do
# equivalent things on both distributions. This should hold only those things
# that configure a Debian OS as such, as distinct from Red Hat.
# We install filter-syslog rules, so make sure that newsyslog is always
# installed.
#
# PARAMETERS
# ----------
#
# $apt_cache_notin_tmp: If you want apt to use a directory other than
# /tmp for its temporary cache, set this parameter to "true". This is needed
# if the /tmp partition is set to "noexec" (apt often needs to execture
# configuration files as part of an install or uninstall).
#
# If $apt_cache_notin_tmp is set to "true" and $apt_cache_directory is
# undefined, then apt will use /var/cache/apt/tmp for its temporary
# directory. If you want to specify a different directory, set
# the $apt_cache_tmp_dir.
#
# $apt_cache_tmp_dir: if $apt_cache_notin_tmp is set to "false" this
# parameter is ignored. If $apt_cache_notin_tmp is set to "true" then we
# configure apt to use $apt_cache_tmp_dir as apt's temporary directory
# during package installs and uninstalls.
#
# NOTE! If you use $apt_cache_tmp_dir to override the default, then you
# must have $apt_cache_tmp_dir as a file resource in your own Puppet
# code, otherwise Puppet will fail.
class base::os::debian (
$apt_cache_notin_tmp = false,
$apt_cache_tmp_dir = '/var/cache/apt/tmp'
){
include base::newsyslog
# This really needs to be put somewhere else so that all possible uses of
# package inherit from it. Here, it only affects this particular class.
Package {
require => [ File['/etc/apt/apt.conf.d/10recommends'],
File['/etc/apt/preferences'],
File['/etc/apt/preferences.d'],
File['/etc/apt/sources.list'],
File['/etc/apt/sources.list.d'] ]
}
# Install basic configuration files.
file {
'/etc/apt/apt.conf.d/10recommends':
source => 'puppet:///modules/base/os/etc/apt/apt.conf.d/10recommends';
'/etc/default/rcS':
source => 'puppet:///modules/base/os/etc/default/rcS';
'/etc/filter-syslog/debian':
source => 'puppet:///modules/base/os/etc/filter-syslog/debian';
}
# On wheezy, for right now we have to disable pdiffs due to problems with
# the Translation files.
if $::lsbdistcodename == 'wheezy' {
file { '/etc/apt/apt.conf.d/30no-pdiffs':
source => 'puppet:///modules/base/os/etc/apt/apt.conf.d/30no-pdiffs',
}
}
# Install APT sources configuration. This is generally handled via
# templates.
file {
'/etc/apt/sources.list':
content => template('base/os/sources/sources.list.erb'),
notify => Exec['aptitude update'];
'/etc/apt/sources.list.d':
ensure => 'directory',
recurse => true,
purge => true,
notify => Exec['aptitude update'];
'/etc/apt/sources.list.d/backports.list':
content => template('base/os/sources/backports.list.erb'),
notify => Exec['aptitude update'];
'/etc/apt/sources.list.d/stanford.list':
content => template('base/os/sources/stanford.list.erb'),
notify => Exec['aptitude update'];
}
# Install APT preferences. We should never use /etc/apt/preferences
# since the preferences.d directory is supported
file { '/etc/apt/preferences.d':
ensure => directory,
recurse => true,
purge => true,
}
if $::lsbdistcodename == 'wheezy' {
file { '/etc/apt/preferences.d/rsyslog':
content => template('base/os/preferences/rsyslog.erb')
}
}
file {
'/etc/apt/preferences':
content => '';
'/etc/apt/preferences.d/backports':
content => template('base/os/preferences/backports.erb');
}
if ($apt_cache_notin_tmp) {
# If we did NOT override the apt cache directory make sure that
# '/var/cache/apt/tmp' exists.
if ($apt_cache_tmp_dir == '/var/cache/apt/tmp') {
file { $apt_cache_tmp_dir:
ensure => directory,
}
}
file { '/etc/apt/apt.conf.d/apt_cache_tmp':
content => template('base/os/etc/apt/apt.conf.d/apt_cache_tmp.erb'),
require => File[$apt_cache_tmp_dir],
}
}
# lsb-release pulls in all of lsb unless we disable recommends handling
# first, so make sure that we've done that. That should be handled by the
# global Package require set above.
package {
'bsd-mailx': ensure => present;
'dmidecode': ensure => present;
'debconf-utils': ensure => present;
'locate': ensure => present;
'lsb-release': ensure => present;
'kstart': ensure => present;
'stanford-keyring':
ensure => present,
notify => Exec['aptitude update'];
}
# libstdc++5 and smbios-utils are required for Dell firmware updates, so
# install them on physical machines.
if $::virtual == 'vmware' {
package {
'libsmbios-bin': ensure => absent;
'smbios-utils': ensure => absent;
}
} else {
include base::libstdc::v5
package { 'libsmbios-bin': ensure => absent }
package { 'smbios-utils':
ensure => present,
require => Package['libsmbios-bin'],
}
}
# For i686 systems, install the optimized version of glibc.
if $::hardwaremodel == 'i686' {
package { 'libc6-i686': ensure => present }
}
# Handle additional distribution-specific tweaks, usually related to the
# default package set.
case $::lsbdistcodename {
'wheezy': { package { 'emacs23-nox': ensure => present } }
'jessie': { package { 'emacs24-nox': ensure => present } }
}
# Ensure this file exists, containing only a comment.
file { '/etc/default/locale':
ensure => present,
content => "# Not used but required by PAM.\n",
}
# Our old daemontools build assumed /service, but the new packages
# available from Debian use /etc/service. Make the latter a symlink to
# the former so that we don't have to move everything.
file {
'/etc/service':
ensure => link,
target => '/service';
'/service':
ensure => directory,
mode => '0755';
}
# Triggered to refresh local package lists.
exec { 'aptitude update':
command => 'aptitude update',
path => '/usr/bin',
refreshonly => true,
}
# allow non-root users to use ping in Jessie
if ($::lsbdistcodename == 'jessie') {
exec { 'setcap ping':
path => "/usr/bin:/usr/sbin:/bin:/sbin",
command => 'setcap cap_net_raw+ep /bin/ping',
unless => "getcap /bin/ping | grep -q 'cap_net_raw+ep'",
}
}
}