commit 2dfb19d1a1effe1792db447915426430c886f3ce Author: root Date: Tue Apr 1 17:40:03 2025 +0000 feat: initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ae31811 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +secrets.pp +.env +.infisical.json +ocis.yaml \ No newline at end of file diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..94443cb --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,4 @@ +{ + "deno.enable": true, + "deno.path": "./secrets/deno-src/deno" +} \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..7a607f3 --- /dev/null +++ b/README.md @@ -0,0 +1,22 @@ +# fruit-bowl automation + +## agent bootstrap +```console +apt update && apt install curl -y && curl -sSl https://s3.amy.mov/cluster/agent-bootstrap.sh | sh +``` + +(on the server) +```console +puppetserver ca sign --certname .cluster +``` + +## system bootstrap +### deps +- Deno (for running scripts) +- g10k (for pulling Forge modules) + +### process +- generate some kind of sample secrets file that will then be migrated into Infisical when it is up +- create databases/users in accordance with config.pp so services can come up +- set values in environments/production/config.pp +- add certs into reverse proxy (files/cert/{.key,.pem}) \ No newline at end of file diff --git a/environments/production/Puppetfile b/environments/production/Puppetfile new file mode 100644 index 0000000..1e607ee --- /dev/null +++ b/environments/production/Puppetfile @@ -0,0 +1,5 @@ +moduledir 'thirdparty' + +mod 'puppetlabs-apt', '10.0.1' +mod 'puppetlabs-stdlib', '9.7.0' +mod 'puppetlabs-docker', '10.2.0' \ No newline at end of file diff --git a/environments/production/environment.conf b/environments/production/environment.conf new file mode 100644 index 0000000..abe58c0 --- /dev/null +++ b/environments/production/environment.conf @@ -0,0 +1 @@ +modulepath = ./thirdparty:./modules:$basemodulepath \ No newline at end of file diff --git a/environments/production/manifests/config.pp b/environments/production/manifests/config.pp new file mode 100644 index 0000000..585af79 --- /dev/null +++ b/environments/production/manifests/config.pp @@ -0,0 +1,20 @@ +$authentik_host = "https://auth.amy.mov/" + +$authentik_pg_host = "postgresql.cluster" +$authentik_pg_db = "authentik" +$authentik_pg_user = "authentik" + +$infisical_pg_host = "postgresql.cluster" +$infisical_pg_pass = "infisical" +$infisical_pg_user = "infisical" +$infisical_pg_db = "infisical" + +$pg_oauth2_name = 'authentik' +$pg_oauth2_display_name ='authentik' +$pg_oauth2_token_url ='https://auth.amy.mov/application/o/token/' +$pg_oauth2_authorization_url = 'https://auth.amy.mov/application/o/authorize/' +$pg_oauth2_api_base_url = 'https://auth.amy.mov/' +$pg_oauth2_userinfo_endpoint = 'https://auth.amy.mov/application/o/userinfo/' +$pg_oauth2_server_metadata_url = 'https://auth.amy.mov/application/o/pgadmin/.well-known/openid-configuration' +$pg_oauth2_scope = 'openid email profile' +$pg_oauth2_icon = 'fa-key' diff --git a/environments/production/manifests/site.pp b/environments/production/manifests/site.pp new file mode 100644 index 0000000..8e682f5 --- /dev/null +++ b/environments/production/manifests/site.pp @@ -0,0 +1,63 @@ +$nameservers = ['192.168.1.155', '1.1.1.1'] +include stdlib + +include apt + +include hosts +include dns +include utils +include keys + +# For nodes that haven't got the service enabled +service { 'puppet': + ensure => 'running', + enable => true +} + +# This server itself +node 'puppet-server.cluster' { + include infisical::cli +} + +node 'nginx.cluster' { + include elastic::filebeat + include reverse_proxy +} + +node 'garage.cluster' { + include garage +} + +node 'postgresql.cluster' { + include postgresql +} + +node 'unifi.cluster' { + include unifi +} + +node 'authentik.cluster' { + include authentik +} + +node 'forgejo.cluster' { + include forgejo +} + +node 'kibana.cluster' { + include elastic::kibana +} + +node 'elasticsearch.cluster' { + include elastic::search +} + +node 'owncloud.cluster' { + include owncloud +} + +node 'infisical.cluster' { + include infisical +} + +node default {} diff --git a/environments/production/modules/authentik/files/compose.yml b/environments/production/modules/authentik/files/compose.yml new file mode 100644 index 0000000..e6426bd --- /dev/null +++ b/environments/production/modules/authentik/files/compose.yml @@ -0,0 +1,72 @@ +services: + redis: + image: docker.io/library/redis:alpine + command: --save 60 1 --loglevel warning + restart: unless-stopped + healthcheck: + test: ["CMD-SHELL", "redis-cli ping | grep PONG"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 3s + volumes: + - redis:/data + server: + image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2.3} + restart: unless-stopped + command: server + environment: + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_POSTGRESQL__HOST: ${PG_HOST:-postgresql.cluster} + AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} + AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} + volumes: + - ./media:/media + - ./custom-templates:/templates + env_file: + - .env + ports: + - "${COMPOSE_PORT_HTTP:-9000}:9000" + - "${COMPOSE_PORT_HTTPS:-9443}:9443" + depends_on: + redis: + condition: service_healthy + rac: + image: ghcr.io/goauthentik/rac:${AUTHENTIK_TAG:-2025.2.3} + restart: unless-stopped + env_file: + - .env + depends_on: + - server + worker: + image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2.3} + restart: unless-stopped + command: worker + environment: + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_POSTGRESQL__HOST: ${PG_HOST:-postgresql.cluster} + AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} + AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} + # `user: root` and the docker socket volume are optional. + # See more for the docker socket integration here: + # https://goauthentik.io/docs/outposts/integrations/docker + # Removing `user: root` also prevents the worker from fixing the permissions + # on the mounted folders, so when removing this make sure the folders have the correct UID/GID + # (1000:1000 by default) + user: root + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ./media:/media + - ./certs:/certs + - ./custom-templates:/templates + env_file: + - .env + depends_on: + redis: + condition: service_healthy + +volumes: + redis: + driver: local diff --git a/environments/production/modules/authentik/manifests/init.pp b/environments/production/modules/authentik/manifests/init.pp new file mode 100644 index 0000000..de39ddb --- /dev/null +++ b/environments/production/modules/authentik/manifests/init.pp @@ -0,0 +1,30 @@ +class authentik { + include docker + + contain authentik::install +} + +class authentik::install { + package { 'docker-compose': + ensure => installed + } + + file { '/opt/authentik': + ensure => directory + } + + file { '/opt/authentik/compose.yml': + ensure => file, + source => 'puppet:///modules/authentik/compose.yml' + } + + file { '/opt/authentik/.env': + ensure => file, + content => template('authentik/.env.erb') + } + + docker_compose { 'authentik': + compose_files => ['/opt/authentik/compose.yml'], + ensure => present, + } +} diff --git a/environments/production/modules/authentik/templates/.env.erb b/environments/production/modules/authentik/templates/.env.erb new file mode 100644 index 0000000..51e9129 --- /dev/null +++ b/environments/production/modules/authentik/templates/.env.erb @@ -0,0 +1,9 @@ +AUTHENTIK_HOST=<%= @authentik_host %> +AUTHENTIK_INSECURE=false + +PG_HOST=<%= @authentik_pg_host %> +PG_USER=<%= @authentik_pg_user %> +PG_PASS=<%= @authentik_pg_pass %> + +AUTHENTIK_SECRET_KEY=<%= @authentik_secret_key %> +AUTHENTIK_TOKEN=<%= @authentik_rac_token %> \ No newline at end of file diff --git a/environments/production/modules/dns/manifests/init.pp b/environments/production/modules/dns/manifests/init.pp new file mode 100644 index 0000000..08ff3e7 --- /dev/null +++ b/environments/production/modules/dns/manifests/init.pp @@ -0,0 +1,9 @@ +class dns { + file { '/etc/resolv.conf': + ensure => file, + owner => 'root', + group => 'root', + mode => '0644', + content => template('dns/resolv.conf.erb'), + } +} diff --git a/environments/production/modules/dns/templates/resolv.conf.erb b/environments/production/modules/dns/templates/resolv.conf.erb new file mode 100644 index 0000000..c4404fd --- /dev/null +++ b/environments/production/modules/dns/templates/resolv.conf.erb @@ -0,0 +1,8 @@ +# !! Managed by Puppet !! + +domain cluster +search cluster + +<% [@nameservers].flatten.each do |ns| -%> +nameserver <%= ns %> +<% end -%> \ No newline at end of file diff --git a/environments/production/modules/elastic/files/elastic.yml b/environments/production/modules/elastic/files/elastic.yml new file mode 100644 index 0000000..d857540 --- /dev/null +++ b/environments/production/modules/elastic/files/elastic.yml @@ -0,0 +1,88 @@ +# ======================== Elasticsearch Configuration ========================= +# +# NOTE: Elasticsearch comes with reasonable defaults for most settings. +# Before you set out to tweak and tune the configuration, make sure you +# understand what are you trying to accomplish and the consequences. +# +# The primary way of configuring a node is via this file. This template lists +# the most important settings you may want to configure for a production cluster. +# +# Please consult the documentation for further information on configuration options: +# https://www.elastic.co/guide/en/elasticsearch/reference/index.html +# +# ---------------------------------- Cluster ----------------------------------- +# +# Use a descriptive name for your cluster: +# +#cluster.name: my-application +# +# ------------------------------------ Node ------------------------------------ +# +# Use a descriptive name for the node: +# +node.name: es-1 +# +# Add custom attributes to the node: +# +#node.attr.rack: r1 +# +# ----------------------------------- Paths ------------------------------------ +# +# Path to directory where to store the data (separate multiple locations by comma): +# +path.data: /var/lib/elasticsearch +# +# Path to log files: +# +path.logs: /var/log/elasticsearch +# +# ----------------------------------- Memory ----------------------------------- +# +# Lock the memory on startup: +# +#bootstrap.memory_lock: true +# +# Make sure that the heap size is set to about half the memory available +# on the system and that the owner of the process is allowed to use this +# limit. +# +# Elasticsearch performs poorly when the system is swapping the memory. +# +# ---------------------------------- Network ----------------------------------- +# +# Set the bind address to a specific IP (IPv4 or IPv6): +# +network.host: 0.0.0.0 +# +# Set a custom port for HTTP: +# +#http.port: 9200 +# +# For more information, consult the network module documentation. +# +# --------------------------------- Discovery ---------------------------------- +# +# Pass an initial list of hosts to perform discovery when this node is started: +# The default list of hosts is ["127.0.0.1", "[::1]"] +# +#discovery.seed_hosts: ["host1", "host2"] +# +# Bootstrap the cluster using an initial set of master-eligible nodes: +# +cluster.initial_master_nodes: ["es-1"] +# +# For more information, consult the discovery and cluster formation module documentation. +# +# ---------------------------------- Gateway ----------------------------------- +# +# Block initial recovery after a full cluster restart until N nodes are started: +# +#gateway.recover_after_nodes: 3 +# +# For more information, consult the gateway module documentation. +# +# ---------------------------------- Various ----------------------------------- +# +# Require explicit names when deleting indices: +# +#action.destructive_requires_name: true \ No newline at end of file diff --git a/environments/production/modules/elastic/manifests/filebeat.pp b/environments/production/modules/elastic/manifests/filebeat.pp new file mode 100644 index 0000000..f2456e3 --- /dev/null +++ b/environments/production/modules/elastic/manifests/filebeat.pp @@ -0,0 +1,18 @@ +class elastic::filebeat { + contain elastic::filebeat::install +} + +class elastic::filebeat::install { + file { '/opt/filebeat': + ensure => directory + } + + file { '/opt/filebeat/filebeat.deb': + ensure => file, + source => 'https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.10.2-amd64.deb' + } ~> + package { 'filebeat': + provider => dpkg, + source => "/opt/filebeat/filebeat.deb" + } +} diff --git a/environments/production/modules/elastic/manifests/init.pp b/environments/production/modules/elastic/manifests/init.pp new file mode 100644 index 0000000..4db0652 --- /dev/null +++ b/environments/production/modules/elastic/manifests/init.pp @@ -0,0 +1,3 @@ +class elastic { + +} diff --git a/environments/production/modules/elastic/manifests/kibana.pp b/environments/production/modules/elastic/manifests/kibana.pp new file mode 100644 index 0000000..faed781 --- /dev/null +++ b/environments/production/modules/elastic/manifests/kibana.pp @@ -0,0 +1,35 @@ +class elastic::kibana { + contain elastic::kibana::install + contain elastic::kibana::config + contain elastic::kibana::service +} + +class elastic::kibana::install { + file { '/opt/kibana': + ensure => directory + } + + file { '/opt/kibana/kibana.deb': + ensure => file, + source => 'https://artifacts.elastic.co/downloads/kibana/kibana-7.10.2-amd64.deb' + } ~> + package { 'kibana': + provider => dpkg, + source => "/opt/kibana/kibana.deb" + } +} + +class elastic::kibana::config { + file { '/etc/kibana/kibana.yml': + ensure => file, + content => template('elastic/kibana.yml.erb'), + notify => Service['kibana'] + } +} + +class elastic::kibana::service { + service { 'kibana': + ensure => running, + enable => true + } +} diff --git a/environments/production/modules/elastic/manifests/search.pp b/environments/production/modules/elastic/manifests/search.pp new file mode 100644 index 0000000..85ce9f2 --- /dev/null +++ b/environments/production/modules/elastic/manifests/search.pp @@ -0,0 +1,35 @@ +class elastic::search { + contain elastic::search::install + contain elastic::search::config + contain elastic::search::service +} + +class elastic::search::install { + file { '/opt/search': + ensure => directory + } + + file { '/opt/search/search.deb': + ensure => file, + source => 'https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.10.2-amd64.deb' + } ~> + package { 'search': + provider => dpkg, + source => "/opt/search/search.deb" + } +} + +class elastic::search::config { + file { '/etc/elasticsearch/elasticsearch.yml': + ensure => file, + source => 'puppet:///modules/elastic/elastic.yml', + notify => Service['elasticsearch'] + } +} + +class elastic::search::service { + service { 'elasticsearch': + ensure => running, + enable => true + } +} diff --git a/environments/production/modules/elastic/templates/kibana.yml.erb b/environments/production/modules/elastic/templates/kibana.yml.erb new file mode 100644 index 0000000..bae4eb4 --- /dev/null +++ b/environments/production/modules/elastic/templates/kibana.yml.erb @@ -0,0 +1,111 @@ +# Kibana is served by a back end server. This setting specifies the port to use. +server.port: 5601 + +# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values. +# The default is 'localhost', which usually means remote machines will not be able to connect. +# To allow connections from remote users, set this parameter to a non-loopback address. +server.host: "0.0.0.0" + +# Enables you to specify a path to mount Kibana at if you are running behind a proxy. +# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath +# from requests it receives, and to prevent a deprecation warning at startup. +# This setting cannot end in a slash. +#server.basePath: "" + +# Specifies whether Kibana should rewrite requests that are prefixed with +# `server.basePath` or require that they are rewritten by your reverse proxy. +# This setting was effectively always `false` before Kibana 6.3 and will +# default to `true` starting in Kibana 7.0. +#server.rewriteBasePath: false + +# The maximum payload size in bytes for incoming server requests. +#server.maxPayloadBytes: 1048576 + +# The Kibana server's name. This is used for display purposes. +server.name: "Kibana" + +# The URLs of the Elasticsearch instances to use for all your queries. +elasticsearch.hosts: [ "http://elasticsearch.cluster:9200" ] + +# Kibana uses an index in Elasticsearch to store saved searches, visualizations and +# dashboards. Kibana creates a new index if the index doesn't already exist. +#kibana.index: ".kibana" + +# The default application to load. +#kibana.defaultAppId: "home" + +# If your Elasticsearch is protected with basic authentication, these settings provide +# the username and password that the Kibana server uses to perform maintenance on the Kibana +# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which +# is proxied through the Kibana server. +#elasticsearch.username: "kibana_system" +#elasticsearch.password: "pass" + +# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively. +# These settings enable SSL for outgoing requests from the Kibana server to the browser. +#server.ssl.enabled: false +#server.ssl.certificate: /path/to/your/server.crt +#server.ssl.key: /path/to/your/server.key + +# Optional settings that provide the paths to the PEM-format SSL certificate and key files. +# These files are used to verify the identity of Kibana to Elasticsearch and are required when +# xpack.security.http.ssl.client_authentication in Elasticsearch is set to required. +#elasticsearch.ssl.certificate: /path/to/your/client.crt +#elasticsearch.ssl.key: /path/to/your/client.key + +# Optional setting that enables you to specify a path to the PEM file for the certificate +# authority for your Elasticsearch instance. +#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ] + +# To disregard the validity of SSL certificates, change this setting's value to 'none'. +#elasticsearch.ssl.verificationMode: full + +# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of +# the elasticsearch.requestTimeout setting. +#elasticsearch.pingTimeout: 1500 + +# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value +# must be a positive integer. +#elasticsearch.requestTimeout: 30000 + +# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side +# headers, set this value to [] (an empty list). +#elasticsearch.requestHeadersWhitelist: [ authorization ] + +# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten +# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration. +#elasticsearch.customHeaders: {} + +# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable. +#elasticsearch.shardTimeout: 30000 + +# Logs queries sent to Elasticsearch. Requires logging.verbose set to true. +#elasticsearch.logQueries: false + +# Specifies the path where Kibana creates the process ID file. +#pid.file: /var/run/kibana.pid + +# Enables you to specify a file where Kibana stores log output. +#logging.dest: stdout + +# Set the value of this setting to true to suppress all logging output. +#logging.silent: false + +# Set the value of this setting to true to suppress all logging output other than error messages. +#logging.quiet: false + +# Set the value of this setting to true to log all events, including system usage information +# and all requests. +#logging.verbose: false + +# Set the interval in milliseconds to sample system and process performance +# metrics. Minimum is 100ms. Defaults to 5000. +#ops.interval: 5000 + +# Specifies locale to be used for all localizable strings, dates and number formats. +# Supported languages are the following: English - en , by default , Chinese - zh-CN . +#i18n.locale: "en" + +xpack: + encryptedSavedObjects: + encryptionKey: '<%= @kibana_encryption_key %>' diff --git a/environments/production/modules/forgejo/files/forgejo.service b/environments/production/modules/forgejo/files/forgejo.service new file mode 100644 index 0000000..32d8355 --- /dev/null +++ b/environments/production/modules/forgejo/files/forgejo.service @@ -0,0 +1,15 @@ +[Unit] +Description=Forgejo +Wants=basic.target +After=basic.target network.target + +[Service] +WorkingDirectory=/opt/forgejo +ExecStart=/opt/forgejo/forgejo +User=forgejo +KillMode=process +Restart=on-failure +RestartSec=30s + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/environments/production/modules/forgejo/manifests/init.pp b/environments/production/modules/forgejo/manifests/init.pp new file mode 100644 index 0000000..c3b2678 --- /dev/null +++ b/environments/production/modules/forgejo/manifests/init.pp @@ -0,0 +1,41 @@ +class forgejo { + contain forgejo::install + contain forgejo::service +} + +class forgejo::install { + user { 'forgejo': + ensure => 'present', + } + + file { '/opt/forgejo': + ensure => directory, + owner => 'forgejo', + } + + file { '/opt/forgejo/forgejo': + source => 'https://codeberg.org/forgejo/forgejo/releases/download/v10.0.3/forgejo-10.0.3-linux-amd64', + ensure => file, + owner => 'forgejo', + mode => '0744' + } +} + + +class forgejo::service { + file { '/lib/systemd/system/forgejo.service': + ensure => file, + source => 'puppet:///modules/forgejo/forgejo.service', + notify => Service['forgejo'] + }~> + exec { 'forgejo-systemd-reload': + command => 'systemctl daemon-reload', + path => [ '/usr/bin', '/bin', '/usr/sbin' ], + refreshonly => true, + } + + service { 'forgejo': + ensure => running, + enable => true, + } +} diff --git a/environments/production/modules/garage/manifests/init.pp b/environments/production/modules/garage/manifests/init.pp new file mode 100644 index 0000000..9ecb670 --- /dev/null +++ b/environments/production/modules/garage/manifests/init.pp @@ -0,0 +1,48 @@ +class garage { + contain garage::install + contain garage::config + contain garage::service + + contain garage::webui +} + +class garage::install { + file { '/opt/garage': + ensure => directory, + mode => '0640' + } + + file { '/opt/garage/garage': + ensure => file, + source => 'https://garagehq.deuxfleurs.fr/_releases/v1.1.0/x86_64-unknown-linux-musl/garage', + mode => '0740' + } +} + +class garage::config { + file { '/opt/garage/garage.toml': + content => template('garage/conf.toml.erb'), + ensure => file, + mode => '0644', + notify => [Service['garage'], Service['garage-webui']] + } +} + +class garage::service { + file { '/lib/systemd/system/garage.service': + mode => '0644', + owner => 'root', + group => 'root', + content => template('garage/garage.service.erb'), + }~> + exec { 'garage-systemd-reload': + command => 'systemctl daemon-reload', + path => [ '/usr/bin', '/bin', '/usr/sbin' ], + refreshonly => true, + } + + service { 'garage': + ensure => running, + enable => true, + } +} diff --git a/environments/production/modules/garage/manifests/webui.pp b/environments/production/modules/garage/manifests/webui.pp new file mode 100644 index 0000000..d5e551b --- /dev/null +++ b/environments/production/modules/garage/manifests/webui.pp @@ -0,0 +1,35 @@ +class garage::webui { + contain garage::webui::install + contain garage::webui::service +} + +class garage::webui::install { + file { '/opt/garage-webui': + ensure => directory + } + + file { '/opt/garage-webui/webui': + source => 'https://github.com/khairul169/garage-webui/releases/download/1.0.8/garage-webui-v1.0.8-linux-amd64', + ensure => 'file', + mode => '0740', + } +} + +class garage::webui::service { + file { '/lib/systemd/system/garage-webui.service': + mode => '0644', + owner => 'root', + group => 'root', + content => template('garage/garage-webui.service.erb'), + }~> + exec { 'garage-webui-systemd-reload': + command => 'systemctl daemon-reload', + path => [ '/usr/bin', '/bin', '/usr/sbin' ], + refreshonly => true, + } + + service { 'garage-webui': + ensure => running, + enable => true, + } +} diff --git a/environments/production/modules/garage/templates/conf.toml.erb b/environments/production/modules/garage/templates/conf.toml.erb new file mode 100644 index 0000000..b233afd --- /dev/null +++ b/environments/production/modules/garage/templates/conf.toml.erb @@ -0,0 +1,28 @@ +metadata_dir = "/opt/garage/meta" +data_dir = "/opt/garage/data" + +db_engine = "sqlite" + +replication_factor = 1 + +rpc_bind_addr = "[::]:3901" +rpc_public_addr = "127.0.0.1:3901" +rpc_secret = "<%= @garage_rpc_secret %>" + +[s3_api] +s3_region = "garage" +api_bind_addr = "[::]:3900" +root_domain = ".s3.amy.mov" + +[s3_web] +bind_addr = "[::]:3902" +root_domain = ".s3.amy.mov" +index = "index.html" + +[k2v_api] +api_bind_addr = "[::]:3904" + +[admin] +api_bind_addr = "[::]:3903" +admin_token = "<%= @garage_admin_token %>" +metrics_token = "<%= @garage_metrics_token %>" \ No newline at end of file diff --git a/environments/production/modules/garage/templates/garage-webui.service.erb b/environments/production/modules/garage/templates/garage-webui.service.erb new file mode 100644 index 0000000..7f47eee --- /dev/null +++ b/environments/production/modules/garage/templates/garage-webui.service.erb @@ -0,0 +1,15 @@ +[Unit] +Description=GarageHQ WebUI +Wants=basic.target +After=basic.target network.target + +[Service] +WorkingDirectory=/opt/garage-webui +Environment="CONFIG_PATH=/opt/garage/garage.toml" +ExecStart=/opt/garage-webui/webui +KillMode=process +Restart=on-failure +RestartSec=30s + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/environments/production/modules/garage/templates/garage.service.erb b/environments/production/modules/garage/templates/garage.service.erb new file mode 100644 index 0000000..3b8d98f --- /dev/null +++ b/environments/production/modules/garage/templates/garage.service.erb @@ -0,0 +1,14 @@ +[Unit] +Description=GarageHQ +Wants=basic.target +After=basic.target network.target + +[Service] +WorkingDirectory=/opt/garage +ExecStart=/opt/garage/garage -c /opt/garage/garage.toml server +KillMode=process +Restart=on-failure +RestartSec=30s + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/environments/production/modules/hosts/manifests/init.pp b/environments/production/modules/hosts/manifests/init.pp new file mode 100644 index 0000000..59326a2 --- /dev/null +++ b/environments/production/modules/hosts/manifests/init.pp @@ -0,0 +1,9 @@ +class hosts { + file { '/etc/hosts': + ensure => file, + owner => 'root', + group => 'root', + mode => '0644', + content => template('hosts/hosts.erb'), + } +} diff --git a/environments/production/modules/hosts/templates/hosts.erb b/environments/production/modules/hosts/templates/hosts.erb new file mode 100644 index 0000000..3008921 --- /dev/null +++ b/environments/production/modules/hosts/templates/hosts.erb @@ -0,0 +1,12 @@ +# !! Managed by Puppet !! + +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + +# --- BEGIN PVE --- + +127.0.1.1 <%= @networking['hostname'] %>.cluster <%= @networking['hostname'] %> +192.168.1.200 internal-s3.amy.mov +# --- END PVE --- diff --git a/environments/production/modules/infisical/files/compose.yml b/environments/production/modules/infisical/files/compose.yml new file mode 100644 index 0000000..2427bc3 --- /dev/null +++ b/environments/production/modules/infisical/files/compose.yml @@ -0,0 +1,36 @@ +services: + backend: + container_name: infisical-backend + restart: unless-stopped + depends_on: + redis: + condition: service_started + image: infisical/infisical:latest-postgres + pull_policy: always + env_file: .env + ports: + - 8080:8080 + environment: + - NODE_ENV=production + networks: + - infisical + + redis: + image: redis + container_name: infisical-dev-redis + env_file: .env + restart: always + environment: + - ALLOW_EMPTY_PASSWORD=yes + ports: + - 6379:6379 + networks: + - infisical + volumes: + - redis_data:/data +volumes: + redis_data: + driver: local + +networks: + infisical: diff --git a/environments/production/modules/infisical/manifests/cli.pp b/environments/production/modules/infisical/manifests/cli.pp new file mode 100644 index 0000000..2944a97 --- /dev/null +++ b/environments/production/modules/infisical/manifests/cli.pp @@ -0,0 +1,18 @@ +class infisical::cli { + contain infisical::cli::install +} + +class infisical::cli::install { + file { '/opt/infisical': + ensure => directory + } + + file { '/opt/infisical/infisical-cli.deb': + ensure => file, + source => 'https://github.com/Infisical/infisical/releases/download/infisical-cli%2Fv0.36.22/infisical_0.36.22_linux_amd64.deb' + } ~> + package { '/opt/infisical/infisical-cli.deb': + provider => dpkg, + source => '/opt/infisical/infisical-cli.deb' + } +} diff --git a/environments/production/modules/infisical/manifests/init.pp b/environments/production/modules/infisical/manifests/init.pp new file mode 100644 index 0000000..73034d6 --- /dev/null +++ b/environments/production/modules/infisical/manifests/init.pp @@ -0,0 +1,29 @@ +class infisical { + include docker + + contain infisical::install +} + +class infisical::install { + package { 'docker-compose': + ensure => installed + } + + file { '/opt/infisical': + ensure => directory + } + + file { '/opt/infisical/compose.yml': + ensure => file, + source => 'puppet:///modules/infisical/compose.yml' + } + file { '/opt/infisical/.env': + ensure => file, + source => 'puppet:///modules/infisical/.env' + } + + docker_compose { 'infisical': + compose_files => ['/opt/infisical/compose.yml'], + ensure => present, + } +} diff --git a/environments/production/modules/infisical/templates/.env.erb b/environments/production/modules/infisical/templates/.env.erb new file mode 100644 index 0000000..e897114 --- /dev/null +++ b/environments/production/modules/infisical/templates/.env.erb @@ -0,0 +1,124 @@ + +# Keys +# Required key for platform encryption/decryption ops +# THIS IS A SAMPLE ENCRYPTION KEY AND SHOULD NEVER BE USED FOR PRODUCTION +ENCRYPTION_KEY="<%= @infisical_encryption_key %>" + +# JWT +# Required secrets to sign JWT tokens +# THIS IS A SAMPLE AUTH_SECRET KEY AND SHOULD NEVER BE USED FOR PRODUCTION +AUTH_SECRET="<%= @infisical_auth_secret %>" + +# Postgres creds +PG_HOST="<%= @infisical_pg_host %>" +PG_USER="<%= @infisical_pg_user %>" +PG_PASS="<%= @infisical_pg_pass %>" +PG_DB="<%= @infisical_pg_db %>" + +# Required +DB_CONNECTION_URI=postgres://${PG_USER}:${PG_PASS}@${PG_HOST}:5432/${PG_DB} + +# Redis +REDIS_URL=redis://redis:6379 + +# Website URL +# Required +SITE_URL=http://localhost:8080 + +# Mail/SMTP +SMTP_HOST= +SMTP_PORT= +SMTP_FROM_ADDRESS= +SMTP_FROM_NAME= +SMTP_USERNAME= +SMTP_PASSWORD= + +# Integration +# Optional only if integration is used +CLIENT_ID_HEROKU= +CLIENT_ID_VERCEL= +CLIENT_ID_NETLIFY= +CLIENT_ID_GITHUB= +CLIENT_ID_GITHUB_APP= +CLIENT_SLUG_GITHUB_APP= +CLIENT_ID_GITLAB= +CLIENT_ID_BITBUCKET= +CLIENT_SECRET_HEROKU= +CLIENT_SECRET_VERCEL= +CLIENT_SECRET_NETLIFY= +CLIENT_SECRET_GITHUB= +CLIENT_SECRET_GITHUB_APP= +CLIENT_SECRET_GITLAB= +CLIENT_SECRET_BITBUCKET= +CLIENT_SLUG_VERCEL= + +CLIENT_PRIVATE_KEY_GITHUB_APP= +CLIENT_APP_ID_GITHUB_APP= + +# Sentry (optional) for monitoring errors +SENTRY_DSN= + +# Infisical Cloud-specific configs +# Ignore - Not applicable for self-hosted version +POSTHOG_HOST= +POSTHOG_PROJECT_API_KEY= + +# SSO-specific variables +CLIENT_ID_GOOGLE_LOGIN= +CLIENT_SECRET_GOOGLE_LOGIN= + +CLIENT_ID_GITHUB_LOGIN= +CLIENT_SECRET_GITHUB_LOGIN= + +CLIENT_ID_GITLAB_LOGIN= +CLIENT_SECRET_GITLAB_LOGIN= + +CAPTCHA_SECRET= + +NEXT_PUBLIC_CAPTCHA_SITE_KEY= + +OTEL_TELEMETRY_COLLECTION_ENABLED=false +OTEL_EXPORT_TYPE=prometheus +OTEL_EXPORT_OTLP_ENDPOINT= +OTEL_OTLP_PUSH_INTERVAL= + +OTEL_COLLECTOR_BASIC_AUTH_USERNAME= +OTEL_COLLECTOR_BASIC_AUTH_PASSWORD= + +PLAIN_API_KEY= +PLAIN_WISH_LABEL_IDS= + +SSL_CLIENT_CERTIFICATE_HEADER_KEY= + +ENABLE_MSSQL_SECRET_ROTATION_ENCRYPT=true + +# App Connections + +# aws assume-role connection +INF_APP_CONNECTION_AWS_ACCESS_KEY_ID= +INF_APP_CONNECTION_AWS_SECRET_ACCESS_KEY= + +# github oauth connection +INF_APP_CONNECTION_GITHUB_OAUTH_CLIENT_ID= +INF_APP_CONNECTION_GITHUB_OAUTH_CLIENT_SECRET= + +#github app connection +INF_APP_CONNECTION_GITHUB_APP_CLIENT_ID= +INF_APP_CONNECTION_GITHUB_APP_CLIENT_SECRET= +INF_APP_CONNECTION_GITHUB_APP_PRIVATE_KEY= +INF_APP_CONNECTION_GITHUB_APP_SLUG= +INF_APP_CONNECTION_GITHUB_APP_ID= + +#gcp app connection +INF_APP_CONNECTION_GCP_SERVICE_ACCOUNT_CREDENTIAL= + +# azure app connection +INF_APP_CONNECTION_AZURE_CLIENT_ID= +INF_APP_CONNECTION_AZURE_CLIENT_SECRET= + +# datadog +SHOULD_USE_DATADOG_TRACER= +DATADOG_PROFILING_ENABLED= +DATADOG_ENV= +DATADOG_SERVICE= +DATADOG_HOSTNAME= diff --git a/environments/production/modules/keys/files/puppet-push.pub b/environments/production/modules/keys/files/puppet-push.pub new file mode 100644 index 0000000..4068c92 --- /dev/null +++ b/environments/production/modules/keys/files/puppet-push.pub @@ -0,0 +1,2 @@ +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK0MxN/ReEZsnPUWJz+UEq8okZIri+hDXClO/EUsaSFeQtuf5unr5zZ9ErMGmPTbyBloBEh7ZauFVmpwn6y9n9M= root@puppet-server +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK3ukunRoN0+GupDQwujcN3htQGERmEB+Sd5f33PqNhNXsR2EfBwg463lYiCRZo9CQ/hDjrYv5A9TLg8us1B5iA= amy@nixon \ No newline at end of file diff --git a/environments/production/modules/keys/manifests/init.pp b/environments/production/modules/keys/manifests/init.pp new file mode 100644 index 0000000..dd267b7 --- /dev/null +++ b/environments/production/modules/keys/manifests/init.pp @@ -0,0 +1,8 @@ +class keys { + file { '/root/.ssh/authorized_keys': + source => 'puppet:///modules/keys/puppet-push.pub', + owner => 'root', + group => 'root', + mode => '0640', + } +} diff --git a/environments/production/modules/owncloud/manifests/init.pp b/environments/production/modules/owncloud/manifests/init.pp new file mode 100644 index 0000000..9d6f557 --- /dev/null +++ b/environments/production/modules/owncloud/manifests/init.pp @@ -0,0 +1,43 @@ +class owncloud { + contain owncloud::install + contain owncloud::config + contain owncloud::service +} + +class owncloud::install { + file { '/opt/owncloud': + ensure => directory + } + + file { '/opt/owncloud/ocis': + ensure => file, + source => 'https://github.com/owncloud/ocis/releases/download/v7.1.2/ocis-7.1.2-linux-amd64', + mode => '0744' + } +} + +class owncloud::config { + file { '/opt/owncloud/ocis.yaml': + ensure => file, + source => 'puppet:///modules/owncloud/ocis.yaml', + notify => Service['owncloud'] + } +} + +class owncloud::service { + file { '/lib/systemd/system/owncloud.service': + ensure => file, + content => template('owncloud/owncloud.service.erb'), + notify => Service['owncloud'] + }~> + exec { 'owncloud-systemd-reload': + command => 'systemctl daemon-reload', + path => [ '/usr/bin', '/bin', '/usr/sbin' ], + refreshonly => true, + } + + service { 'owncloud': + ensure => running, + enable => true, + } +} diff --git a/environments/production/modules/owncloud/templates/owncloud.service.erb b/environments/production/modules/owncloud/templates/owncloud.service.erb new file mode 100644 index 0000000..061e86e --- /dev/null +++ b/environments/production/modules/owncloud/templates/owncloud.service.erb @@ -0,0 +1,32 @@ +[Unit] +Description=OwnCloud +Wants=basic.target +After=basic.target network.target + +[Service] +WorkingDirectory=/opt/owncloud +ExecStart=/opt/owncloud/ocis server + +Environment="PROXY_HTTP_ADDR=0.0.0.0:9200" +Environment="OCIS_URL=https://cloud.amy.mov" +Environment="OCIS_BASE_DATA_PATH=/opt/owncloud/" +Environment="OCIS_CONFIG_DIR=/opt/owncloud/" + +Environment="OCIS_INSECURE=true" + +Environment="STORAGE_USERS_DRIVER=s3ng" +Environment="STORAGE_HOME_DRIVER=s3ng" +Environment="STORAGE_METADATA_DRIVER=ocis" + +Environment="STORAGE_USERS_S3NG_REGION=garage" +Environment="STORAGE_USERS_S3NG_ENDPOINT=https://internal-s3.amy.mov" +Environment="STORAGE_USERS_S3NG_SECRET_KEY="<%= @oc_s3_secret_key %>" +Environment="STORAGE_USERS_S3NG_ACCESS_KEY="<%= @oc_s3_access_key %>" +Environment="STORAGE_USERS_S3NG_BUCKET=cloud" + +KillMode=process +Restart=on-failure +RestartSec=30s + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/environments/production/modules/postgresql/manifests/init.pp b/environments/production/modules/postgresql/manifests/init.pp new file mode 100644 index 0000000..5452e87 --- /dev/null +++ b/environments/production/modules/postgresql/manifests/init.pp @@ -0,0 +1,34 @@ +class postgresql { + contain postgresql::install + + contain postgresql::pgadmin +} + +class postgresql::install { + # https://www.postgresql.org/download/linux/debian/ + package { 'postgresql-common': + ensure => installed + } ~> + exec { 'postgresql-install': + command => '/usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y', + refreshonly => true, + } ~> + exec { 'postgresql-apt-update': + command => 'apt update', + path => ['/usr/bin'], + refreshonly => true, + } ~> + package { 'postgresql-16': + ensure => installed + } ~> + package { 'postgresql-client-16': + ensure => installed + } +} + +class postgresql::service { + service { 'postgresql': + ensure => running, + enable => true + } +} diff --git a/environments/production/modules/postgresql/manifests/pgadmin.pp b/environments/production/modules/postgresql/manifests/pgadmin.pp new file mode 100644 index 0000000..28041ca --- /dev/null +++ b/environments/production/modules/postgresql/manifests/pgadmin.pp @@ -0,0 +1,42 @@ +class postgresql::pgadmin { + contain postgresql::pgadmin::install + contain postgresql::pgadmin::config +} + + +class postgresql::pgadmin::install { + apt::source { 'pgadmin': + comment => 'PGAdmin Repo', + location => 'https://ftp.postgresql.org/pub/pgadmin/pgadmin4/apt/bookworm', + release => 'pgadmin4', + repos => 'main', + key => { + 'name' => 'pgadmin.pub', + 'source' => 'https://www.pgadmin.org/static/packages_pgadmin_org.pub', + }, + include => { + 'deb' => true, + }, + } + + package { 'pgadmin4-web': + ensure => installed + } +} + +class postgresql::pgadmin::config { + exec { 'pgadmin-setup': + command => '/usr/pgadmin4/bin/setup-web.sh --yes', + environment => [ + "PGADMIN_SETUP_EMAIL=$pg_setup_email", + "PGADMIN_SETUP_PASSWORD=$pg_setup_password" + ], + path => ['/usr/bin'], + unless => ['test -f /var/lib/pgadmin', 'test -f /var/log/pgadmin'] + } + + file { '/usr/pgadmin4/web/config_local.py': + ensure => file, + content => template('postgresql/config_local.py.erb') + } +} diff --git a/environments/production/modules/postgresql/templates/config_local.py.erb b/environments/production/modules/postgresql/templates/config_local.py.erb new file mode 100644 index 0000000..7e8fd69 --- /dev/null +++ b/environments/production/modules/postgresql/templates/config_local.py.erb @@ -0,0 +1,17 @@ +AUTHENTICATION_SOURCES = ['oauth2', 'internal'] +OAUTH2_AUTO_CREATE_USER = True +OAUTH2_CONFIG = [{ + 'OAUTH2_NAME': '<%= @pg_oauth2_name %>', + 'OAUTH2_DISPLAY_NAME': '<%= @pg_oauth2_display_name %>', + 'OAUTH2_CLIENT_ID': '<%= @pg_oauth2_client_id %>', + 'OAUTH2_CLIENT_SECRET': '<%= @pg_oauth2_client_secret %>', + 'OAUTH2_TOKEN_URL': '<%= @pg_oauth2_token_url %>', + 'OAUTH2_AUTHORIZATION_URL': '<%= @pg_oauth2_authorization_url %>', + 'OAUTH2_API_BASE_URL': '<%= @pg_oauth2_api_base_url %>', + 'OAUTH2_USERINFO_ENDPOINT': '<%= @pg_oauth2_userinfo_endpoint %>', + 'OAUTH2_SERVER_METADATA_URL': '<%= @pg_oauth2_server_metadata_url %>', + 'OAUTH2_SCOPE': '<%= @pg_oauth2_scope %>', + 'OAUTH2_ICON': '<%= @pg_oauth2_icon %>' +}] + +WTF_CSRF_HEADERS = ['X-CSRF'] \ No newline at end of file diff --git a/environments/production/modules/reverse_proxy/files/.gitignore b/environments/production/modules/reverse_proxy/files/.gitignore new file mode 100644 index 0000000..13ac862 --- /dev/null +++ b/environments/production/modules/reverse_proxy/files/.gitignore @@ -0,0 +1 @@ +cert/ \ No newline at end of file diff --git a/environments/production/modules/reverse_proxy/files/conf.d/auth.amy.mov b/environments/production/modules/reverse_proxy/files/conf.d/auth.amy.mov new file mode 100644 index 0000000..f00b8a3 --- /dev/null +++ b/environments/production/modules/reverse_proxy/files/conf.d/auth.amy.mov @@ -0,0 +1,137 @@ +map $http_upgrade $connection_upgrade_keepalive { + default upgrade; + '' ''; +} + +server { + listen 443 ssl; + server_name auth.amy.mov; + resolver 192.168.1.155; + + location / { + proxy_http_version 1.1; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade_keepalive; + + proxy_pass http://authentik.cluster:9000; + } +} + +server { + listen 443 ssl; + server_name garage.amy.mov; + + proxy_buffers 8 16k; + proxy_buffer_size 32k; + + location / { + # Where should the authenticated requests go + proxy_pass http://garage.cluster:3909; + + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade_keepalive; + + auth_request /outpost.goauthentik.io/auth/nginx; + error_page 401 = @goauthentik_proxy_signin; + auth_request_set $auth_cookie $upstream_http_set_cookie; + add_header Set-Cookie $auth_cookie; + + auth_request_set $authentik_username $upstream_http_x_authentik_username; + auth_request_set $authentik_groups $upstream_http_x_authentik_groups; + auth_request_set $authentik_entitlements $upstream_http_x_authentik_entitlements; + auth_request_set $authentik_email $upstream_http_x_authentik_email; + auth_request_set $authentik_name $upstream_http_x_authentik_name; + auth_request_set $authentik_uid $upstream_http_x_authentik_uid; + + proxy_set_header X-authentik-username $authentik_username; + proxy_set_header X-authentik-groups $authentik_groups; + proxy_set_header X-authentik-entitlements $authentik_entitlements; + proxy_set_header X-authentik-email $authentik_email; + proxy_set_header X-authentik-name $authentik_name; + proxy_set_header X-authentik-uid $authentik_uid; + } + + # All requests to /outpost.goauthentik.io must be accessible without authentication + location /outpost.goauthentik.io { + proxy_pass http://authentik.cluster:9000/outpost.goauthentik.io; + + # Note: ensure the Host header matches your external authentik URL: + proxy_set_header Host $host; + + proxy_set_header X-Original-URL $scheme://$http_host$request_uri; + add_header Set-Cookie $auth_cookie; + auth_request_set $auth_cookie $upstream_http_set_cookie; + proxy_pass_request_body off; + proxy_set_header Content-Length ""; + } + + location @goauthentik_proxy_signin { + internal; + add_header Set-Cookie $auth_cookie; + return 302 /outpost.goauthentik.io/start?rd=$scheme://$http_host$request_uri; + } +} + +server { + listen 443 ssl; + server_name calibre.amy.mov; + + proxy_buffers 8 16k; + proxy_buffer_size 32k; + + location / { + # Where should the authenticated requests go + proxy_pass http://calibre.cluster:8080; + + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade_keepalive; + + auth_request /outpost.goauthentik.io/auth/nginx; + error_page 401 = @goauthentik_proxy_signin; + auth_request_set $auth_cookie $upstream_http_set_cookie; + add_header Set-Cookie $auth_cookie; + + auth_request_set $authentik_username $upstream_http_x_authentik_username; + auth_request_set $authentik_groups $upstream_http_x_authentik_groups; + auth_request_set $authentik_entitlements $upstream_http_x_authentik_entitlements; + auth_request_set $authentik_email $upstream_http_x_authentik_email; + auth_request_set $authentik_name $upstream_http_x_authentik_name; + auth_request_set $authentik_uid $upstream_http_x_authentik_uid; + + proxy_set_header X-authentik-username $authentik_username; + proxy_set_header X-authentik-groups $authentik_groups; + proxy_set_header X-authentik-entitlements $authentik_entitlements; + proxy_set_header X-authentik-email $authentik_email; + proxy_set_header X-authentik-name $authentik_name; + proxy_set_header X-authentik-uid $authentik_uid; + + # Since we're overwriting the Basic Auth headers + auth_request_set $authentik_auth $upstream_http_authorization; + proxy_set_header Authorization $authentik_auth; + } + + # All requests to /outpost.goauthentik.io must be accessible without authentication + location /outpost.goauthentik.io { + proxy_pass http://authentik.cluster:9000/outpost.goauthentik.io; + + # Note: ensure the Host header matches your external authentik URL: + proxy_set_header Host $host; + + proxy_set_header X-Original-URL $scheme://$http_host$request_uri; + add_header Set-Cookie $auth_cookie; + auth_request_set $auth_cookie $upstream_http_set_cookie; + proxy_pass_request_body off; + proxy_set_header Content-Length ""; + } + + location @goauthentik_proxy_signin { + internal; + add_header Set-Cookie $auth_cookie; + return 302 /outpost.goauthentik.io/start?rd=$scheme://$http_host$request_uri; + } +} \ No newline at end of file diff --git a/environments/production/modules/reverse_proxy/files/conf.d/blog.amy.mov b/environments/production/modules/reverse_proxy/files/conf.d/blog.amy.mov new file mode 100644 index 0000000..01de0da --- /dev/null +++ b/environments/production/modules/reverse_proxy/files/conf.d/blog.amy.mov @@ -0,0 +1,13 @@ +server { + listen 443 ssl; + server_name blog.amy.mov; + + location / { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $http_host; + + proxy_pass http://192.168.1.210:2368; + } +} \ No newline at end of file diff --git a/environments/production/modules/reverse_proxy/files/conf.d/cloud.amy.mov b/environments/production/modules/reverse_proxy/files/conf.d/cloud.amy.mov new file mode 100644 index 0000000..8eb51a3 --- /dev/null +++ b/environments/production/modules/reverse_proxy/files/conf.d/cloud.amy.mov @@ -0,0 +1,13 @@ +# !! Managed by Puppet !! + +server { + listen 443 ssl; + server_name cloud.amy.mov; + + location / { + proxy_pass https://owncloud.cluster:9200; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + } +} \ No newline at end of file diff --git a/environments/production/modules/reverse_proxy/files/conf.d/fedi.amy.mov b/environments/production/modules/reverse_proxy/files/conf.d/fedi.amy.mov new file mode 100644 index 0000000..b76fbe2 --- /dev/null +++ b/environments/production/modules/reverse_proxy/files/conf.d/fedi.amy.mov @@ -0,0 +1,13 @@ +# !! Managed by Puppet !! + +server { + listen 443 ssl; + server_name fedi.amy.mov; + + location / { + proxy_pass http://192.168.1.201:3000; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + } +} \ No newline at end of file diff --git a/environments/production/modules/reverse_proxy/files/conf.d/forge.amy.mov b/environments/production/modules/reverse_proxy/files/conf.d/forge.amy.mov new file mode 100644 index 0000000..248fa2f --- /dev/null +++ b/environments/production/modules/reverse_proxy/files/conf.d/forge.amy.mov @@ -0,0 +1,14 @@ +# !! Managed by Puppet !! + +server { + listen 443 ssl; + server_name forge.amy.mov; + resolver 192.168.1.155; + + location / { + proxy_pass http://forgejo.cluster:3000; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + } +} \ No newline at end of file diff --git a/environments/production/modules/reverse_proxy/files/conf.d/internal-s3.amy.mov b/environments/production/modules/reverse_proxy/files/conf.d/internal-s3.amy.mov new file mode 100644 index 0000000..8dfab14 --- /dev/null +++ b/environments/production/modules/reverse_proxy/files/conf.d/internal-s3.amy.mov @@ -0,0 +1,11 @@ +server { + listen 443 ssl; + server_name internal-s3.amy.mov; + resolver 192.168.1.155; + + location / { + proxy_set_header Host internal-s3.amy.mov; + + proxy_pass http://garage.cluster:3900; + } +} \ No newline at end of file diff --git a/environments/production/modules/reverse_proxy/files/conf.d/pg.amy.mov b/environments/production/modules/reverse_proxy/files/conf.d/pg.amy.mov new file mode 100644 index 0000000..f901be1 --- /dev/null +++ b/environments/production/modules/reverse_proxy/files/conf.d/pg.amy.mov @@ -0,0 +1,13 @@ +server { + listen 443 ssl; + server_name pg.amy.mov; + + location / { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $http_host; + + proxy_pass http://postgresql.cluster; + } +} \ No newline at end of file diff --git a/environments/production/modules/reverse_proxy/files/conf.d/s3.amy.mov b/environments/production/modules/reverse_proxy/files/conf.d/s3.amy.mov new file mode 100644 index 0000000..b56c8a1 --- /dev/null +++ b/environments/production/modules/reverse_proxy/files/conf.d/s3.amy.mov @@ -0,0 +1,15 @@ +server { + listen 443 ssl; + server_name s3.amy.mov; + resolver 192.168.1.155; + + # Rewriting path based buckets to vhost buckets, ie: + # s3.amy.mov/test-bucket => test-bucket.s3.amy.mov + location ~ ^/([^/]+)(.*)$ { + # Set the host so Garage thinks we are coming from a vhost + proxy_set_header Host $1.s3.amy.mov; + + # But pass the path ($2) to the real proxy + proxy_pass http://garage.cluster:3902$2; + } +} \ No newline at end of file diff --git a/environments/production/modules/reverse_proxy/files/conf.d/secrets.amy.mov b/environments/production/modules/reverse_proxy/files/conf.d/secrets.amy.mov new file mode 100644 index 0000000..d9bb692 --- /dev/null +++ b/environments/production/modules/reverse_proxy/files/conf.d/secrets.amy.mov @@ -0,0 +1,13 @@ +server { + listen 443 ssl; + server_name secrets.amy.mov; + + location / { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $http_host; + + proxy_pass http://infisical.cluster:8080; + } +} \ No newline at end of file diff --git a/environments/production/modules/reverse_proxy/files/nginx.conf b/environments/production/modules/reverse_proxy/files/nginx.conf new file mode 100644 index 0000000..8f515b6 --- /dev/null +++ b/environments/production/modules/reverse_proxy/files/nginx.conf @@ -0,0 +1,31 @@ +# !! Managed by Puppet !! + +user www-data; +worker_processes auto; + +pid /run/nginx.pid; + +events { + worker_connections 768; +} + +http { + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + sendfile on; + tcp_nopush on; + types_hash_max_size 2048; + + client_max_body_size 15M; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + + ssl_certificate /etc/nginx/cert/cf.pem; + ssl_certificate_key /etc/nginx/cert/cf.key; + + include /etc/nginx/conf.d/*; +} \ No newline at end of file diff --git a/environments/production/modules/reverse_proxy/manifests/init.pp b/environments/production/modules/reverse_proxy/manifests/init.pp new file mode 100644 index 0000000..5a81db0 --- /dev/null +++ b/environments/production/modules/reverse_proxy/manifests/init.pp @@ -0,0 +1,56 @@ +class reverse_proxy { + contain reverse_proxy::install + contain reverse_proxy::config + contain reverse_proxy::service +} + +class reverse_proxy::install { + package { 'nginx': + ensure => installed, + } +} + +define reverse_proxy::conf_file ( + $dest_base, + $source_base, + $group = 'www-data', + $owner = 'www-data', + $mode = '0640', +) { + file { "${dest_base}/${name}": + source => "${source_base}/${name}", + ensure => 'present', + group => $group, + owner => $owner, + mode => $mode, + notify => Service['nginx'], + } +} + +class reverse_proxy::config { + $config_files = [ + # Make our dirs first + 'conf.d', 'cert', + + # Then we can populate them + 'conf.d/fedi.amy.mov', 'conf.d/s3.amy.mov', 'conf.d/blog.amy.mov', 'conf.d/auth.amy.mov', 'conf.d/pg.amy.mov', + 'conf.d/forge.amy.mov', 'conf.d/cloud.amy.mov', 'conf.d/secrets.amy.mov', + + 'conf.d/internal-s3.amy.mov', + + 'cert/cf.key', 'cert/cf.pem', + 'nginx.conf' + ] + + reverse_proxy::conf_file { $config_files: + source_base => 'puppet:///modules/reverse_proxy', + dest_base => '/etc/nginx' + } +} + +class reverse_proxy::service { + service { 'nginx': + ensure => running, + enable => true, + } +} diff --git a/environments/production/modules/unifi/files/libssl1.1.deb b/environments/production/modules/unifi/files/libssl1.1.deb new file mode 100644 index 0000000..9a05caa Binary files /dev/null and b/environments/production/modules/unifi/files/libssl1.1.deb differ diff --git a/environments/production/modules/unifi/manifests/init.pp b/environments/production/modules/unifi/manifests/init.pp new file mode 100644 index 0000000..9bd428f --- /dev/null +++ b/environments/production/modules/unifi/manifests/init.pp @@ -0,0 +1,74 @@ +class unifi { + contain unifi::install + contain unifi::service +} + +class unifi::repos { + apt::source { 'unifi': + comment => 'UniFi Repo', + location => 'https://www.ui.com/downloads/unifi/debian', + release => 'stable', + repos => 'ubiquiti', + key => { + 'name' => 'unifi.gpg', + 'source' => 'https://dl.ui.com/unifi/unifi-repo.gpg', + }, + include => { + 'deb' => true, + }, + } + + apt::source { 'mongodb': + comment => 'MongoDB', + location => 'http://repo.mongodb.org/apt/debian', + release => 'buster/mongodb-org/4.4', + repos => 'main', + key => { + 'name' => 'mongodb.asc', + 'source' => 'https://www.mongodb.org/static/pgp/server-4.4.asc', + }, + include => { + 'deb' => true, + }, + } +} + +class unifi::libssl { + # From https://archive.ubuntu.com/ubuntu/pool/main/o/openssl/ + file { '/opt/libssl1.1.deb': + ensure => file, + source => 'puppet:///modules/unifi/libssl1.1.deb' + } ~> + package { 'libssl1.1': + provider => dpkg, + source => "/opt/libssl1.1.deb" + } +} + +class unifi::install { + contain unifi::repos + contain unifi::libssl + + + $mongo = [ 'mongodb-org' ] + package { $mongo: + ensure => installed + } + + $unifi = ['openjdk-17-jre-headless', 'java-common', 'unifi'] + package { $unifi: + ensure => installed + } +} + +class unifi::service { + service { 'mongod': + ensure => running, + enable => true + } + + service { 'unifi': + ensure => running, + enable => true + } +} diff --git a/environments/production/modules/utils/manifests/init.pp b/environments/production/modules/utils/manifests/init.pp new file mode 100644 index 0000000..d8b3d99 --- /dev/null +++ b/environments/production/modules/utils/manifests/init.pp @@ -0,0 +1,5 @@ +class utils { + $pkgs = ['git', 'net-tools', 'curl', 'sudo'] + + package { $pkgs: ensure => 'installed' } +} diff --git a/environments/production/thirdparty/apt/CHANGELOG.md b/environments/production/thirdparty/apt/CHANGELOG.md new file mode 100644 index 0000000..ad6f39f --- /dev/null +++ b/environments/production/thirdparty/apt/CHANGELOG.md @@ -0,0 +1,1019 @@ + +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). + +## [v10.0.1](https://github.com/puppetlabs/puppetlabs-apt/tree/v10.0.1) - 2025-01-24 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v10.0.0...v10.0.1) + +### Fixed + +- Handle repos passed as an array for list format [#1215](https://github.com/puppetlabs/puppetlabs-apt/pull/1215) ([ekohl](https://github.com/ekohl)) + +## [v10.0.0](https://github.com/puppetlabs/puppetlabs-apt/tree/v10.0.0) - 2024-12-18 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v9.4.0...v10.0.0) + +### Changed + +- Debian: add non-free-firmware repo component [#1180](https://github.com/puppetlabs/puppetlabs-apt/pull/1180) ([kenyon](https://github.com/kenyon)) +- Drop support for EoL Debian 10 "buster" [#1177](https://github.com/puppetlabs/puppetlabs-apt/pull/1177) ([kenyon](https://github.com/kenyon)) + +### Added + +- Add Debian 12 "bookworm" support [#1178](https://github.com/puppetlabs/puppetlabs-apt/pull/1178) ([kenyon](https://github.com/kenyon)) +- Support PPA in deb822 format [#1169](https://github.com/puppetlabs/puppetlabs-apt/pull/1169) ([fredericgiquel](https://github.com/fredericgiquel)) +- Add support for deb822 APT sources [#1167](https://github.com/puppetlabs/puppetlabs-apt/pull/1167) ([jps-help](https://github.com/jps-help)) + +### Fixed + +- apt::setting: Dont expect source/content when removing settings [#1208](https://github.com/puppetlabs/puppetlabs-apt/pull/1208) ([bastelfreak](https://github.com/bastelfreak)) +- apt::keyring: Require "source" or "content" only if ensure=present [#1198](https://github.com/puppetlabs/puppetlabs-apt/pull/1198) ([webcompas](https://github.com/webcompas)) + +### Other + +- Eliminate `params.pp` and `create_resources()` [#1172](https://github.com/puppetlabs/puppetlabs-apt/pull/1172) ([kenyon](https://github.com/kenyon)) + +## [v9.4.0](https://github.com/puppetlabs/puppetlabs-apt/tree/v9.4.0) - 2024-02-15 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v9.3.0...v9.4.0) + +## [v9.3.0](https://github.com/puppetlabs/puppetlabs-apt/tree/v9.3.0) - 2024-02-15 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v9.2.0...v9.3.0) + +### Added + +- Backports: add keyring support [#1162](https://github.com/puppetlabs/puppetlabs-apt/pull/1162) ([kenyon](https://github.com/kenyon)) +- Support "hourly" and Integer as value for update frequency (fixes #1157) [#1159](https://github.com/puppetlabs/puppetlabs-apt/pull/1159) ([webcompas](https://github.com/webcompas)) + +### Fixed + +- replace deprecated merge() with native puppet code [#1154](https://github.com/puppetlabs/puppetlabs-apt/pull/1154) ([bastelfreak](https://github.com/bastelfreak)) + +### Other + +- release_prep: Use puppetlabs_spec_helper 7.x [#1164](https://github.com/puppetlabs/puppetlabs-apt/pull/1164) ([bastelfreak](https://github.com/bastelfreak)) + +## [v9.2.0](https://github.com/puppetlabs/puppetlabs-apt/tree/v9.2.0) - 2023-12-04 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v9.1.0...v9.2.0) + +### Added + +- Allow passing all `keyring` params in `apt::source` [#1147](https://github.com/puppetlabs/puppetlabs-apt/pull/1147) ([kenyon](https://github.com/kenyon)) +- Cleanup Debian 9 and Ubuntu pre-18.04 specialcases [#1142](https://github.com/puppetlabs/puppetlabs-apt/pull/1142) ([evgeni](https://github.com/evgeni)) +- Add support for modern keyrings [#1128](https://github.com/puppetlabs/puppetlabs-apt/pull/1128) ([praj1001](https://github.com/praj1001)) + +### Fixed + +- (CAT-1483) - Enhancement of handling of apt::source's repos and release parameters [#1138](https://github.com/puppetlabs/puppetlabs-apt/pull/1138) ([Ramesh7](https://github.com/Ramesh7)) +- backports: don't hardcode an old gpg key for Ubuntu [#1129](https://github.com/puppetlabs/puppetlabs-apt/pull/1129) ([kenyon](https://github.com/kenyon)) + +## [v9.1.0](https://github.com/puppetlabs/puppetlabs-apt/tree/v9.1.0) - 2023-06-08 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v9.0.2...v9.1.0) + +### Changed + +- (CONT-773) Add Support for Puppet 8 / Remove Support for Puppet 6 [#1101](https://github.com/puppetlabs/puppetlabs-apt/pull/1101) ([david22swan](https://github.com/david22swan)) + +### Added + +- Require stdlib 9.0.0 or newer [#1114](https://github.com/puppetlabs/puppetlabs-apt/pull/1114) ([smortex](https://github.com/smortex)) +- (CONT-1028) puppetlabs/stdlib: Allow 9.x [#1113](https://github.com/puppetlabs/puppetlabs-apt/pull/1113) ([bastelfreak](https://github.com/bastelfreak)) +- (CONT-581) Adding deferred function support for password field [#1110](https://github.com/puppetlabs/puppetlabs-apt/pull/1110) ([Ramesh7](https://github.com/Ramesh7)) + +### Fixed + +- (MODULES-10831) key is expired if all subkeys are expired [#1104](https://github.com/puppetlabs/puppetlabs-apt/pull/1104) ([kenyon](https://github.com/kenyon)) + +## [v9.0.2](https://github.com/puppetlabs/puppetlabs-apt/tree/v9.0.2) - 2023-03-14 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v9.0.1...v9.0.2) + +### Fixed + +- Adopt new parameter defaults in template [#1090](https://github.com/puppetlabs/puppetlabs-apt/pull/1090) ([tuxmea](https://github.com/tuxmea)) +- (CONT-493) PPA validation adjustment [#1085](https://github.com/puppetlabs/puppetlabs-apt/pull/1085) ([LukasAud](https://github.com/LukasAud)) +- fix typo in source.pp [#1082](https://github.com/puppetlabs/puppetlabs-apt/pull/1082) ([bastelfreak](https://github.com/bastelfreak)) +- fix: remove `apt::` prefix from fact variables [#1081](https://github.com/puppetlabs/puppetlabs-apt/pull/1081) ([johanfleury](https://github.com/johanfleury)) +- Updated mark as title can contain dot (fixes #1074) [#1075](https://github.com/puppetlabs/puppetlabs-apt/pull/1075) ([xepa](https://github.com/xepa)) + +## [v9.0.1](https://github.com/puppetlabs/puppetlabs-apt/tree/v9.0.1) - 2022-12-21 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v9.0.0...v9.0.1) + +### Fixed + +- (bugfix) - Declare minimum Puppet version 6.24.0 [#1079](https://github.com/puppetlabs/puppetlabs-apt/pull/1079) ([pmcmaw](https://github.com/pmcmaw)) +- Do not remove PPA sources.list.d files if purge is enabled [#1069](https://github.com/puppetlabs/puppetlabs-apt/pull/1069) ([Programie](https://github.com/Programie)) +- (CONT-173) - Updating deprecated facter instances [#1068](https://github.com/puppetlabs/puppetlabs-apt/pull/1068) ([jordanbreen28](https://github.com/jordanbreen28)) +- pdksync - (CONT-130) Dropping Support for Debian 9 [#1065](https://github.com/puppetlabs/puppetlabs-apt/pull/1065) ([jordanbreen28](https://github.com/jordanbreen28)) +- (GH-1057) Regex fix to allow dotted resources [#1058](https://github.com/puppetlabs/puppetlabs-apt/pull/1058) ([LukasAud](https://github.com/LukasAud)) +- (GH-1055) Fix hardcoded cache path [#1056](https://github.com/puppetlabs/puppetlabs-apt/pull/1056) ([chelnak](https://github.com/chelnak)) +- (GH-cat-9) Update module to match current syntax standard [#1053](https://github.com/puppetlabs/puppetlabs-apt/pull/1053) ([david22swan](https://github.com/david22swan)) + +## [v9.0.0](https://github.com/puppetlabs/puppetlabs-apt/tree/v9.0.0) - 2022-08-18 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v8.5.0...v9.0.0) + +### Changed + +- Harden PPA defined type [#1052](https://github.com/puppetlabs/puppetlabs-apt/pull/1052) ([chelnak](https://github.com/chelnak)) + +### Added + +- Deal with net-ftp being unavailable [#1050](https://github.com/puppetlabs/puppetlabs-apt/pull/1050) ([ekohl](https://github.com/ekohl)) +- pdksync - (GH-cat-11) Certify Support for Ubuntu 22.04 [#1046](https://github.com/puppetlabs/puppetlabs-apt/pull/1046) ([david22swan](https://github.com/david22swan)) + +### Fixed + +- Harden apt-mark defined type [#1051](https://github.com/puppetlabs/puppetlabs-apt/pull/1051) ([chelnak](https://github.com/chelnak)) + +## [v8.5.0](https://github.com/puppetlabs/puppetlabs-apt/tree/v8.5.0) - 2022-08-03 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v8.4.1...v8.5.0) + +### Added + +- (GH-1038) add support for `check-valid-until` configuration [#1042](https://github.com/puppetlabs/puppetlabs-apt/pull/1042) ([david22swan](https://github.com/david22swan)) + +## [v8.4.1](https://github.com/puppetlabs/puppetlabs-apt/tree/v8.4.1) - 2022-06-20 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v8.4.0...v8.4.1) + +### Fixed + +- (ISSUE-1036) Conditional `gnupg` include added to init.pp [#1039](https://github.com/puppetlabs/puppetlabs-apt/pull/1039) ([david22swan](https://github.com/david22swan)) + +## [v8.4.0](https://github.com/puppetlabs/puppetlabs-apt/tree/v8.4.0) - 2022-06-06 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v8.3.0...v8.4.0) + +### Changed + +- (GH-iac-334) Remove code specific to unsupported OSs [#1024](https://github.com/puppetlabs/puppetlabs-apt/pull/1024) ([david22swan](https://github.com/david22swan)) + +### Added + +- enable allow-insecure for apt::source defined types, includes new tes
 [#1014](https://github.com/puppetlabs/puppetlabs-apt/pull/1014) ([hesco](https://github.com/hesco)) + +### Fixed + +- pdksync - (GH-iac-334) Remove Support for Ubuntu 14.04 [#1023](https://github.com/puppetlabs/puppetlabs-apt/pull/1023) ([david22swan](https://github.com/david22swan)) +- pdksync - (GH-iac-334) Remove Support for Ubuntu 16.04 [#1022](https://github.com/puppetlabs/puppetlabs-apt/pull/1022) ([david22swan](https://github.com/david22swan)) +- (MODULES-11301) Don't install gnupg if not needed [#1020](https://github.com/puppetlabs/puppetlabs-apt/pull/1020) ([simondeziel](https://github.com/simondeziel)) +- Use fact() function for all os.distro.* facts [#1017](https://github.com/puppetlabs/puppetlabs-apt/pull/1017) ([root-expert](https://github.com/root-expert)) +- (maint) Fix resource ordering when apt-transport-https is needed [#1015](https://github.com/puppetlabs/puppetlabs-apt/pull/1015) ([smortex](https://github.com/smortex)) +- Omit empty options in source.list template to fix MODULES-11174 [#1013](https://github.com/puppetlabs/puppetlabs-apt/pull/1013) ([mpdude](https://github.com/mpdude)) +- Replace `arm64` for `aarch64` in `::apt::source` [#1012](https://github.com/puppetlabs/puppetlabs-apt/pull/1012) ([mpdude](https://github.com/mpdude)) +- Fixed gpg file for Ubuntu versions 21.04 and later. [#1011](https://github.com/puppetlabs/puppetlabs-apt/pull/1011) ([Conzar](https://github.com/Conzar)) +- (MODULES-10763) Remove frequency collector [#1010](https://github.com/puppetlabs/puppetlabs-apt/pull/1010) ([LTangaF](https://github.com/LTangaF)) + +## [v8.3.0](https://github.com/puppetlabs/puppetlabs-apt/tree/v8.3.0) - 2021-10-04 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v8.2.0...v8.3.0) + +### Added + +- (MODULES-11173) Add per-host overrides for apt::proxy [#1007](https://github.com/puppetlabs/puppetlabs-apt/pull/1007) ([maturnbull](https://github.com/maturnbull)) + +### Fixed + +- pdksync - (IAC-1598) - Remove Support for Debian 8 [#1008](https://github.com/puppetlabs/puppetlabs-apt/pull/1008) ([david22swan](https://github.com/david22swan)) + +## [v8.2.0](https://github.com/puppetlabs/puppetlabs-apt/tree/v8.2.0) - 2021-08-25 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v8.1.0...v8.2.0) + +### Added + +- (maint) Add support for Debian 11 [#1001](https://github.com/puppetlabs/puppetlabs-apt/pull/1001) ([smortex](https://github.com/smortex)) + +### Fixed + +- (main) Allow stdlib 8.0.0 [#1000](https://github.com/puppetlabs/puppetlabs-apt/pull/1000) ([smortex](https://github.com/smortex)) + +## [v8.1.0](https://github.com/puppetlabs/puppetlabs-apt/tree/v8.1.0) - 2021-07-26 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v8.0.2...v8.1.0) + +### Added + +- [MODULES-9695] - Add support for signed-by in source entries [#991](https://github.com/puppetlabs/puppetlabs-apt/pull/991) ([johanfleury](https://github.com/johanfleury)) + +### Fixed + +- apt::source: pass the weak_ssl param to apt::key [#993](https://github.com/puppetlabs/puppetlabs-apt/pull/993) ([kenyon](https://github.com/kenyon)) +- (IAC-1597) Increasing MAX_RETRY_COUNT [#987](https://github.com/puppetlabs/puppetlabs-apt/pull/987) ([pmcmaw](https://github.com/pmcmaw)) + +## [v8.0.2](https://github.com/puppetlabs/puppetlabs-apt/tree/v8.0.2) - 2021-03-29 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v8.0.1...v8.0.2) + +### Fixed + +- (MODULES-10971) - Ensure `apt::keyserver` is considered when creating a default apt:source [#981](https://github.com/puppetlabs/puppetlabs-apt/pull/981) ([david22swan](https://github.com/david22swan)) +- (IAC-1497) - Removal of unsupported `translate` dependency [#979](https://github.com/puppetlabs/puppetlabs-apt/pull/979) ([david22swan](https://github.com/david22swan)) + +## [v8.0.1](https://github.com/puppetlabs/puppetlabs-apt/tree/v8.0.1) - 2021-03-15 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v8.0.0...v8.0.1) + +### Fixed + +- MODULES-10956 remove redundant code in provider apt_key [#973](https://github.com/puppetlabs/puppetlabs-apt/pull/973) ([moritz-makandra](https://github.com/moritz-makandra)) + +## [v8.0.0](https://github.com/puppetlabs/puppetlabs-apt/tree/v8.0.0) - 2021-03-01 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v7.7.1...v8.0.0) + +### Changed + +- pdksync - Remove Puppet 5 from testing and bump minimal version to 6.0.0 [#969](https://github.com/puppetlabs/puppetlabs-apt/pull/969) ([carabasdaniel](https://github.com/carabasdaniel)) + +## [v7.7.1](https://github.com/puppetlabs/puppetlabs-apt/tree/v7.7.1) - 2021-02-16 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v7.7.0...v7.7.1) + +### Fixed + +- Use modern os facts [#964](https://github.com/puppetlabs/puppetlabs-apt/pull/964) ([kenyon](https://github.com/kenyon)) + +## [v7.7.0](https://github.com/puppetlabs/puppetlabs-apt/tree/v7.7.0) - 2020-12-08 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v7.6.0...v7.7.0) + +### Added + +- pdksync - (feat) - Add support for Puppet 7 [#958](https://github.com/puppetlabs/puppetlabs-apt/pull/958) ([daianamezdrea](https://github.com/daianamezdrea)) +- Make auth.conf contents Sensitive [#953](https://github.com/puppetlabs/puppetlabs-apt/pull/953) ([suchpuppet](https://github.com/suchpuppet)) + +## [v7.6.0](https://github.com/puppetlabs/puppetlabs-apt/tree/v7.6.0) - 2020-09-15 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v7.5.0...v7.6.0) + +### Added + +- (MODULES-10804) option to force purge source.lists file [#948](https://github.com/puppetlabs/puppetlabs-apt/pull/948) ([sheenaajay](https://github.com/sheenaajay)) + +### Fixed + +- (IAC-978) - Removal of inappropriate terminology [#947](https://github.com/puppetlabs/puppetlabs-apt/pull/947) ([david22swan](https://github.com/david22swan)) + +## [v7.5.0](https://github.com/puppetlabs/puppetlabs-apt/tree/v7.5.0) - 2020-08-13 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v7.4.2...v7.5.0) + +### Added + +- pdksync - (IAC-973) - Update travis/appveyor to run on new default branch main [#940](https://github.com/puppetlabs/puppetlabs-apt/pull/940) ([david22swan](https://github.com/david22swan)) +- patch-acng-ssl-support [#938](https://github.com/puppetlabs/puppetlabs-apt/pull/938) ([mdklapwijk](https://github.com/mdklapwijk)) +- (IAC-746) - Add ubuntu 20.04 support [#936](https://github.com/puppetlabs/puppetlabs-apt/pull/936) ([david22swan](https://github.com/david22swan)) + +### Fixed + +- (MODULES-10763) loglevel won't affect reports [#942](https://github.com/puppetlabs/puppetlabs-apt/pull/942) ([gguillotte](https://github.com/gguillotte)) + +## [v7.4.2](https://github.com/puppetlabs/puppetlabs-apt/tree/v7.4.2) - 2020-05-14 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v7.4.1...v7.4.2) + +### Fixed + +- fix apt-mark syntax [#927](https://github.com/puppetlabs/puppetlabs-apt/pull/927) ([tryfunc](https://github.com/tryfunc)) + +## [v7.4.1](https://github.com/puppetlabs/puppetlabs-apt/tree/v7.4.1) - 2020-03-23 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v7.4.0...v7.4.1) + +### Fixed + +- Do not specify file modes unless relevant [#923](https://github.com/puppetlabs/puppetlabs-apt/pull/923) ([anarcat](https://github.com/anarcat)) +- (MODULES-10583) Revert "MODULES-10548: make files readonly" [#920](https://github.com/puppetlabs/puppetlabs-apt/pull/920) ([carabasdaniel](https://github.com/carabasdaniel)) + +## [v7.4.0](https://github.com/puppetlabs/puppetlabs-apt/tree/v7.4.0) - 2020-03-03 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v7.3.0...v7.4.0) + +### Added + +- Add 'include' param to apt::backports [#910](https://github.com/puppetlabs/puppetlabs-apt/pull/910) ([paladox](https://github.com/paladox)) +- pdksync - (FM-8581) - Debian 10 added to travis and provision file refactored [#902](https://github.com/puppetlabs/puppetlabs-apt/pull/902) ([david22swan](https://github.com/david22swan)) + +### Fixed + +- MODULES-10548: make files readonly [#906](https://github.com/puppetlabs/puppetlabs-apt/pull/906) ([anarcat](https://github.com/anarcat)) +- MODULES-10543: only consider lsbdistcodename for apt-transport-https [#905](https://github.com/puppetlabs/puppetlabs-apt/pull/905) ([anarcat](https://github.com/anarcat)) +- MODULES-10543: remove sources.list file on purging [#904](https://github.com/puppetlabs/puppetlabs-apt/pull/904) ([anarcat](https://github.com/anarcat)) +- Include apt in apt::backports [#891](https://github.com/puppetlabs/puppetlabs-apt/pull/891) ([zivis](https://github.com/zivis)) + +## [v7.3.0](https://github.com/puppetlabs/puppetlabs-apt/tree/v7.3.0) - 2019-12-16 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v7.2.0...v7.3.0) + +### Added + +- Adding a new parameter for dist [#890](https://github.com/puppetlabs/puppetlabs-apt/pull/890) ([luckyraul](https://github.com/luckyraul)) + +### Fixed + +- MODULES-10063, extend apt::key to support deeplinks, this time with f
 [#894](https://github.com/puppetlabs/puppetlabs-apt/pull/894) ([kaessert](https://github.com/kaessert)) +- MODULES-10063, extend apt::key to support deeplinks [#892](https://github.com/puppetlabs/puppetlabs-apt/pull/892) ([kaessert](https://github.com/kaessert)) + +## [v7.2.0](https://github.com/puppetlabs/puppetlabs-apt/tree/v7.2.0) - 2019-10-29 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v7.1.0...v7.2.0) + +### Added + +- Add apt::mark defined type [#879](https://github.com/puppetlabs/puppetlabs-apt/pull/879) ([tuxmea](https://github.com/tuxmea)) +- (FM-8394) add debian 10 testing [#876](https://github.com/puppetlabs/puppetlabs-apt/pull/876) ([ThoughtCrhyme](https://github.com/ThoughtCrhyme)) +- Add apt::key_options for default apt::key options [#873](https://github.com/puppetlabs/puppetlabs-apt/pull/873) ([raphink](https://github.com/raphink)) +- implement apt.conf.d purging [#869](https://github.com/puppetlabs/puppetlabs-apt/pull/869) ([lelutin](https://github.com/lelutin)) + +### Fixed + +- Install gnupg instead of dirmngr [#866](https://github.com/puppetlabs/puppetlabs-apt/pull/866) ([martijndegouw](https://github.com/martijndegouw)) + +## [v7.1.0](https://github.com/puppetlabs/puppetlabs-apt/tree/v7.1.0) - 2019-07-30 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v7.0.1...v7.1.0) + +### Added + +- (FM-8215) Convert to using litmus [#864](https://github.com/puppetlabs/puppetlabs-apt/pull/864) ([florindragos](https://github.com/florindragos)) + +## [v7.0.1](https://github.com/puppetlabs/puppetlabs-apt/tree/v7.0.1) - 2019-05-14 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/7.0.0...v7.0.1) + +## [7.0.0](https://github.com/puppetlabs/puppetlabs-apt/tree/7.0.0) - 2019-04-24 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/6.3.0...7.0.0) + +### Changed + +- pdksync - (MODULES-8444) - Raise lower Puppet bound [#853](https://github.com/puppetlabs/puppetlabs-apt/pull/853) ([david22swan](https://github.com/david22swan)) + +### Added + +- Allow weak SSL verification for apt_key [#849](https://github.com/puppetlabs/puppetlabs-apt/pull/849) ([tuxmea](https://github.com/tuxmea)) + +## [6.3.0](https://github.com/puppetlabs/puppetlabs-apt/tree/6.3.0) - 2019-01-22 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/6.2.1...6.3.0) + +### Added + +- Add support for dist-upgrade & autoremove action [#832](https://github.com/puppetlabs/puppetlabs-apt/pull/832) ([aboks](https://github.com/aboks)) +- (MODULES-8321) - Add manage_auth_conf parameter [#831](https://github.com/puppetlabs/puppetlabs-apt/pull/831) ([eimlav](https://github.com/eimlav)) + +### Fixed + +- (MODULES-8418) Fix /etc/apt/auth.conf owner changing endlessly [#836](https://github.com/puppetlabs/puppetlabs-apt/pull/836) ([antaflos](https://github.com/antaflos)) +- pdksync - (FM-7655) Fix rubygems-update for ruby < 2.3 [#835](https://github.com/puppetlabs/puppetlabs-apt/pull/835) ([tphoney](https://github.com/tphoney)) +- (MODULES-8326) - apt-transport-https not ensured properly [#830](https://github.com/puppetlabs/puppetlabs-apt/pull/830) ([eimlav](https://github.com/eimlav)) + +## [6.2.1](https://github.com/puppetlabs/puppetlabs-apt/tree/6.2.1) - 2018-11-21 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/6.2.0...6.2.1) + +### Fixed + +- (MODULES-8272) - Revert "Autorequire dirmngr in apt_key types" [#825](https://github.com/puppetlabs/puppetlabs-apt/pull/825) ([eimlav](https://github.com/eimlav)) + +## [6.2.0](https://github.com/puppetlabs/puppetlabs-apt/tree/6.2.0) - 2018-11-19 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/6.1.1...6.2.0) + +### Added + +- (MODULES-8081): add support for hkps:// protocol in apt::key [#815](https://github.com/puppetlabs/puppetlabs-apt/pull/815) ([simondeziel](https://github.com/simondeziel)) + +### Fixed + +- Apt-key fixes to properly work on Debian 9 [#822](https://github.com/puppetlabs/puppetlabs-apt/pull/822) ([ekohl](https://github.com/ekohl)) +- (maint) - Update Link to REFERENCE.md [#811](https://github.com/puppetlabs/puppetlabs-apt/pull/811) ([pmcmaw](https://github.com/pmcmaw)) + +## [6.1.1](https://github.com/puppetlabs/puppetlabs-apt/tree/6.1.1) - 2018-10-02 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/6.1.0...6.1.1) + +### Fixed + +- Revert "(MODULES-6408) - Fix dirmngr install failing" [#808](https://github.com/puppetlabs/puppetlabs-apt/pull/808) ([eimlav](https://github.com/eimlav)) + +## [6.1.0](https://github.com/puppetlabs/puppetlabs-apt/tree/6.1.0) - 2018-10-01 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/6.0.0...6.1.0) + +### Added + +- pdksync - (FM-7392) - Puppet 6 Testing Changes [#800](https://github.com/puppetlabs/puppetlabs-apt/pull/800) ([pmcmaw](https://github.com/pmcmaw)) +- pdksync - (MODULES-6805) metadata.json shows support for puppet 6 [#798](https://github.com/puppetlabs/puppetlabs-apt/pull/798) ([tphoney](https://github.com/tphoney)) +- (MODULES-3307) - Auto update expired keys [#795](https://github.com/puppetlabs/puppetlabs-apt/pull/795) ([eimlav](https://github.com/eimlav)) +- (FM-7316) - Implementation of the i18n process [#789](https://github.com/puppetlabs/puppetlabs-apt/pull/789) ([david22swan](https://github.com/david22swan)) +- Introduce an Apt::Proxy type to validate the hash [#773](https://github.com/puppetlabs/puppetlabs-apt/pull/773) ([ekohl](https://github.com/ekohl)) + +### Fixed + +- (MODULES-6408) - Fix dirmngr install failing [#801](https://github.com/puppetlabs/puppetlabs-apt/pull/801) ([eimlav](https://github.com/eimlav)) +- (MODULES-1630) - Expanding source list fix to cover all needed versions [#788](https://github.com/puppetlabs/puppetlabs-apt/pull/788) ([david22swan](https://github.com/david22swan)) + +## [6.0.0](https://github.com/puppetlabs/puppetlabs-apt/tree/6.0.0) - 2018-08-24 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/5.0.1...6.0.0) + +### Changed + +- (MODULES-7668) Remove support for Puppet 4.7 [#780](https://github.com/puppetlabs/puppetlabs-apt/pull/780) ([jarretlavallee](https://github.com/jarretlavallee)) + +### Added + +- Check existence of gpg key in apt:ppa [#774](https://github.com/puppetlabs/puppetlabs-apt/pull/774) ([wenzhengjiang](https://github.com/wenzhengjiang)) +- Make sure PPA source file is absent when apt-add-repository fails [#768](https://github.com/puppetlabs/puppetlabs-apt/pull/768) ([wenzhengjiang](https://github.com/wenzhengjiang)) + +## [5.0.1](https://github.com/puppetlabs/puppetlabs-apt/tree/5.0.1) - 2018-07-30 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/5.0.0...5.0.1) + +### Fixed + +- (MODULES-7540) add apt-transport-https with https [#775](https://github.com/puppetlabs/puppetlabs-apt/pull/775) ([tphoney](https://github.com/tphoney)) + +## [5.0.0](https://github.com/puppetlabs/puppetlabs-apt/tree/5.0.0) - 2018-07-19 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/4.5.1...5.0.0) + +### Changed + +- [FM-6956] Removal of unsupported Debian 7 from apt [#760](https://github.com/puppetlabs/puppetlabs-apt/pull/760) ([david22swan](https://github.com/david22swan)) + +### Added + +- (MODULES-7468) Update apt to support Ubuntu 18.04 [#769](https://github.com/puppetlabs/puppetlabs-apt/pull/769) ([david22swan](https://github.com/david22swan)) +- Support managing login configurations in /etc/apt/auth.conf [#752](https://github.com/puppetlabs/puppetlabs-apt/pull/752) ([antaflos](https://github.com/antaflos)) + +### Fixed + +- (MODULES-7327) - Update README with supported OS [#767](https://github.com/puppetlabs/puppetlabs-apt/pull/767) ([pmcmaw](https://github.com/pmcmaw)) +- (bugfix) Dont run ftp tests in travis [#766](https://github.com/puppetlabs/puppetlabs-apt/pull/766) ([tphoney](https://github.com/tphoney)) +- (maint) make apt testing more stable, cleanup [#764](https://github.com/puppetlabs/puppetlabs-apt/pull/764) ([tphoney](https://github.com/tphoney)) +- Remove .length from variable $pin_release in app [#754](https://github.com/puppetlabs/puppetlabs-apt/pull/754) ([paladox](https://github.com/paladox)) +- Replace UTF-8 whitespace in comment [#748](https://github.com/puppetlabs/puppetlabs-apt/pull/748) ([bernhardschmidt](https://github.com/bernhardschmidt)) +- Fix "E: Unable to locate package -y" [#747](https://github.com/puppetlabs/puppetlabs-apt/pull/747) ([aboks](https://github.com/aboks)) +- Fix automatic coercion warning [#743](https://github.com/puppetlabs/puppetlabs-apt/pull/743) ([smortex](https://github.com/smortex)) + +## [4.5.1](https://github.com/puppetlabs/puppetlabs-apt/tree/4.5.1) - 2018-02-01 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/4.5.0...4.5.1) + +## [4.5.0](https://github.com/puppetlabs/puppetlabs-apt/tree/4.5.0) - 2018-01-22 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/4.4.1...4.5.0) + +### Fixed + +- MODULES-6235 - Addressing Rubocop Errors [#735](https://github.com/puppetlabs/puppetlabs-apt/pull/735) ([pmcmaw](https://github.com/pmcmaw)) + +## [4.4.1](https://github.com/puppetlabs/puppetlabs-apt/tree/4.4.1) - 2017-11-20 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/4.4.0...4.4.1) + +### Added + +- Rubocopification [#731](https://github.com/puppetlabs/puppetlabs-apt/pull/731) ([willmeek](https://github.com/willmeek)) + +## [4.4.0](https://github.com/puppetlabs/puppetlabs-apt/tree/4.4.0) - 2017-11-15 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/4.3.0...4.4.0) + +### Added + +- Add a check for Puppet version to task helper [#722](https://github.com/puppetlabs/puppetlabs-apt/pull/722) ([willmeek](https://github.com/willmeek)) +- Add a facter fact for dist-upgrade [#719](https://github.com/puppetlabs/puppetlabs-apt/pull/719) ([willmeek](https://github.com/willmeek)) +- Http proxy bypass [#718](https://github.com/puppetlabs/puppetlabs-apt/pull/718) ([willmeek](https://github.com/willmeek)) + +### Fixed + +- Install apt-transport-https if needed [#720](https://github.com/puppetlabs/puppetlabs-apt/pull/720) ([btravouillon](https://github.com/btravouillon)) +- Remove tasks acceptance test for non-Debian builds [#717](https://github.com/puppetlabs/puppetlabs-apt/pull/717) ([willmeek](https://github.com/willmeek)) +- Do not treat debian stable-updates as security updates [#716](https://github.com/puppetlabs/puppetlabs-apt/pull/716) ([kbarmen](https://github.com/kbarmen)) +- Install apt-transport-https in Debian 8 if needed [#714](https://github.com/puppetlabs/puppetlabs-apt/pull/714) ([btravouillon](https://github.com/btravouillon)) +- remove legacy functions [#711](https://github.com/puppetlabs/puppetlabs-apt/pull/711) ([b4ldr](https://github.com/b4ldr)) +- Fixed circular dependency for package dirmngr [#710](https://github.com/puppetlabs/puppetlabs-apt/pull/710) ([hp197](https://github.com/hp197)) + +## [4.3.0](https://github.com/puppetlabs/puppetlabs-apt/tree/4.3.0) - 2017-10-11 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/4.2.0...4.3.0) + +## [4.2.0](https://github.com/puppetlabs/puppetlabs-apt/tree/4.2.0) - 2017-09-26 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/4.1.0...4.2.0) + +### Added + +- apt_package_security_updates fact and test [#703](https://github.com/puppetlabs/puppetlabs-apt/pull/703) ([tphoney](https://github.com/tphoney)) +- Allow user to modify loglevel of apt-get update Exec resource [#690](https://github.com/puppetlabs/puppetlabs-apt/pull/690) ([tpdownes](https://github.com/tpdownes)) + +### Fixed + +- Switch to deb.debian.org and remove Debian 6.0 [#702](https://github.com/puppetlabs/puppetlabs-apt/pull/702) ([tphoney](https://github.com/tphoney)) +- MODULES-4686: gpg keyserver import fails in Debian 9 (Stretch) [#698](https://github.com/puppetlabs/puppetlabs-apt/pull/698) ([deric](https://github.com/deric)) +- Fixed typo in "Configuring Apt from hiera example" [#693](https://github.com/puppetlabs/puppetlabs-apt/pull/693) ([morremeyer](https://github.com/morremeyer)) +- Ignore subkeys in apt-key's output [#665](https://github.com/puppetlabs/puppetlabs-apt/pull/665) ([tiger-jmw](https://github.com/tiger-jmw)) +- (MODULES-4118) Set dpkg option NoLocking in apt_updates fact [#640](https://github.com/puppetlabs/puppetlabs-apt/pull/640) ([jocado](https://github.com/jocado)) + +## [4.1.0](https://github.com/puppetlabs/puppetlabs-apt/tree/4.1.0) - 2017-06-05 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/4.0.0...4.1.0) + +### Added + +- Ensure release allows empty strings [#681](https://github.com/puppetlabs/puppetlabs-apt/pull/681) ([HelenCampbell](https://github.com/HelenCampbell)) +- (MODULES-4973) rip out data in modules [#680](https://github.com/puppetlabs/puppetlabs-apt/pull/680) ([eputnam](https://github.com/eputnam)) + +### Fixed + +- Revert removal of Evolving Web's attribution in NOTICE file [#678](https://github.com/puppetlabs/puppetlabs-apt/pull/678) ([DavidS](https://github.com/DavidS)) + +## [4.0.0](https://github.com/puppetlabs/puppetlabs-apt/tree/4.0.0) - 2017-04-27 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/3.0.0...4.0.0) + +### Fixed + +- Rebase of #668 [#673](https://github.com/puppetlabs/puppetlabs-apt/pull/673) ([hunner](https://github.com/hunner)) +- Fix architecture fact overriding unset `architecture` source option [#672](https://github.com/puppetlabs/puppetlabs-apt/pull/672) ([domcleal](https://github.com/domcleal)) + +## [3.0.0](https://github.com/puppetlabs/puppetlabs-apt/tree/3.0.0) - 2017-04-19 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/2.4.0...3.0.0) + +### Added + +- (PUP-6856) Always define facts [#670](https://github.com/puppetlabs/puppetlabs-apt/pull/670) ([hunner](https://github.com/hunner)) + +## [2.4.0](https://github.com/puppetlabs/puppetlabs-apt/tree/2.4.0) - 2017-04-06 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/2.3.0...2.4.0) + +### Changed + +- Use stdlib deprecation [#641](https://github.com/puppetlabs/puppetlabs-apt/pull/641) ([DavidS](https://github.com/DavidS)) + +### Added + +- [MODULES-4224] Implement beaker-module_install_helper [#652](https://github.com/puppetlabs/puppetlabs-apt/pull/652) ([wilson208](https://github.com/wilson208)) +- [MODULES-3562] Implement retry for tests which require modules to pull key from keyserver [#631](https://github.com/puppetlabs/puppetlabs-apt/pull/631) ([wilson208](https://github.com/wilson208)) + +### Fixed + +- [MODULES-4528] Replace Puppet.version.to_f with Puppet::Util::Package.versioncmp [#658](https://github.com/puppetlabs/puppetlabs-apt/pull/658) ([wilson208](https://github.com/wilson208)) +- apt::key is a defined type, not a class [#656](https://github.com/puppetlabs/puppetlabs-apt/pull/656) ([WhatsARanjit](https://github.com/WhatsARanjit)) +- Avoid string comparison error [#635](https://github.com/puppetlabs/puppetlabs-apt/pull/635) ([lkoranda](https://github.com/lkoranda)) +- Undef default for $notify_update in source.pp results in problem with Puppet 3.7.2 [#628](https://github.com/puppetlabs/puppetlabs-apt/pull/628) ([cpavanrun](https://github.com/cpavanrun)) + +## [2.3.0](https://github.com/puppetlabs/puppetlabs-apt/tree/2.3.0) - 2016-09-20 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/2.2.2...2.3.0) + +### Added + +- Add ability to specify a hash of apt::conf defines [#616](https://github.com/puppetlabs/puppetlabs-apt/pull/616) ([ghoneycutt](https://github.com/ghoneycutt)) +- Expose notify_update to apt::source [#596](https://github.com/puppetlabs/puppetlabs-apt/pull/596) ([danielhoherd](https://github.com/danielhoherd)) + +### Fixed + +- Fix syntax error [#619](https://github.com/puppetlabs/puppetlabs-apt/pull/619) ([DavidS](https://github.com/DavidS)) +- Fixed "unless" test condition for ppa repository [#613](https://github.com/puppetlabs/puppetlabs-apt/pull/613) ([nicobn](https://github.com/nicobn)) +- apt/params: Remove unused LSB facts [#610](https://github.com/puppetlabs/puppetlabs-apt/pull/610) ([daenney](https://github.com/daenney)) +- Fix regexp for $ensure params [#609](https://github.com/puppetlabs/puppetlabs-apt/pull/609) ([hfm](https://github.com/hfm)) +- Use hkps.pool.sks-keyservers.net instead of pgp.mit.edu [#606](https://github.com/puppetlabs/puppetlabs-apt/pull/606) ([DavidS](https://github.com/DavidS)) +- Install software-properties-common for xenial [#605](https://github.com/puppetlabs/puppetlabs-apt/pull/605) ([imphil](https://github.com/imphil)) +- Fix version check on 16.04. [#604](https://github.com/puppetlabs/puppetlabs-apt/pull/604) ([tdb](https://github.com/tdb)) +- apt::setting expects priority to be an integer, set defaults accordingly [#602](https://github.com/puppetlabs/puppetlabs-apt/pull/602) ([madddi](https://github.com/madddi)) +- Fix STRICT_VARIABLE testing [#599](https://github.com/puppetlabs/puppetlabs-apt/pull/599) ([DavidS](https://github.com/DavidS)) +- Typo: missing colon [#595](https://github.com/puppetlabs/puppetlabs-apt/pull/595) ([danielhoherd](https://github.com/danielhoherd)) +- Make apt_updates facts use /usr/bin/apt-get. [#581](https://github.com/puppetlabs/puppetlabs-apt/pull/581) ([robinelfrink](https://github.com/robinelfrink)) + +## [2.2.2](https://github.com/puppetlabs/puppetlabs-apt/tree/2.2.2) - 2016-02-29 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/2.2.1...2.2.2) + +### Added + +- Add ubuntu 15.10 support [#578](https://github.com/puppetlabs/puppetlabs-apt/pull/578) ([pherjung](https://github.com/pherjung)) + +### Fixed + +- MODULES-2873 - Avoid multiple package resource declarations [#588](https://github.com/puppetlabs/puppetlabs-apt/pull/588) ([werekraken](https://github.com/werekraken)) +- Handle PPA names that contain a plus character. [#583](https://github.com/puppetlabs/puppetlabs-apt/pull/583) ([tdb](https://github.com/tdb)) +- Look for correct sources.list.d file for apt::ppa [#582](https://github.com/puppetlabs/puppetlabs-apt/pull/582) ([imphil](https://github.com/imphil)) +- fix whitespace in source.list [#577](https://github.com/puppetlabs/puppetlabs-apt/pull/577) ([amauf](https://github.com/amauf)) +- Fix apt_key tempfile race condition [#572](https://github.com/puppetlabs/puppetlabs-apt/pull/572) ([claytono](https://github.com/claytono)) + +## [2.2.1](https://github.com/puppetlabs/puppetlabs-apt/tree/2.2.1) - 2015-12-04 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/2.2.0...2.2.1) + +## [2.2.0](https://github.com/puppetlabs/puppetlabs-apt/tree/2.2.0) - 2015-09-29 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/2.1.1...2.2.0) + +### Added + +- Add support for creating pins from main class [#564](https://github.com/puppetlabs/puppetlabs-apt/pull/564) ([rfdrake](https://github.com/rfdrake)) +- Proxy ensure parameter. [#556](https://github.com/puppetlabs/puppetlabs-apt/pull/556) ([mike-callahan](https://github.com/mike-callahan)) +- Expose notify_update to apt::conf [#551](https://github.com/puppetlabs/puppetlabs-apt/pull/551) ([bdellegrazie](https://github.com/bdellegrazie)) + +### Fixed + +- Corrected regression with preference files name [#562](https://github.com/puppetlabs/puppetlabs-apt/pull/562) ([Vincent--](https://github.com/Vincent--)) +- MODULES-2446 - Fix pinning for backports [#560](https://github.com/puppetlabs/puppetlabs-apt/pull/560) ([underscorgan](https://github.com/underscorgan)) +- Fix path to 'preferences' and 'preferences.d'. [#557](https://github.com/puppetlabs/puppetlabs-apt/pull/557) ([fbarbeira](https://github.com/fbarbeira)) + +## [2.1.1](https://github.com/puppetlabs/puppetlabs-apt/tree/2.1.1) - 2015-07-27 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/2.1.0...2.1.1) + +### Added + +- Added additional header template for apt.conf style comments [#540](https://github.com/puppetlabs/puppetlabs-apt/pull/540) ([szynaka](https://github.com/szynaka)) + +### Fixed + +- Fix anchor issues [#547](https://github.com/puppetlabs/puppetlabs-apt/pull/547) ([underscorgan](https://github.com/underscorgan)) +- Iterate through multiple keys [#546](https://github.com/puppetlabs/puppetlabs-apt/pull/546) ([igalic](https://github.com/igalic)) +- Use Debian's new official mirrors redirector [#545](https://github.com/puppetlabs/puppetlabs-apt/pull/545) ([raoulbhatia](https://github.com/raoulbhatia)) +- Revert "Fix use of $::apt::params::backports and $::apt::params::xfac
 [#543](https://github.com/puppetlabs/puppetlabs-apt/pull/543) ([underscorgan](https://github.com/underscorgan)) +- Fix use of $::apt::params::backports and $::apt::params::xfacts. [#542](https://github.com/puppetlabs/puppetlabs-apt/pull/542) ([Farzy](https://github.com/Farzy)) +- hashes are not supported in selectors [#539](https://github.com/puppetlabs/puppetlabs-apt/pull/539) ([underscorgan](https://github.com/underscorgan)) +- typo [#538](https://github.com/puppetlabs/puppetlabs-apt/pull/538) ([underscorgan](https://github.com/underscorgan)) +- Don't add puppetlabs sources for lucid [#537](https://github.com/puppetlabs/puppetlabs-apt/pull/537) ([underscorgan](https://github.com/underscorgan)) + +## [2.1.0](https://github.com/puppetlabs/puppetlabs-apt/tree/2.1.0) - 2015-06-16 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/2.0.1...2.1.0) + +### Changed + +- API compatibility between 1.8.x and 2.x for apt::source [#529](https://github.com/puppetlabs/puppetlabs-apt/pull/529) ([underscorgan](https://github.com/underscorgan)) + +### Added + +- Added new apt_reboot_required fact, updated readme, and added unit tests [#516](https://github.com/puppetlabs/puppetlabs-apt/pull/516) ([dlactin](https://github.com/dlactin)) + +### Fixed + +- Make apt::key compatible with 1.8.x [#527](https://github.com/puppetlabs/puppetlabs-apt/pull/527) ([underscorgan](https://github.com/underscorgan)) +- Backwards compatibility with older versions of puppet [#525](https://github.com/puppetlabs/puppetlabs-apt/pull/525) ([ianmacl](https://github.com/ianmacl)) +- Only use the strict variables workaround if using strict variables [#524](https://github.com/puppetlabs/puppetlabs-apt/pull/524) ([underscorgan](https://github.com/underscorgan)) +- Don't stub puppetversion [#521](https://github.com/puppetlabs/puppetlabs-apt/pull/521) ([hunner](https://github.com/hunner)) + +## [2.0.1](https://github.com/puppetlabs/puppetlabs-apt/tree/2.0.1) - 2015-04-28 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/2.0.0...2.0.1) + +### Added + +- MODULES-1934: Iterate through multiple keys [#501](https://github.com/puppetlabs/puppetlabs-apt/pull/501) ([underscorgan](https://github.com/underscorgan)) + +### Fixed + +- Restore Puppet 3.4 and earlier compatibility [#511](https://github.com/puppetlabs/puppetlabs-apt/pull/511) ([underscorgan](https://github.com/underscorgan)) +- Update tests to work with rspec-puppet 2.x [#504](https://github.com/puppetlabs/puppetlabs-apt/pull/504) ([underscorgan](https://github.com/underscorgan)) + +## [2.0.0](https://github.com/puppetlabs/puppetlabs-apt/tree/2.0.0) - 2015-04-14 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/1.8.0...2.0.0) + +### Added + +- Add missing examples for 'removed' functionality [#483](https://github.com/puppetlabs/puppetlabs-apt/pull/483) ([underscorgan](https://github.com/underscorgan)) + +### Fixed + +- Don't purge by default. That seems unnecessarily destructive. [#497](https://github.com/puppetlabs/puppetlabs-apt/pull/497) ([underscorgan](https://github.com/underscorgan)) +- apt::conf: Don't require content `ensure=>absent`. [#496](https://github.com/puppetlabs/puppetlabs-apt/pull/496) ([daenney](https://github.com/daenney)) +- Remove default support for Linux Mint and Cumulus Networks [#493](https://github.com/puppetlabs/puppetlabs-apt/pull/493) ([underscorgan](https://github.com/underscorgan)) +- (MODULES-1156, MODULES-769) Update anchors [#479](https://github.com/puppetlabs/puppetlabs-apt/pull/479) ([underscorgan](https://github.com/underscorgan)) +- Remove `update['always'] = true` support [#473](https://github.com/puppetlabs/puppetlabs-apt/pull/473) ([underscorgan](https://github.com/underscorgan)) +- Acceptance test fixes [#472](https://github.com/puppetlabs/puppetlabs-apt/pull/472) ([underscorgan](https://github.com/underscorgan)) + +## [1.8.0](https://github.com/puppetlabs/puppetlabs-apt/tree/1.8.0) - 2015-03-17 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/1.7.0...1.8.0) + +### Changed + +- Various major behavioural changes [#447](https://github.com/puppetlabs/puppetlabs-apt/pull/447) ([daenney](https://github.com/daenney)) +- V2.0.0 Prep work: Removing old code / Adding placeholders [#424](https://github.com/puppetlabs/puppetlabs-apt/pull/424) ([underscorgan](https://github.com/underscorgan)) + +### Added + +- Allow changing legacy_origin [#463](https://github.com/puppetlabs/puppetlabs-apt/pull/463) ([underscorgan](https://github.com/underscorgan)) +- initial commit for apt_key checking [#459](https://github.com/puppetlabs/puppetlabs-apt/pull/459) ([tphoney](https://github.com/tphoney)) +- apt::source: Merge `include_*` options into hash. [#451](https://github.com/puppetlabs/puppetlabs-apt/pull/451) ([daenney](https://github.com/daenney)) +- apt::params: Complete $xfacts. [#450](https://github.com/puppetlabs/puppetlabs-apt/pull/450) ([daenney](https://github.com/daenney)) +- apt: Add proxy support on the class. [#446](https://github.com/puppetlabs/puppetlabs-apt/pull/446) ([daenney](https://github.com/daenney)) +- proxy_* params were removed from class apt [#443](https://github.com/puppetlabs/puppetlabs-apt/pull/443) ([underscorgan](https://github.com/underscorgan)) +- Add base_name parameter to apt::setting [#442](https://github.com/puppetlabs/puppetlabs-apt/pull/442) ([underscorgan](https://github.com/underscorgan)) +- apt::params: Make the class private. [#438](https://github.com/puppetlabs/puppetlabs-apt/pull/438) ([daenney](https://github.com/daenney)) +- apt: Add apt::setting defined type. [#428](https://github.com/puppetlabs/puppetlabs-apt/pull/428) ([daenney](https://github.com/daenney)) +- Add support for parameter trusted MODULES-1658 [#407](https://github.com/puppetlabs/puppetlabs-apt/pull/407) ([mkrakowitzer](https://github.com/mkrakowitzer)) +- Allow full length GPG key fingerprints. [#404](https://github.com/puppetlabs/puppetlabs-apt/pull/404) ([WolverineFan](https://github.com/WolverineFan)) +- Allow ports that consist of 5 decimals [#400](https://github.com/puppetlabs/puppetlabs-apt/pull/400) ([voidus](https://github.com/voidus)) +- Add Ubuntu vivid (15.04) release [#395](https://github.com/puppetlabs/puppetlabs-apt/pull/395) ([udienz](https://github.com/udienz)) + +### Fixed + +- Update all the unit tests to look for full fingerprints [#469](https://github.com/puppetlabs/puppetlabs-apt/pull/469) ([underscorgan](https://github.com/underscorgan)) +- Fix gpg key checking warings after f588f26 [#466](https://github.com/puppetlabs/puppetlabs-apt/pull/466) ([paroga](https://github.com/paroga)) +- apt_key: fix parsing invalid dates when using GnuPG 2.x [#465](https://github.com/puppetlabs/puppetlabs-apt/pull/465) ([bootc](https://github.com/bootc)) +- Inheritance of apt::params means it can't be private [#461](https://github.com/puppetlabs/puppetlabs-apt/pull/461) ([underscorgan](https://github.com/underscorgan)) +- Cleaning 50unattended-upgrades.erb [#456](https://github.com/puppetlabs/puppetlabs-apt/pull/456) ([johanfleury](https://github.com/johanfleury)) +- MODULES-1827 adding Cumulus Linux detection [#454](https://github.com/puppetlabs/puppetlabs-apt/pull/454) ([LeslieCarr](https://github.com/LeslieCarr)) +- apt::source: Make location required. [#453](https://github.com/puppetlabs/puppetlabs-apt/pull/453) ([daenney](https://github.com/daenney)) +- apt::source: Rename `trusted_source`. [#452](https://github.com/puppetlabs/puppetlabs-apt/pull/452) ([daenney](https://github.com/daenney)) +- apt: Fix all strict variable cases. [#449](https://github.com/puppetlabs/puppetlabs-apt/pull/449) ([daenney](https://github.com/daenney)) +- apt::setting: Remove file_perms. [#448](https://github.com/puppetlabs/puppetlabs-apt/pull/448) ([daenney](https://github.com/daenney)) +- Make apt::setting notify Exec['apt_update'] by default [#445](https://github.com/puppetlabs/puppetlabs-apt/pull/445) ([underscorgan](https://github.com/underscorgan)) +- apt::setting: Parse type and name from title. [#444](https://github.com/puppetlabs/puppetlabs-apt/pull/444) ([daenney](https://github.com/daenney)) +- Convert to use apt::setting instead of file resource [#441](https://github.com/puppetlabs/puppetlabs-apt/pull/441) ([underscorgan](https://github.com/underscorgan)) +- Type is a reserved word in puppet 4 [#435](https://github.com/puppetlabs/puppetlabs-apt/pull/435) ([underscorgan](https://github.com/underscorgan)) +- Stop redeclaring variables from params [#431](https://github.com/puppetlabs/puppetlabs-apt/pull/431) ([underscorgan](https://github.com/underscorgan)) +- Remove 'include apt::update' [#429](https://github.com/puppetlabs/puppetlabs-apt/pull/429) ([underscorgan](https://github.com/underscorgan)) +- RFC - Remove required packages [#427](https://github.com/puppetlabs/puppetlabs-apt/pull/427) ([underscorgan](https://github.com/underscorgan)) +- apt::params: Add two missing entries, use them. [#426](https://github.com/puppetlabs/puppetlabs-apt/pull/426) ([daenney](https://github.com/daenney)) +- Trusted will be a reserved word in Puppet 4 [#411](https://github.com/puppetlabs/puppetlabs-apt/pull/411) ([underscorgan](https://github.com/underscorgan)) +- MODULES-1661 Fix to do delete with short key not long [#409](https://github.com/puppetlabs/puppetlabs-apt/pull/409) ([cyberious](https://github.com/cyberious)) +- MODULES-1661 Fix issue with apt_key destroy, also added mutliple deletes [#408](https://github.com/puppetlabs/puppetlabs-apt/pull/408) ([cyberious](https://github.com/cyberious)) +- Fix apt_has_updates fact not parsing apt-check output correctly [#403](https://github.com/puppetlabs/puppetlabs-apt/pull/403) ([WolverineFan](https://github.com/WolverineFan)) +- Separate apt::pin for apt::backports to allow pin by release instead of ... [#398](https://github.com/puppetlabs/puppetlabs-apt/pull/398) ([riconnon](https://github.com/riconnon)) +- (MODULES-1231) Fix apt::force locale issues [#394](https://github.com/puppetlabs/puppetlabs-apt/pull/394) ([juniorsysadmin](https://github.com/juniorsysadmin)) +- (MODULES-1200) Fix inconsistent header across files [#389](https://github.com/puppetlabs/puppetlabs-apt/pull/389) ([stdietrich](https://github.com/stdietrich)) +- MODULES-1119 Fixed to now have username and passwords passed in again [#384](https://github.com/puppetlabs/puppetlabs-apt/pull/384) ([cyberious](https://github.com/cyberious)) +- Unattended upgrades oldstable for wheezy [#376](https://github.com/puppetlabs/puppetlabs-apt/pull/376) ([raoulbhatia](https://github.com/raoulbhatia)) + +## [1.7.0](https://github.com/puppetlabs/puppetlabs-apt/tree/1.7.0) - 2014-10-28 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/1.6.0...1.7.0) + +### Added + +- Add support for RandomSleep to 10periodic [#374](https://github.com/puppetlabs/puppetlabs-apt/pull/374) ([bschlief](https://github.com/bschlief)) +- apt::force: Added 2 parameters for automatic configuration file handling... [#363](https://github.com/puppetlabs/puppetlabs-apt/pull/363) ([martinseener](https://github.com/martinseener)) +- Apt update tooling [#349](https://github.com/puppetlabs/puppetlabs-apt/pull/349) ([wolfspyre](https://github.com/wolfspyre)) + +### Fixed + +- Refactor facts to improve performance: [#375](https://github.com/puppetlabs/puppetlabs-apt/pull/375) ([raphink](https://github.com/raphink)) +- add --force-yes so deb7 doesn't hang [#371](https://github.com/puppetlabs/puppetlabs-apt/pull/371) ([underscorgan](https://github.com/underscorgan)) +- Missed one case for _kick_apt needed for strict variables [#369](https://github.com/puppetlabs/puppetlabs-apt/pull/369) ([underscorgan](https://github.com/underscorgan)) +- Fix for future parser support [#368](https://github.com/puppetlabs/puppetlabs-apt/pull/368) ([underscorgan](https://github.com/underscorgan)) +- We aren't truncating in the type [#366](https://github.com/puppetlabs/puppetlabs-apt/pull/366) ([underscorgan](https://github.com/underscorgan)) +- Don't truncate to short keys in the type [#365](https://github.com/puppetlabs/puppetlabs-apt/pull/365) ([underscorgan](https://github.com/underscorgan)) +- Fix issue with puppet_module_install, removed and using updated method f... [#358](https://github.com/puppetlabs/puppetlabs-apt/pull/358) ([cyberious](https://github.com/cyberious)) +- Remove stderr from stdout [#348](https://github.com/puppetlabs/puppetlabs-apt/pull/348) ([hunner](https://github.com/hunner)) +- Builddep notifies apt-get update instead of requiring it [#326](https://github.com/puppetlabs/puppetlabs-apt/pull/326) ([dvcrn](https://github.com/dvcrn)) + +## [1.6.0](https://github.com/puppetlabs/puppetlabs-apt/tree/1.6.0) - 2014-08-13 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/1.5.2...1.6.0) + +### Fixed + +- Test fixes [#343](https://github.com/puppetlabs/puppetlabs-apt/pull/343) ([underscorgan](https://github.com/underscorgan)) +- 1.5.3 backports [#340](https://github.com/puppetlabs/puppetlabs-apt/pull/340) ([underscorgan](https://github.com/underscorgan)) +- Fix broken acceptance tests. [#335](https://github.com/puppetlabs/puppetlabs-apt/pull/335) ([underscorgan](https://github.com/underscorgan)) +- Fix for debian/ubuntu hold and a way to add debian src only [#333](https://github.com/puppetlabs/puppetlabs-apt/pull/333) ([wilman0](https://github.com/wilman0)) +- Fix inconsistent $proxy_host handling in apt and apt::ppa. [#330](https://github.com/puppetlabs/puppetlabs-apt/pull/330) ([dantman](https://github.com/dantman)) +- Adds check to params.pp if lab-release is not installed [#329](https://github.com/puppetlabs/puppetlabs-apt/pull/329) ([spuder](https://github.com/spuder)) + +## [1.5.2](https://github.com/puppetlabs/puppetlabs-apt/tree/1.5.2) - 2014-07-21 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/1.5.1...1.5.2) + +## [1.5.1](https://github.com/puppetlabs/puppetlabs-apt/tree/1.5.1) - 2014-07-10 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/1.5.0...1.5.1) + +### Added + +- Enable auto-update for Debian squeeze-lts [#321](https://github.com/puppetlabs/puppetlabs-apt/pull/321) ([raoulbhatia](https://github.com/raoulbhatia)) +- add facts showing available updates [#319](https://github.com/puppetlabs/puppetlabs-apt/pull/319) ([damoxc](https://github.com/damoxc)) +- Allow for custom comment in sources.list file [#311](https://github.com/puppetlabs/puppetlabs-apt/pull/311) ([juniorsysadmin](https://github.com/juniorsysadmin)) + +### Fixed + +- MODULES-780 Don't blow up on unicode characters. [#327](https://github.com/puppetlabs/puppetlabs-apt/pull/327) ([adik](https://github.com/adik)) +- MODULES-780 Don't blow up on unicode characters. [#318](https://github.com/puppetlabs/puppetlabs-apt/pull/318) ([daenney](https://github.com/daenney)) + +## [1.5.0](https://github.com/puppetlabs/puppetlabs-apt/tree/1.5.0) - 2014-06-05 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/1.4.2...1.5.0) + +### Added + +- adding notice on top of sourceslist files [#297](https://github.com/puppetlabs/puppetlabs-apt/pull/297) ([frconil](https://github.com/frconil)) +- backports: Allow setting a custom priority. [#275](https://github.com/puppetlabs/puppetlabs-apt/pull/275) ([daenney](https://github.com/daenney)) +- apt::hold: Add a mechanism to hold a package. [#259](https://github.com/puppetlabs/puppetlabs-apt/pull/259) ([daenney](https://github.com/daenney)) +- Add Ubuntu Trusty [#258](https://github.com/puppetlabs/puppetlabs-apt/pull/258) ([sodabrew](https://github.com/sodabrew)) +- Add ability to specify hash of apt sources in hiera [#249](https://github.com/puppetlabs/puppetlabs-apt/pull/249) ([ghoneycutt](https://github.com/ghoneycutt)) +- Rework apt::key to use apt_key. [#230](https://github.com/puppetlabs/puppetlabs-apt/pull/230) ([daenney](https://github.com/daenney)) + +### Fixed + +- Fixed regex to follow APT requirements [#298](https://github.com/puppetlabs/puppetlabs-apt/pull/298) ([frconil](https://github.com/frconil)) +- unattended_upgrades: Fix matching security archive [#286](https://github.com/puppetlabs/puppetlabs-apt/pull/286) ([apenney](https://github.com/apenney)) +- Change proxy's configuration file to be consistent with other config files in apt.conf.d [#283](https://github.com/puppetlabs/puppetlabs-apt/pull/283) ([johanfleury](https://github.com/johanfleury)) +- unattended-upgrades: Fix origins for Squeeze. [#281](https://github.com/puppetlabs/puppetlabs-apt/pull/281) ([daenney](https://github.com/daenney)) +- Small patch to fix the spacing that makes lint fail. [#279](https://github.com/puppetlabs/puppetlabs-apt/pull/279) ([apenney](https://github.com/apenney)) +- unattended_upgrades: Fix matching security archive [#278](https://github.com/puppetlabs/puppetlabs-apt/pull/278) ([daenney](https://github.com/daenney)) +- Fix typo in ppa.pp [#274](https://github.com/puppetlabs/puppetlabs-apt/pull/274) ([fdrouet](https://github.com/fdrouet)) +- Use File.expand_path with require. [#268](https://github.com/puppetlabs/puppetlabs-apt/pull/268) ([daenney](https://github.com/daenney)) +- Fix fail message [#248](https://github.com/puppetlabs/puppetlabs-apt/pull/248) ([electrical](https://github.com/electrical)) +- Make apt.conf.d/proxy world readable and add a newline [#209](https://github.com/puppetlabs/puppetlabs-apt/pull/209) ([pabl0](https://github.com/pabl0)) +- Added retry to update operation [#193](https://github.com/puppetlabs/puppetlabs-apt/pull/193) ([ianunruh](https://github.com/ianunruh)) + +## [1.4.2](https://github.com/puppetlabs/puppetlabs-apt/tree/1.4.2) - 2014-03-03 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/1.4.1...1.4.2) + +### Added + +- Add lsbdistid facts where appropriate. [#244](https://github.com/puppetlabs/puppetlabs-apt/pull/244) ([apenney](https://github.com/apenney)) +- apt: Allow managing of preferences file. [#240](https://github.com/puppetlabs/puppetlabs-apt/pull/240) ([daenney](https://github.com/daenney)) +- apt_key: Support fetching keys over FTP. [#229](https://github.com/puppetlabs/puppetlabs-apt/pull/229) ([daenney](https://github.com/daenney)) +- apt::pin: Allow for packages to be an array. [#223](https://github.com/puppetlabs/puppetlabs-apt/pull/223) ([daenney](https://github.com/daenney)) +- apt_key type/provider [#212](https://github.com/puppetlabs/puppetlabs-apt/pull/212) ([daenney](https://github.com/daenney)) + +### Fixed + +- Add back in missing fields to work around Puppet bug. [#257](https://github.com/puppetlabs/puppetlabs-apt/pull/257) ([apenney](https://github.com/apenney)) +- Port 8080 is a bad choice and bumps into puppetdb [#237](https://github.com/puppetlabs/puppetlabs-apt/pull/237) ([hunner](https://github.com/hunner)) +- Don't pass options to ppa on lucid [#231](https://github.com/puppetlabs/puppetlabs-apt/pull/231) ([hunner](https://github.com/hunner)) +- Force owner and mode on ppa files [#227](https://github.com/puppetlabs/puppetlabs-apt/pull/227) ([daniellawrence](https://github.com/daniellawrence)) +- Update out of date Debian signing key for backports [#226](https://github.com/puppetlabs/puppetlabs-apt/pull/226) ([mark0n](https://github.com/mark0n)) +- changed proxy_host default value from true to undef. fixes #211 [#215](https://github.com/puppetlabs/puppetlabs-apt/pull/215) ([lotherk](https://github.com/lotherk)) + +## [1.4.1](https://github.com/puppetlabs/puppetlabs-apt/tree/1.4.1) - 2014-02-14 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/1.4.0...1.4.1) + +### Changed + +- Handling of release parameter and apt provider in force manifest [#140](https://github.com/puppetlabs/puppetlabs-apt/pull/140) ([hunner](https://github.com/hunner)) + +### Added + +- Update ppa.pp [#191](https://github.com/puppetlabs/puppetlabs-apt/pull/191) ([mnencia](https://github.com/mnencia)) + +### Fixed + +- Ensure apt::ppa fails on non-Ubuntu. [#208](https://github.com/puppetlabs/puppetlabs-apt/pull/208) ([apenney](https://github.com/apenney)) +- fixed include, contained dash instead of underline. [#205](https://github.com/puppetlabs/puppetlabs-apt/pull/205) ([braddeicide](https://github.com/braddeicide)) +- Apt::ppa should exec with root [#202](https://github.com/puppetlabs/puppetlabs-apt/pull/202) ([tsuharesu](https://github.com/tsuharesu)) +- Use include instead of parameterized class when no params are given. [#187](https://github.com/puppetlabs/puppetlabs-apt/pull/187) ([ghoneycutt](https://github.com/ghoneycutt)) +- add an 'ensure' parameter to apt::ppa [#184](https://github.com/puppetlabs/puppetlabs-apt/pull/184) ([rsrchboy](https://github.com/rsrchboy)) +- apt::source templates/sources.list.erb generates invalid source line when architecture is provided. [#182](https://github.com/puppetlabs/puppetlabs-apt/pull/182) ([stefanvanwouw](https://github.com/stefanvanwouw)) +- getparam() isn't available in all stdlib versions. [#178](https://github.com/puppetlabs/puppetlabs-apt/pull/178) ([apenney](https://github.com/apenney)) + +## [1.4.0](https://github.com/puppetlabs/puppetlabs-apt/tree/1.4.0) - 2013-10-15 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/1.3.0...1.4.0) + +### Fixed + +- This work flips from onlyif to unless (mistakenly looked at the [#172](https://github.com/puppetlabs/puppetlabs-apt/pull/172) ([apenney](https://github.com/apenney)) +- add an updates_timeout option to apt::params (PR fix) [#167](https://github.com/puppetlabs/puppetlabs-apt/pull/167) ([madeddie](https://github.com/madeddie)) + +## [1.3.0](https://github.com/puppetlabs/puppetlabs-apt/tree/1.3.0) - 2013-09-17 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/1.2.0...1.3.0) + +### Added + +- Class for managing unattended-upgrades [#153](https://github.com/puppetlabs/puppetlabs-apt/pull/153) ([philipcohoe](https://github.com/philipcohoe)) +- Add wheezy backports support [#149](https://github.com/puppetlabs/puppetlabs-apt/pull/149) ([bionix](https://github.com/bionix)) + +### Fixed + +- pass flags as string of single letter [#148](https://github.com/puppetlabs/puppetlabs-apt/pull/148) ([nagas](https://github.com/nagas)) +- Fix: parametrize apt::ppa class for beign able to pass options to apt-add-repository command [#146](https://github.com/puppetlabs/puppetlabs-apt/pull/146) ([oleiade](https://github.com/oleiade)) +- ppa: fix empty environment definition in exec ressource when no proxy [#145](https://github.com/puppetlabs/puppetlabs-apt/pull/145) ([PierreGambarotto](https://github.com/PierreGambarotto)) + +## [1.2.0](https://github.com/puppetlabs/puppetlabs-apt/tree/1.2.0) - 2013-07-05 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/1.1.1...1.2.0) + +### Added + +- Add a $key_options parameter to apt::key. [#122](https://github.com/puppetlabs/puppetlabs-apt/pull/122) ([strangeman](https://github.com/strangeman)) +- Add optional architecture qualifier to apt-sources [#118](https://github.com/puppetlabs/puppetlabs-apt/pull/118) ([jopecko](https://github.com/jopecko)) + +### Fixed + +- replace aptitude with apt in apt::force [#134](https://github.com/puppetlabs/puppetlabs-apt/pull/134) ([spali](https://github.com/spali)) + +## [1.1.1](https://github.com/puppetlabs/puppetlabs-apt/tree/1.1.1) - 2013-07-01 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/1.1.0...1.1.1) + +### Changed + +- Restrict the versions and add 3.1 [#112](https://github.com/puppetlabs/puppetlabs-apt/pull/112) ([richardc](https://github.com/richardc)) + +### Added + +- Support APT pinning by codename [#135](https://github.com/puppetlabs/puppetlabs-apt/pull/135) ([vholer](https://github.com/vholer)) + +### Fixed + +- Revert "Merge pull request #135 from CERIT-SC/master" [#137](https://github.com/puppetlabs/puppetlabs-apt/pull/137) ([hunner](https://github.com/hunner)) +- trim keys to 8 chars for matching with apt-key list (fix for #100) [#133](https://github.com/puppetlabs/puppetlabs-apt/pull/133) ([benben](https://github.com/benben)) + +## [1.1.0](https://github.com/puppetlabs/puppetlabs-apt/tree/1.1.0) - 2012-12-02 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/1.0.1...1.1.0) + +### Fixed + +- Modified the PPA code for changes in Quantal [#96](https://github.com/puppetlabs/puppetlabs-apt/pull/96) ([jnicolson](https://github.com/jnicolson)) +- Librarian bug [#94](https://github.com/puppetlabs/puppetlabs-apt/pull/94) ([ryanycoleman](https://github.com/ryanycoleman)) + +## [1.0.1](https://github.com/puppetlabs/puppetlabs-apt/tree/1.0.1) - 2012-10-29 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/1.0.0...1.0.1) + +## [1.0.0](https://github.com/puppetlabs/puppetlabs-apt/tree/1.0.0) - 2012-10-29 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/0.0.4...1.0.0) + +### Changed + +- Without puppetlabs/stdlib, you will get "err: Could not retrieve catalog... [#75](https://github.com/puppetlabs/puppetlabs-apt/pull/75) ([ytjohn](https://github.com/ytjohn)) + +### Added + +- (#16070) Allow optional order parameter to apt::pin [#83](https://github.com/puppetlabs/puppetlabs-apt/pull/83) ([dalen](https://github.com/dalen)) +- Add a way to specify a timeout for the apt::force define. [#79](https://github.com/puppetlabs/puppetlabs-apt/pull/79) ([sathlan](https://github.com/sathlan)) + +### Fixed + +- remove check, if $release is empty [#78](https://github.com/puppetlabs/puppetlabs-apt/pull/78) ([saz](https://github.com/saz)) +- «main» repository is missing from ubuntu backports. [#77](https://github.com/puppetlabs/puppetlabs-apt/pull/77) ([jonhattan](https://github.com/jonhattan)) +- fix scoping of $lsbdistcodename in source.pp [#74](https://github.com/puppetlabs/puppetlabs-apt/pull/74) ([antonlindstrom](https://github.com/antonlindstrom)) +- Add logoutput on_failure for all exec resources. [#73](https://github.com/puppetlabs/puppetlabs-apt/pull/73) ([nanliu](https://github.com/nanliu)) +- Fix Modulefile for puppet-apt to puppetlabs-apt rename [#72](https://github.com/puppetlabs/puppetlabs-apt/pull/72) ([branan](https://github.com/branan)) + +## [0.0.4](https://github.com/puppetlabs/puppetlabs-apt/tree/0.0.4) - 2012-06-05 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/0.0.3...0.0.4) + +### Fixed + +- Fix Modulefile for puppet-apt to puppetlabs-apt rename [#72](https://github.com/puppetlabs/puppetlabs-apt/pull/72) ([branan](https://github.com/branan)) +- (#14657) Fix filename when there is a period in the PPA [#60](https://github.com/puppetlabs/puppetlabs-apt/pull/60) ([branan](https://github.com/branan)) +- Fix style related issues in module. [#57](https://github.com/puppetlabs/puppetlabs-apt/pull/57) ([nanliu](https://github.com/nanliu)) +- (#11966) apt module containment for apt_update. [#55](https://github.com/puppetlabs/puppetlabs-apt/pull/55) ([nanliu](https://github.com/nanliu)) + +## [0.0.3](https://github.com/puppetlabs/puppetlabs-apt/tree/0.0.3) - 2012-05-04 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/0.0.2...0.0.3) + +### Added + +- (#14321) apt::pin resource support release. [#53](https://github.com/puppetlabs/puppetlabs-apt/pull/53) ([nanliu](https://github.com/nanliu)) +- (#14308) Add ensure=>absent for define resource. [#52](https://github.com/puppetlabs/puppetlabs-apt/pull/52) ([nanliu](https://github.com/nanliu)) +- Sync with pl ops [#42](https://github.com/puppetlabs/puppetlabs-apt/pull/42) ([ody](https://github.com/ody)) +- Make sure we configure the proxy before doing apt-get update. [#41](https://github.com/puppetlabs/puppetlabs-apt/pull/41) ([tbroyer](https://github.com/tbroyer)) + +### Fixed + +- Move Package['python-software-properties'] to apt:ppa [#54](https://github.com/puppetlabs/puppetlabs-apt/pull/54) ([branan](https://github.com/branan)) +- (#11966) Only invoke apt-get update once. [#49](https://github.com/puppetlabs/puppetlabs-apt/pull/49) ([nanliu](https://github.com/nanliu)) +- (#14138) Fix spec test for aptitude changes. [#47](https://github.com/puppetlabs/puppetlabs-apt/pull/47) ([nanliu](https://github.com/nanliu)) +- (#14138) Modify apt::ppa's update-apt exec to use the ${apt::params::provider} parameter. [#44](https://github.com/puppetlabs/puppetlabs-apt/pull/44) ([relud](https://github.com/relud)) + +## [0.0.2](https://github.com/puppetlabs/puppetlabs-apt/tree/0.0.2) - 2012-03-26 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/0.0.1...0.0.2) + +### Added + +- (#13125) Apt keys should be case insensitive [#34](https://github.com/puppetlabs/puppetlabs-apt/pull/34) ([blkperl](https://github.com/blkperl)) + +### Fixed + +- Convert apt::key to use anchors [#32](https://github.com/puppetlabs/puppetlabs-apt/pull/32) ([reidmv](https://github.com/reidmv)) + +## [0.0.1](https://github.com/puppetlabs/puppetlabs-apt/tree/0.0.1) - 2012-03-07 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/f848bac6072f99e1cd60a0cc0b84e5679c598dab...0.0.1) diff --git a/environments/production/thirdparty/apt/CODEOWNERS b/environments/production/thirdparty/apt/CODEOWNERS new file mode 100644 index 0000000..47762f3 --- /dev/null +++ b/environments/production/thirdparty/apt/CODEOWNERS @@ -0,0 +1,2 @@ +# Setting ownership to the modules team +* @puppetlabs/modules @bastelfreak @smortex diff --git a/environments/production/thirdparty/apt/CONTRIBUTING.md b/environments/production/thirdparty/apt/CONTRIBUTING.md new file mode 100644 index 0000000..e7a3a7c --- /dev/null +++ b/environments/production/thirdparty/apt/CONTRIBUTING.md @@ -0,0 +1,3 @@ +# Contributing to Puppet modules + +Check out our [Contributing to Supported Modules Blog Post](https://puppetlabs.github.io/iac/docs/contributing_to_a_module.html) to find all the information that you will need. diff --git a/environments/production/thirdparty/apt/HISTORY.md b/environments/production/thirdparty/apt/HISTORY.md new file mode 100644 index 0000000..470b239 --- /dev/null +++ b/environments/production/thirdparty/apt/HISTORY.md @@ -0,0 +1,692 @@ +## 5.0.1 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/5.0.0...5.0.1) + +### Fixed + +- \(MODULES-7540\) - add apt-transport-https with https [\#775](https://github.com/puppetlabs/puppetlabs-apt/pull/775) ([tphoney](https://github.com/tphoney)) + +## [5.0.0](https://github.com/puppetlabs/puppetlabs-apt/tree/5.0.0) (2018-07-18) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/4.5.1...5.0.0) + +### Changed + +- \[FM-6956\] Removal of unsupported Debian 7 from apt [\#760](https://github.com/puppetlabs/puppetlabs-apt/pull/760) ([david22swan](https://github.com/david22swan)) + +### Added + +- \(MODULES-7467\) Update apt to support Ubuntu 18.04 [\#769](https://github.com/puppetlabs/puppetlabs-apt/pull/769) ([david22swan](https://github.com/david22swan)) +- Support managing login configurations in /etc/apt/auth.conf [\#752](https://github.com/puppetlabs/puppetlabs-apt/pull/752) ([antaflos](https://github.com/antaflos)) + +### Fixed + +- \(MODULES-7327\) - Update README with supported OS [\#767](https://github.com/puppetlabs/puppetlabs-apt/pull/767) ([pmcmaw](https://github.com/pmcmaw)) +- \(bugfix\) Dont run ftp tests in travis [\#766](https://github.com/puppetlabs/puppetlabs-apt/pull/766) ([tphoney](https://github.com/tphoney)) +- \(maint\) make apt testing more stable, cleanup [\#764](https://github.com/puppetlabs/puppetlabs-apt/pull/764) ([tphoney](https://github.com/tphoney)) +- Remove .length from variable $pin\_release in app [\#754](https://github.com/puppetlabs/puppetlabs-apt/pull/754) ([paladox](https://github.com/paladox)) +- Replace UTF-8 whitespace in comment [\#748](https://github.com/puppetlabs/puppetlabs-apt/pull/748) ([bernhardschmidt](https://github.com/bernhardschmidt)) +- Fix "E: Unable to locate package -y" [\#747](https://github.com/puppetlabs/puppetlabs-apt/pull/747) ([aboks](https://github.com/aboks)) +- Fix automatic coercion warning [\#743](https://github.com/puppetlabs/puppetlabs-apt/pull/743) ([smortex](https://github.com/smortex)) + +## Supported Release [4.5.1] +### Summary +This release fixes CVE-2018-6508 which is a potential arbitrary code execution via tasks. + +### Fixed +- Fix init task for arbitrary remote code + +## Supported Release [4.5.0] +### Summary +This release uses the PDK convert functionality which in return makes the module PDK compliant. It also includes a roll up of maintenance changes. + +### Added +- PDK convert apt ([MODULES-6452](https://tickets.puppet.com/browse/MODULES-6452)). +- Testing on Travis using rvm 2.4.1. +- Modulesync updates. + +### Fixed +- Changes to address additional Rubocop failures. +- (maint) Addressing puppet-lint doc warnings. + +### Removed +- `gem update bundler` command in .travis.yml due to ([MODULES-6339](https://tickets.puppet.com/browse/MODULES-6339)). + +## Supported Release [4.4.1] +### Summary +This release is to update the formatting of the module, Rubocop having been run for all ruby files and been set to run automatically on all future commits. + +### Changed +- Rubocop has been implemented. + +## Supported Release [4.4.0] +### Summary + +This release is a rollup of new features and fixes. + +#### Added +- Install `apt-transport-https` if using Debian 7, 8, 9 or Ubuntu 14.04, 16.04. +- Adds a boolean option `direct` to proxy settings to bypass `https_proxy` if not set. +- Adds facter facts for `dist-upgrade` apt updates. + +#### Changed +- Update class is now private. +- Some tidyup of ruby code from Rubocop. +- Fixed circular dependency for package dirmngr. +- Debian updates are no longer treated as security updates. +- Legacy functions have been removed. +- Updates to tests. + +#### Fixed +- [(MODULES-4265)](https://tickets.puppetlabs.com/browse/MODULES-4265) Detect security updates from multiple sources. + +## Supported Release [4.3.0] +### Summary + +This release is adding Tasks to the apt module. + +#### Added +- Add a task that allows apt-get update and upgrade + +## Supported Release [4.2.0] +### Summary + +This release is primarily to fix an error around GPG keys in Debian 9, but includes some other small features and fixes as well. + +#### Added +- `apt_package_security_updates` fact +- The ability to modify the loglevel of `Exec['apt_update'}` +- Puppet 5 support + +#### Changed +- Ubuntu 16.04 now uses `software-priorities-common` + +#### Removed +- Debian 6, Ubuntu 10.04 and 12.04 support. Existing compatibility remains intact but bugs will not be prioritized for these OSes. + +#### Fixed +- **[(MODULES-4686)](https://tickets.puppetlabs.com/browse/MODULES-4686) an error that was causing GPG keyserver imports to fail on Debian 9** + +## Supported Release 4.1.0 +### Summary + +This release removes Data in Modules due to current compatibility issues and reinstates the params.pp file. Also includes a couple of bug fixes. + +#### Features +- (MODULES-4973) Data in Modules which was introduced in the last release has now been reverted due to compatibility issues. + +#### Bugfixes +- Now apt_key only sends the auth basic header when userinfo can be parsed from the URL. +- Reverted the removal of Evolving Web's attribution in NOTICE file. +- Test added to ensure empty string allowed for $release in apt::source. + + +## Supported Release 3.0.0 and 4.0.0 +### Summary + +This release adds new Puppet 4 features: data in modules, EPP templates, the $facts hash, and data types. This release is fully backwards compatible to existing Puppet 4 configurations and provides you with deprecation warnings for every argument that will not work as expected with the final 4.0.0 release. See the stdlib docs here for an in-depth discussion of this: https://github.com/puppetlabs/puppetlabs-stdlib#validate_legacy + +If you want to learn more about the new features used or you wish to upgrade a module yourself, have a look at the NTP: A Puppet 4 language update blog post. + +If you're still running Puppet 3, remain on the latest puppetlabs-apt 2.x release for now, and see the documentation to upgrade to Puppet 4. + +#### Changes + +Data in modules: Moves all distribution and OS-dependent defaults into YAML files in data/, alleviating the need for a params class. Note that while this feature is currently still classed as experimental, the final implementation will support the changes here. +EPP templating: Uses the Puppet language as a base for templates to create simpler and safer templates. No need for Ruby anymore! +The $facts hash: Makes facts visibly distinct from other variables for more readable and maintainable code. This helps eliminate confusion if you use a local variable whose name happens to match that of a common fact. +Data types for validation: Helps you find and replace deprecated code in existing validate functions with stricter, more readable data type notation. First upgrade to the 3.0.0 release of this module, and address all deprecation warnings before upgrading to the final 4.0.0 release. Please see the stdlib docs for an in-depth discussion of this process. + +#### Bugfixes +- Fix apt::source epp template regression introduced in 3.0.0 for the architecture parameter + +## Supported Release 2.4.0 +### Summary +A release that includes only a couple of additional features, but includes several cleanups and bugfixes around existing issues. + +#### Features +- Tests updated to check for idempotency. +- (MODULES-4224) Implementation of beaker-module_install_helper. +- Deprecation warnings are now handled by the deprecation function in stdlib. + +#### Bugfixes +- Now http and https sources fixed for apt_key and can take a userinfo. +- GPG key update. +- Notify_update param now defaults to true to avoid validation errors. +- Implement retry on tests which pull key from a key server which sometimes times out (transient error). +- String comparison error now comphensated for in update.pp. +- (MODULES-4104) Removal of the port number from repository location in order to get the host name of the repository. +- Puppet lint warnings addressed. +- A few small readme issues addressed. + +## Supported Release 2.3.0 +### Summary +A release containing many bugfixes with additional features. + +#### Features +- Apt_updates facts now use /usr/bin/apt-get. +- Addition of notify update to apt::source. +- Update to newest modulesync_configs. +- Installs software-properties-common for Xenial. +- Modulesync updates. +- Add ability to specify a hash of apt::conf defines. + +#### Bugfixes +- A clean up of spec/defines/key_compat_specs, also now runs under STRICT_VARIABLES. +- Apt::setting expects priority to be an integer, set defaults accordingly. +- Fixed version check for Ubuntu on 16.04. +- Now uses hkps.pool.sks-keyservers.net instead of pgp.mit.edu. +- Updates and fixes to tests. General cleanup. +- Fixed regexp for $ensure params. +- Apt/params: Remove unused LSB facts. +- Replaced `-s` with `-f` in ppa rspec tests - After the repository is added, the "${::apt::sources_list_d}/${sources_list_d_filename}" file is created as an empty file. The unless condition of Exec["add-apt-repository-${name}"] calls test -s, which returns 1 if the file is empty. Because the file is empty, the unless condition is never true and the repository is added on every execution. This change replaces the -s test condition with -f, which is true if the file exists or false otherwise. +- Limit non-strict parsing to pre-3.5.0 only - Puppet 3.5.0 introduced strict variables and the module handles strict variables by using the defined() function. This does not work on prior versions of puppet so we now gate based on that version. Puppet 4 series has a new setting `strict` that may be set to enforce strict variables while `strict_variables` remains unset (see PUP-6358) which causes the conditional in manifests/params.pp to erroniously use non-strict 3.5-era parsing and fail. This new conditional corrects the cases such that strict variable behavior happens on versions 3.5.0 and later. + +## Supported Release 2.2.2 +### Summary + +Several bug fixes and the addition of support updates to Debian 8 and Ubuntu Wily. + +#### Bugfixes +- Small fixes to descriptions within the readme and the addition of some examples. +- Updates to run on Ubuntu Wily. +- Fixed apt_key tempfile race condition. +- Run stages limitation added to the documentation. +- Remove unneeded whitespace in source.list template. +- Handle PPA names that contain a plus character. +- Update to current msync configs. +- Avoid duplicate package resources when package_manage => true. +- Avoid multiple package resource declarations. +- Ensure PPAs in tests have valid form. +- Look for correct sources.list.d file for apt::ppa. +- Debian 8 support addiiton to metadata. + +## Supported Release 2.2.1 +### Summary + +Small release for support of newer PE versions. This increments the version of PE in the metadata.json file. + +## 2015-09-29 - Supported Release 2.2.0 +### Summary + +This release includes a few bugfixes. + +#### Features +- Adds an `ensure` parameter for user control of proxy presence. +- Adds ability to set `notify_update` to `apt::conf` (MODULES-2269). +- Apt pins no longer trigger an `apt-get update` run. +- Adds support for creating pins from main class. + +#### Bugfixes +- Updates to use the official Debian mirrors. +- Fixes path to `preferences` and `preferences.d` +- Fixes pinning for backports (MODULES-2446). +- Fixes the name/extension of the preferences files. + +## 2015-07-28 - Supported Release 2.1.1 +### Summary + +This release includes a few bugfixes. + +#### Bugfixes +- Fix incorrect use of anchoring (MODULES-2190) +- Use correct comment type for apt.conf files +- Test fixes +- Documentation fixes + +## 2015-06-16 - Supported Release 2.1.0 +### Summary + +This release largely makes `apt::key` and `apt::source` API-compatible with the 1.8.x versions for ease in upgrading, and also addresses some compatibility issues with older versions of Puppet. + +#### Features +- Add API compatibility to `apt::key` and `apt::source` +- Added `apt_reboot_required` fact + +#### Bugfixes +- Fix compatibility with Puppet versions 3.0-3.4 +- Work around future parser bug PUP-4133 + +## 2015-04-28 - Supported Release 2.0.1 +### Summary + +This bug fixes a few compatibility issues that came up with the 2.0.0 release, and includes test and documentation updates. + +#### Bugfixes +- Fix incompatibility with keyrings containing multiple keys +- Fix bugs preventing the module from working with Puppet < 3.5.0 + +## 2015-04-07 - Supported Release 2.0.0 +### Summary + +This is a major rewrite of the apt module. Many classes and defines were removed, but all existing functionality should still work. Please carefully review documentation before upgrading. + +#### Backwards-incompatible changes + +As this is a major rewrite of the module there are a great number of backwards incompatible changes. Please review this and the updated README carefully before upgrading. + +##### `apt_key` +- `keyserver_options` parameter renamed to `options` + +##### `apt::backports` +- This no longer works out of the box on Linux Mint. If using this on mint, you must specify the `location`, `release`, `repos`, and `key` parameters. [Example](examples/backports.pp) + +##### `apt::builddep` +- This define was removed. Functionality can be matched passing 'build-dep' to `install_options` in the package resource. [Example](examples/builddep.pp) + +##### `apt::debian::testing` +- This class was removed. Manually add an `apt::source` instead. [Example](examples/debian_testing.pp) + +##### `apt::debian::unstable` +- This class was removed. Manually add an `apt::source` instead. [Example](examples/debian_unstable.pp) + +##### `apt::force` +- This define was removed. Functionallity can be matched by setting `install_options` in the package resource. See [here](examples/force.pp) for how to set the options. + +##### `apt::hold` +- This define was removed. Simply use an `apt::pin` with `priority => 1001` for the same functionality. + +##### `apt` +- `always_apt_update` - This parameter was removed. Use `update => { 'frequency' => 'always' }` instead. +- `apt_update_frequency` - This parameter was removed. Use `update => { 'frequency' => }` instead. +- `disable_keys` - This parameter was removed. See this [example](examples/disable_keys.pp) if you need this functionality. +- `proxy_host` - This parameter was removed. Use `proxy => { 'host' => }` instead. +- `proxy_port` - This parameter was removed. Use `proxy => { 'port' => }` instead. +- `purge_sources_list` - This parameter was removed. Use `purge => { 'sources.list' => }` instead. +- `purge_sources_list_d` - This parameter was removed. Use `purge => { 'sources.list.d' => }` instead. +- `purge_preferences` - This parameter was removed. Use `purge => { 'preferences' => }` instead. +- `purge_preferences_d` - This parameter was removed. Use `purge => { 'preferences.d' => }` instead. +- `update_timeout` - This parameter was removed. Use `update => { 'timeout' => }` instead. +- `update_tries` - This parameter was removed. Use `update => { 'tries' => }` instead. + +##### `apt::key` +- `key` - This parameter was renamed to `id`. +- `key_content` - This parameter was renamed to `content`. +- `key_source` - This parameter was renamed to `source`. +- `key_server` - This parameter was renamed to `server`. +- `key_options` - This parameter was renamed to `options`. + +##### `apt::release` +- This class was removed. See this [example](examples/release.pp) for how to achieve this functionality. + +##### `apt::source` +- `include_src` - This parameter was removed. Use `include => { 'src' => }` instead. ***NOTE*** This now defaults to false. +- `include_deb` - This parameter was removed. Use `include => { 'deb' => }` instead. +- `required_packages` - This parameter was removed. Use package resources for these packages if needed. +- `key` - This can either be a key id or a hash including key options. If using a hash, `key => { 'id' => }` must be specified. +- `key_server` - This parameter was removed. Use `key => { 'server' => }` instead. +- `key_content` - This parameter was removed. Use `key => { 'content' => }` instead. +- `key_source` - This parameter was removed. Use `key => { 'source' => }` instead. +- `trusted_source` - This parameter was renamed to `allow_unsigned`. + +##### `apt::unattended_upgrades` +- This class was removed and is being republished under the puppet-community namespace. The git repository is available [here](https://github.com/puppet-community/puppet-unattended_upgrades) and it will be published to the forge [here](https://forge.puppetlabs.com/puppet/unattended_upgrades). + +#### Changes to default behavior +- By default purge unmanaged files in 'sources.list', 'sources.list.d', 'preferences', and 'preferences.d'. +- Changed default for `package_manage` in `apt::ppa` to `false`. Set to `true` in a single PPA if you need the package to be managed. +- `apt::source` will no longer include the `src` entries by default. +- `pin` in `apt::source` now defaults to `undef` instead of `false` + +#### Features +- Added the ability to pass hashes of `apt::key`s, `apt::ppa`s, and `apt::setting`s to `apt`. +- Added 'https' key to `proxy` hash to allow disabling `https_proxy` for the `apt::ppa` environment. +- Added `apt::setting` define to abstract away configuration. +- Added the ability to pass hashes to `pin` and `key` in `apt::backports` and `apt::source`. + +#### Bugfixes +- Fixes for strict variables. + +## 2015-03-17 - Supported Release 1.8.0 +### Summary + +This is the last planned feature release of the 1.x series of this module. All new features will be evaluated for puppetlabs-apt 2.x. + +This release includes many important features, including support for full fingerprints, and fixes issues where `apt_key` was not supporting user/password and `apt_has_updates` was not properly parsing the `apt-check` output. + +#### Changes to default behavior +- The apt module will now throw warnings if you don't use full fingerprints for `apt_key`s + +#### Features +- Use gpg to check keys to work around https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/1409117 (MODULES-1675) +- Add 'oldstable' to the default update origins for wheezy +- Add utopic, vivid, and cumulus compatibility +- Add support for full fingerprints +- New parameter for `apt::source` + - `trusted_source` +- New parameters for `apt::ppa` + - `package_name` + - `package_manage` +- New parameter for `apt::unattended_upgrades` + - `legacy_origin` +- Separate `apt::pin` from `apt::backports` to allow pin by release instead of origin + +#### Bugfixes +- Cleanup lint and future parser issues +- Fix to support username and passwords again for `apt_key` (MODULES-1119) +- Fix issue where `apt::force` `$install_check` didn't work with non-English locales (MODULES-1231) +- Allow 5 digit ports in `apt_key` +- Fix for `ensure => absent` in `apt_key` (MODULES-1661) +- Fix `apt_has_updates` not parsing `apt-check` output correctly +- Fix inconsistent headers across files (MODULES-1200) +- Clean up formatting for 50unattended-upgrades.erb + +## 2014-10-28 - Supported Release 1.7.0 +### Summary + +This release includes several new features, documentation and test improvements, and a few bug fixes. + +#### Features +- Updated unit and acceptance tests +- Update module to work with Linux Mint +- Documentation updates +- Future parser / strict variables support +- Improved support for long GPG keys +- New parameters! + - Added `apt_update_frequency` to apt + - Added `cfg_files` and `cfg_missing` parameters to apt::force + - Added `randomsleep` to apt::unattended_upgrades +- Added `apt_update_last_success` fact +- Refactored facts for performance improvements + +#### Bugfixes +- Update apt::builddep to require Exec['apt_update'] instead of notifying it +- Clean up lint errors + +## 2014-08-20 - Supported Release 1.6.0 +### Summary + +#### Features +- Allow URL or domain name for key_server parameter +- Allow custom comment for sources list +- Enable auto-update for Debian squeeze LTS +- Add facts showing available updates +- Test refactoring + +#### Bugfixes +- Allow dashes in URL or domain for key_server parameter + +## 2014-08-13 - Supported Release 1.5.3 +### Summary + +This is a bugfix releases. It addresses a bad regex, failures with unicode +characters, and issues with the $proxy_host handling in apt::ppa. + +#### Features +- Synced files from Modulesync + +#### Bugfixes +- Fix regex to follow APT requirements in apt::pin +- Fix for unicode characters +- Fix inconsistent $proxy_host handling in apt and apt::ppa +- Fix typo in README +- Fix broken acceptance tests + +## 2014-07-15 - Supported Release 1.5.2 +### Summary + +This release merely updates metadata.json so the module can be uninstalled and +upgraded via the puppet module command. + +## 2014-07-10 - Supported Release 1.5.1 +### Summary + +This release has added tests to ensure graceful failure on OSX. + +## 2014-06-04 - Release 1.5.0 +### Summary + +This release adds support for Ubuntu 14.04. It also includes many new features +and important bugfixes. One huge change is that apt::key was replaced with +apt_key, which allows you to use puppet resource apt_key to inventory keys on +your system. + +Special thanks to daenney, our intrepid unofficial apt maintainer! + +#### Features +- Add support for Ubuntu Trusty! +- Add apt::hold define +- Generate valid *.pref files in apt::pin +- Made pin_priority configurable for apt::backports +- Add apt_key type and provider +- Rename "${apt_conf_d}/proxy" to "${apt_conf_d}/01proxy" +- apt::key rewritten to use apt_key type +- Add support for update_tries to apt::update + +#### Bugfixes +- Typo fixes +- Fix unattended upgrades +- Removed bogus line when using purge_preferences +- Fix apt::force to upgrade allow packages to be upgraded to the pacakge from the specified release + +## 2014-03-04 - Supported Release 1.4.2 +### Summary + +This is a supported release. This release tidies up 1.4.1 and re-enables +support for Ubuntu 10.04 + +#### Features + +#### Bugfixes +- Fix apt:ppa to include the -y Ubuntu 10.04 requires. +- Documentation changes. +- Test fixups. + +#### Known Bugs + +* No known issues. + + + +## 2014-02-13 1.4.1 +### Summary +This is a bugfix release. + +#### Bugfixes +- Fix apt::force unable to upgrade packages from releases other than its original +- Removed a few refeneces to aptitude instead of apt-get for portability +- Removed call to getparam() due to stdlib dependency +- Correct apt::source template when architecture is provided +- Retry package installs if apt is locked +- Use root to exec in apt::ppa +- Updated tests and converted acceptance tests to beaker + +## 2013-10-08 - Release 1.4.0 + +### Summary + +Minor bugfix and allow the timeout to be adjusted. + +#### Features +- Add an `updates_timeout` to apt::params + +#### Bugfixes +- Ensure apt::ppa can read a ppa removed by hand. + + +## 2013-10-08 - Release 1.3.0 +### Summary + +This major feature in this release is the new apt::unattended_upgrades class, +allowing you to handle Ubuntu's unattended feature. This allows you to select +specific packages to automatically upgrade without any further user +involvement. + +In addition we extend our Wheezy support, add proxy support to apt:ppa and do +various cleanups and tweaks. + +#### Features +- Add apt::unattended_upgrades support for Ubuntu. +- Add wheezy backports support. +- Use the geoDNS http.debian.net instead of the main debian ftp server. +- Add `options` parameter to apt::ppa in order to pass options to apt-add-repository command. +- Add proxy support for apt::ppa (uses proxy_host and proxy_port from apt). + +#### Bugfixes +- Fix regsubst() calls to quote single letters (for future parser). +- Fix lint warnings and other misc cleanup. + + +## 2013-07-03 - Release 1.2.0 + +#### Features +- Add geppetto `.project` natures +- Add GH auto-release +- Add `apt::key::key_options` parameter +- Add complex pin support using distribution properties for `apt::pin` via new properties: + - `apt::pin::codename` + - `apt::pin::release_version` + - `apt::pin::component` + - `apt::pin::originator` + - `apt::pin::label` +- Add source architecture support to `apt::source::architecture` + +#### Bugfixes +- Use apt-get instead of aptitude in apt::force +- Update default backports location +- Add dependency for required packages before apt-get update + + +## 2013-06-02 - Release 1.1.1 +### Summary + +This is a bug fix release that resolves a number of issues: + +* By changing template variable usage, we remove the deprecation warnings + for Puppet 3.2.x +* Fixed proxy file removal, when proxy absent + +Some documentation, style and whitespaces changes were also merged. This +release also introduced proper rspec-puppet unit testing on Travis-CI to help +reduce regression. + +Thanks to all the community contributors below that made this patch possible. + +#### Detail Changes + +* fix minor comment type (Chris Rutter) +* whitespace fixes (Michael Moll) +* Update travis config file (William Van Hevelingen) +* Build all branches on travis (William Van Hevelingen) +* Standardize travis.yml on pattern introduced in stdlib (William Van Hevelingen) +* Updated content to conform to README best practices template (Lauren Rother) +* Fix apt::release example in readme (Brian Galey) +* add @ to variables in template (Peter Hoeg) +* Remove deprecation warnings for pin.pref.erb as well (Ken Barber) +* Update travis.yml to latest versions of puppet (Ken Barber) +* Fix proxy file removal (Scott Barber) +* Add spec test for removing proxy configuration (Dean Reilly) +* Fix apt::key listing longer than 8 chars (Benjamin Knofe) + + + + +## Release 1.1.0 +### Summary + +This release includes Ubuntu 12.10 (Quantal) support for PPAs. + +--- + +## 2012-05-25 - Puppet Labs - Release 0.0.4 +### Summary + + * Fix ppa list filename when there is a period in the PPA name + * Add .pref extension to apt preferences files + * Allow preferences to be purged + * Extend pin support + + +## 2012-05-04 - Puppet Labs - Release 0.0.3 +### Summary + + * only invoke apt-get update once + * only install python-software-properties if a ppa is added + * support 'ensure => absent' for all defined types + * add apt::conf + * add apt::backports + * fixed Modulefile for module tool dependency resolution + * configure proxy before doing apt-get update + * use apt-get update instead of aptitude for apt::ppa + * add support to pin release + + +## 2012-03-26 - Puppet Labs - Release 0.0.2 +### Summary + +* 41cedbb (#13261) Add real examples to smoke tests. +* d159a78 (#13261) Add key.pp smoke test +* 7116c7a (#13261) Replace foo source with puppetlabs source +* 1ead0bf Ignore pkg directory. +* 9c13872 (#13289) Fix some more style violations +* 0ea4ffa (#13289) Change test scaffolding to use a module & manifest dir fixture path +* a758247 (#13289) Clean up style violations and fix corresponding tests +* 99c3fd3 (#13289) Add puppet lint tests to Rakefile +* 5148cbf (#13125) Apt keys should be case insensitive +* b9607a4 Convert apt::key to use anchors + + +## 2012-03-07 - Puppet Labs - Release 0.0.1 +### Summary + +* d4fec56 Modify apt::source release parameter test +* 1132a07 (#12917) Add contributors to README +* 8cdaf85 (#12823) Add apt::key defined type and modify apt::source to use it +* 7c0d10b (#12809) $release should use $lsbdistcodename and fall back to manual input +* be2cc3e (#12522) Adjust spec test for splitting purge +* 7dc60ae (#12522) Split purge option to spare sources.list +* 9059c4e Fix source specs to test all key permutations +* 8acb202 Add test for python-software-properties package +* a4af11f Check if python-software-properties is defined before attempting to define it. +* 1dcbf3d Add tests for required_packages change +* f3735d2 Allow duplicate $required_packages +* 74c8371 (#12430) Add tests for changes to apt module +* 97ebb2d Test two sources with the same key +* 1160bcd (#12526) Add ability to reverse apt { disable_keys => true } +* 2842d73 Add Modulefile to puppet-apt +* c657742 Allow the use of the same key in multiple sources +* 8c27963 (#12522) Adding purge option to apt class +* 997c9fd (#12529) Add unit test for apt proxy settings +* 50f3cca (#12529) Add parameter to support setting a proxy for apt +* d522877 (#12094) Replace chained .with_* with a hash +* 8cf1bd0 (#12094) Remove deprecated spec.opts file +* 2d688f4 (#12094) Add rspec-puppet tests for apt +* 0fb5f78 (#12094) Replace name with path in file resources +* f759bc0 (#11953) Apt::force passes $version to aptitude +* f71db53 (#11413) Add spec test for apt::force to verify changes to unless +* 2f5d317 (#11413) Update dpkg query used by apt::force +* cf6caa1 (#10451) Add test coverage to apt::ppa +* 0dd697d include_src parameter in example; Whitespace cleanup +* b662eb8 fix typos in "repositories" +* 1be7457 Fix (#10451) - apt::ppa fails to "apt-get update" when new PPA source is added +* 864302a Set the pin priority before adding the source (Fix #10449) +* 1de4e0a Refactored as per mlitteken +* 1af9a13 Added some crazy bash madness to check if the ppa is installed already. Otherwise the manifest tries to add it on every run! +* 52ca73e (#8720) Replace Apt::Ppa with Apt::Builddep +* 5c05fa0 added builddep command. +* a11af50 added the ability to specify the content of a key +* c42db0f Fixes ppa test. +* 77d2b0d reformatted whitespace to match recommended style of 2 space indentation. +* 27ebdfc ignore swap files. +* 377d58a added smoke tests for module. +* 18f614b reformatted apt::ppa according to recommended style. +* d8a1e4e Created a params class to hold global data. +* 636ae85 Added two params for apt class +* 148fc73 Update LICENSE. +* ed2d19e Support ability to add more than one PPA +* 420d537 Add call to apt-update after add-apt-repository in apt::ppa +* 945be77 Add package definition for python-software-properties +* 71fc425 Abs paths for all commands +* 9d51cd1 Adding LICENSE +* 71796e3 Heading fix in README +* 87777d8 Typo in README +* f848bac First commit + +[5.0.1]:https://github.com/puppetlabs/puppetlabs-apt/compare/5.0.0...5.0.1 +[5.0.0]:https://github.com/puppetlabs/puppetlabs-apt/compare/4.5.1...5.0.0 +[4.5.1]:https://github.com/puppetlabs/puppetlabs-apt/compare/4.5.0...4.5.1 +[4.5.0]:https://github.com/puppetlabs/puppetlabs-apt/compare/4.4.1...4.5.0 +[4.4.1]:https://github.com/puppetlabs/puppetlabs-apt/compare/4.4.0...4.4.1 +[4.4.0]:https://github.com/puppetlabs/puppetlabs-apt/compare/4.3.0...4.4.0 +[4.3.0]:https://github.com/puppetlabs/puppetlabs-apt/compare/4.2.0...4.3.0 +[4.2.0]:https://github.com/puppetlabs/puppetlabs-apt/compare/4.1.0...4.2.0 diff --git a/environments/production/thirdparty/apt/LICENSE b/environments/production/thirdparty/apt/LICENSE new file mode 100644 index 0000000..d645695 --- /dev/null +++ b/environments/production/thirdparty/apt/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/environments/production/thirdparty/apt/MAINTAINERS.md b/environments/production/thirdparty/apt/MAINTAINERS.md new file mode 100644 index 0000000..0b11ea2 --- /dev/null +++ b/environments/production/thirdparty/apt/MAINTAINERS.md @@ -0,0 +1,6 @@ +## Maintenance + +Maintainers: + - Puppet Forge Modules Team `forge-modules |at| puppet |dot| com` + +Tickets: https://tickets.puppet.com/browse/MODULES. Make sure to set component to `apt`. diff --git a/environments/production/thirdparty/apt/NOTICE b/environments/production/thirdparty/apt/NOTICE new file mode 100644 index 0000000..209695b --- /dev/null +++ b/environments/production/thirdparty/apt/NOTICE @@ -0,0 +1,37 @@ +Puppet Module - puppetlabs-apt + +Copyright 2017 Puppet, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + + + +Copyright (c) 2011 Evolving Web Inc. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/environments/production/thirdparty/apt/README.md b/environments/production/thirdparty/apt/README.md new file mode 100644 index 0000000..feb8288 --- /dev/null +++ b/environments/production/thirdparty/apt/README.md @@ -0,0 +1,401 @@ +# apt + +#### Table of Contents + +1. [Module Description - What the module does and why it is useful](#module-description) +1. [Setup - The basics of getting started with apt](#setup) + * [What apt affects](#what-apt-affects) + * [Beginning with apt](#beginning-with-apt) +1. [Usage - Configuration options and additional functionality](#usage) + * [Add GPG keys](#add-gpg-keys) + * [Prioritize backports](#prioritize-backports) + * [Update the list of packages](#update-the-list-of-packages) + * [Pin a specific release](#pin-a-specific-release) + * [Add a Personal Package Archive repository](#add-a-personal-package-archive-repository) + * [Configure Apt from Hiera](#configure-apt-from-hiera) + * [Replace the default sources.list file](#replace-the-default-sourceslist-file) +1. [Reference - An under-the-hood peek at what the module is doing and how](#reference) +1. [Limitations - OS compatibility, etc.](#limitations) +1. [License](#license) +1. [Development - Guide for contributing to the module](#development) + + + +## Module Description + +The apt module lets you use Puppet to manage APT (Advanced Package Tool) sources, keys, and other configuration options. + +APT is a package manager available on Debian, Ubuntu, and several other operating systems. The apt module provides a series of classes, defines, types, and facts to help you automate APT package management. + +**Note**: Prior to Puppet 7, for this module to correctly autodetect which version of +Debian/Ubuntu (or derivative) you're running, you need to make sure the `lsb-release` package is +installed. With Puppet 7 the `lsb-release` package is not needed. + + + +## Setup + + + +### What apt affects + +* Your system's `preferences` file and `preferences.d` directory +* Your system's `sources.list` file and `sources.list.d` directory +* Your system's `apt.conf.d` directory +* System repositories +* Authentication keys + +**Note:** This module offers `purge` parameters which, if set to `true`, **destroy** any configuration on the node's `sources.list(.d)`, `preferences(.d)` and `apt.conf.d` that you haven't declared through Puppet. The default for these parameters is `false`. + + + +### Beginning with apt + +To use the apt module with default parameters, declare the `apt` class. + +```puppet +include apt +``` + +**Note:** The main `apt` class is required by all other classes, types, and defined types in this module. You must declare it whenever you use the module. + + + +## Usage + + + +### Add GPG keys + +You can fetch GPG keys via HTTP, Puppet URI, or local filesystem. The key can be in GPG binary format, or ASCII armored, but the filename should have the appropriate extension (`.gpg` for keys in binary format; or `.asc` for ASCII armored keys). + +#### Fetch via HTTP + +```puppet +apt::keyring { 'puppetlabs-keyring.gpg': + source => 'https://apt.puppetlabs.com/keyring.gpg', +} +``` + +#### Fetch via Puppet URI + +```puppet +apt::keyring { 'puppetlabs-keyring.gpg': + source => 'puppet:///modules/my_module/local_puppetlabs-keyring.gpg', +} +``` + +Alternatively `apt::key` can be used. + +**Warning** `apt::key` is deprecated in the latest Debian and Ubuntu releases. Please use apt::keyring instead. + +**Warning:** Using short key IDs presents a serious security issue, potentially leaving you open to collision attacks. We recommend you always use full fingerprints to identify your GPG keys. This module allows short keys, but issues a security warning if you use them. + +Declare the `apt::key` defined type: + +```puppet +apt::key { 'puppetlabs': + id => '6F6B15509CF8E59E6E469F327F438280EF8D349F', + server => 'pgp.mit.edu', + options => 'http-proxy="http://proxyuser:proxypass@example.org:3128"', +} +``` + + + +### Prioritize backports + +```puppet +class { 'apt::backports': + pin => 500, +} +``` + +By default, the `apt::backports` class drops a pin file for backports, pinning it to a priority of 200. This is lower than the normal default of 500, so packages with `ensure => latest` don't get upgraded from backports without your explicit permission. + +If you raise the priority through the `pin` parameter to 500, normal policy goes into effect and Apt installs or upgrades to the newest version. This means that if a package is available from backports, it and its dependencies are pulled in from backports unless you explicitly set the `ensure` attribute of the `package` resource to `installed`/`present` or a specific version. + + + +### Update the list of packages + +By default, Puppet runs `apt-get update` on the first Puppet run after you include the `apt` class, and anytime `notify => Exec['apt_update']` occurs; i.e., whenever config files get updated or other relevant changes occur. If you set `update['frequency']` to 'always', the update runs on every Puppet run. You can also set `update['frequency']` to 'hourly', 'daily', 'weekly' or any integer value >= 60: + +```puppet +class { 'apt': + update => { + frequency => 'daily', + }, +} +``` + +When `Exec['apt_update']` is triggered, it generates a `notice`-level message. Because the default [logging level for agents](https://puppet.com/docs/puppet/latest/configuration.html#loglevel) is `notice`, this causes the repository update to appear in agent logs. To silence these updates from the default log output, set the [loglevel](https://puppet.com/docs/puppet/latest/metaparameter.html#loglevel) metaparameter for `Exec['apt_update']` above the agent logging level: + +```puppet +class { 'apt': + update => { + frequency => 'daily', + loglevel => 'debug', + }, +} +``` + +> **NOTE:** Every `Exec['apt_update']` run will generate a corrective change, even if the apt caches are not updated. For example, setting an update frequency of `always` can result in every Puppet run resulting in a corrective change. This is a known issue. For details, see [MODULES-10763](https://tickets.puppetlabs.com/browse/MODULES-10763). + + + +### Pin a specific release + +```puppet +apt::pin { 'karmic': priority => 700 } +apt::pin { 'karmic-updates': priority => 700 } +apt::pin { 'karmic-security': priority => 700 } +``` + +You can also specify more complex pins using distribution properties: + +```puppet +apt::pin { 'stable': + priority => -10, + originator => 'Debian', + release_version => '3.0', + component => 'main', + label => 'Debian' +} +``` + +To pin multiple packages, pass them to the `packages` parameter as an array or a space-delimited string. + + + +### Add a Personal Package Archive (PPA) repository + +```puppet +apt::ppa { 'ppa:drizzle-developers/ppa': } +``` + +### Add an Apt source to `/etc/apt/sources.list.d/` + +```puppet +apt::source { 'debian_unstable': + comment => 'This is the iWeb Debian unstable mirror', + location => 'http://debian.mirror.iweb.ca/debian/', + release => 'unstable', + repos => 'main contrib non-free non-free-firmware', + pin => '-10', + key => { + 'id' => 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553', + 'server' => 'subkeys.pgp.net', + }, + include => { + 'src' => true, + 'deb' => true, + }, +} +``` + +To use the Puppet Apt repository as a source: + +```puppet +apt::source { 'puppetlabs': + location => 'http://apt.puppetlabs.com', + repos => 'main', + key => { + 'id' => '6F6B15509CF8E59E6E469F327F438280EF8D349F', + 'server' => 'pgp.mit.edu', + }, +} +``` + +### Adding name and source to the key parameter of apt::source, which then manages modern apt gpg keyrings + +The `name` parameter of key hash should contain the filename with extension (such as `puppetlabs.gpg`). + +```puppet +apt::source { 'puppetlabs': + comment => 'Puppet8', + location => 'https://apt.puppetlabs.com/', + repos => 'puppet8', + key => { + 'name' => 'puppetlabs.gpg', + 'source' => 'https://apt.puppetlabs.com/keyring.gpg', + }, +} +``` + + + +### Generating a DEB822 .sources file + +You can also generate a DEB822 format .sources file. This example covers most of the available options. + +Use the `source_format` parameter to choose between 'list' and 'sources' (DEB822) formats. +```puppet +apt::source { 'debian': + source_format => 'sources' + comment => 'Official Debian Repository', + enabled => true, + types => ['deb', 'deb-src'], + location => ['http://fr.debian.org/debian', 'http://de.debian.org/debian'] + release => ['stable', 'stable-updates', 'stable-backports'], + repos => ['main', 'contrib', 'non-free'], + architecture => ['amd64', 'i386'], + allow_unsigned => true, + keyring => '/etc/apt/keyrings/debian.gpg' + notify_update => false +} +``` + +### Configure Apt from Hiera + +Instead of specifying your sources directly as resources, you can instead just include the `apt` class, which will pick up the values automatically from hiera. + +```yaml +apt::sources: + 'debian_unstable': + comment: 'This is the iWeb Debian unstable mirror' + location: 'http://debian.mirror.iweb.ca/debian/' + release: 'unstable' + repos: 'main contrib non-free non-free-firmware' + pin: '-10' + key: + id: 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553' + server: 'subkeys.pgp.net' + include: + src: true + deb: true + + 'puppetlabs': + location: 'http://apt.puppetlabs.com' + repos: 'main' + key: + id: '6F6B15509CF8E59E6E469F327F438280EF8D349F' + server: 'pgp.mit.edu' +``` + + + +### Replace the default `sources.list` file + +The following example replaces the default `/etc/apt/sources.list`. Along with this code, be sure to use the `purge` parameter, or you might get duplicate source warnings when running Apt. + +```puppet +apt::source { "archive.ubuntu.com-${facts['os']['distro']['codename']}": + location => 'http://archive.ubuntu.com/ubuntu', + key => '630239CC130E1A7FD81A27B140976EAF437D05B5', + repos => 'main universe multiverse restricted', +} + +apt::source { "archive.ubuntu.com-${facts['os']['distro']['codename']}-security": + location => 'http://archive.ubuntu.com/ubuntu', + key => '630239CC130E1A7FD81A27B140976EAF437D05B5', + repos => 'main universe multiverse restricted', + release => "${facts['os']['distro']['codename']}-security" +} + +apt::source { "archive.ubuntu.com-${facts['os']['distro']['codename']}-updates": + location => 'http://archive.ubuntu.com/ubuntu', + key => '630239CC130E1A7FD81A27B140976EAF437D05B5', + repos => 'main universe multiverse restricted', + release => "${facts['os']['distro']['codename']}-updates" +} + +apt::source { "archive.ubuntu.com-${facts['os']['distro']['codename']}-backports": + location => 'http://archive.ubuntu.com/ubuntu', + key => '630239CC130E1A7FD81A27B140976EAF437D05B5', + repos => 'main universe multiverse restricted', + release => "${facts['os']['distro']['codename']}-backports" +} +``` + +### Manage login configuration settings for an APT source or proxy in `/etc/apt/auth.conf` + +Starting with APT version 1.5, you can define login configuration settings, such as +username and password, for APT sources or proxies that require authentication +in the `/etc/apt/auth.conf` file. This is preferable to embedding login +information directly in `source.list` entries, which are usually world-readable. + +The `/etc/apt/auth.conf` file follows the format of netrc (used by ftp or +curl) and has restrictive file permissions. See [here](https://manpages.debian.org/testing/apt/apt_auth.conf.5.en.html) for details. + +Use the optional `apt::auth_conf_entries` parameter to specify an array of hashes containing login configuration settings. These hashes may only contain the `machine`, `login` and `password` keys. + +```puppet +class { 'apt': + auth_conf_entries => [ + { + 'machine' => 'apt-proxy.example.net', + 'login' => 'proxylogin', + 'password' => 'proxypassword', + }, + { + 'machine' => 'apt.example.com/ubuntu', + 'login' => 'reader', + 'password' => 'supersecret', + }, + ], +} +``` + + + +## Reference + +### Facts + +* `apt_updates`: The number of installed packages with available updates from `upgrade`. + +* `apt_dist_updates`: The number of installed packages with available updates from `dist-upgrade`. + +* `apt_security_updates`: The number of installed packages with available security updates from `upgrade`. + +* `apt_security_dist_updates`: The number of installed packages with available security updates from `dist-upgrade`. + +* `apt_package_updates`: The names of all installed packages with available updates from `upgrade`. In Facter 2.0 and later this data is formatted as an array; in earlier versions it is a comma-delimited string. + +* `apt_package_dist_updates`: The names of all installed packages with available updates from `dist-upgrade`. In Facter 2.0 and later this data is formatted as an array; in earlier versions it is a comma-delimited string. + +* `apt_update_last_success`: The date, in epochtime, of the most recent successful `apt-get update` run (based on the mtime of /var/lib/apt/periodic/update-success-stamp). + +* `apt_reboot_required`: Determines if a reboot is necessary after updates have been installed. + +### More Information + +See [REFERENCE.md](https://github.com/puppetlabs/puppetlabs-apt/blob/main/REFERENCE.md) for all other reference documentation. + + + +## Limitations + +This module is not designed to be split across [run stages](https://docs.puppetlabs.com/puppet/latest/reference/lang_run_stages.html). + +For an extensive list of supported operating systems, see [metadata.json](https://github.com/puppetlabs/puppetlabs-apt/blob/main/metadata.json) + +### Adding new sources or PPAs + +If you are adding a new source or PPA and trying to install packages from the new source or PPA on the same Puppet run, your `package` resource should depend on `Class['apt::update']`, as well as depending on the `Apt::Source` or the `Apt::Ppa`. You can also add [collectors](https://docs.puppetlabs.com/puppet/latest/reference/lang_collectors.html) to ensure that all packages happen after `apt::update`, but this can lead to dependency cycles and has implications for [virtual resources](https://docs.puppetlabs.com/puppet/latest/reference/lang_collectors.html#behavior). Before running the command below, ensure that all packages have the provider set to apt. + +```puppet +Class['apt::update'] -> Package <| provider == 'apt' |> +``` + +## License + +This codebase is licensed under the Apache2.0 licensing, however due to the nature of the codebase the open source dependencies may also use a combination of [AGPL](https://opensource.org/license/agpl-v3/), [BSD-2](https://opensource.org/license/bsd-2-clause/), [BSD-3](https://opensource.org/license/bsd-3-clause/), [GPL2.0](https://opensource.org/license/gpl-2-0/), [LGPL](https://opensource.org/license/lgpl-3-0/), [MIT](https://opensource.org/license/mit/) and [MPL](https://opensource.org/license/mpl-2-0/) Licensing. + +## Development + +Acceptance tests for this module leverage [puppet_litmus](https://github.com/puppetlabs/puppet_litmus). +To run the acceptance tests follow the instructions [here](https://puppetlabs.github.io/litmus/Running-acceptance-tests.html). +You can also find a tutorial and walkthrough of using Litmus and the PDK on [YouTube](https://www.youtube.com/watch?v=FYfR7ZEGHoE). + +If you run into an issue with this module, or if you would like to request a feature, please [file a ticket](https://github.com/puppetlabs/puppetlabs-apt/issues). +Every Monday the Puppet IA Content Team has [office hours](https://puppet.com/community/office-hours) in the [Puppet Community Slack](http://slack.puppet.com/), alternating between an EMEA friendly time (1300 UTC) and an Americas friendly time (0900 Pacific, 1700 UTC). + +If you have problems getting this module up and running, please [contact Support](http://puppetlabs.com/services/customer-support). + +If you submit a change to this module, be sure to regenerate the reference documentation as follows: + +```bash +puppet strings generate --format markdown --out REFERENCE.md +``` diff --git a/environments/production/thirdparty/apt/REFERENCE.md b/environments/production/thirdparty/apt/REFERENCE.md new file mode 100644 index 0000000..08dd08a --- /dev/null +++ b/environments/production/thirdparty/apt/REFERENCE.md @@ -0,0 +1,1432 @@ +# Reference + + + +## Table of Contents + +### Classes + +#### Public Classes + +* [`apt`](#apt): Main class, includes all other classes. +* [`apt::backports`](#apt--backports): Manages backports. + +#### Private Classes + +* `apt::update`: Updates the list of available packages using apt-get update. + +### Defined types + +* [`apt::conf`](#apt--conf): Specifies a custom Apt configuration file. +* [`apt::key`](#apt--key): Manages the GPG keys that Apt uses to authenticate packages. +* [`apt::keyring`](#apt--keyring): Manage GPG keyrings for apt repositories +* [`apt::mark`](#apt--mark): Manages apt-mark settings +* [`apt::pin`](#apt--pin): Manages Apt pins. Does not trigger an apt-get update run. +* [`apt::ppa`](#apt--ppa): Manages PPA repositories using `add-apt-repository`. Not supported on Debian. +* [`apt::setting`](#apt--setting): Manages Apt configuration files. +* [`apt::source`](#apt--source): Manages the Apt sources in /etc/apt/sources.list.d/. + +### Resource types + +#### Private Resource types + +* `apt_key`: This type provides Puppet with the capabilities to manage GPG keys needed +by apt to perform package validation. Apt has it's own GPG keyring that can +be manipulated through the `apt-key` command. + +### Data types + +* [`Apt::Auth_conf_entry`](#Apt--Auth_conf_entry): Login configuration settings that are recorded in the file `/etc/apt/auth.conf`. +* [`Apt::Proxy`](#Apt--Proxy): Configures Apt to connect to a proxy server. +* [`Apt::Proxy_Per_Host`](#Apt--Proxy_Per_Host): Adds per-host overrides to the system default APT proxy configuration + +### Tasks + +* [`init`](#init): Allows you to perform apt-get functions + +## Classes + +### `apt` + +Main class, includes all other classes. + +* **See also** + * https://docs.puppetlabs.com/references/latest/function.html#createresources + * for the create resource function + +#### Parameters + +The following parameters are available in the `apt` class: + +* [`provider`](#-apt--provider) +* [`keyserver`](#-apt--keyserver) +* [`key_options`](#-apt--key_options) +* [`ppa_options`](#-apt--ppa_options) +* [`ppa_package`](#-apt--ppa_package) +* [`backports`](#-apt--backports) +* [`confs`](#-apt--confs) +* [`update`](#-apt--update) +* [`update_defaults`](#-apt--update_defaults) +* [`purge`](#-apt--purge) +* [`purge_defaults`](#-apt--purge_defaults) +* [`proxy`](#-apt--proxy) +* [`proxy_defaults`](#-apt--proxy_defaults) +* [`sources`](#-apt--sources) +* [`keys`](#-apt--keys) +* [`keyrings`](#-apt--keyrings) +* [`ppas`](#-apt--ppas) +* [`pins`](#-apt--pins) +* [`settings`](#-apt--settings) +* [`manage_auth_conf`](#-apt--manage_auth_conf) +* [`auth_conf_entries`](#-apt--auth_conf_entries) +* [`auth_conf_owner`](#-apt--auth_conf_owner) +* [`root`](#-apt--root) +* [`sources_list`](#-apt--sources_list) +* [`sources_list_d`](#-apt--sources_list_d) +* [`conf_d`](#-apt--conf_d) +* [`preferences`](#-apt--preferences) +* [`preferences_d`](#-apt--preferences_d) +* [`config_files`](#-apt--config_files) +* [`sources_list_force`](#-apt--sources_list_force) +* [`include_defaults`](#-apt--include_defaults) +* [`apt_conf_d`](#-apt--apt_conf_d) +* [`source_key_defaults`](#-apt--source_key_defaults) + +##### `provider` + +Data type: `Stdlib::Absolutepath` + +Specifies the provider that should be used by apt::update. + +Default value: `'/usr/bin/apt-get'` + +##### `keyserver` + +Data type: `Stdlib::Host` + +Specifies a keyserver to provide the GPG key. Valid options: a string containing a domain name or a full URL (http://, https://, or +hkp://). + +Default value: `'keyserver.ubuntu.com'` + +##### `key_options` + +Data type: `Optional[String[1]]` + +Specifies the default options for apt::key resources. + +Default value: `undef` + +##### `ppa_options` + +Data type: `Optional[Array[String[1]]]` + +Supplies options to be passed to the `add-apt-repository` command. + +Default value: `undef` + +##### `ppa_package` + +Data type: `Optional[String[1]]` + +Names the package that provides the `apt-add-repository` command. + +Default value: `undef` + +##### `backports` + +Data type: `Optional[Hash]` + +Specifies some of the default parameters used by apt::backports. Valid options: a hash made up from the following keys: + +Options: + +* **:location** `String`: See apt::backports for documentation. +* **:repos** `String`: See apt::backports for documentation. +* **:key** `String`: See apt::backports for documentation. + +Default value: `undef` + +##### `confs` + +Data type: `Hash` + +Hash of `apt::conf` resources. + +Default value: `{}` + +##### `update` + +Data type: `Hash` + +Configures various update settings. Valid options: a hash made up from the following keys: + +Options: + +* **:frequency** `String`: Specifies how often to run `apt-get update`. If the exec resource `apt_update` is notified, +`apt-get update` runs regardless of this value. +Valid options: + 'always' (at every Puppet run); + 'hourly' (if the value of `apt_update_last_success` is less than current epoch time minus 3600); + 'daily' (if the value of `apt_update_last_success` is less than current epoch time minus 86400); + 'weekly' (if the value of `apt_update_last_success` is less than current epoch time minus 604800); + Integer (if the value of `apt_update_last_success` is less than current epoch time minus provided Integer value); + 'reluctantly' (only if the exec resource `apt_update` is notified). +Default: 'reluctantly'. +* **:loglevel** `Integer`: Specifies the log level of logs outputted to the console. Default: undef. +* **:timeout** `Integer`: Specifies how long to wait for the update to complete before canceling it. Valid options: an integer, in seconds. Default: undef. +* **:tries** `Integer`: Specifies how many times to retry the update after receiving a DNS or HTTP error. Default: undef. + +Default value: `{}` + +##### `update_defaults` + +Data type: `Hash` + +The default update settings that are combined and merged with the passed `update` value + +Default value: + +```puppet +{ + 'frequency' => 'reluctantly', + 'loglevel' => undef, + 'timeout' => undef, + 'tries' => undef, + } +``` + +##### `purge` + +Data type: `Hash` + +Specifies whether to purge any existing settings that aren't managed by Puppet. Valid options: a hash made up from the following keys: + +Options: + +* **:sources.list** `Boolean`: Specifies whether to purge any unmanaged entries from sources.list. Default false. +* **:sources.list.d** `Boolean`: Specifies whether to purge any unmanaged entries from sources.list.d. Default false. +* **:preferences** `Boolean`: Specifies whether to purge any unmanaged entries from preferences. Default false. +* **:preferences.d.** `Boolean`: Specifies whether to purge any unmanaged entries from preferences.d. Default false. + +Default value: `{}` + +##### `purge_defaults` + +Data type: `Hash` + +The default purge settings that are combined and merged with the passed `purge` value + +Default value: + +```puppet +{ + 'sources.list' => false, + 'sources.list.d' => false, + 'preferences' => false, + 'preferences.d' => false, + 'apt.conf.d' => false, + } +``` + +##### `proxy` + +Data type: `Apt::Proxy` + +Configures Apt to connect to a proxy server. Valid options: a hash matching the locally defined type apt::proxy. + +Default value: `{}` + +##### `proxy_defaults` + +Data type: `Hash` + +The default proxy settings that are combined and merged with the passed `proxy` value + +Default value: + +```puppet +{ + 'ensure' => undef, + 'host' => undef, + 'port' => 8080, + 'https' => false, + 'https_acng' => false, + 'direct' => false, + } +``` + +##### `sources` + +Data type: `Hash` + +Hash of `apt::source` resources. + +Default value: `{}` + +##### `keys` + +Data type: `Hash` + +Hash of `apt::key` resources. + +Default value: `{}` + +##### `keyrings` + +Data type: `Hash` + +Hash of `apt::keyring` resources. + +Default value: `{}` + +##### `ppas` + +Data type: `Hash` + +Hash of `apt::ppa` resources. + +Default value: `{}` + +##### `pins` + +Data type: `Hash` + +Hash of `apt::pin` resources. + +Default value: `{}` + +##### `settings` + +Data type: `Hash` + +Hash of `apt::setting` resources. + +Default value: `{}` + +##### `manage_auth_conf` + +Data type: `Boolean` + +Specifies whether to manage the /etc/apt/auth.conf file. When true, the file will be overwritten with the entries specified in +the auth_conf_entries parameter. When false, the file will be ignored (note that this does not set the file to absent. + +Default value: `true` + +##### `auth_conf_entries` + +Data type: `Array[Apt::Auth_conf_entry]` + +An optional array of login configuration settings (hashes) that are recorded in the file /etc/apt/auth.conf. This file has a netrc-like +format (similar to what curl uses) and contains the login configuration for APT sources and proxies that require authentication. See +https://manpages.debian.org/testing/apt/apt_auth.conf.5.en.html for details. If specified each hash must contain the keys machine, login and +password and no others. Specifying manage_auth_conf and not specifying this parameter will set /etc/apt/auth.conf to absent. + +Default value: `[]` + +##### `auth_conf_owner` + +Data type: `String[1]` + +The owner of the file /etc/apt/auth.conf. + +Default value: `'_apt'` + +##### `root` + +Data type: `Stdlib::Absolutepath` + +Specifies root directory of Apt executable. + +Default value: `'/etc/apt'` + +##### `sources_list` + +Data type: `Stdlib::Absolutepath` + +Specifies the path of the sources_list file to use. + +Default value: `"${root}/sources.list"` + +##### `sources_list_d` + +Data type: `Stdlib::Absolutepath` + +Specifies the path of the sources_list.d file to use. + +Default value: `"${root}/sources.list.d"` + +##### `conf_d` + +Data type: `Stdlib::Absolutepath` + +Specifies the path of the conf.d file to use. + +Default value: `"${root}/apt.conf.d"` + +##### `preferences` + +Data type: `Stdlib::Absolutepath` + +Specifies the path of the preferences file to use. + +Default value: `"${root}/preferences"` + +##### `preferences_d` + +Data type: `Stdlib::Absolutepath` + +Specifies the path of the preferences.d file to use. + +Default value: `"${root}/preferences.d"` + +##### `config_files` + +Data type: `Hash` + +A hash made up of the various configuration files used by Apt. + +Default value: + +```puppet +{ + 'conf' => { + 'path' => $conf_d, + 'ext' => '', + }, + 'pref' => { + 'path' => $preferences_d, + 'ext' => '.pref', + }, + 'list' => { + 'path' => $sources_list_d, + 'ext' => '.list', + }, + 'sources' => { + 'path' => $sources_list_d, + 'ext' => '.sources', + }, + } +``` + +##### `sources_list_force` + +Data type: `Boolean` + +Specifies whether to perform force purge or delete. + +Default value: `false` + +##### `include_defaults` + +Data type: `Hash` + +The package types to include by default. + +Default value: + +```puppet +{ + 'deb' => true, + 'src' => false, + } +``` + +##### `apt_conf_d` + +Data type: `Stdlib::Absolutepath` + +The path to the file `apt.conf.d` + +Default value: `"${root}/apt.conf.d"` + +##### `source_key_defaults` + +Data type: `Hash` + +The fault `source_key` settings + +Default value: + +```puppet +{ + 'server' => $keyserver, + 'options' => undef, + 'content' => undef, + 'source' => undef, + } +``` + +### `apt::backports` + +Manages backports. + +#### Examples + +##### Set up a backport source for Ubuntu + +```puppet +include apt::backports +``` + +#### Parameters + +The following parameters are available in the `apt::backports` class: + +* [`location`](#-apt--backports--location) +* [`release`](#-apt--backports--release) +* [`repos`](#-apt--backports--repos) +* [`key`](#-apt--backports--key) +* [`keyring`](#-apt--backports--keyring) +* [`pin`](#-apt--backports--pin) +* [`include`](#-apt--backports--include) + +##### `location` + +Data type: `Optional[Stdlib::HTTPUrl]` + +Specifies an Apt repository containing the backports to manage. Valid options: a string containing a URL. Default value for Debian and +Ubuntu varies: + +- Debian: 'http://deb.debian.org/debian' + +- Ubuntu: 'http://archive.ubuntu.com/ubuntu' + +Default value: `undef` + +##### `release` + +Data type: `Optional[String[1]]` + +Specifies a distribution of the Apt repository containing the backports to manage. Used in populating the `sources.list` configuration file. +Default: on Debian and Ubuntu, `${fact('os.distro.codename')}-backports`. We recommend keeping this default, except on other operating +systems. + +Default value: `undef` + +##### `repos` + +Data type: `Optional[String[1]]` + +Specifies a component of the Apt repository containing the backports to manage. Used in populating the `sources.list` configuration file. +Default value for Debian and Ubuntu varies: + +- Debian: 'main contrib non-free non-free-firmware' + +- Ubuntu: 'main universe multiverse restricted' + +Default value: `undef` + +##### `key` + +Data type: `Optional[Variant[String[1], Hash]]` + +Specifies a key to authenticate the backports. Valid options: a string to be passed to the id parameter of the apt::key defined type, or a +hash of parameter => value pairs to be passed to apt::key's id, server, content, source, and/or options parameters. + +Default value: `undef` + +##### `keyring` + +Data type: `Stdlib::AbsolutePath` + +Absolute path to a file containing the PGP keyring used to sign this +repository. Value is passed to the apt::source and used to set signed-by on +the source entry. + +Default value: `"/usr/share/keyrings/${facts['os']['name'].downcase}-archive-keyring.gpg"` + +##### `pin` + +Data type: `Variant[Integer, String[1], Hash]` + +Specifies a pin priority for the backports. Valid options: a number or string to be passed to the `id` parameter of the `apt::pin` defined +type, or a hash of `parameter => value` pairs to be passed to `apt::pin`'s corresponding parameters. + +Default value: `200` + +##### `include` + +Data type: `Hash` + +Specifies whether to include 'deb' or 'src', or both. + +Default value: `{}` + +## Defined types + +### `apt::conf` + +Specifies a custom Apt configuration file. + +#### Parameters + +The following parameters are available in the `apt::conf` defined type: + +* [`content`](#-apt--conf--content) +* [`ensure`](#-apt--conf--ensure) +* [`priority`](#-apt--conf--priority) +* [`notify_update`](#-apt--conf--notify_update) + +##### `content` + +Data type: `Optional[String[1]]` + +Required unless `ensure` is set to 'absent'. Directly supplies content for the configuration file. + +Default value: `undef` + +##### `ensure` + +Data type: `Enum['present', 'absent']` + +Specifies whether the configuration file should exist. + +Default value: `present` + +##### `priority` + +Data type: `Variant[String[1], Integer[0]]` + +Determines the order in which Apt processes the configuration file. Files with lower priority numbers are loaded first. +Valid options: a string containing an integer or an integer. + +Default value: `50` + +##### `notify_update` + +Data type: `Optional[Boolean]` + +Specifies whether to trigger an `apt-get update` run. + +Default value: `undef` + +### `apt::key` + +Manages the GPG keys that Apt uses to authenticate packages. + +* **Note** The apt::key defined type makes use of the apt_key type, but includes extra functionality to help prevent duplicate keys. + +#### Examples + +##### Declare Apt key for apt.puppetlabs.com source + +```puppet +apt::key { 'puppetlabs': + id => '6F6B15509CF8E59E6E469F327F438280EF8D349F', + server => 'keyserver.ubuntu.com', + options => 'http-proxy="http://proxyuser:proxypass@example.org:3128"', +} +``` + +#### Parameters + +The following parameters are available in the `apt::key` defined type: + +* [`id`](#-apt--key--id) +* [`ensure`](#-apt--key--ensure) +* [`content`](#-apt--key--content) +* [`source`](#-apt--key--source) +* [`server`](#-apt--key--server) +* [`weak_ssl`](#-apt--key--weak_ssl) +* [`options`](#-apt--key--options) + +##### `id` + +Data type: `Pattern[/\A(0x)?[0-9a-fA-F]{8}\Z/, /\A(0x)?[0-9a-fA-F]{16}\Z/, /\A(0x)?[0-9a-fA-F]{40}\Z/]` + +Specifies a GPG key to authenticate Apt package signatures. Valid options: a string containing a key ID (8 or 16 hexadecimal +characters, optionally prefixed with "0x") or a full key fingerprint (40 hexadecimal characters). + +Default value: `$title` + +##### `ensure` + +Data type: `Enum['present', 'absent', 'refreshed']` + +Specifies whether the key should exist. Using `refreshed` will make keys +auto update when they have expired (assuming a new key exists on the key +server). + +Default value: `present` + +##### `content` + +Data type: `Optional[String[1]]` + +Supplies the entire GPG key. Useful in case the key can't be fetched from a remote location and using a file resource is inconvenient. + +Default value: `undef` + +##### `source` + +Data type: `Optional[Pattern[/\Ahttps?:\/\//, /\Aftp:\/\//, /\A\/\w+/]]` + +Specifies the location of an existing GPG key file to copy. Valid options: a string containing a URL (ftp://, http://, or https://) or +an absolute path. + +Default value: `undef` + +##### `server` + +Data type: `Pattern[/\A((hkp|hkps|http|https):\/\/)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?(\/[a-zA-Z\d\-_.]+)*\/?$/]` + +Specifies a keyserver to provide the GPG key. Valid options: a string containing a domain name or a full URL (http://, https://, +hkp:// or hkps://). The hkps:// protocol is currently only supported on Ubuntu 18.04. + +Default value: `$apt::keyserver` + +##### `weak_ssl` + +Data type: `Boolean` + +Specifies whether strict SSL verification on a https URL should be disabled. + +Default value: `false` + +##### `options` + +Data type: `Optional[String[1]]` + +Passes additional options to `apt-key adv --keyserver-options`. + +Default value: `$apt::key_options` + +### `apt::keyring` + +Manage GPG keyrings for apt repositories + +#### Examples + +##### Download the puppetlabs apt keyring + +```puppet +apt::keyring { 'puppetlabs-keyring.gpg': + source => 'https://apt.puppetlabs.com/keyring.gpg', +} +``` + +##### Deploy the apt source and associated keyring file + +```puppet +apt::source { 'puppet8-release': + location => 'http://apt.puppetlabs.com', + repos => 'puppet8', + key => { + name => 'puppetlabs-keyring.gpg', + source => 'https://apt.puppetlabs.com/keyring.gpg' + } +} +``` + +#### Parameters + +The following parameters are available in the `apt::keyring` defined type: + +* [`dir`](#-apt--keyring--dir) +* [`filename`](#-apt--keyring--filename) +* [`mode`](#-apt--keyring--mode) +* [`source`](#-apt--keyring--source) +* [`content`](#-apt--keyring--content) +* [`ensure`](#-apt--keyring--ensure) + +##### `dir` + +Data type: `Stdlib::Absolutepath` + +Path to the directory where the keyring will be stored. + +Default value: `'/etc/apt/keyrings'` + +##### `filename` + +Data type: `String[1]` + +Optional filename for the keyring. It should also contain extension along with the filename. + +Default value: `$name` + +##### `mode` + +Data type: `Stdlib::Filemode` + +File permissions of the keyring. + +Default value: `'0644'` + +##### `source` + +Data type: `Optional[Stdlib::Filesource]` + +Source of the keyring file. Mutually exclusive with 'content'. + +Default value: `undef` + +##### `content` + +Data type: `Optional[String[1]]` + +Content of the keyring file. Mutually exclusive with 'source'. + +Default value: `undef` + +##### `ensure` + +Data type: `Enum['present','absent']` + +Ensure presence or absence of the resource. + +Default value: `'present'` + +### `apt::mark` + +Manages apt-mark settings + +#### Parameters + +The following parameters are available in the `apt::mark` defined type: + +* [`setting`](#-apt--mark--setting) + +##### `setting` + +Data type: `Enum['auto','manual','hold','unhold']` + +Specifies the behavior of apt in case of no more dependencies installed +https://manpages.debian.org/stable/apt/apt-mark.8.en.html + +### `apt::pin` + +Manages Apt pins. Does not trigger an apt-get update run. + +* **See also** + * https://manpages.debian.org/stable/apt/apt_preferences.5.en.html + * for context on these parameters + +#### Parameters + +The following parameters are available in the `apt::pin` defined type: + +* [`ensure`](#-apt--pin--ensure) +* [`explanation`](#-apt--pin--explanation) +* [`order`](#-apt--pin--order) +* [`packages`](#-apt--pin--packages) +* [`priority`](#-apt--pin--priority) +* [`release`](#-apt--pin--release) +* [`release_version`](#-apt--pin--release_version) +* [`component`](#-apt--pin--component) +* [`originator`](#-apt--pin--originator) +* [`label`](#-apt--pin--label) +* [`origin`](#-apt--pin--origin) +* [`version`](#-apt--pin--version) +* [`codename`](#-apt--pin--codename) + +##### `ensure` + +Data type: `Enum['file', 'present', 'absent']` + +Specifies whether the pin should exist. + +Default value: `present` + +##### `explanation` + +Data type: `Optional[String[1]]` + +Supplies a comment to explain the pin. Default: "${caller_module_name}: ${name}". + +Default value: `undef` + +##### `order` + +Data type: `Variant[Integer[0]]` + +Determines the order in which Apt processes the pin file. Files with lower order numbers are loaded first. + +Default value: `50` + +##### `packages` + +Data type: `Variant[String[1], Array[String[1]]]` + +Specifies which package(s) to pin. + +Default value: `'*'` + +##### `priority` + +Data type: `Variant[Integer, String[1]]` + +Sets the priority of the package. If multiple versions of a given package are available, `apt-get` installs the one with the highest +priority number (subject to dependency constraints). + +Default value: `0` + +##### `release` + +Data type: `Optional[String[1]]` + +Tells APT to prefer packages that support the specified release. Typical values include 'stable', 'testing', and 'unstable'. + +Default value: `undef` + +##### `release_version` + +Data type: `Optional[String[1]]` + +Tells APT to prefer packages that support the specified operating system release version (such as Debian release version 7). + +Default value: `undef` + +##### `component` + +Data type: `Optional[String[1]]` + +Names the licensing component associated with the packages in the directory tree of the Release file. + +Default value: `undef` + +##### `originator` + +Data type: `Optional[String[1]]` + +Names the originator of the packages in the directory tree of the Release file. + +Default value: `undef` + +##### `label` + +Data type: `Optional[String[1]]` + +Names the label of the packages in the directory tree of the Release file. + +Default value: `undef` + +##### `origin` + +Data type: `Optional[String[1]]` + +The package origin (the hostname part of the package's sources.list entry) + +Default value: `undef` + +##### `version` + +Data type: `Optional[String[1]]` + +The version of the package + +Default value: `undef` + +##### `codename` + +Data type: `Optional[String[1]]` + +The codename of the release + +Default value: `undef` + +### `apt::ppa` + +Manages PPA repositories using `add-apt-repository`. Not supported on Debian. + +#### Examples + +##### Declaration of an Apt PPA + +```puppet +apt::ppa { 'ppa:openstack-ppa/bleeding-edge': } +``` + +#### Parameters + +The following parameters are available in the `apt::ppa` defined type: + +* [`ensure`](#-apt--ppa--ensure) +* [`options`](#-apt--ppa--options) +* [`release`](#-apt--ppa--release) +* [`dist`](#-apt--ppa--dist) +* [`package_name`](#-apt--ppa--package_name) +* [`package_manage`](#-apt--ppa--package_manage) + +##### `ensure` + +Data type: `Enum['present', 'absent']` + +Specifies whether the PPA should exist. + +Default value: `'present'` + +##### `options` + +Data type: `Optional[Array[String[1]]]` + +Supplies options to be passed to the `add-apt-repository` command. + +Default value: `$apt::ppa_options` + +##### `release` + +Data type: `Optional[String[1]]` + +Specifies the operating system of your node. Valid options: a string containing a valid LSB distribution codename. +Optional if `puppet facts show os.distro.codename` returns your correct distribution release codename. + +Default value: `fact('os.distro.codename')` + +##### `dist` + +Data type: `Optional[String[1]]` + +Specifies the distribution of your node. Valid options: a string containing a valid distribution codename. +Optional if `puppet facts show os.name` returns your correct distribution name. + +Default value: `$facts['os']['name']` + +##### `package_name` + +Data type: `Optional[String[1]]` + +Names the package that provides the `apt-add-repository` command. + +Default value: `$apt::ppa_package` + +##### `package_manage` + +Data type: `Boolean` + +Specifies whether Puppet should manage the package that provides `apt-add-repository`. + +Default value: `false` + +### `apt::setting` + +Manages Apt configuration files. + +* **See also** + * https://www.puppet.com/docs/puppet/latest/types/file.html#file-attributes + * for more information on source and content parameters + +#### Parameters + +The following parameters are available in the `apt::setting` defined type: + +* [`priority`](#-apt--setting--priority) +* [`ensure`](#-apt--setting--ensure) +* [`source`](#-apt--setting--source) +* [`content`](#-apt--setting--content) +* [`notify_update`](#-apt--setting--notify_update) + +##### `priority` + +Data type: `Variant[String[1], Integer[0]]` + +Determines the order in which Apt processes the configuration file. Files with higher priority numbers are loaded first. + +Default value: `50` + +##### `ensure` + +Data type: `Enum['file', 'present', 'absent']` + +Specifies whether the file should exist. + +Default value: `file` + +##### `source` + +Data type: `Optional[String[1]]` + +Required, unless `content` is set. Specifies a source file to supply the content of the configuration file. Cannot be used in combination +with `content`. Valid options: see link above for Puppet's native file type source attribute. + +Default value: `undef` + +##### `content` + +Data type: `Optional[String[1]]` + +Required, unless `source` is set. Directly supplies content for the configuration file. Cannot be used in combination with `source`. Valid +options: see link above for Puppet's native file type content attribute. + +Default value: `undef` + +##### `notify_update` + +Data type: `Boolean` + +Specifies whether to trigger an `apt-get update` run. + +Default value: `true` + +### `apt::source` + +Manages the Apt sources in /etc/apt/sources.list.d/. + +#### Examples + +##### Install the puppetlabs apt source + +```puppet +apt::source { 'puppetlabs': + location => 'http://apt.puppetlabs.com', + repos => 'main', + key => { + id => '6F6B15509CF8E59E6E469F327F438280EF8D349F', + server => 'keyserver.ubuntu.com', + }, +} +``` + +##### Download key behaviour to handle modern apt gpg keyrings. The `name` parameter in the key hash should be given with + +```puppet +extension. Absence of extension will result in file formation with just name and no extension. +apt::source { 'puppetlabs': + location => 'http://apt.puppetlabs.com', + comment => 'Puppet8', + key => { + 'name' => 'puppetlabs.gpg', + 'source' => 'https://apt.puppetlabs.com/keyring.gpg', + }, +} +``` + +##### Install the puppetlabs apt source (deb822 format) + +```puppet +apt::source { 'puppetlabs': + source_format => 'sources' + location => ['http://apt.puppetlabs.com'], + repos => ['puppet8'], + keyring => '/etc/apt/keyrings/puppetlabs.gpg', +} +``` + +#### Parameters + +The following parameters are available in the `apt::source` defined type: + +* [`source_format`](#-apt--source--source_format) +* [`location`](#-apt--source--location) +* [`types`](#-apt--source--types) +* [`enabled`](#-apt--source--enabled) +* [`comment`](#-apt--source--comment) +* [`ensure`](#-apt--source--ensure) +* [`release`](#-apt--source--release) +* [`repos`](#-apt--source--repos) +* [`include`](#-apt--source--include) +* [`key`](#-apt--source--key) +* [`keyring`](#-apt--source--keyring) +* [`pin`](#-apt--source--pin) +* [`architecture`](#-apt--source--architecture) +* [`allow_unsigned`](#-apt--source--allow_unsigned) +* [`allow_insecure`](#-apt--source--allow_insecure) +* [`notify_update`](#-apt--source--notify_update) +* [`check_valid_until`](#-apt--source--check_valid_until) + +##### `source_format` + +Data type: `Enum['list', 'sources']` + +The file format to use for the apt source. See https://wiki.debian.org/SourcesList + +Default value: `'list'` + +##### `location` + +Data type: `Optional[Variant[String[1], Array[String[1]]]]` + +Required, unless ensure is set to 'absent'. Specifies an Apt repository. Valid options: a string containing a repository URL. +DEB822: Supports an array of URL values + +Default value: `undef` + +##### `types` + +Data type: `Array[Enum['deb','deb-src'], 1, 2]` + +DEB822: The package types this source manages. + +Default value: `['deb']` + +##### `enabled` + +Data type: `Boolean` + +DEB822: Enable or Disable the APT source. + +Default value: `true` + +##### `comment` + +Data type: `String[1]` + +Supplies a comment for adding to the Apt source file. + +Default value: `$name` + +##### `ensure` + +Data type: `Enum['present', 'absent']` + +Specifies whether the Apt source file should exist. + +Default value: `present` + +##### `release` + +Data type: `Optional[Variant[String[0], Array[String[0]]]]` + +Specifies a distribution of the Apt repository. +DEB822: Supports an array of values + +Default value: `undef` + +##### `repos` + +Data type: `Variant[String[1], Array[String[1]]]` + +Specifies a component of the Apt repository. +DEB822: Supports an array of values + +Default value: `'main'` + +##### `include` + +Data type: `Hash` + +Configures include options. Valid options: a hash of available keys. + +Options: + +* **:deb** `Boolean`: Specifies whether to request the distribution's compiled binaries. +* **:src** `Boolean`: Specifies whether to request the distribution's uncompiled source code. + +Default value: `{}` + +##### `key` + +Data type: `Optional[Variant[String[1], Hash]]` + +Creates an `apt::keyring` in `/etc/apt/keyrings` (or anywhere on disk given `filename`) Valid options: + * a hash of `parameter => value` pairs to be passed to `file`: `name` (title), `content`, `source`, `filename` + +The following inputs are valid for the (deprecated) `apt::key` defined type. Valid options: + * a string to be passed to the `id` parameter of the `apt::key` defined type + * a hash of `parameter => value` pairs to be passed to `apt::key`: `id`, `server`, `content`, `source`, `weak_ssl`, `options` + +Default value: `undef` + +##### `keyring` + +Data type: `Optional[Stdlib::AbsolutePath]` + +Absolute path to a file containing the PGP keyring used to sign this repository. Value is used to set signed-by on the source entry. +This is not necessary if the key is installed with `key` param above. +See https://wiki.debian.org/DebianRepository/UseThirdParty for details. + +Default value: `undef` + +##### `pin` + +Data type: `Optional[Variant[Hash, Integer, String[1]]]` + +Creates a declaration of the apt::pin defined type. Valid options: a number or string to be passed to the `priority` parameter of the +`apt::pin` defined type, or a hash of `parameter => value` pairs to be passed to `apt::pin`'s corresponding parameters. + +Default value: `undef` + +##### `architecture` + +Data type: `Optional[Variant[String[1], Array[String[1]]]]` + +Tells Apt to only download information for specified architectures. Valid options: a string containing one or more architecture names, +separated by commas (e.g., 'i386' or 'i386,alpha,powerpc'). +(if unspecified, Apt downloads information for all architectures defined in the Apt::Architectures option) +DEB822: Supports an array of values + +Default value: `undef` + +##### `allow_unsigned` + +Data type: `Optional[Boolean]` + +Specifies whether to authenticate packages from this release, even if the Release file is not signed or the signature can't be checked. + +Default value: `undef` + +##### `allow_insecure` + +Data type: `Optional[Boolean]` + +Specifies whether to allow downloads from insecure repositories. + +Default value: `undef` + +##### `notify_update` + +Data type: `Boolean` + +Specifies whether to trigger an `apt-get update` run. + +Default value: `true` + +##### `check_valid_until` + +Data type: `Optional[Boolean]` + +Specifies whether to check if the package release date is valid. + +Default value: `undef` + +## Data types + +### `Apt::Auth_conf_entry` + +Login configuration settings that are recorded in the file `/etc/apt/auth.conf`. + +* **See also** + * https://manpages.debian.org/testing/apt/apt_auth.conf.5.en.html + * for more information + +Alias of + +```puppet +Struct[{ + machine => String[1], + login => String, + password => String + }] +``` + +#### Parameters + +The following parameters are available in the `Apt::Auth_conf_entry` data type: + +* [`machine`](#-Apt--Auth_conf_entry--machine) +* [`login`](#-Apt--Auth_conf_entry--login) +* [`password`](#-Apt--Auth_conf_entry--password) + +##### `machine` + +Hostname of machine to connect to. + +##### `login` + +Specifies the username to connect with. + +##### `password` + +Specifies the password to connect with. + +### `Apt::Proxy` + +Configures Apt to connect to a proxy server. + +Alias of + +```puppet +Struct[{ + ensure => Optional[Enum['file', 'present', 'absent']], + host => Optional[String], + port => Optional[Integer[0, 65535]], + https => Optional[Boolean], + https_acng => Optional[Boolean], + direct => Optional[Boolean], + perhost => Optional[Array[Apt::Proxy_Per_Host]], + }] +``` + +#### Parameters + +The following parameters are available in the `Apt::Proxy` data type: + +* [`ensure`](#-Apt--Proxy--ensure) +* [`host`](#-Apt--Proxy--host) +* [`port`](#-Apt--Proxy--port) +* [`https`](#-Apt--Proxy--https) +* [`direct`](#-Apt--Proxy--direct) + +##### `ensure` + +Specifies whether the proxy should exist. Valid options: 'file', 'present', and 'absent'. Prefer 'file' over 'present'. + +##### `host` + +Specifies a proxy host to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: a string containing a hostname. + +##### `port` + +Specifies a proxy port to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: an integer containing a port number. + +##### `https` + +Specifies whether to enable https proxies. + +##### `direct` + +Specifies whether or not to use a `DIRECT` https proxy if http proxy is used but https is not. + +### `Apt::Proxy_Per_Host` + +Adds per-host overrides to the system default APT proxy configuration + +Alias of + +```puppet +Struct[{ + scope => String, + host => Optional[String], + port => Optional[Integer[1, 65535]], + https => Optional[Boolean], + direct => Optional[Boolean], + }] +``` + +#### Parameters + +The following parameters are available in the `Apt::Proxy_Per_Host` data type: + +* [`scope`](#-Apt--Proxy_Per_Host--scope) +* [`host`](#-Apt--Proxy_Per_Host--host) +* [`port`](#-Apt--Proxy_Per_Host--port) +* [`https`](#-Apt--Proxy_Per_Host--https) +* [`direct`](#-Apt--Proxy_Per_Host--direct) + +##### `scope` + +Specifies the scope of the override. Valid options: a string containing a hostname. + +##### `host` + +Specifies a proxy host to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: a string containing a hostname. + +##### `port` + +Specifies a proxy port to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: an integer containing a port number. + +##### `https` + +Specifies whether to enable https for this override. + +##### `direct` + +Specifies whether or not to use a `DIRECT` target to bypass the system default proxy. + +## Tasks + +### `init` + +Allows you to perform apt-get functions + +**Supports noop?** false + +#### Parameters + +##### `action` + +Data type: `Enum[update, upgrade, dist-upgrade, autoremove]` + +Action to perform with apt-get + diff --git a/environments/production/thirdparty/apt/data/common.yaml b/environments/production/thirdparty/apt/data/common.yaml new file mode 100644 index 0000000..2fbf0ff --- /dev/null +++ b/environments/production/thirdparty/apt/data/common.yaml @@ -0,0 +1 @@ +--- {} diff --git a/environments/production/thirdparty/apt/data/os/Debian.yaml b/environments/production/thirdparty/apt/data/os/Debian.yaml new file mode 100644 index 0000000..e7cc38a --- /dev/null +++ b/environments/production/thirdparty/apt/data/os/Debian.yaml @@ -0,0 +1,3 @@ +apt::backports: + location: http://deb.debian.org/debian + repos: main contrib non-free diff --git a/environments/production/thirdparty/apt/data/os/Debian/12.yaml b/environments/production/thirdparty/apt/data/os/Debian/12.yaml new file mode 100644 index 0000000..c09df5e --- /dev/null +++ b/environments/production/thirdparty/apt/data/os/Debian/12.yaml @@ -0,0 +1,3 @@ +apt::backports: + location: http://deb.debian.org/debian + repos: main contrib non-free non-free-firmware diff --git a/environments/production/thirdparty/apt/data/os/Ubuntu.yaml b/environments/production/thirdparty/apt/data/os/Ubuntu.yaml new file mode 100644 index 0000000..20bf431 --- /dev/null +++ b/environments/production/thirdparty/apt/data/os/Ubuntu.yaml @@ -0,0 +1,7 @@ +apt::backports: + location: http://archive.ubuntu.com/ubuntu + repos: main universe multiverse restricted + +apt::ppa_options: + - -y +apt::ppa_package: software-properties-common diff --git a/environments/production/thirdparty/apt/examples/backports.pp b/environments/production/thirdparty/apt/examples/backports.pp new file mode 100644 index 0000000..d747f8f --- /dev/null +++ b/environments/production/thirdparty/apt/examples/backports.pp @@ -0,0 +1,7 @@ +# Set up a backport for Linux Mint qiana +class { 'apt': } +class { 'apt::backports': + location => 'http://us.archive.ubuntu.com/ubuntu', + release => 'trusty-backports', + repos => 'main universe multiverse restricted', +} diff --git a/environments/production/thirdparty/apt/examples/builddep.pp b/environments/production/thirdparty/apt/examples/builddep.pp new file mode 100644 index 0000000..8c23a94 --- /dev/null +++ b/environments/production/thirdparty/apt/examples/builddep.pp @@ -0,0 +1,3 @@ +package { 'glusterfs-server': + install_options => 'build-dep', +} diff --git a/environments/production/thirdparty/apt/examples/debian_testing.pp b/environments/production/thirdparty/apt/examples/debian_testing.pp new file mode 100644 index 0000000..bea2f08 --- /dev/null +++ b/environments/production/thirdparty/apt/examples/debian_testing.pp @@ -0,0 +1,18 @@ +package { 'debian-keyring': + ensure => present, +} + +package { 'debian-archive-keyring': + ensure => present, +} + +apt::source { 'debian_testing': + location => 'http://debian.mirror.iweb.ca/debian/', + release => 'testing', + repos => 'main contrib non-free', + pin => '-10', + key => { + id => 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553', + server => 'subkeys.pgp.net', + }, +} diff --git a/environments/production/thirdparty/apt/examples/debian_unstable.pp b/environments/production/thirdparty/apt/examples/debian_unstable.pp new file mode 100644 index 0000000..344f90c --- /dev/null +++ b/environments/production/thirdparty/apt/examples/debian_unstable.pp @@ -0,0 +1,18 @@ +package { 'debian-keyring': + ensure => present, +} + +package { 'debian-archive-keyring': + ensure => present, +} + +apt::source { 'debian_unstable': + location => 'http://debian.mirror.iweb.ca/debian/', + release => 'unstable', + repos => 'main contrib non-free', + pin => '-10', + key => { + id => 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553', + server => 'subkeys.pgp.net', + }, +} diff --git a/environments/production/thirdparty/apt/examples/disable_keys.pp b/environments/production/thirdparty/apt/examples/disable_keys.pp new file mode 100644 index 0000000..a39b932 --- /dev/null +++ b/environments/production/thirdparty/apt/examples/disable_keys.pp @@ -0,0 +1,5 @@ +#Note: This is generally a bad idea. You should not disable verifying repository signatures. +apt::conf { 'unauth': + priority => 99, + content => 'APT::Get::AllowUnauthenticated 1;', +} diff --git a/environments/production/thirdparty/apt/examples/fancy_progress.pp b/environments/production/thirdparty/apt/examples/fancy_progress.pp new file mode 100644 index 0000000..db78441 --- /dev/null +++ b/environments/production/thirdparty/apt/examples/fancy_progress.pp @@ -0,0 +1,4 @@ +apt::conf { 'progressbar': + priority => 99, + content => 'Dpkg::Progress-Fancy "1";', +} diff --git a/environments/production/thirdparty/apt/examples/force.pp b/environments/production/thirdparty/apt/examples/force.pp new file mode 100644 index 0000000..4cfaa96 --- /dev/null +++ b/environments/production/thirdparty/apt/examples/force.pp @@ -0,0 +1,28 @@ +#if you need to specify a release +$rel_string = '-t ' +#else +$rel_string = '' + +#if you need to specify a version +$ensure = '' +#else +$ensure = installed + +#if overwrite existing cfg files +$config_files = '-o Dpkg::Options::="--force-confnew"' +#elsif force use of old files +$config_files = '-o Dpkg::Options::="--force-confold"' +#elsif update only unchanged files +$config_files = '-o Dpkg::Options::="--force-confdef"' +#else +$config_files = '' + +#if install missing configuration files for the package +$config_missing = '-o Dpkg::Options::="--force-confmiss"' +#else +$config_missing = '' + +package { '': + ensure => $ensure, + install_options => "${config_files} ${config_missing} ${rel_string}", +} diff --git a/environments/production/thirdparty/apt/examples/hold.pp b/environments/production/thirdparty/apt/examples/hold.pp new file mode 100644 index 0000000..00f760c --- /dev/null +++ b/environments/production/thirdparty/apt/examples/hold.pp @@ -0,0 +1,5 @@ +apt::pin { 'hold-vim': + packages => 'vim', + version => '2:7.4.488-5', + priority => 1001, +} diff --git a/environments/production/thirdparty/apt/examples/key.pp b/environments/production/thirdparty/apt/examples/key.pp new file mode 100644 index 0000000..478073c --- /dev/null +++ b/environments/production/thirdparty/apt/examples/key.pp @@ -0,0 +1,6 @@ +# Declare Apt key for apt.puppetlabs.com source +apt::key { 'puppetlabs': + id => 'D6811ED3ADEEB8441AF5AA8F4528B6CD9E61EF26', + server => 'keyserver.ubuntu.com', + options => 'http-proxy="http://proxyuser:proxypass@example.org:3128"', +} diff --git a/environments/production/thirdparty/apt/examples/mark.pp b/environments/production/thirdparty/apt/examples/mark.pp new file mode 100644 index 0000000..52bae6e --- /dev/null +++ b/environments/production/thirdparty/apt/examples/mark.pp @@ -0,0 +1,3 @@ +apt::mark { 'vim': + setting => 'auto', +} diff --git a/environments/production/thirdparty/apt/examples/pin.pp b/environments/production/thirdparty/apt/examples/pin.pp new file mode 100644 index 0000000..6a9024c --- /dev/null +++ b/environments/production/thirdparty/apt/examples/pin.pp @@ -0,0 +1,5 @@ +# pin a release in apt, useful for unstable repositories +apt::pin { 'foo': + packages => '*', + priority => 0, +} diff --git a/environments/production/thirdparty/apt/examples/ppa.pp b/environments/production/thirdparty/apt/examples/ppa.pp new file mode 100644 index 0000000..4f4432a --- /dev/null +++ b/environments/production/thirdparty/apt/examples/ppa.pp @@ -0,0 +1,4 @@ +class { 'apt': } + +# Example declaration of an Apt PPA +apt::ppa { 'ppa:ubuntuhandbook1/apps': } diff --git a/environments/production/thirdparty/apt/examples/release.pp b/environments/production/thirdparty/apt/examples/release.pp new file mode 100644 index 0000000..46d6893 --- /dev/null +++ b/environments/production/thirdparty/apt/examples/release.pp @@ -0,0 +1,4 @@ +apt::conf { 'release': + content => 'APT::Default-Release "karmic";', + priority => '01', +} diff --git a/environments/production/thirdparty/apt/examples/source.pp b/environments/production/thirdparty/apt/examples/source.pp new file mode 100644 index 0000000..2227cce --- /dev/null +++ b/environments/production/thirdparty/apt/examples/source.pp @@ -0,0 +1,35 @@ +# Declare the apt class to manage /etc/apt/sources.list and /etc/sources.list.d +class { 'apt': } + +# Install the puppetlabs apt source +# Release is automatically obtained from facts. +apt::source { 'puppetlabs': + location => 'http://apt.puppetlabs.com', + repos => 'main', + key => { + id => '6F6B15509CF8E59E6E469F327F438280EF8D349F', + server => 'keyserver.ubuntu.com', + }, +} + +# test two sources with the same key +apt::source { 'debian_testing': + location => 'http://debian.mirror.iweb.ca/debian/', + release => 'testing', + repos => 'main contrib non-free non-free-firmware', + key => { + id => 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553', + server => 'keyserver.ubuntu.com', + }, + pin => '-10', +} +apt::source { 'debian_unstable': + location => 'http://debian.mirror.iweb.ca/debian/', + release => 'unstable', + repos => 'main contrib non-free non-free-firmware', + key => { + id => 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553', + server => 'keyserver.ubuntu.com', + }, + pin => '-10', +} diff --git a/environments/production/thirdparty/apt/examples/unattended_upgrades.pp b/environments/production/thirdparty/apt/examples/unattended_upgrades.pp new file mode 100644 index 0000000..4640904 --- /dev/null +++ b/environments/production/thirdparty/apt/examples/unattended_upgrades.pp @@ -0,0 +1 @@ +# TODO diff --git a/environments/production/thirdparty/apt/files/15update-stamp b/environments/production/thirdparty/apt/files/15update-stamp new file mode 100644 index 0000000..14ead83 --- /dev/null +++ b/environments/production/thirdparty/apt/files/15update-stamp @@ -0,0 +1 @@ +APT::Update::Post-Invoke-Success {"touch /var/lib/apt/periodic/update-success-stamp 2>/dev/null || true";}; diff --git a/environments/production/thirdparty/apt/hiera.yaml b/environments/production/thirdparty/apt/hiera.yaml new file mode 100644 index 0000000..72369de --- /dev/null +++ b/environments/production/thirdparty/apt/hiera.yaml @@ -0,0 +1,21 @@ +--- +version: 5 + +defaults: # Used for any hierarchy level that omits these keys. + datadir: data # This path is relative to hiera.yaml's directory. + data_hash: yaml_data # Use the built-in YAML backend. + +hierarchy: + - name: "os.family/major release" + paths: + # Used to distinguish between Debian and Ubuntu + - "os/%{facts.os.name}/%{facts.os.release.major}.yaml" + - "os/%{facts.os.family}/%{facts.os.release.major}.yaml" + # Used for Solaris + - "os/%{facts.os.family}/%{facts.kernelrelease}.yaml" + - name: "os.family" + paths: + - "os/%{facts.os.name}.yaml" + - "os/%{facts.os.family}.yaml" + - name: 'common' + path: 'common.yaml' diff --git a/environments/production/thirdparty/apt/lib/facter/apt_reboot_required.rb b/environments/production/thirdparty/apt/lib/facter/apt_reboot_required.rb new file mode 100644 index 0000000..27239b3 --- /dev/null +++ b/environments/production/thirdparty/apt/lib/facter/apt_reboot_required.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +# apt_reboot_required.rb +Facter.add(:apt_reboot_required) do + confine 'os.family': 'Debian' + setcode do + File.file?('/var/run/reboot-required') + end +end diff --git a/environments/production/thirdparty/apt/lib/facter/apt_sources.rb b/environments/production/thirdparty/apt/lib/facter/apt_sources.rb new file mode 100644 index 0000000..4afa1c6 --- /dev/null +++ b/environments/production/thirdparty/apt/lib/facter/apt_sources.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +# This fact lists the .list filenames that are used by apt. +Facter.add(:apt_sources) do + confine 'os.family': 'Debian' + setcode do + sources = ['sources.list'] + Dir.glob('/etc/apt/sources.list.d/*.{list,sources}').each do |file| + sources.push(File.basename(file)) + end + sources + end +end diff --git a/environments/production/thirdparty/apt/lib/facter/apt_update_last_success.rb b/environments/production/thirdparty/apt/lib/facter/apt_update_last_success.rb new file mode 100644 index 0000000..f00cd18 --- /dev/null +++ b/environments/production/thirdparty/apt/lib/facter/apt_update_last_success.rb @@ -0,0 +1,18 @@ +# frozen_string_literal: true + +require 'facter' + +# This is derived from the file /var/lib/apt/periodic/update-success-stamp +# This is generated upon a successful apt-get update run natively in ubuntu. +# the Puppetlabs-apt module deploys this same functionality for other debian-ish OSes +Facter.add('apt_update_last_success') do + confine 'os.family': 'Debian' + setcode do + if File.exist?('/var/lib/apt/periodic/update-success-stamp') + # get epoch time + File.mtime('/var/lib/apt/periodic/update-success-stamp').to_i + else + -1 + end + end +end diff --git a/environments/production/thirdparty/apt/lib/facter/apt_updates.rb b/environments/production/thirdparty/apt/lib/facter/apt_updates.rb new file mode 100644 index 0000000..cd9772a --- /dev/null +++ b/environments/production/thirdparty/apt/lib/facter/apt_updates.rb @@ -0,0 +1,103 @@ +# frozen_string_literal: true + +apt_package_updates = nil +apt_dist_updates = nil + +# Executes the upgrading of packages +# @param +# upgrade_option Type of upgrade passed into apt-get command arguments i.e. 'upgrade' or 'dist-upgrade' +def get_updates(upgrade_option) + apt_updates = nil + if File.executable?('/usr/bin/apt-get') + apt_get_result = Facter::Core::Execution.execute("/usr/bin/apt-get -s -o Debug::NoLocking=true #{upgrade_option} 2>&1") + unless apt_get_result.nil? + apt_updates = [[], []] + apt_get_result.each_line do |line| + next unless %r{^Inst\s}.match?(line) + + package = line.gsub(%r{^Inst\s([^\s]+)\s.*}, '\1').strip + apt_updates[0].push(package) + security_matches = [ + %r{ Debian-Security:}, + %r{ Ubuntu[^\s]+-security[, ]}, + %r{ gNewSense[^\s]+-security[, ]}, + ] + re = Regexp.union(security_matches) + apt_updates[1].push(package) if line.match(re) + end + end + end + apt_updates +end + +Facter.add('apt_has_updates') do + confine 'os.family': 'Debian' + setcode do + apt_package_updates = get_updates('upgrade') + apt_package_updates != [[], []] if !apt_package_updates.nil? && apt_package_updates.length == 2 + end +end + +Facter.add('apt_has_dist_updates') do + confine 'os.family': 'Debian' + setcode do + apt_dist_updates = get_updates('dist-upgrade') + apt_dist_updates != [[], []] if !apt_dist_updates.nil? && apt_dist_updates.length == 2 + end +end + +Facter.add('apt_package_updates') do + confine apt_has_updates: true + setcode do + apt_package_updates[0] + end +end + +Facter.add('apt_package_dist_updates') do + confine apt_has_dist_updates: true + setcode do + apt_dist_updates[0] + end +end + +Facter.add('apt_package_security_updates') do + confine apt_has_updates: true + setcode do + apt_package_updates[1] + end +end + +Facter.add('apt_package_security_dist_updates') do + confine apt_has_dist_updates: true + setcode do + apt_dist_updates[1] + end +end + +Facter.add('apt_updates') do + confine apt_has_updates: true + setcode do + Integer(apt_package_updates[0].length) + end +end + +Facter.add('apt_dist_updates') do + confine apt_has_dist_updates: true + setcode do + Integer(apt_dist_updates[0].length) + end +end + +Facter.add('apt_security_updates') do + confine apt_has_updates: true + setcode do + Integer(apt_package_updates[1].length) + end +end + +Facter.add('apt_security_dist_updates') do + confine apt_has_dist_updates: true + setcode do + Integer(apt_dist_updates[1].length) + end +end diff --git a/environments/production/thirdparty/apt/lib/puppet/provider/apt_key/apt_key.rb b/environments/production/thirdparty/apt/lib/puppet/provider/apt_key/apt_key.rb new file mode 100644 index 0000000..0f0abfd --- /dev/null +++ b/environments/production/thirdparty/apt/lib/puppet/provider/apt_key/apt_key.rb @@ -0,0 +1,240 @@ +# frozen_string_literal: true + +require 'open-uri' +begin + require 'net/ftp' +rescue LoadError + # Ruby 3.0 changed net-ftp to a default gem +end +require 'tempfile' + +Puppet::Type.type(:apt_key).provide(:apt_key) do + desc 'apt-key provider for apt_key resource' + + confine 'os.family': :debian + defaultfor 'os.family': :debian + commands apt_key: 'apt-key' + commands gpg: '/usr/bin/gpg' + + def self.instances + key_array = [] + + cli_args = ['adv', '--no-tty', '--list-keys', '--with-colons', '--fingerprint', '--fixed-list-mode'] + + key_output = apt_key(cli_args).encode('UTF-8', 'binary', invalid: :replace, undef: :replace, replace: '') + + pub_line = nil + fpr_lines = [] + sub_lines = [] + + lines = key_output.split("\n") + + lines.each_index do |i| + if lines[i].start_with?('pub') + pub_line = lines[i] + # starting a new public key, so reset fpr_lines and sub_lines + fpr_lines = [] + sub_lines = [] + elsif lines[i].start_with?('fpr') + fpr_lines << lines[i] + elsif lines[i].start_with?('sub') + sub_lines << lines[i] + end + + next unless (pub_line && !fpr_lines.empty?) && (!lines[i + 1] || lines[i + 1].start_with?('pub')) + + line_hash = key_line_hash(pub_line, fpr_lines) + + expired = line_hash[:key_expired] || subkeys_all_expired(sub_lines) + + key_array << new( + name: line_hash[:key_fingerprint], + id: line_hash[:key_long], + fingerprint: line_hash[:key_fingerprint], + short: line_hash[:key_short], + long: line_hash[:key_long], + ensure: :present, + expired: expired, + expiry: line_hash[:key_expiry].nil? ? nil : line_hash[:key_expiry].strftime('%Y-%m-%d'), + size: line_hash[:key_size], + type: line_hash[:key_type], + created: line_hash[:key_created].strftime('%Y-%m-%d'), + ) + end + key_array + end + + def self.prefetch(resources) + apt_keys = instances + resources.each_key do |name| + case name.length + when 40 + provider = apt_keys.find { |key| key.fingerprint == name } + resources[name].provider = provider if provider + when 16 + provider = apt_keys.find { |key| key.long == name } + resources[name].provider = provider if provider + when 8 + provider = apt_keys.find { |key| key.short == name } + resources[name].provider = provider if provider + end + end + end + + def self.subkeys_all_expired(sub_lines) + return false if sub_lines.empty? + + sub_lines.each do |line| + return false if line.split(':')[1] == '-' + end + true + end + + def self.key_line_hash(pub_line, fpr_lines) + pub_split = pub_line.split(':') + fpr_split = fpr_lines.first.split(':') + + fingerprint = fpr_split.last + return_hash = { + key_fingerprint: fingerprint, + key_long: fingerprint[-16..], # last 16 characters of fingerprint + key_short: fingerprint[-8..], # last 8 characters of fingerprint + key_size: pub_split[2], + key_type: nil, + key_created: Time.at(pub_split[5].to_i), + key_expired: pub_split[1] == 'e', + key_expiry: pub_split[6].empty? ? nil : Time.at(pub_split[6].to_i) + } + + # set key type based on types defined in /usr/share/doc/gnupg/DETAILS.gz + case pub_split[3] + when '1' + return_hash[:key_type] = :rsa + when '17' + return_hash[:key_type] = :dsa + when '18' + return_hash[:key_type] = :ecc + when '19' + return_hash[:key_type] = :ecdsa + end + + return_hash + end + + def source_to_file(value) + parsed_value = URI.parse(value) + if parsed_value.scheme.nil? + raise(_('The file %{_value} does not exist') % { _value: value }) unless File.exist?(value) + + # Because the tempfile method has to return a live object to prevent GC + # of the underlying file from occuring too early, we also have to return + # a file object here. The caller can still call the #path method on the + # closed file handle to get the path. + f = File.open(value, 'r') + f.close + f + else + exceptions = [OpenURI::HTTPError] + exceptions << Net::FTPPermError if defined?(Net::FTPPermError) + + begin + # Only send basic auth if URL contains userinfo + # Some webservers (e.g. Amazon S3) return code 400 if empty basic auth is sent + if parsed_value.userinfo.nil? + key = if parsed_value.scheme == 'https' && resource[:weak_ssl] == true + URI.open(parsed_value, ssl_verify_mode: OpenSSL::SSL::VERIFY_NONE).read + else + parsed_value.read + end + else + user_pass = parsed_value.userinfo.split(':') + parsed_value.userinfo = '' + key = URI.open(parsed_value, http_basic_authentication: user_pass).read + end + rescue *exceptions => e + raise(_('%{_e} for %{_resource}') % { _e: e.message, _resource: resource[:source] }) + rescue SocketError + raise(_('could not resolve %{_resource}') % { _resource: resource[:source] }) + else + tempfile(key) + end + end + end + + # The tempfile method needs to return the tempfile object to the caller, so + # that it doesn't get deleted by the GC immediately after it returns. We + # want the caller to control when it goes out of scope. + def tempfile(content) + file = Tempfile.new('apt_key') + file.write content + file.close + # confirm that the fingerprint from the file, matches the long key that is in the manifest + if name.size == 40 + if File.executable? command(:gpg) + extracted_key = execute(["#{command(:gpg)} --no-tty --with-fingerprint --with-colons #{file.path} | awk -F: '/^fpr:/ { print $10 }'"], failonfail: false) + extracted_key = extracted_key.chomp + + found_match = false + extracted_key.each_line do |line| + found_match = true if line.chomp == name + end + unless found_match + raise(_('The id in your manifest %{_resource} and the fingerprint from content/source don\'t match. Check for an error in the id and content/source is legitimate.') % { _resource: resource[:name] }) # rubocop:disable Layout/LineLength + end + else + warning('/usr/bin/gpg cannot be found for verification of the id.') + end + end + file + end + + def exists? + # report expired keys as non-existing when refresh => true + @property_hash[:ensure] == :present && !(resource[:refresh] && @property_hash[:expired]) + end + + def create + command = [] + if resource[:source].nil? && resource[:content].nil? + # Breaking up the command like this is needed because it blows up + # if --recv-keys isn't the last argument. + command.push('adv', '--no-tty', '--keyserver', resource[:server]) + command.push('--keyserver-options', resource[:options]) unless resource[:options].nil? + command.push('--recv-keys', resource[:id]) + elsif resource[:content] + key_file = tempfile(resource[:content]) + command.push('add', key_file.path) + elsif resource[:source] + key_file = source_to_file(resource[:source]) + command.push('add', key_file.path) + # In case we really screwed up, better safe than sorry. + else + raise(_('an unexpected condition occurred while trying to add the key: %{_resource}') % { _resource: resource[:id] }) + end + apt_key(command) + @property_hash[:ensure] = :present + end + + def destroy + loop do + apt_key('del', resource.provider.short) + r = execute(["#{command(:apt_key)} list | grep '/#{resource.provider.short}\s'"], failonfail: false) + break unless r.exitstatus.zero? + end + @property_hash.clear + end + + def read_only(_value) + raise(_('This is a read-only property.')) + end + + mk_resource_methods + + # Alias the setters of read-only properties + # to the read_only function. + alias_method :created=, :read_only + alias_method :expired=, :read_only + alias_method :expiry=, :read_only + alias_method :size=, :read_only + alias_method :type=, :read_only +end diff --git a/environments/production/thirdparty/apt/lib/puppet/type/apt_key.rb b/environments/production/thirdparty/apt/lib/puppet/type/apt_key.rb new file mode 100644 index 0000000..faa430b --- /dev/null +++ b/environments/production/thirdparty/apt/lib/puppet/type/apt_key.rb @@ -0,0 +1,146 @@ +# frozen_string_literal: true + +require 'pathname' +require 'puppet/parameter/boolean' + +Puppet::Type.newtype(:apt_key) do + @doc = <<-MANIFEST + @summary This type provides Puppet with the capabilities to manage GPG keys needed + by apt to perform package validation. Apt has it's own GPG keyring that can + be manipulated through the `apt-key` command. + + @example Basic usage + apt_key { '6F6B15509CF8E59E6E469F327F438280EF8D349F': + source => 'http://apt.puppetlabs.com/pubkey.gpg' + } + + **Autorequires** + + If Puppet is given the location of a key file which looks like an absolute + path this type will autorequire that file. + + @api private + MANIFEST + + ensurable + + validate do + raise(_('ensure => absent and refresh => true are mutually exclusive')) if self[:refresh] == true && self[:ensure] == :absent + raise(_('The properties content and source are mutually exclusive.')) if self[:content] && self[:source] + + warning(_('The id should be a full fingerprint (40 characters), see README.')) if self[:id].length < 40 + end + + newparam(:id, namevar: true) do + desc 'The ID of the key you want to manage.' + # GPG key ID's should be either 32-bit (short) or 64-bit (long) key ID's + # and may start with the optional 0x, or they can be 40-digit key fingerprints + newvalues(%r{\A(0x)?[0-9a-fA-F]{8}\Z}, %r{\A(0x)?[0-9a-fA-F]{16}\Z}, %r{\A(0x)?[0-9a-fA-F]{40}\Z}) + munge do |value| + id = if value.start_with?('0x') + value.partition('0x').last.upcase + else + value.upcase + end + id + end + end + + newparam(:content) do + desc 'The content of, or string representing, a GPG key.' + end + + newparam(:source) do + desc 'Location of a GPG key file, /path/to/file, ftp://, http:// or https://' + newvalues(%r{\Ahttps?://}, %r{\Aftp://}, %r{\A/\w+}) + end + + autorequire(:file) do + self[:source] if self[:source] && Pathname.new(self[:source]).absolute? + end + + newparam(:server) do + desc 'The key server to fetch the key from based on the ID. It can either be a domain name or url.' + defaultto :'keyserver.ubuntu.com' + + newvalues(%r{\A((hkp|hkps|http|https)://)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?(/[a-zA-Z\d\-_.]+)*/?$}) + end + + newparam(:options) do + desc 'Additional options to pass to apt-key\'s --keyserver-options.' + end + + newparam(:refresh, boolean: true, parent: Puppet::Parameter::Boolean) do + desc 'When true, recreate an existing expired key' + defaultto false + end + + newparam(:weak_ssl, boolean: true, parent: Puppet::Parameter::Boolean) do + desc 'When true and source uses https, accepts download of keys without SSL verification' + defaultto false + end + + newproperty(:fingerprint) do + desc <<-MANIFEST + The 40-digit hexadecimal fingerprint of the specified GPG key. + + This property is read-only. + MANIFEST + end + + newproperty(:long) do + desc <<-MANIFEST + The 16-digit hexadecimal id of the specified GPG key. + + This property is read-only. + MANIFEST + end + + newproperty(:short) do + desc <<-MANIFEST + The 8-digit hexadecimal id of the specified GPG key. + + This property is read-only. + MANIFEST + end + + newproperty(:expired) do + desc <<-MANIFEST + Indicates if the key has expired. + + This property is read-only. + MANIFEST + end + + newproperty(:expiry) do + desc <<-MANIFEST + The date the key will expire, or nil if it has no expiry date. + + This property is read-only. + MANIFEST + end + + newproperty(:size) do + desc <<-MANIFEST + The key size, usually a multiple of 1024. + + This property is read-only. + MANIFEST + end + + newproperty(:type) do + desc <<-MANIFEST + The key type, one of: rsa, dsa, ecc, ecdsa + + This property is read-only. + MANIFEST + end + + newproperty(:created) do + desc <<-MANIFEST + Date the key was created. + + This property is read-only. + MANIFEST + end +end diff --git a/environments/production/thirdparty/apt/manifests/backports.pp b/environments/production/thirdparty/apt/manifests/backports.pp new file mode 100644 index 0000000..f2acb98 --- /dev/null +++ b/environments/production/thirdparty/apt/manifests/backports.pp @@ -0,0 +1,119 @@ +# @summary Manages backports. +# +# @example Set up a backport source for Ubuntu +# include apt::backports +# +# @param location +# Specifies an Apt repository containing the backports to manage. Valid options: a string containing a URL. Default value for Debian and +# Ubuntu varies: +# +# - Debian: 'http://deb.debian.org/debian' +# +# - Ubuntu: 'http://archive.ubuntu.com/ubuntu' +# +# @param release +# Specifies a distribution of the Apt repository containing the backports to manage. Used in populating the `sources.list` configuration file. +# Default: on Debian and Ubuntu, `${fact('os.distro.codename')}-backports`. We recommend keeping this default, except on other operating +# systems. +# +# @param repos +# Specifies a component of the Apt repository containing the backports to manage. Used in populating the `sources.list` configuration file. +# Default value for Debian and Ubuntu varies: +# +# - Debian: 'main contrib non-free non-free-firmware' +# +# - Ubuntu: 'main universe multiverse restricted' +# +# @param key +# Specifies a key to authenticate the backports. Valid options: a string to be passed to the id parameter of the apt::key defined type, or a +# hash of parameter => value pairs to be passed to apt::key's id, server, content, source, and/or options parameters. +# +# @param keyring +# Absolute path to a file containing the PGP keyring used to sign this +# repository. Value is passed to the apt::source and used to set signed-by on +# the source entry. +# +# @param pin +# Specifies a pin priority for the backports. Valid options: a number or string to be passed to the `id` parameter of the `apt::pin` defined +# type, or a hash of `parameter => value` pairs to be passed to `apt::pin`'s corresponding parameters. +# +# @param include +# Specifies whether to include 'deb' or 'src', or both. +# +class apt::backports ( + Optional[Stdlib::HTTPUrl] $location = undef, + Optional[String[1]] $release = undef, + Optional[String[1]] $repos = undef, + Optional[Variant[String[1], Hash]] $key = undef, + Stdlib::AbsolutePath $keyring = "/usr/share/keyrings/${facts['os']['name'].downcase}-archive-keyring.gpg", + Variant[Integer, String[1], Hash] $pin = 200, + Hash $include = {}, +) { + include apt + + if $location { + $_location = $location + } + + if $release { + $_release = $release + } + + if $repos { + $_repos = $repos + } + + if (!($facts['os']['name'] == 'Debian' or $facts['os']['name'] == 'Ubuntu')) { + unless $location and $release and $repos { + fail('If not on Debian or Ubuntu, you must explicitly pass location, release, and repos') + } + } + + unless $location { + $_location = $apt::backports['location'] + } + + unless $release { + if fact('os.distro.codename') { + $_release = "${fact('os.distro.codename')}-backports" + } else { + fail('os.distro.codename fact not available: release parameter required') + } + } + + unless $repos { + $_repos = $apt::backports['repos'] + } + + $_keyring = if $key { + undef + } else { + $keyring + } + + if $pin =~ Hash { + $_pin = $pin + } elsif $pin =~ Numeric or $pin =~ String { + $pin_type = $facts['os']['name'] ? { + 'Debian' => 'codename', + 'Ubuntu' => 'release', + } + + $_pin = { + 'priority' => $pin, + $pin_type => $_release, + } + } else { + fail('pin must be either a string, number or hash') + } + + apt::source { 'backports': + location => $_location, + release => $_release, + repos => $_repos, + include => $include, + key => $key, + keyring => $_keyring, + pin => $_pin, + } +} diff --git a/environments/production/thirdparty/apt/manifests/conf.pp b/environments/production/thirdparty/apt/manifests/conf.pp new file mode 100644 index 0000000..8bd7125 --- /dev/null +++ b/environments/production/thirdparty/apt/manifests/conf.pp @@ -0,0 +1,35 @@ +# @summary Specifies a custom Apt configuration file. +# +# @param content +# Required unless `ensure` is set to 'absent'. Directly supplies content for the configuration file. +# +# @param ensure +# Specifies whether the configuration file should exist. +# +# @param priority +# Determines the order in which Apt processes the configuration file. Files with lower priority numbers are loaded first. +# Valid options: a string containing an integer or an integer. +# +# @param notify_update +# Specifies whether to trigger an `apt-get update` run. +# +define apt::conf ( + Optional[String[1]] $content = undef, + Enum['present', 'absent'] $ensure = present, + Variant[String[1], Integer[0]] $priority = 50, + Optional[Boolean] $notify_update = undef, +) { + unless $ensure == 'absent' { + unless $content { + fail('Need to pass in content parameter') + } + } + + $confheadertmp = epp('apt/_conf_header.epp') + apt::setting { "conf-${name}": + ensure => $ensure, + priority => $priority, + content => "${confheadertmp}${content}", + notify_update => $notify_update, + } +} diff --git a/environments/production/thirdparty/apt/manifests/init.pp b/environments/production/thirdparty/apt/manifests/init.pp new file mode 100644 index 0000000..55b38ed --- /dev/null +++ b/environments/production/thirdparty/apt/manifests/init.pp @@ -0,0 +1,457 @@ +# @summary Main class, includes all other classes. +# +# @see https://docs.puppetlabs.com/references/latest/function.html#createresources for the create resource function +# +# @param provider +# Specifies the provider that should be used by apt::update. +# +# @param keyserver +# Specifies a keyserver to provide the GPG key. Valid options: a string containing a domain name or a full URL (http://, https://, or +# hkp://). +# +# @param key_options +# Specifies the default options for apt::key resources. +# +# @param ppa_options +# Supplies options to be passed to the `add-apt-repository` command. +# +# @param ppa_package +# Names the package that provides the `apt-add-repository` command. +# +# @param backports +# Specifies some of the default parameters used by apt::backports. Valid options: a hash made up from the following keys: +# +# @option backports [String] :location +# See apt::backports for documentation. +# +# @option backports [String] :repos +# See apt::backports for documentation. +# +# @option backports [String] :key +# See apt::backports for documentation. +# +# @param confs +# Hash of `apt::conf` resources. +# +# @param update +# Configures various update settings. Valid options: a hash made up from the following keys: +# +# @option update [String] :frequency +# Specifies how often to run `apt-get update`. If the exec resource `apt_update` is notified, +# `apt-get update` runs regardless of this value. +# Valid options: +# 'always' (at every Puppet run); +# 'hourly' (if the value of `apt_update_last_success` is less than current epoch time minus 3600); +# 'daily' (if the value of `apt_update_last_success` is less than current epoch time minus 86400); +# 'weekly' (if the value of `apt_update_last_success` is less than current epoch time minus 604800); +# Integer (if the value of `apt_update_last_success` is less than current epoch time minus provided Integer value); +# 'reluctantly' (only if the exec resource `apt_update` is notified). +# Default: 'reluctantly'. +# +# @option update [Integer] :loglevel +# Specifies the log level of logs outputted to the console. Default: undef. +# +# @option update [Integer] :timeout +# Specifies how long to wait for the update to complete before canceling it. Valid options: an integer, in seconds. Default: undef. +# +# @option update [Integer] :tries +# Specifies how many times to retry the update after receiving a DNS or HTTP error. Default: undef. +# +# @param update_defaults +# The default update settings that are combined and merged with the passed `update` value +# +# @param purge +# Specifies whether to purge any existing settings that aren't managed by Puppet. Valid options: a hash made up from the following keys: +# +# @option purge [Boolean] :sources.list +# Specifies whether to purge any unmanaged entries from sources.list. Default false. +# +# @option purge [Boolean] :sources.list.d +# Specifies whether to purge any unmanaged entries from sources.list.d. Default false. +# +# @option purge [Boolean] :preferences +# Specifies whether to purge any unmanaged entries from preferences. Default false. +# +# @option purge [Boolean] :preferences.d. +# Specifies whether to purge any unmanaged entries from preferences.d. Default false. +# +# @param purge_defaults +# The default purge settings that are combined and merged with the passed `purge` value +# +# @param proxy +# Configures Apt to connect to a proxy server. Valid options: a hash matching the locally defined type apt::proxy. +# +# @param proxy_defaults +# The default proxy settings that are combined and merged with the passed `proxy` value +# +# @param sources +# Hash of `apt::source` resources. +# +# @param keys +# Hash of `apt::key` resources. +# +# @param keyrings +# Hash of `apt::keyring` resources. +# +# @param ppas +# Hash of `apt::ppa` resources. +# +# @param pins +# Hash of `apt::pin` resources. +# +# @param settings +# Hash of `apt::setting` resources. +# +# @param manage_auth_conf +# Specifies whether to manage the /etc/apt/auth.conf file. When true, the file will be overwritten with the entries specified in +# the auth_conf_entries parameter. When false, the file will be ignored (note that this does not set the file to absent. +# +# @param auth_conf_entries +# An optional array of login configuration settings (hashes) that are recorded in the file /etc/apt/auth.conf. This file has a netrc-like +# format (similar to what curl uses) and contains the login configuration for APT sources and proxies that require authentication. See +# https://manpages.debian.org/testing/apt/apt_auth.conf.5.en.html for details. If specified each hash must contain the keys machine, login and +# password and no others. Specifying manage_auth_conf and not specifying this parameter will set /etc/apt/auth.conf to absent. +# +# @param auth_conf_owner +# The owner of the file /etc/apt/auth.conf. +# +# @param root +# Specifies root directory of Apt executable. +# +# @param sources_list +# Specifies the path of the sources_list file to use. +# +# @param sources_list_d +# Specifies the path of the sources_list.d file to use. +# +# @param conf_d +# Specifies the path of the conf.d file to use. +# +# @param preferences +# Specifies the path of the preferences file to use. +# +# @param preferences_d +# Specifies the path of the preferences.d file to use. +# +# @param config_files +# A hash made up of the various configuration files used by Apt. +# +# @param sources_list_force +# Specifies whether to perform force purge or delete. +# +# @param include_defaults +# The package types to include by default. +# +# @param apt_conf_d +# The path to the file `apt.conf.d` +# +# @param source_key_defaults +# The fault `source_key` settings +# +class apt ( + Hash $update_defaults = { + 'frequency' => 'reluctantly', + 'loglevel' => undef, + 'timeout' => undef, + 'tries' => undef, + }, + Hash $purge_defaults = { + 'sources.list' => false, + 'sources.list.d' => false, + 'preferences' => false, + 'preferences.d' => false, + 'apt.conf.d' => false, + }, + Hash $proxy_defaults = { + 'ensure' => undef, + 'host' => undef, + 'port' => 8080, + 'https' => false, + 'https_acng' => false, + 'direct' => false, + }, + Hash $include_defaults = { + 'deb' => true, + 'src' => false, + }, + Stdlib::Absolutepath $provider = '/usr/bin/apt-get', + Stdlib::Host $keyserver = 'keyserver.ubuntu.com', + Optional[String[1]] $key_options = undef, + Optional[Array[String[1]]] $ppa_options = undef, + Optional[String[1]] $ppa_package = undef, + Optional[Hash] $backports = undef, + Hash $confs = {}, + Hash $update = {}, + Hash $purge = {}, + Apt::Proxy $proxy = {}, + Hash $sources = {}, + Hash $keys = {}, + Hash $keyrings = {}, + Hash $ppas = {}, + Hash $pins = {}, + Hash $settings = {}, + Boolean $manage_auth_conf = true, + Array[Apt::Auth_conf_entry] $auth_conf_entries = [], + String[1] $auth_conf_owner = '_apt', + Stdlib::Absolutepath $root = '/etc/apt', + Stdlib::Absolutepath $sources_list = "${root}/sources.list", + Stdlib::Absolutepath $sources_list_d = "${root}/sources.list.d", + Stdlib::Absolutepath $conf_d = "${root}/apt.conf.d", + Stdlib::Absolutepath $preferences = "${root}/preferences", + Stdlib::Absolutepath $preferences_d = "${root}/preferences.d", + Stdlib::Absolutepath $apt_conf_d = "${root}/apt.conf.d", + Hash $config_files = { + 'conf' => { + 'path' => $conf_d, + 'ext' => '', + }, + 'pref' => { + 'path' => $preferences_d, + 'ext' => '.pref', + }, + 'list' => { + 'path' => $sources_list_d, + 'ext' => '.list', + }, + 'sources' => { + 'path' => $sources_list_d, + 'ext' => '.sources', + }, + }, + Boolean $sources_list_force = false, + Hash $source_key_defaults = { + 'server' => $keyserver, + 'options' => undef, + 'content' => undef, + 'source' => undef, + }, +) { + if $facts['os']['family'] != 'Debian' { + fail('This module only works on Debian or derivatives like Ubuntu') + } + + if $update['frequency'] { + assert_type( + Variant[Enum['always','hourly','daily','weekly','reluctantly'],Integer[60]], + $update['frequency'], + ) + } + if $update['timeout'] { + assert_type(Integer, $update['timeout']) + } + if $update['tries'] { + assert_type(Integer, $update['tries']) + } + + $_update = $apt::update_defaults + $update + include apt::update + + if $purge['sources.list'] { + assert_type(Boolean, $purge['sources.list']) + } + if $purge['sources.list.d'] { + assert_type(Boolean, $purge['sources.list.d']) + } + if $purge['preferences'] { + assert_type(Boolean, $purge['preferences']) + } + if $purge['preferences.d'] { + assert_type(Boolean, $purge['preferences.d']) + } + if $sources_list_force { + assert_type(Boolean, $sources_list_force) + } + if $purge['apt.conf.d'] { + assert_type(Boolean, $purge['apt.conf.d']) + } + + $_purge = $apt::purge_defaults + $purge + + if $proxy['perhost'] { + $_perhost = $proxy['perhost'].map |$item| { + $_item = $apt::proxy_defaults + $item + $_scheme = $_item['https'] ? { + true => 'https', + default => 'http', + } + $_port = $_item['port'] ? { + Integer => ":${_item['port']}", + default => '' + } + $_target = $_item['direct'] ? { + true => 'DIRECT', + default => "${_scheme}://${_item['host']}${_port}/", + } + $item + { 'scheme' => $_scheme, 'target' => $_target, } + } + } else { + $_perhost = {} + } + + $_proxy = $apt::proxy_defaults + $proxy + { 'perhost' => $_perhost } + + $confheadertmp = epp('apt/_conf_header.epp') + $proxytmp = epp('apt/proxy.epp', { 'proxies' => $_proxy }) + $updatestamptmp = file('apt/15update-stamp') + + if $_proxy['ensure'] == 'absent' or $_proxy['host'] { + apt::setting { 'conf-proxy': + ensure => $_proxy['ensure'], + priority => '01', + content => "${confheadertmp}${proxytmp}", + } + } + + if $sources_list_force { + $sources_list_ensure = $_purge['sources.list'] ? { + true => absent, + default => file, + } + $sources_list_content = $_purge['sources.list'] ? { + true => nil, + default => undef, + } + } else { + $sources_list_ensure = $_purge['sources.list'] ? { + true => file, + default => file, + } + $sources_list_content = $_purge['sources.list'] ? { + true => "# Repos managed by puppet.\n", + default => undef, + } + } + + $preferences_ensure = $_purge['preferences'] ? { + true => absent, + default => file, + } + + apt::setting { 'conf-update-stamp': + priority => 15, + content => "${confheadertmp}${updatestamptmp}", + } + + file { 'sources.list': + ensure => $sources_list_ensure, + path => $apt::sources_list, + owner => root, + group => root, + content => $sources_list_content, + notify => Class['apt::update'], + } + + file { 'sources.list.d': + ensure => directory, + path => $apt::sources_list_d, + owner => root, + group => root, + purge => $_purge['sources.list.d'], + recurse => $_purge['sources.list.d'], + notify => Class['apt::update'], + } + + file { 'preferences': + ensure => $preferences_ensure, + path => $apt::preferences, + owner => root, + group => root, + notify => Class['apt::update'], + } + + file { 'preferences.d': + ensure => directory, + path => $apt::preferences_d, + owner => root, + group => root, + purge => $_purge['preferences.d'], + recurse => $_purge['preferences.d'], + notify => Class['apt::update'], + } + + file { 'apt.conf.d': + ensure => directory, + path => $apt::apt_conf_d, + owner => root, + group => root, + purge => $_purge['apt.conf.d'], + recurse => $_purge['apt.conf.d'], + notify => Class['apt::update'], + } + + $confs.each |$key, $value| { + apt::conf { $key: + * => $value, + } + } + + $sources.each |$key, $value| { + apt::source { $key: + * => $value, + } + } + + $keys.each |$key, $value| { + apt::key { $key: + * => $value, + } + } + + $keyrings.each |$key, $data| { + apt::keyring { $key: + * => $data, + } + } + + $ppas.each |$key, $value| { + apt::ppa { $key: + * => $value, + } + } + + $settings.each |$key, $value| { + apt::setting { $key: + * => $value, + } + } + + if $manage_auth_conf { + $auth_conf_ensure = $auth_conf_entries ? { + [] => 'absent', + default => 'present', + } + + $auth_conf_tmp = stdlib::deferrable_epp('apt/auth_conf.epp', + { + 'auth_conf_entries' => $auth_conf_entries, + }, + ) + + file { '/etc/apt/auth.conf': + ensure => $auth_conf_ensure, + owner => $auth_conf_owner, + group => 'root', + mode => '0600', + content => Sensitive($auth_conf_tmp), + notify => Class['apt::update'], + } + } + + $pins.each |$key, $value| { + apt::pin { $key: + * => $value, + } + } + + case $facts['os']['name'] { + 'Debian': { + stdlib::ensure_packages(['gnupg']) + } + 'Ubuntu': { + stdlib::ensure_packages(['gnupg']) + } + default: { + # Nothing in here + } + } +} diff --git a/environments/production/thirdparty/apt/manifests/key.pp b/environments/production/thirdparty/apt/manifests/key.pp new file mode 100644 index 0000000..8549742 --- /dev/null +++ b/environments/production/thirdparty/apt/manifests/key.pp @@ -0,0 +1,104 @@ +# @summary Manages the GPG keys that Apt uses to authenticate packages. +# +# @note +# The apt::key defined type makes use of the apt_key type, but includes extra functionality to help prevent duplicate keys. +# +# @example Declare Apt key for apt.puppetlabs.com source +# apt::key { 'puppetlabs': +# id => '6F6B15509CF8E59E6E469F327F438280EF8D349F', +# server => 'keyserver.ubuntu.com', +# options => 'http-proxy="http://proxyuser:proxypass@example.org:3128"', +# } +# +# @param id +# Specifies a GPG key to authenticate Apt package signatures. Valid options: a string containing a key ID (8 or 16 hexadecimal +# characters, optionally prefixed with "0x") or a full key fingerprint (40 hexadecimal characters). +# +# @param ensure +# Specifies whether the key should exist. Using `refreshed` will make keys +# auto update when they have expired (assuming a new key exists on the key +# server). +# +# @param content +# Supplies the entire GPG key. Useful in case the key can't be fetched from a remote location and using a file resource is inconvenient. +# +# @param source +# Specifies the location of an existing GPG key file to copy. Valid options: a string containing a URL (ftp://, http://, or https://) or +# an absolute path. +# +# @param server +# Specifies a keyserver to provide the GPG key. Valid options: a string containing a domain name or a full URL (http://, https://, +# hkp:// or hkps://). The hkps:// protocol is currently only supported on Ubuntu 18.04. +# +# @param weak_ssl +# Specifies whether strict SSL verification on a https URL should be disabled. +# +# @param options +# Passes additional options to `apt-key adv --keyserver-options`. +# +define apt::key ( + Pattern[/\A(0x)?[0-9a-fA-F]{8}\Z/, /\A(0x)?[0-9a-fA-F]{16}\Z/, /\A(0x)?[0-9a-fA-F]{40}\Z/] $id = $title, + Enum['present', 'absent', 'refreshed'] $ensure = present, + Optional[String[1]] $content = undef, + Optional[Pattern[/\Ahttps?:\/\//, /\Aftp:\/\//, /\A\/\w+/]] $source = undef, + Pattern[/\A((hkp|hkps|http|https):\/\/)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?(\/[a-zA-Z\d\-_.]+)*\/?$/] $server = $apt::keyserver, + Boolean $weak_ssl = false, + Optional[String[1]] $options = $apt::key_options, +) { + case $ensure { + /^(refreshed|present)$/: { + if defined(Anchor["apt_key ${id} absent"]) { + fail("key with id ${id} already ensured as absent") + } + + if !defined(Anchor["apt_key ${id} present"]) { + apt_key { $title: + ensure => present, + refresh => $ensure == 'refreshed', + id => $id, + source => $source, + content => $content, + server => $server, + weak_ssl => $weak_ssl, + options => $options, + } -> anchor { "apt_key ${id} present": } + + case $facts['os']['name'] { + 'Debian': { + stdlib::ensure_packages(['gnupg']) + Apt::Key<| title == $title |> + } + 'Ubuntu': { + stdlib::ensure_packages(['gnupg']) + Apt::Key<| title == $title |> + } + default: { + # Nothing in here + } + } + } + } + + /^absent$/: { + if defined(Anchor["apt_key ${id} present"]) { + fail("key with id ${id} already ensured as present") + } + + if !defined(Anchor["apt_key ${id} absent"]) { + apt_key { $title: + ensure => $ensure, + id => $id, + source => $source, + content => $content, + server => $server, + weak_ssl => $weak_ssl, + options => $options, + } -> anchor { "apt_key ${id} absent": } + } + } + + default: { + fail("Invalid \'ensure\' value \'${ensure}\' for apt::key") + } + } +} diff --git a/environments/production/thirdparty/apt/manifests/keyring.pp b/environments/production/thirdparty/apt/manifests/keyring.pp new file mode 100644 index 0000000..c1617e1 --- /dev/null +++ b/environments/production/thirdparty/apt/manifests/keyring.pp @@ -0,0 +1,72 @@ +# @summary Manage GPG keyrings for apt repositories +# +# @example Download the puppetlabs apt keyring +# apt::keyring { 'puppetlabs-keyring.gpg': +# source => 'https://apt.puppetlabs.com/keyring.gpg', +# } +# @example Deploy the apt source and associated keyring file +# apt::source { 'puppet8-release': +# location => 'http://apt.puppetlabs.com', +# repos => 'puppet8', +# key => { +# name => 'puppetlabs-keyring.gpg', +# source => 'https://apt.puppetlabs.com/keyring.gpg' +# } +# } +# +# @param dir +# Path to the directory where the keyring will be stored. +# +# @param filename +# Optional filename for the keyring. It should also contain extension along with the filename. +# +# @param mode +# File permissions of the keyring. +# +# @param source +# Source of the keyring file. Mutually exclusive with 'content'. +# +# @param content +# Content of the keyring file. Mutually exclusive with 'source'. +# +# @param ensure +# Ensure presence or absence of the resource. +# +define apt::keyring ( + Stdlib::Absolutepath $dir = '/etc/apt/keyrings', + String[1] $filename = $name, + Stdlib::Filemode $mode = '0644', + Optional[Stdlib::Filesource] $source = undef, + Optional[String[1]] $content = undef, + Enum['present','absent'] $ensure = 'present', +) { + ensure_resource('file', $dir, { ensure => 'directory', mode => '0755', }) + if $source and $content { + fail("Parameters 'source' and 'content' are mutually exclusive") + } elsif $ensure == 'present' and ! $source and ! $content { + fail("One of 'source' or 'content' parameters are required") + } + + $file = "${dir}/${filename}" + + case $ensure { + 'present': { + file { $file: + ensure => 'file', + mode => $mode, + owner => 'root', + group => 'root', + source => $source, + content => $content, + } + } + 'absent': { + file { $file: + ensure => $ensure, + } + } + default: { + fail("Invalid 'ensure' value '${ensure}' for apt::keyring") + } + } +} diff --git a/environments/production/thirdparty/apt/manifests/mark.pp b/environments/production/thirdparty/apt/manifests/mark.pp new file mode 100644 index 0000000..8de4d61 --- /dev/null +++ b/environments/production/thirdparty/apt/manifests/mark.pp @@ -0,0 +1,37 @@ +# @summary Manages apt-mark settings +# +# @param setting +# Specifies the behavior of apt in case of no more dependencies installed +# https://manpages.debian.org/stable/apt/apt-mark.8.en.html +# +define apt::mark ( + Enum['auto','manual','hold','unhold'] $setting, +) { + if $title !~ /^[a-z0-9][a-z0-9.+\-]+$/ { + fail("Invalid package name: ${title}") + } + + if $setting == 'unhold' { + $unless_cmd = undef + } else { + $action = "show${setting}" + + # It would be ideal if we could break out this command in to an array of args, similar + # to $onlyif_cmd and $command. However, in this case it wouldn't work as expected due + # to the inclusion of a pipe character. + # When passed to the exec function, the posix provider will strip everything to the right of the pipe, + # causing the command to return a full list of packages for the given action. + # The trade off is to use an interpolated string knowing that action is built from an enum value and + # title is pre-validated. + $unless_cmd = ["/usr/bin/apt-mark ${action} ${title} | grep ${title} -q"] + } + + $onlyif_cmd = [['/usr/bin/dpkg', '-l', $title]] + $command = ['/usr/bin/apt-mark', $setting, $title] + + exec { "apt-mark ${setting} ${title}": + command => $command, + onlyif => $onlyif_cmd, + unless => $unless_cmd, + } +} diff --git a/environments/production/thirdparty/apt/manifests/pin.pp b/environments/production/thirdparty/apt/manifests/pin.pp new file mode 100644 index 0000000..d627fa9 --- /dev/null +++ b/environments/production/thirdparty/apt/manifests/pin.pp @@ -0,0 +1,136 @@ +# @summary Manages Apt pins. Does not trigger an apt-get update run. +# +# @see https://manpages.debian.org/stable/apt/apt_preferences.5.en.html for context on these parameters +# +# @param ensure +# Specifies whether the pin should exist. +# +# @param explanation +# Supplies a comment to explain the pin. Default: "${caller_module_name}: ${name}". +# +# @param order +# Determines the order in which Apt processes the pin file. Files with lower order numbers are loaded first. +# +# @param packages +# Specifies which package(s) to pin. +# +# @param priority +# Sets the priority of the package. If multiple versions of a given package are available, `apt-get` installs the one with the highest +# priority number (subject to dependency constraints). +# +# @param release +# Tells APT to prefer packages that support the specified release. Typical values include 'stable', 'testing', and 'unstable'. +# +# @param release_version +# Tells APT to prefer packages that support the specified operating system release version (such as Debian release version 7). +# +# @param component +# Names the licensing component associated with the packages in the directory tree of the Release file. +# +# @param originator +# Names the originator of the packages in the directory tree of the Release file. +# +# @param label +# Names the label of the packages in the directory tree of the Release file. +# +# @param origin +# The package origin (the hostname part of the package's sources.list entry) +# +# @param version +# The version of the package +# +# @param codename +# The codename of the release +# +define apt::pin ( + Enum['file', 'present', 'absent'] $ensure = present, + Optional[String[1]] $explanation = undef, + Variant[Integer[0]] $order = 50, + Variant[String[1], Array[String[1]]] $packages = '*', + Variant[Integer, String[1]] $priority = 0, + Optional[String[1]] $release = undef, # a= + Optional[String[1]] $origin = undef, + Optional[String[1]] $version = undef, + Optional[String[1]] $codename = undef, # n= + Optional[String[1]] $release_version = undef, # v= + Optional[String[1]] $component = undef, # c= + Optional[String[1]] $originator = undef, # o= + Optional[String[1]] $label = undef, # l= +) { + if $explanation { + $_explanation = $explanation + } else { + if defined('$caller_module_name') { # strict vars check + $_explanation = "${caller_module_name}: ${name}" + } else { + $_explanation = ": ${name}" + } + } + + $pin_release_array = [ + $release, + $codename, + $release_version, + $component, + $originator, + $label, + ] + $pin_release = join($pin_release_array, '') + + # Read the manpage 'apt_preferences(5)', especially the chapter + # 'The Effect of APT Preferences' to understand the following logic + # and the difference between specific and general form + if $packages =~ Array { + $packages_string = join($packages, ' ') + } else { + $packages_string = $packages + } + + if $packages_string != '*' { # specific form + if ( $pin_release != '' and ( $origin or $version )) or + ( $version and ( $pin_release != '' or $origin )) { + fail('parameters release, origin, and version are mutually exclusive') + } + } else { # general form + if $version { + fail('parameter version cannot be used in general form') + } + if ( $pin_release != '' and $origin ) { + fail('parameters release and origin are mutually exclusive') + } + } + + # According to man 5 apt_preferences: + # The files have either no or "pref" as filename extension + # and only contain alphanumeric, hyphen (-), underscore (_) and period + # (.) characters. Otherwise APT will print a notice that it has ignored a + # file, unless that file matches a pattern in the + # Dir::Ignore-Files-Silently configuration list - in which case it will + # be silently ignored. + $file_name = regsubst($title, '[^0-9a-z\-_\.]', '_', 'IG') + + $headertmp = epp('apt/_header.epp') + + $pinpreftmp = epp('apt/pin.pref.epp', { + 'name' => $name, + 'pin_release' => $pin_release, + 'release' => $release, + 'codename' => $codename, + 'release_version' => $release_version, + 'component' => $component, + 'originator' => $originator, + 'label' => $label, + 'version' => $version, + 'origin' => $origin, + 'explanation' => $_explanation, + 'packages_string' => $packages_string, + 'priority' => $priority, + }) + + apt::setting { "pref-${file_name}": + ensure => $ensure, + priority => $order, + content => "${headertmp}${pinpreftmp}", + notify_update => false, + } +} diff --git a/environments/production/thirdparty/apt/manifests/ppa.pp b/environments/production/thirdparty/apt/manifests/ppa.pp new file mode 100644 index 0000000..b1a055e --- /dev/null +++ b/environments/production/thirdparty/apt/manifests/ppa.pp @@ -0,0 +1,128 @@ +# @summary Manages PPA repositories using `add-apt-repository`. Not supported on Debian. +# +# @example Declaration of an Apt PPA +# apt::ppa { 'ppa:openstack-ppa/bleeding-edge': } +# +# @param ensure +# Specifies whether the PPA should exist. +# +# @param options +# Supplies options to be passed to the `add-apt-repository` command. +# +# @param release +# Specifies the operating system of your node. Valid options: a string containing a valid LSB distribution codename. +# Optional if `puppet facts show os.distro.codename` returns your correct distribution release codename. +# +# @param dist +# Specifies the distribution of your node. Valid options: a string containing a valid distribution codename. +# Optional if `puppet facts show os.name` returns your correct distribution name. +# +# @param package_name +# Names the package that provides the `apt-add-repository` command. +# +# @param package_manage +# Specifies whether Puppet should manage the package that provides `apt-add-repository`. +# +define apt::ppa ( + Enum['present', 'absent'] $ensure = 'present', + Optional[Array[String[1]]] $options = $apt::ppa_options, + Optional[String[1]] $release = fact('os.distro.codename'), + Optional[String[1]] $dist = $facts['os']['name'], + Optional[String[1]] $package_name = $apt::ppa_package, + Boolean $package_manage = false, +) { + unless $release { + fail('os.distro.codename fact not available: release parameter required') + } + + if $dist == 'Debian' { + fail('apt::ppa is not currently supported on Debian.') + } + + # Validate the resource name + if $name !~ /^ppa:([a-zA-Z0-9\-_.]+)\/([a-zA-z0-9\-_\.]+)$/ { + fail("Invalid PPA name: ${name}") + } + + $distid = downcase($dist) + $dash_filename = regsubst($name, '^ppa:([^/]+)/(.+)$', "\\1-${distid}-\\2") + $underscore_filename = regsubst($name, '^ppa:([^/]+)/(.+)$', "\\1_${distid}_\\2") + + $dash_filename_no_slashes = regsubst($dash_filename, '/', '-', 'G') + $dash_filename_no_specialchars = regsubst($dash_filename_no_slashes, '[\.\+]', '_', 'G') + $underscore_filename_no_slashes = regsubst($underscore_filename, '/', '-', 'G') + $underscore_filename_no_specialchars = regsubst($underscore_filename_no_slashes, '[\.\+]', '_', 'G') + + $sources_list_d_filename = if versioncmp($facts['os']['release']['full'], '23.10') < 0 { + "${dash_filename_no_specialchars}-${release}.list" + } else { + "${dash_filename_no_specialchars}-${release}.sources" + } + + if versioncmp($facts['os']['release']['full'], '21.04') < 0 { + $trusted_gpg_d_filename = "${underscore_filename_no_specialchars}.gpg" + } else { + $trusted_gpg_d_filename = "${dash_filename_no_specialchars}.gpg" + } + + # This is the location of our main exec script. + $cache_path = $facts['puppet_vardir'] + $script_path = "${cache_path}/add-apt-repository-${dash_filename_no_specialchars}-${release}.sh" + + if $ensure == 'present' { + if $package_manage { + stdlib::ensure_packages($package_name) + $_require = [File['sources.list.d'], Package[$package_name]] + } else { + $_require = File['sources.list.d'] + } + + $_proxy = $apt::_proxy + if $_proxy['host'] { + if $_proxy['https'] { + $_proxy_env = ["http_proxy=http://${$_proxy['host']}:${$_proxy['port']}", "https_proxy=https://${$_proxy['host']}:${$_proxy['port']}"] + } else { + $_proxy_env = ["http_proxy=http://${$_proxy['host']}:${$_proxy['port']}"] + } + } else { + $_proxy_env = [] + } + + unless $sources_list_d_filename in $facts['apt_sources'] { + $script_content = epp('apt/add-apt-repository.sh.epp', { + command => ['/usr/bin/add-apt-repository', shell_join($options), $name], + sources_list_d_path => $apt::sources_list_d, + sources_list_d_filename => $sources_list_d_filename, + } + ) + + file { "add-apt-repository-script-${name}": + ensure => 'file', + path => $script_path, + content => $script_content, + mode => '0755', + } + + exec { "add-apt-repository-${name}": + environment => $_proxy_env, + command => $script_path, + logoutput => 'on_failure', + notify => Class['apt::update'], + require => $_require, + before => File["${apt::sources_list_d}/${sources_list_d_filename}"], + } + } + + file { "${apt::sources_list_d}/${sources_list_d_filename}": } + } + else { + tidy { "remove-apt-repository-script-${name}": + path => $script_path, + } + + tidy { "remove-apt-repository-${name}": + path => "${apt::sources_list_d}/${sources_list_d_filename}", + notify => Class['apt::update'], + } + } +} diff --git a/environments/production/thirdparty/apt/manifests/setting.pp b/environments/production/thirdparty/apt/manifests/setting.pp new file mode 100644 index 0000000..f057d1a --- /dev/null +++ b/environments/production/thirdparty/apt/manifests/setting.pp @@ -0,0 +1,77 @@ +# @summary Manages Apt configuration files. +# +# @see https://www.puppet.com/docs/puppet/latest/types/file.html#file-attributes for more information on source and content parameters +# +# @param priority +# Determines the order in which Apt processes the configuration file. Files with higher priority numbers are loaded first. +# +# @param ensure +# Specifies whether the file should exist. +# +# @param source +# Required, unless `content` is set. Specifies a source file to supply the content of the configuration file. Cannot be used in combination +# with `content`. Valid options: see link above for Puppet's native file type source attribute. +# +# @param content +# Required, unless `source` is set. Directly supplies content for the configuration file. Cannot be used in combination with `source`. Valid +# options: see link above for Puppet's native file type content attribute. +# +# @param notify_update +# Specifies whether to trigger an `apt-get update` run. +# +define apt::setting ( + Variant[String[1], Integer[0]] $priority = 50, + Enum['file', 'present', 'absent'] $ensure = file, + Optional[String[1]] $source = undef, + Optional[String[1]] $content = undef, + Boolean $notify_update = true, +) { + if $content and $source { + fail('apt::setting cannot have both content and source') + } + + if $ensure != 'absent' { + if !$content and !$source { + fail('apt::setting needs either of content or source') + } + } + + $title_array = split($title, '-') + $setting_type = $title_array[0] + $base_name = join(delete_at($title_array, 0), '-') + + assert_type(Pattern[/\Aconf\z/, /\Apref\z/, /\Alist\z/, /\Asources\z/], $setting_type) |$a, $b| { + fail("apt::setting resource name/title must start with either 'conf-', 'pref-', 'list-', or 'sources-'") + } + + if $priority !~ Integer { + # need this to allow zero-padded priority. + assert_type(Pattern[/^\d+$/], $priority) |$a, $b| { + fail('apt::setting priority must be an integer or a zero-padded integer') + } + } + + if $setting_type in ['list', 'pref', 'sources'] { + $_priority = '' + } else { + $_priority = $priority + } + + $_path = $apt::config_files[$setting_type]['path'] + $_ext = $apt::config_files[$setting_type]['ext'] + + if $notify_update { + $_notify = Class['apt::update'] + } else { + $_notify = undef + } + + file { "${_path}/${_priority}${base_name}${_ext}": + ensure => $ensure, + owner => 'root', + group => 'root', + content => $content, + source => $source, + notify => $_notify, + } +} diff --git a/environments/production/thirdparty/apt/manifests/source.pp b/environments/production/thirdparty/apt/manifests/source.pp new file mode 100644 index 0000000..8ad30aa --- /dev/null +++ b/environments/production/thirdparty/apt/manifests/source.pp @@ -0,0 +1,363 @@ +# @summary Manages the Apt sources in /etc/apt/sources.list.d/. +# +# @example Install the puppetlabs apt source +# apt::source { 'puppetlabs': +# location => 'http://apt.puppetlabs.com', +# repos => 'main', +# key => { +# id => '6F6B15509CF8E59E6E469F327F438280EF8D349F', +# server => 'keyserver.ubuntu.com', +# }, +# } +# +# @example Download key behaviour to handle modern apt gpg keyrings. The `name` parameter in the key hash should be given with +# extension. Absence of extension will result in file formation with just name and no extension. +# apt::source { 'puppetlabs': +# location => 'http://apt.puppetlabs.com', +# comment => 'Puppet8', +# key => { +# 'name' => 'puppetlabs.gpg', +# 'source' => 'https://apt.puppetlabs.com/keyring.gpg', +# }, +# } +# +# @example Install the puppetlabs apt source (deb822 format) +# apt::source { 'puppetlabs': +# source_format => 'sources' +# location => ['http://apt.puppetlabs.com'], +# repos => ['puppet8'], +# keyring => '/etc/apt/keyrings/puppetlabs.gpg', +# } +# +# @param source_format +# The file format to use for the apt source. See https://wiki.debian.org/SourcesList +# +# @param location +# Required, unless ensure is set to 'absent'. Specifies an Apt repository. Valid options: a string containing a repository URL. +# DEB822: Supports an array of URL values +# +# @param types +# DEB822: The package types this source manages. +# +# @param enabled +# DEB822: Enable or Disable the APT source. +# +# @param comment +# Supplies a comment for adding to the Apt source file. +# +# @param ensure +# Specifies whether the Apt source file should exist. +# +# @param release +# Specifies a distribution of the Apt repository. +# DEB822: Supports an array of values +# +# @param repos +# Specifies a component of the Apt repository. +# DEB822: Supports an array of values +# +# @param include +# Configures include options. Valid options: a hash of available keys. +# +# @option include [Boolean] :deb +# Specifies whether to request the distribution's compiled binaries. +# +# @option include [Boolean] :src +# Specifies whether to request the distribution's uncompiled source code. +# +# @param key +# Creates an `apt::keyring` in `/etc/apt/keyrings` (or anywhere on disk given `filename`) Valid options: +# * a hash of `parameter => value` pairs to be passed to `file`: `name` (title), `content`, `source`, `filename` +# +# The following inputs are valid for the (deprecated) `apt::key` defined type. Valid options: +# * a string to be passed to the `id` parameter of the `apt::key` defined type +# * a hash of `parameter => value` pairs to be passed to `apt::key`: `id`, `server`, `content`, `source`, `weak_ssl`, `options` +# +# @param keyring +# Absolute path to a file containing the PGP keyring used to sign this repository. Value is used to set signed-by on the source entry. +# This is not necessary if the key is installed with `key` param above. +# See https://wiki.debian.org/DebianRepository/UseThirdParty for details. +# +# @param pin +# Creates a declaration of the apt::pin defined type. Valid options: a number or string to be passed to the `priority` parameter of the +# `apt::pin` defined type, or a hash of `parameter => value` pairs to be passed to `apt::pin`'s corresponding parameters. +# +# @param architecture +# Tells Apt to only download information for specified architectures. Valid options: a string containing one or more architecture names, +# separated by commas (e.g., 'i386' or 'i386,alpha,powerpc'). +# (if unspecified, Apt downloads information for all architectures defined in the Apt::Architectures option) +# DEB822: Supports an array of values +# +# @param allow_unsigned +# Specifies whether to authenticate packages from this release, even if the Release file is not signed or the signature can't be checked. +# +# @param allow_insecure +# Specifies whether to allow downloads from insecure repositories. +# +# @param notify_update +# Specifies whether to trigger an `apt-get update` run. +# +# @param check_valid_until +# Specifies whether to check if the package release date is valid. +# +define apt::source ( + Enum['list', 'sources'] $source_format = 'list', + Array[Enum['deb','deb-src'], 1, 2] $types = ['deb'], + Optional[Variant[String[1], Array[String[1]]]] $location = undef, + String[1] $comment = $name, + Boolean $enabled = true, # deb822 + Enum['present', 'absent'] $ensure = present, + Optional[Variant[String[0], Array[String[0]]]] $release = undef, + Variant[String[1], Array[String[1]]] $repos = 'main', + Hash $include = {}, + Optional[Variant[String[1], Hash]] $key = undef, + Optional[Stdlib::AbsolutePath] $keyring = undef, + Optional[Variant[Hash, Integer, String[1]]] $pin = undef, + Optional[Variant[String[1], Array[String[1]]]] $architecture = undef, + Optional[Boolean] $allow_unsigned = undef, + Optional[Boolean] $allow_insecure = undef, + Optional[Boolean] $check_valid_until = undef, + Boolean $notify_update = true, +) { + include apt + + $_before = Apt::Setting["list-${title}"] + + case $source_format { + 'list': { + $_file_suffix = $source_format + + if !$release { + if fact('os.distro.codename') { + $_release = fact('os.distro.codename') + } else { + fail('os.distro.codename fact not available: release parameter required') + } + } else { + $_release = $release + } + + if $release =~ Pattern[/\/$/] { + $_components = $_release + } elsif $repos =~ Array { + $_components = join([$_release] + $repos, ' ') + } else { + $_components = "${_release} ${repos}" + } + + if $ensure == 'present' { + if ! $location { + fail('cannot create a source entry without specifying a location') + } + elsif ($apt::proxy['https_acng']) and ($location =~ /(?i:^https:\/\/)/) { + $_location = regsubst($location, 'https://','http://HTTPS///') + } + else { + $_location = $location + } + } else { + $_location = undef + } + + $includes = $apt::include_defaults + $include + + if $keyring { + if $key { + fail('parameters key and keyring are mutually exclusive') + } else { + $_list_keyring = $keyring + } + } elsif $key { + if $key =~ Hash { + unless $key['name'] or $key['id'] { + fail('key hash must contain a key name (for apt::keyring) or an id (for apt::key)') + } + if $key['id'] { + # defaults like keyserver are only relevant to apt::key + $_key = $apt::source_key_defaults + $key + } else { + $_key = $key + } + } else { + $_key = { 'id' => assert_type(String[1], $key) } + } + if $_key['ensure'] { + $_key_ensure = $_key['ensure'] + } else { + $_key_ensure = $ensure + } + + # Old keyserver keys handled by apt-key + if $_key =~ Hash and $_key['id'] { + # We do not want to remove keys when the source is absent. + if $ensure == 'present' { + apt::key { "Add key: ${$_key['id']} from Apt::Source ${title}": + ensure => $_key_ensure, + id => $_key['id'], + server => $_key['server'], + content => $_key['content'], + source => $_key['source'], + options => $_key['options'], + weak_ssl => $_key['weak_ssl'], + before => $_before, + } + } + $_list_keyring = undef + } + # Modern apt keyrings + elsif $_key =~ Hash and $_key['name'] { + apt::keyring { $_key['name']: + ensure => $_key_ensure, + content => $_key['content'], + source => $_key['source'], + dir => $_key['dir'], + filename => $_key['filename'], + mode => $_key['mode'], + before => $_before, + } + + $_list_keyring = if $_key['dir'] and $_key['filename'] { + "${_key['dir']}${_key['filename']}" + } elsif $_key['filename'] { + "/etc/apt/keyrings/${_key['filename']}" + } elsif $_key['dir'] { + "${_key['dir']}${_key['name']}" + } else { + "/etc/apt/keyrings/${_key['name']}" + } + } + } else { + # No `key` nor `keyring` provided + $_list_keyring = undef + } + + $header = epp('apt/_header.epp') + + if $architecture { + $_architecture = regsubst($architecture, '\baarch64\b', 'arm64') + } else { + $_architecture = undef + } + + $source_content = epp('apt/source.list.epp', { + 'comment' => $comment, + 'includes' => $includes, + 'options' => delete_undef_values({ + 'arch' => $_architecture, + 'trusted' => $allow_unsigned ? { true => 'yes', false => undef, default => undef }, + 'allow-insecure' => $allow_insecure ? { true => 'yes', false => undef, default => undef }, + 'signed-by' => $_list_keyring, + 'check-valid-until' => $check_valid_until? { true => undef, false => 'false', default => undef }, + }, + ), + 'location' => $_location, + 'components' => $_components, + } + ) + + if $pin { + if $pin =~ Hash { + $_pin = $pin + { 'ensure' => $ensure, 'before' => $_before } + } elsif ($pin =~ Numeric or $pin =~ String) { + $url_split = split($location, '[:\/]+') + $host = $url_split[1] + $_pin = { + 'ensure' => $ensure, + 'priority' => $pin, + 'before' => $_before, + 'origin' => $host, + } + } else { + fail('Received invalid value for pin parameter') + } + + apt::pin { $name: + * => $_pin, + } + } + } + 'sources': { + $_file_suffix = $source_format + + if $pin { + warning("'pin' parameter is not supported with deb822 format.") + } + if $key { + warning("'key' parameter is not supported with deb822 format.") + } + if $ensure == 'present' { + if ! $location { + fail('cannot create a source entry without specifying a location') + } + } + if $location !~ Array { + warning('For deb822 sources, location must be specified as an array.') + $_location = [$location] + } else { + $_location = $location + } + + if !$release { + if fact('os.distro.codename') { + $_release = [fact('os.distro.codename')] + } else { + fail('os.distro.codename fact not available: release parameter required') + } + } elsif $release !~ Array { + warning("For deb822 sources, 'release' must be specified as an array. Converting to array.") + $_release = [$release] + } else { + $_release = $release + } + + if $repos !~ Array { + warning("For deb822 sources, 'repos' must be specified as an array. Converting to array.") + $_repos = split($repos, /\s+/) + } else { + $_repos = $repos + } + + if $architecture and $architecture !~ Array { + warning("For deb822 sources, 'architecture' must be specified as an array. Converting to array.") + $_architecture = split($architecture, '[,]') + } else { + $_architecture = $architecture + } + case $ensure { + 'present': { + $header = epp('apt/_header.epp') + $source_content = epp('apt/source_deb822.epp', delete_undef_values({ + 'uris' => $_location, + 'suites' => $_release, + 'components' => $_repos, + 'types' => $types, + 'comment' => $comment, + 'enabled' => $enabled ? { true => 'yes', false => 'no' }, + 'architectures' => $_architecture, + 'allow_insecure' => $allow_insecure ? { true => 'yes', false => 'no', default => undef }, + 'repo_trusted' => $allow_unsigned ? { true => 'yes', false => 'no', default => undef }, + 'check_valid_until' => $check_valid_until ? { true => 'yes', false => 'no', default => undef }, + 'signed_by' => $keyring, + } + ) + ) + } + 'absent': { + $header = undef + $source_content = undef + } + default: { + fail('Unexpected value for $ensure parameter.') + } + } + } + default: { + fail("Unexpected APT source format: ${source_format}") + } + } + apt::setting { "${_file_suffix}-${name}": + ensure => $ensure, + content => "${header}${source_content}", + notify_update => $notify_update, + } +} diff --git a/environments/production/thirdparty/apt/manifests/update.pp b/environments/production/thirdparty/apt/manifests/update.pp new file mode 100644 index 0000000..63691b5 --- /dev/null +++ b/environments/production/thirdparty/apt/manifests/update.pp @@ -0,0 +1,98 @@ +# @summary Updates the list of available packages using apt-get update. +# +# @api private +# +class apt::update { + assert_private() + + #TODO: to catch if apt_update_last_success has the value of -1 here. If we + #opt to do this, a info/warn would likely be all you'd need likely to happen + #on the first run, but if it's not run in awhile something is likely borked + #with apt and we'd want to know about it. + + case $apt::_update['frequency'] { + 'always': { + $_kick_apt = true + } + Integer[60]:{ + #compare current date with the apt_update_last_success fact to determine + #if we should kick apt_update. + $int_threshold = (Integer(Timestamp().strftime('%s')) - Integer($apt::_update['frequency'])) + if $facts['apt_update_last_success'] { + if $facts['apt_update_last_success'] + 0 < $int_threshold { + $_kick_apt = true + } else { + $_kick_apt = false + } + } else { + #if apt-get update has not successfully run, we should kick apt_update + $_kick_apt = true + } + } + 'hourly':{ + #compare current date with the apt_update_last_success fact to determine + #if we should kick apt_update. + $hourly_threshold = (Integer(Timestamp().strftime('%s')) - 3600) + if $facts['apt_update_last_success'] { + if $facts['apt_update_last_success'] + 0 < $hourly_threshold { + $_kick_apt = true + } else { + $_kick_apt = false + } + } else { + #if apt-get update has not successfully run, we should kick apt_update + $_kick_apt = true + } + } + 'daily': { + #compare current date with the apt_update_last_success fact to determine + #if we should kick apt_update. + $daily_threshold = (Integer(Timestamp().strftime('%s')) - 86400) + if $facts['apt_update_last_success'] { + if $facts['apt_update_last_success'] + 0 < $daily_threshold { + $_kick_apt = true + } else { + $_kick_apt = false + } + } else { + #if apt-get update has not successfully run, we should kick apt_update + $_kick_apt = true + } + } + 'weekly':{ + #compare current date with the apt_update_last_success fact to determine + #if we should kick apt_update. + $weekly_threshold = (Integer(Timestamp().strftime('%s')) - 604800) + if $facts['apt_update_last_success'] { + if $facts['apt_update_last_success'] + 0 < $weekly_threshold { + $_kick_apt = true + } else { + $_kick_apt = false + } + } else { + #if apt-get update has not successfully run, we should kick apt_update + $_kick_apt = true + } + } + default: { + #catches 'reluctantly', and any other value (which should not occur). + #do nothing. + $_kick_apt = false + } + } + + if $_kick_apt { + $_refresh = false + } else { + $_refresh = true + } + exec { 'apt_update': + command => "${apt::provider} update", + loglevel => $apt::_update['loglevel'], + logoutput => 'on_failure', + refreshonly => $_refresh, + timeout => $apt::_update['timeout'], + tries => $apt::_update['tries'], + try_sleep => 1, + } +} diff --git a/environments/production/thirdparty/apt/metadata.json b/environments/production/thirdparty/apt/metadata.json new file mode 100644 index 0000000..eb35497 --- /dev/null +++ b/environments/production/thirdparty/apt/metadata.json @@ -0,0 +1,42 @@ +{ + "name": "puppetlabs-apt", + "version": "10.0.1", + "author": "puppetlabs", + "summary": "Provides an interface for managing Apt source, key, and definitions with Puppet", + "license": "Apache-2.0", + "source": "https://github.com/puppetlabs/puppetlabs-apt", + "project_page": "https://github.com/puppetlabs/puppetlabs-apt", + "issues_url": "https://github.com/puppetlabs/puppetlabs-apt/issues", + "dependencies": [ + { + "name": "puppetlabs/stdlib", + "version_requirement": ">= 9.0.0 < 10.0.0" + } + ], + "operatingsystem_support": [ + { + "operatingsystem": "Debian", + "operatingsystemrelease": [ + "11", + "12" + ] + }, + { + "operatingsystem": "Ubuntu", + "operatingsystemrelease": [ + "18.04", + "20.04", + "22.04" + ] + } + ], + "requirements": [ + { + "name": "puppet", + "version_requirement": ">= 7.0.0 < 9.0.0" + } + ], + "template-url": "https://github.com/puppetlabs/pdk-templates.git#main", + "template-ref": "tags/3.2.0.4-0-g5d17ec1", + "pdk-version": "3.2.0" +} diff --git a/environments/production/thirdparty/apt/pdk.yaml b/environments/production/thirdparty/apt/pdk.yaml new file mode 100644 index 0000000..4bef4bd --- /dev/null +++ b/environments/production/thirdparty/apt/pdk.yaml @@ -0,0 +1,2 @@ +--- +ignore: [] diff --git a/environments/production/thirdparty/apt/provision.yaml b/environments/production/thirdparty/apt/provision.yaml new file mode 100644 index 0000000..ed5c33b --- /dev/null +++ b/environments/production/thirdparty/apt/provision.yaml @@ -0,0 +1,37 @@ +--- +default: + provisioner: docker + images: + - litmusimage/debian:9 +vagrant: + provisioner: vagrant + images: + - centos/7 + - generic/ubuntu1804 +docker_deb: + provisioner: docker + images: + - litmusimage/debian:9 + - litmusimage/debian:10 +docker_ub_6: + provisioner: docker + images: + - litmusimage/ubuntu:18.04 + - litmusimage/ubuntu:20.04 +docker_el7: + provisioner: docker + images: [] +release_checks_6: + provisioner: abs + images: + - debian-9-x86_64 + - debian-10-x86_64 + - ubuntu-1804-x86_64 + - ubuntu-2004-x86_64 +release_checks_7: + provisioner: abs + images: + - debian-9-x86_64 + - debian-10-x86_64 + - ubuntu-1804-x86_64 + - ubuntu-2004-x86_64 diff --git a/environments/production/thirdparty/apt/tasks/init.json b/environments/production/thirdparty/apt/tasks/init.json new file mode 100644 index 0000000..f7a55b8 --- /dev/null +++ b/environments/production/thirdparty/apt/tasks/init.json @@ -0,0 +1,10 @@ +{ + "description": "Allows you to perform apt-get functions", + "input_method": "stdin", + "parameters": { + "action": { + "description": "Action to perform with apt-get", + "type": "Enum[update, upgrade, dist-upgrade, autoremove]" + } + } +} diff --git a/environments/production/thirdparty/apt/tasks/init.rb b/environments/production/thirdparty/apt/tasks/init.rb new file mode 100755 index 0000000..5f1bf11 --- /dev/null +++ b/environments/production/thirdparty/apt/tasks/init.rb @@ -0,0 +1,34 @@ +#!/opt/puppetlabs/puppet/bin/ruby +# frozen_string_literal: true + +require 'json' +require 'open3' +require 'puppet' + +def apt_get(action) + cmd = ['apt-get', action] + cmd << '-y' if ['upgrade', 'dist-upgrade', 'autoremove'].include?(action) + if ['upgrade', 'dist-upgrade', 'autoremove'].include?(action) + ENV['DEBIAN_FRONTEND'] = 'noninteractive' + cmd << '-o' + cmd << 'Dpkg::Options="--force-confdef"' + cmd << '-o' + cmd << 'Dpkg::Options="--force-confold"' + end + stdout, stderr, status = Open3.capture3(*cmd) + raise Puppet::Error, stderr if status != 0 + + { status: stdout.strip } +end + +params = JSON.parse($stdin.read) +action = params['action'] + +begin + result = apt_get(action) + puts result.to_json + exit 0 +rescue Puppet::Error => e + puts({ status: 'failure', error: e.message }.to_json) + exit 1 +end diff --git a/environments/production/thirdparty/apt/templates/_conf_header.epp b/environments/production/thirdparty/apt/templates/_conf_header.epp new file mode 100644 index 0000000..bfa365e --- /dev/null +++ b/environments/production/thirdparty/apt/templates/_conf_header.epp @@ -0,0 +1 @@ +// This file is managed by Puppet. DO NOT EDIT. diff --git a/environments/production/thirdparty/apt/templates/_header.epp b/environments/production/thirdparty/apt/templates/_header.epp new file mode 100644 index 0000000..487e581 --- /dev/null +++ b/environments/production/thirdparty/apt/templates/_header.epp @@ -0,0 +1 @@ +# This file is managed by Puppet. DO NOT EDIT. diff --git a/environments/production/thirdparty/apt/templates/add-apt-repository.sh.epp b/environments/production/thirdparty/apt/templates/add-apt-repository.sh.epp new file mode 100644 index 0000000..e23c485 --- /dev/null +++ b/environments/production/thirdparty/apt/templates/add-apt-repository.sh.epp @@ -0,0 +1,8 @@ +<%- | Array $command, String $sources_list_d_path, String $sources_list_d_filename | -%> + +<%= $command.join(' ') %> + +if [ $? -gt 0 ]; then + rm <%= $sources_list_d_path %>/<%= $sources_list_d_filename %> + exit 1 +fi diff --git a/environments/production/thirdparty/apt/templates/auth_conf.epp b/environments/production/thirdparty/apt/templates/auth_conf.epp new file mode 100644 index 0000000..5dc37e9 --- /dev/null +++ b/environments/production/thirdparty/apt/templates/auth_conf.epp @@ -0,0 +1,6 @@ +// This file is managed by Puppet. DO NOT EDIT. +<% if $auth_conf_entries != [] { -%> +<% $auth_conf_entries.each | $auth_conf_entry | { -%> +machine <%= $auth_conf_entry['machine'] %> login <%= $auth_conf_entry['login'] %> password <%= $auth_conf_entry['password'] %> +<% } -%> +<% } -%> diff --git a/environments/production/thirdparty/apt/templates/pin.pref.epp b/environments/production/thirdparty/apt/templates/pin.pref.epp new file mode 100644 index 0000000..96b815c --- /dev/null +++ b/environments/production/thirdparty/apt/templates/pin.pref.epp @@ -0,0 +1,26 @@ +<%- | $name, $pin_release, $release, $codename, $release_version, $component, $originator, $label, $version, $origin, $explanation, $packages_string, $priority | -%> +<%- +$pin = +if $pin_release != '' { + $options = [ + unless $release =~ Undef { "a=${release}" }, + unless $codename =~ Undef { "n=${codename}" }, + unless $release_version =~ Undef { "v=${release_version}"}, + unless $component =~ Undef { "c=${component}" }, + unless $originator =~ Undef { "o=${originator}" }, + unless $label =~ Undef { "l=${label}" }, + ].filter |$x| { $x != undef } + "release ${options.join(', ')}" } + +elsif $version and "${version}".length > 0 { + "version ${version}" } +elsif $origin and $origin.length > 0 { + "origin ${origin}" } +else { + "release a=${name}" #Default value +} +-%> +Explanation: <%= $explanation %> +Package: <%= $packages_string %> +Pin: <%= $pin %> +Pin-Priority: <%= $priority %> diff --git a/environments/production/thirdparty/apt/templates/proxy.epp b/environments/production/thirdparty/apt/templates/proxy.epp new file mode 100644 index 0000000..34e1930 --- /dev/null +++ b/environments/production/thirdparty/apt/templates/proxy.epp @@ -0,0 +1,10 @@ +<%- | Hash $proxies | -%> +<% $proxies['perhost'].each |$proxy| { -%> +Acquire::<%= $proxy['scheme'] %>::proxy::<%= $proxy['scope'] %> "<%= $proxy['target'] %>"; +<% } -%> +Acquire::http::proxy "http://<%= $proxies['host'] %>:<%= $proxies['port'] %>/"; +<%- if $proxies['https'] { %> +Acquire::https::proxy "https://<%= $proxies['host'] %>:<%= $proxies['port'] %>/"; +<%- } elsif $proxies['direct'] { -%> +Acquire::https::proxy "DIRECT"; +<%- } -%> diff --git a/environments/production/thirdparty/apt/templates/source.list.epp b/environments/production/thirdparty/apt/templates/source.list.epp new file mode 100644 index 0000000..577f9db --- /dev/null +++ b/environments/production/thirdparty/apt/templates/source.list.epp @@ -0,0 +1,8 @@ +<%- | String $comment, Hash $includes, Hash $options, $location, String $components | -%> +# <%= $comment %> +<%- if $includes['deb'] { -%> +deb <% if !$options.empty() { -%>[<%= $options.map |$key, $value| { if !$value.empty() { "${key}=${value}" } }.join(" ") %>] <% } -%> <%= $location %> <%= $components %> +<%- } -%> +<%- if $includes['src'] { -%> +deb-src <% if !$options.empty() { -%>[<%= $options.map |$key, $value| { if !$value.empty() { "${key}=${value}" } }.join(" ") %>] <% } -%> <%= $location %> <%= $components %> +<%- } -%> diff --git a/environments/production/thirdparty/apt/templates/source_deb822.epp b/environments/production/thirdparty/apt/templates/source_deb822.epp new file mode 100644 index 0000000..10802b0 --- /dev/null +++ b/environments/production/thirdparty/apt/templates/source_deb822.epp @@ -0,0 +1,36 @@ +<% | String $comment, + Enum['yes','no'] $enabled, + Array[String] $types, + Array[String] $uris, + Array[String] $suites, + Array[String] $components, + Optional[Array] $architectures = undef, + Optional[Enum['yes','no']] $allow_insecure = undef, + Optional[Enum['yes','no']] $repo_trusted = undef, + Optional[Enum['yes','no']] $check_valid_until = undef, + Optional[Variant[Stdlib::AbsolutePath,Array[String]]] $signed_by = undef, +| -%> +# <%= $comment %> +Enabled: <%= $enabled %> +Types: <% $types.each |String $type| { -%> <%= $type %> <% } %> +URIs: <% $uris.each | String $uri | { -%> <%= $uri %> <% } %> +Suites: <% $suites.each | String $suite | { -%> <%= $suite %> <% } %> +Components: <% $components.each | String $component | { -%> <%= $component %> <% } %> +<% if $architectures { -%> +Architectures:<% $architectures.each | String $arch | { %> <%= $arch %><% } %> +<%- } -%> +<% if $allow_insecure { -%> +Allow-Insecure: <%= $allow_insecure %> +<% } -%> +<% if $repo_trusted { -%> +Trusted: <%= $repo_trusted %> +<% } -%> +<% if $check_valid_until { -%> +Check-Valid-Until: <%= $check_valid_until %> +<% } -%> +<% if $signed_by { -%> +Signed-By: <% if type($signed_by) =~ Type[Array] { -%><%- $signed_by.each |String $keyring| { -%><%= $keyring %> <% } -%> +<%- } -%> +<%- elsif type($signed_by) =~ Type[String] { -%> +<%= $signed_by -%> +<%- }} %> diff --git a/environments/production/thirdparty/apt/types/auth_conf_entry.pp b/environments/production/thirdparty/apt/types/auth_conf_entry.pp new file mode 100644 index 0000000..cb6f92a --- /dev/null +++ b/environments/production/thirdparty/apt/types/auth_conf_entry.pp @@ -0,0 +1,20 @@ +# @summary Login configuration settings that are recorded in the file `/etc/apt/auth.conf`. +# +# @see https://manpages.debian.org/testing/apt/apt_auth.conf.5.en.html for more information +# +# @param machine +# Hostname of machine to connect to. +# +# @param login +# Specifies the username to connect with. +# +# @param password +# Specifies the password to connect with. +# +type Apt::Auth_conf_entry = Struct[ + { + machine => String[1], + login => String, + password => String + } +] diff --git a/environments/production/thirdparty/apt/types/proxy.pp b/environments/production/thirdparty/apt/types/proxy.pp new file mode 100644 index 0000000..ac00222 --- /dev/null +++ b/environments/production/thirdparty/apt/types/proxy.pp @@ -0,0 +1,28 @@ +# @summary Configures Apt to connect to a proxy server. +# +# @param ensure +# Specifies whether the proxy should exist. Valid options: 'file', 'present', and 'absent'. Prefer 'file' over 'present'. +# +# @param host +# Specifies a proxy host to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: a string containing a hostname. +# +# @param port +# Specifies a proxy port to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: an integer containing a port number. +# +# @param https +# Specifies whether to enable https proxies. +# +# @param direct +# Specifies whether or not to use a `DIRECT` https proxy if http proxy is used but https is not. +# +type Apt::Proxy = Struct[ + { + ensure => Optional[Enum['file', 'present', 'absent']], + host => Optional[String], + port => Optional[Integer[0, 65535]], + https => Optional[Boolean], + https_acng => Optional[Boolean], + direct => Optional[Boolean], + perhost => Optional[Array[Apt::Proxy_Per_Host]], + } +] diff --git a/environments/production/thirdparty/apt/types/proxy_per_host.pp b/environments/production/thirdparty/apt/types/proxy_per_host.pp new file mode 100644 index 0000000..5a3b6e6 --- /dev/null +++ b/environments/production/thirdparty/apt/types/proxy_per_host.pp @@ -0,0 +1,26 @@ +# @summary Adds per-host overrides to the system default APT proxy configuration +# +# @param scope +# Specifies the scope of the override. Valid options: a string containing a hostname. +# +# @param host +# Specifies a proxy host to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: a string containing a hostname. +# +# @param port +# Specifies a proxy port to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: an integer containing a port number. +# +# @param https +# Specifies whether to enable https for this override. +# +# @param direct +# Specifies whether or not to use a `DIRECT` target to bypass the system default proxy. +# +type Apt::Proxy_Per_Host = Struct[ + { + scope => String, + host => Optional[String], + port => Optional[Integer[1, 65535]], + https => Optional[Boolean], + direct => Optional[Boolean], + } +] diff --git a/environments/production/thirdparty/docker/CHANGELOG.md b/environments/production/thirdparty/docker/CHANGELOG.md new file mode 100644 index 0000000..9853248 --- /dev/null +++ b/environments/production/thirdparty/docker/CHANGELOG.md @@ -0,0 +1,583 @@ + +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). + +## [v10.2.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v10.2.0) - 2025-03-10 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v10.1.0...v10.2.0) + +### Added + +- (GH-962) Allow Amazon Linux 2 and newer versions [#972](https://github.com/puppetlabs/puppetlabs-docker/pull/972) ([rjd1](https://github.com/rjd1)) + +## [v10.1.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v10.1.0) - 2024-12-18 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v10.0.1...v10.1.0) + +### Added + +- Add support for EL9 [#1007](https://github.com/puppetlabs/puppetlabs-docker/pull/1007) ([ghoneycutt](https://github.com/ghoneycutt)) + +## [v10.0.1](https://github.com/puppetlabs/puppetlabs-docker/tree/v10.0.1) - 2024-07-13 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v10.0.0...v10.0.1) + +### Fixed + +- systemd service overrides: restore whitespace to pre-conversion [#983](https://github.com/puppetlabs/puppetlabs-docker/pull/983) ([kenyon](https://github.com/kenyon)) + +## [v10.0.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v10.0.0) - 2024-07-04 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v9.1.0...v10.0.0) + +### Changed + +- Use the docker-compose-plugin via 'docker compose' instead of 'docker-compose' [#975](https://github.com/puppetlabs/puppetlabs-docker/pull/975) ([nathanlcarlson](https://github.com/nathanlcarlson)) + +### Fixed + +- (CAT-1143)-Conversion_of_erb_templates_to_epp [#944](https://github.com/puppetlabs/puppetlabs-docker/pull/944) ([praj1001](https://github.com/praj1001)) + +## [v9.1.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v9.1.0) - 2023-07-19 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v9.0.1...v9.1.0) + +### Added + +- CONT-568 : Adding deferred function for password [#918](https://github.com/puppetlabs/puppetlabs-docker/pull/918) ([malikparvez](https://github.com/malikparvez)) + +## [v9.0.1](https://github.com/puppetlabs/puppetlabs-docker/tree/v9.0.1) - 2023-07-06 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v8.0.0...v9.0.1) + +### Fixed + +- (CONT-1196) - Remove deprecated function merge [#935](https://github.com/puppetlabs/puppetlabs-docker/pull/935) ([Ramesh7](https://github.com/Ramesh7)) + +## [v8.0.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v8.0.0) - 2023-07-05 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v7.0.0...v8.0.0) + +### Changed + +- pdksync - (MAINT) - Require Stdlib 9.x [#921](https://github.com/puppetlabs/puppetlabs-docker/pull/921) ([LukasAud](https://github.com/LukasAud)) + +### Added + +- (CONT-1121) - Add support for CentOS 8 [#926](https://github.com/puppetlabs/puppetlabs-docker/pull/926) ([jordanbreen28](https://github.com/jordanbreen28)) + +## [v7.0.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v7.0.0) - 2023-05-02 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v6.1.0...v7.0.0) + +### Changed + +- (CONT-776) - Add Puppet 8/Drop Puppet 6 [#910](https://github.com/puppetlabs/puppetlabs-docker/pull/910) ([jordanbreen28](https://github.com/jordanbreen28)) + +## [v6.1.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v6.1.0) - 2023-04-28 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v6.0.2...v6.1.0) + +### Added + +- (CONT-351) Syntax update [#901](https://github.com/puppetlabs/puppetlabs-docker/pull/901) ([LukasAud](https://github.com/LukasAud)) + +### Fixed + +- Fix `docker` fact with recent version of docker [#897](https://github.com/puppetlabs/puppetlabs-docker/pull/897) ([smortex](https://github.com/smortex)) +- Use puppet yaml helper to workaround psych >4 breaking changes [#877](https://github.com/puppetlabs/puppetlabs-docker/pull/877) ([gfargeas](https://github.com/gfargeas)) + +## [v6.0.2](https://github.com/puppetlabs/puppetlabs-docker/tree/v6.0.2) - 2022-12-08 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v6.0.1...v6.0.2) + +### Fixed + +- (CONT-24) docker_stack always redoploying [#878](https://github.com/puppetlabs/puppetlabs-docker/pull/878) ([david22swan](https://github.com/david22swan)) + +## [v6.0.1](https://github.com/puppetlabs/puppetlabs-docker/tree/v6.0.1) - 2022-11-25 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v6.0.0...v6.0.1) + +### Fixed + +- Revert "(maint) Hardening manifests and tasks" [#875](https://github.com/puppetlabs/puppetlabs-docker/pull/875) ([pmcmaw](https://github.com/pmcmaw)) + +## [v6.0.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v6.0.0) - 2022-11-21 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v5.1.0...v6.0.0) + +### Changed + +- (CONT-263) Bumping required puppet version [#871](https://github.com/puppetlabs/puppetlabs-docker/pull/871) ([LukasAud](https://github.com/LukasAud)) +- docker_run_flags: Shellescape any provided values [#869](https://github.com/puppetlabs/puppetlabs-docker/pull/869) ([LukasAud](https://github.com/LukasAud)) +- (maint) Hardening manifests and tasks [#863](https://github.com/puppetlabs/puppetlabs-docker/pull/863) ([LukasAud](https://github.com/LukasAud)) + +## [v5.1.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v5.1.0) - 2022-10-21 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v5.0.0...v5.1.0) + +### Added + +- Add missing extra_systemd_parameters values to docker-run.erb [#851](https://github.com/puppetlabs/puppetlabs-docker/pull/851) ([cbowman0](https://github.com/cbowman0)) + +### Fixed + +- pdksync - (CONT-130) Dropping Support for Debian 9 [#859](https://github.com/puppetlabs/puppetlabs-docker/pull/859) ([jordanbreen28](https://github.com/jordanbreen28)) +- Change `stop_wait_time` value to match Docker default [#858](https://github.com/puppetlabs/puppetlabs-docker/pull/858) ([sebcdri](https://github.com/sebcdri)) + +## [v5.0.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v5.0.0) - 2022-08-19 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v4.4.0...v5.0.0) + +### Changed + +- Remove log_driver limitations [#792](https://github.com/puppetlabs/puppetlabs-docker/pull/792) ([timdeluxe](https://github.com/timdeluxe)) + +### Added + +- pdksync - (GH-cat-11) Certify Support for Ubuntu 22.04 [#850](https://github.com/puppetlabs/puppetlabs-docker/pull/850) ([david22swan](https://github.com/david22swan)) +- adding optional variable for package_key_check_source to RedHat [#846](https://github.com/puppetlabs/puppetlabs-docker/pull/846) ([STaegtmeier](https://github.com/STaegtmeier)) +- New create_user parameter on main class [#841](https://github.com/puppetlabs/puppetlabs-docker/pull/841) ([traylenator](https://github.com/traylenator)) + +## [v4.4.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v4.4.0) - 2022-06-01 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v4.3.0...v4.4.0) + +### Added + +- Update Docker Compose to handle symbols [#834](https://github.com/puppetlabs/puppetlabs-docker/pull/834) ([sili72](https://github.com/sili72)) + +### Fixed + +- Avoid empty array to -net parameter [#837](https://github.com/puppetlabs/puppetlabs-docker/pull/837) ([chelnak](https://github.com/chelnak)) +- (GH-785) Fix duplicate stack matching [#836](https://github.com/puppetlabs/puppetlabs-docker/pull/836) ([chelnak](https://github.com/chelnak)) +- Fix docker-compose, network and volumes not applying on 1st run, fix other idempotency [#833](https://github.com/puppetlabs/puppetlabs-docker/pull/833) ([canihavethisone](https://github.com/canihavethisone)) +- Fixed docker facts to check for active swarm clusters before running docker swarm sub-commands. [#817](https://github.com/puppetlabs/puppetlabs-docker/pull/817) ([nmaludy](https://github.com/nmaludy)) + +## [v4.3.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v4.3.0) - 2022-05-16 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v4.2.1...v4.3.0) + +### Added + +- Add tmpdir option to docker_compose [#823](https://github.com/puppetlabs/puppetlabs-docker/pull/823) ([canihavethisone](https://github.com/canihavethisone)) +- Support different Architectures (like `aarch64`) when installing Compose [#812](https://github.com/puppetlabs/puppetlabs-docker/pull/812) ([mpdude](https://github.com/mpdude)) + +### Fixed + +- Only install docker-ce-cli with docker-ce [#827](https://github.com/puppetlabs/puppetlabs-docker/pull/827) ([vchepkov](https://github.com/vchepkov)) +- remove some legacy facts [#802](https://github.com/puppetlabs/puppetlabs-docker/pull/802) ([traylenator](https://github.com/traylenator)) +- Fix missing comma in docker::image example [#787](https://github.com/puppetlabs/puppetlabs-docker/pull/787) ([Vincevrp](https://github.com/Vincevrp)) +- allow docker::networks::networks param to be undef [#783](https://github.com/puppetlabs/puppetlabs-docker/pull/783) ([jhoblitt](https://github.com/jhoblitt)) + +## [v4.2.1](https://github.com/puppetlabs/puppetlabs-docker/tree/v4.2.1) - 2022-04-14 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v4.2.0...v4.2.1) + +### Fixed + +- Fix permission denied issue introduced in v4.2.0 [#820](https://github.com/puppetlabs/puppetlabs-docker/pull/820) ([chelnak](https://github.com/chelnak)) + +## [v4.2.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v4.2.0) - 2022-04-11 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v4.1.2...v4.2.0) + +### Added + +- pdksync - (FM-8922) - Add Support for Windows 2022 [#801](https://github.com/puppetlabs/puppetlabs-docker/pull/801) ([david22swan](https://github.com/david22swan)) +- (IAC-1729) Add Support for Debian 11 [#799](https://github.com/puppetlabs/puppetlabs-docker/pull/799) ([david22swan](https://github.com/david22swan)) + +### Fixed + +- pdksync - (GH-iac-334) Remove Support for Ubuntu 14.04/16.04 [#807](https://github.com/puppetlabs/puppetlabs-docker/pull/807) ([david22swan](https://github.com/david22swan)) +- Fix idempotency when using scaling with docker-compose [#805](https://github.com/puppetlabs/puppetlabs-docker/pull/805) ([canihavethisone](https://github.com/canihavethisone)) +- Make RedHat version check respect acknowledge_unsupported_os [#788](https://github.com/puppetlabs/puppetlabs-docker/pull/788) ([PolaricEntropy](https://github.com/PolaricEntropy)) + +## [v4.1.2](https://github.com/puppetlabs/puppetlabs-docker/tree/v4.1.2) - 2021-09-27 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v4.1.1...v4.1.2) + +### Fixed + +- pdksync - (IAC-1598) - Remove Support for Debian 8 [#775](https://github.com/puppetlabs/puppetlabs-docker/pull/775) ([david22swan](https://github.com/david22swan)) +- Prefer timeout to time_limit for Facter::Core::Execution [#774](https://github.com/puppetlabs/puppetlabs-docker/pull/774) ([smortex](https://github.com/smortex)) +- Fix facts gathering [#773](https://github.com/puppetlabs/puppetlabs-docker/pull/773) ([smortex](https://github.com/smortex)) + +## [v4.1.1](https://github.com/puppetlabs/puppetlabs-docker/tree/v4.1.1) - 2021-08-26 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v4.1.0...v4.1.1) + +### Fixed + +- (IAC-1741) Allow stdlib v8.0.0 [#767](https://github.com/puppetlabs/puppetlabs-docker/pull/767) ([david22swan](https://github.com/david22swan)) +- Remove stderr empty check to avoid docker_params_changed failures when warnings appear [#764](https://github.com/puppetlabs/puppetlabs-docker/pull/764) ([cedws](https://github.com/cedws)) +- Duplicate declaration statement: docker_params_changed is already declared [#763](https://github.com/puppetlabs/puppetlabs-docker/pull/763) ([basti-nis](https://github.com/basti-nis)) +- Timeout for hangs of the docker_client in the facts generation [#759](https://github.com/puppetlabs/puppetlabs-docker/pull/759) ([carabasdaniel](https://github.com/carabasdaniel)) + +## [v4.1.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v4.1.0) - 2021-06-28 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v4.0.1...v4.1.0) + +### Added + +- Add syslog_facility parameter to docker::run [#755](https://github.com/puppetlabs/puppetlabs-docker/pull/755) ([waipeng](https://github.com/waipeng)) + +### Fixed + +- Fix docker::volumes hiera example [#754](https://github.com/puppetlabs/puppetlabs-docker/pull/754) ([pskopnik](https://github.com/pskopnik)) +- Allow force update non-latest tagged image [#752](https://github.com/puppetlabs/puppetlabs-docker/pull/752) ([yanjunding](https://github.com/yanjunding)) +- Allow management of the docker-ce-cli package [#740](https://github.com/puppetlabs/puppetlabs-docker/pull/740) ([kenyon](https://github.com/kenyon)) + +## [v4.0.1](https://github.com/puppetlabs/puppetlabs-docker/tree/v4.0.1) - 2021-05-26 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v4.0.0...v4.0.1) + +### Fixed + +- (IAC-1497) - Removal of unsupported `translate` dependency [#737](https://github.com/puppetlabs/puppetlabs-docker/pull/737) ([david22swan](https://github.com/david22swan)) +- add simple quotes around env service flag [#706](https://github.com/puppetlabs/puppetlabs-docker/pull/706) ([adrianiurca](https://github.com/adrianiurca)) + +## [v4.0.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v4.0.0) - 2021-03-04 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v3.14.0...v4.0.0) + +## [v3.14.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v3.14.0) - 2021-03-04 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v3.13.1...v3.14.0) + +### Changed + +- pdksync - Remove Puppet 5 from testing and bump minimal version to 6.0.0 [#718](https://github.com/puppetlabs/puppetlabs-docker/pull/718) ([carabasdaniel](https://github.com/carabasdaniel)) + +### Fixed + +- [MODULES-10898] Disable forced docker service restart for RedHat 7 and docker server 1.13 [#730](https://github.com/puppetlabs/puppetlabs-docker/pull/730) ([carabasdaniel](https://github.com/carabasdaniel)) +- Make it possible to use pod's network [#725](https://github.com/puppetlabs/puppetlabs-docker/pull/725) ([seriv](https://github.com/seriv)) + +## [v3.13.1](https://github.com/puppetlabs/puppetlabs-docker/tree/v3.13.1) - 2021-02-02 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v3.13.0...v3.13.1) + +### Fixed + +- (IAC-1218) - docker_params_changed should be run by agent [#705](https://github.com/puppetlabs/puppetlabs-docker/pull/705) ([adrianiurca](https://github.com/adrianiurca)) +- Fix systemd units for systemd versions < v230 [#704](https://github.com/puppetlabs/puppetlabs-docker/pull/704) ([benningm](https://github.com/benningm)) +- setting HOME environment to /root [#698](https://github.com/puppetlabs/puppetlabs-docker/pull/698) ([adrianiurca](https://github.com/adrianiurca)) + +## [v3.13.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v3.13.0) - 2020-12-14 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v3.12.1...v3.13.0) + +### Added + +- pdksync - (feat) - Bump Puppet boundary [#687](https://github.com/puppetlabs/puppetlabs-docker/pull/687) ([daianamezdrea](https://github.com/daianamezdrea)) +- Ensure image digest checksum before starting [#673](https://github.com/puppetlabs/puppetlabs-docker/pull/673) ([tmanninger](https://github.com/tmanninger)) +- Support multiple mirrors #659 [#669](https://github.com/puppetlabs/puppetlabs-docker/pull/669) ([TheLocehiliosan](https://github.com/TheLocehiliosan)) + +### Fixed + +- Options to docker-compose should be an Array, not a String [#695](https://github.com/puppetlabs/puppetlabs-docker/pull/695) ([adrianiurca](https://github.com/adrianiurca)) +- fixing issue #689 by setting HOME in docker command [#692](https://github.com/puppetlabs/puppetlabs-docker/pull/692) ([sdinten](https://github.com/sdinten)) +- (MAINT) Use docker-compose config instead file parsing [#672](https://github.com/puppetlabs/puppetlabs-docker/pull/672) ([rbelnap](https://github.com/rbelnap)) +- Fix array of additional flags [#671](https://github.com/puppetlabs/puppetlabs-docker/pull/671) ([CAPSLOCK2000](https://github.com/CAPSLOCK2000)) +- Test against OS family rather than name [#667](https://github.com/puppetlabs/puppetlabs-docker/pull/667) ([bodgit](https://github.com/bodgit)) + +## [v3.12.1](https://github.com/puppetlabs/puppetlabs-docker/tree/v3.12.1) - 2020-10-14 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v3.12.0...v3.12.1) + +### Fixed + +- Fix misplaced backslash in start template [#666](https://github.com/puppetlabs/puppetlabs-docker/pull/666) ([optiz0r](https://github.com/optiz0r)) + +## [v3.12.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v3.12.0) - 2020-09-29 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v3.11.0...v3.12.0) + +### Added + +- Add docker swarm join-tokens as facts [#651](https://github.com/puppetlabs/puppetlabs-docker/pull/651) ([oschusler](https://github.com/oschusler)) + +### Fixed + +- (IAC-982) - Remove inappropriate terminology [#654](https://github.com/puppetlabs/puppetlabs-docker/pull/654) ([david22swan](https://github.com/david22swan)) + +## [v3.11.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v3.11.0) - 2020-08-11 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v3.10.2...v3.11.0) + +### Added + +- Fix #584: Deal with Arrays for the net list [#647](https://github.com/puppetlabs/puppetlabs-docker/pull/647) ([MG2R](https://github.com/MG2R)) +- pdksync - (IAC-973) - Update travis/appveyor to run on new default branch main [#643](https://github.com/puppetlabs/puppetlabs-docker/pull/643) ([david22swan](https://github.com/david22swan)) + +### Fixed + +- [MODULES-10734] - improve params detection on docker::run [#648](https://github.com/puppetlabs/puppetlabs-docker/pull/648) ([adrianiurca](https://github.com/adrianiurca)) + +## [v3.10.2](https://github.com/puppetlabs/puppetlabs-docker/tree/v3.10.2) - 2020-07-17 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v3.10.1...v3.10.2) + +### Fixed + +- (MODULES-10691) - Add root_dir in daemon.json [#632](https://github.com/puppetlabs/puppetlabs-docker/pull/632) ([daianamezdrea](https://github.com/daianamezdrea)) +- Fixing the fix 'Fix the docker_compose options parameter position #378' [#631](https://github.com/puppetlabs/puppetlabs-docker/pull/631) ([awegmann](https://github.com/awegmann)) +- Blocking ordering between non-Windows service stops [#622](https://github.com/puppetlabs/puppetlabs-docker/pull/622) ([AndrewLipscomb](https://github.com/AndrewLipscomb)) +- Allow all 3.x docker-compose minor versions [#620](https://github.com/puppetlabs/puppetlabs-docker/pull/620) ([runejuhl](https://github.com/runejuhl)) + +## [v3.10.1](https://github.com/puppetlabs/puppetlabs-docker/tree/v3.10.1) - 2020-05-28 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v3.10.0...v3.10.1) + +### Fixed + +- Fix unreachable StartLimitBurst value in unit template [#616](https://github.com/puppetlabs/puppetlabs-docker/pull/616) ([omeinderink](https://github.com/omeinderink)) +- (MODULES-9696) remove docker_home_dirs fact [#613](https://github.com/puppetlabs/puppetlabs-docker/pull/613) ([carabasdaniel](https://github.com/carabasdaniel)) +- [MODULES-10629] Throw error when docker login fails [#610](https://github.com/puppetlabs/puppetlabs-docker/pull/610) ([carabasdaniel](https://github.com/carabasdaniel)) +- (maint) - facts fix for centos [#608](https://github.com/puppetlabs/puppetlabs-docker/pull/608) ([david22swan](https://github.com/david22swan)) +- major adjustments for current code style [#607](https://github.com/puppetlabs/puppetlabs-docker/pull/607) ([crazymind1337](https://github.com/crazymind1337)) + +## [v3.10.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v3.10.0) - 2020-04-23 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v3.9.1...v3.10.0) + +### Added + +- [IAC-291] Convert acceptance tests to Litmus [#585](https://github.com/puppetlabs/puppetlabs-docker/pull/585) ([carabasdaniel](https://github.com/carabasdaniel)) +- Updated: Add Docker service (create, remote, scale) tasks [#582](https://github.com/puppetlabs/puppetlabs-docker/pull/582) ([Flask](https://github.com/Flask)) +- Add after_start and after_stop options to docker::run define [#580](https://github.com/puppetlabs/puppetlabs-docker/pull/580) ([jantman](https://github.com/jantman)) +- Make docker::machine::url configurable [#569](https://github.com/puppetlabs/puppetlabs-docker/pull/569) ([baurmatt](https://github.com/baurmatt)) +- Let docker.service start docker services managed by puppetlabs/docker
 [#563](https://github.com/puppetlabs/puppetlabs-docker/pull/563) ([jhejl](https://github.com/jhejl)) +- Allow bypassing curl package ensure if needed [#477](https://github.com/puppetlabs/puppetlabs-docker/pull/477) ([esalberg](https://github.com/esalberg)) + +### Fixed + +- Enforce TLS1.2 on Windows; minor fixes for RH-based testing [#603](https://github.com/puppetlabs/puppetlabs-docker/pull/603) ([carabasdaniel](https://github.com/carabasdaniel)) +- [MODULES-10628] Update documentation for docker volume and set options as parameter [#599](https://github.com/puppetlabs/puppetlabs-docker/pull/599) ([carabasdaniel](https://github.com/carabasdaniel)) +- Allow module to work on SLES [#591](https://github.com/puppetlabs/puppetlabs-docker/pull/591) ([npwalker](https://github.com/npwalker)) +- (maint) Fix missing stubs in docker_spec.rb [#589](https://github.com/puppetlabs/puppetlabs-docker/pull/589) ([Filipovici-Andrei](https://github.com/Filipovici-Andrei)) +- Add Hiera lookups for resources in init.pp [#586](https://github.com/puppetlabs/puppetlabs-docker/pull/586) ([fe80](https://github.com/fe80)) +- Use standardized quote type to help tests pass [#566](https://github.com/puppetlabs/puppetlabs-docker/pull/566) ([DLeich](https://github.com/DLeich)) +- Minimal changes to work with podman-docker [#562](https://github.com/puppetlabs/puppetlabs-docker/pull/562) ([seriv](https://github.com/seriv)) + +## [v3.9.1](https://github.com/puppetlabs/puppetlabs-docker/tree/v3.9.1) - 2020-01-20 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v3.9.0...v3.9.1) + +### Fixed + +- (maint) fix dependencies of powershell to 4.0.0 [#568](https://github.com/puppetlabs/puppetlabs-docker/pull/568) ([sheenaajay](https://github.com/sheenaajay)) + +## [v3.9.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v3.9.0) - 2019-12-09 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v3.8.0...v3.9.0) + +### Added + +- Add option for RemainAfterExit [#549](https://github.com/puppetlabs/puppetlabs-docker/pull/549) ([vdavidoff](https://github.com/vdavidoff)) + +### Fixed + +- Fix error does not show when image:tag does not exists (#552) [#553](https://github.com/puppetlabs/puppetlabs-docker/pull/553) ([rafaelcarv](https://github.com/rafaelcarv)) +- Allow defining the name of the docker-compose symlink [#544](https://github.com/puppetlabs/puppetlabs-docker/pull/544) ([gtufte](https://github.com/gtufte)) +- Clarify usage of docker_stack type up_args and fix link to docs [#537](https://github.com/puppetlabs/puppetlabs-docker/pull/537) ([jacksgt](https://github.com/jacksgt)) +- Move StartLimit* options to [Unit], fix StartLimitIntervalSec [#531](https://github.com/puppetlabs/puppetlabs-docker/pull/531) ([runejuhl](https://github.com/runejuhl)) + +## [v3.8.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v3.8.0) - 2019-10-01 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v3.7.0-bna...v3.8.0) + +### Added + +- pdksync - Add support on Debian10 [#525](https://github.com/puppetlabs/puppetlabs-docker/pull/525) ([lionce](https://github.com/lionce)) + +### Fixed + +- Fix multiple additional flags for docker_network [#523](https://github.com/puppetlabs/puppetlabs-docker/pull/523) ([lemrouch](https://github.com/lemrouch)) +- :bug: Fix wrong service detach handling [#520](https://github.com/puppetlabs/puppetlabs-docker/pull/520) ([khaefeli](https://github.com/khaefeli)) +- Fix aliased plugin names [#514](https://github.com/puppetlabs/puppetlabs-docker/pull/514) ([koshatul](https://github.com/koshatul)) + +## [v3.7.0-bna](https://github.com/puppetlabs/puppetlabs-docker/tree/v3.7.0-bna) - 2019-08-08 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/e2.6...v3.7.0-bna) + +### Added + +- Add new Docker Swarm Tasks (node ls, rm, update; service scale) [#509](https://github.com/puppetlabs/puppetlabs-docker/pull/509) ([khaefeli](https://github.com/khaefeli)) + +### Fixed + +- Fixing error: [#516](https://github.com/puppetlabs/puppetlabs-docker/pull/516) ([darshannnn](https://github.com/darshannnn)) + +## [e2.6](https://github.com/puppetlabs/puppetlabs-docker/tree/e2.6) - 2019-07-26 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v3.7.0...e2.6) + +## [v3.7.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v3.7.0) - 2019-07-19 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v3.6.0...v3.7.0) + +### Added + +- Added option to override docker-compose download location [#482](https://github.com/puppetlabs/puppetlabs-docker/pull/482) ([piquet90](https://github.com/piquet90)) + +## [v3.6.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v3.6.0) - 2019-06-25 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/3.5.0...v3.6.0) + +### Changed + +- (FM-8100) Update minimum supported Puppet version to 5.5.10 [#486](https://github.com/puppetlabs/puppetlabs-docker/pull/486) ([eimlav](https://github.com/eimlav)) + +### Added + +- (FM-8151) Add Windows Server 2019 support [#493](https://github.com/puppetlabs/puppetlabs-docker/pull/493) ([eimlav](https://github.com/eimlav)) +- Support for docker machine download and install [#466](https://github.com/puppetlabs/puppetlabs-docker/pull/466) ([acurus-puppetmaster](https://github.com/acurus-puppetmaster)) +- Add service_provider parameter to docker::run [#376](https://github.com/puppetlabs/puppetlabs-docker/pull/376) ([jameslikeslinux](https://github.com/jameslikeslinux)) + +### Fixed + +- Tasks frozen string [#499](https://github.com/puppetlabs/puppetlabs-docker/pull/499) ([khaefeli](https://github.com/khaefeli)) +- Fix #239 local_user permission denied [#497](https://github.com/puppetlabs/puppetlabs-docker/pull/497) ([thde](https://github.com/thde)) +- (MODULES-9193) Revert part of MODULES-9177 [#490](https://github.com/puppetlabs/puppetlabs-docker/pull/490) ([eimlav](https://github.com/eimlav)) +- (MODULES-9177) Fix version validation regex [#489](https://github.com/puppetlabs/puppetlabs-docker/pull/489) ([eimlav](https://github.com/eimlav)) +- Fix publish flag being erroneously added to docker service commands [#471](https://github.com/puppetlabs/puppetlabs-docker/pull/471) ([twistedduck](https://github.com/twistedduck)) +- Fix container running check to work for windows hosts [#470](https://github.com/puppetlabs/puppetlabs-docker/pull/470) ([florindragos](https://github.com/florindragos)) +- Allow images tagged latest to update on each run [#468](https://github.com/puppetlabs/puppetlabs-docker/pull/468) ([electrofelix](https://github.com/electrofelix)) +- Fix docker::image to not run images [#465](https://github.com/puppetlabs/puppetlabs-docker/pull/465) ([hugotanure](https://github.com/hugotanure)) + +## [3.5.0](https://github.com/puppetlabs/puppetlabs-docker/tree/3.5.0) - 2019-03-14 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/3.4.0...3.5.0) + +### Fixed + +- fix(syntax): Remove duplicate parenthesis [#454](https://github.com/puppetlabs/puppetlabs-docker/pull/454) ([jfroche](https://github.com/jfroche)) +- Docker::Services:: fix command parameter used with an array [#452](https://github.com/puppetlabs/puppetlabs-docker/pull/452) ([jacksgt](https://github.com/jacksgt)) +- docker::services: Fix using multiple published ports [#447](https://github.com/puppetlabs/puppetlabs-docker/pull/447) ([jacksgt](https://github.com/jacksgt)) + +## [3.4.0](https://github.com/puppetlabs/puppetlabs-docker/tree/3.4.0) - 2019-02-25 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/e2.0...3.4.0) + +## [e2.0](https://github.com/puppetlabs/puppetlabs-docker/tree/e2.0) - 2019-02-21 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/3.3.0...e2.0) + +### Fixed + +- fixing errors with bundle file conditional statement [#436](https://github.com/puppetlabs/puppetlabs-docker/pull/436) ([davejrt](https://github.com/davejrt)) +- #432 Fix frozen string error [#434](https://github.com/puppetlabs/puppetlabs-docker/pull/434) ([khaefeli](https://github.com/khaefeli)) + +## [3.3.0](https://github.com/puppetlabs/puppetlabs-docker/tree/3.3.0) - 2019-02-13 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/3.2.0...3.3.0) + +## [3.2.0](https://github.com/puppetlabs/puppetlabs-docker/tree/3.2.0) - 2019-01-17 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/3.1.0...3.2.0) + +### Fixed + +- centos repo fix [#413](https://github.com/puppetlabs/puppetlabs-docker/pull/413) ([davejrt](https://github.com/davejrt)) +- rhel fix [#412](https://github.com/puppetlabs/puppetlabs-docker/pull/412) ([davejrt](https://github.com/davejrt)) +- fixing various issues with tests across all supported OS [#406](https://github.com/puppetlabs/puppetlabs-docker/pull/406) ([davejrt](https://github.com/davejrt)) +- Fix shared scripts on non systemd systems [#400](https://github.com/puppetlabs/puppetlabs-docker/pull/400) ([glorpen](https://github.com/glorpen)) +- Do not load powershell profiles [#396](https://github.com/puppetlabs/puppetlabs-docker/pull/396) ([florindragos](https://github.com/florindragos)) +- Fix stack acceptance tests [#395](https://github.com/puppetlabs/puppetlabs-docker/pull/395) ([florindragos](https://github.com/florindragos)) +- fixing acceptance tests on debian [#393](https://github.com/puppetlabs/puppetlabs-docker/pull/393) ([davejrt](https://github.com/davejrt)) +- fixing deep merge issue and yaml alias [#387](https://github.com/puppetlabs/puppetlabs-docker/pull/387) ([davejrt](https://github.com/davejrt)) +- Adds a Usage example for daemon level extra_parameters [#386](https://github.com/puppetlabs/puppetlabs-docker/pull/386) ([mpepping](https://github.com/mpepping)) +- Fixing create_resources for volumes [#384](https://github.com/puppetlabs/puppetlabs-docker/pull/384) ([andytechdad](https://github.com/andytechdad)) +- Fix the docker_compose options parameter position [#378](https://github.com/puppetlabs/puppetlabs-docker/pull/378) ([FlorentPoinsaut](https://github.com/FlorentPoinsaut)) +- Allow multiple values for subnet in docker_network [#371](https://github.com/puppetlabs/puppetlabs-docker/pull/371) ([florindragos](https://github.com/florindragos)) +- Cloud 2191 fix stack acceptance test [#368](https://github.com/puppetlabs/puppetlabs-docker/pull/368) ([MWilsonPuppet](https://github.com/MWilsonPuppet)) +- Create shared start/stop scripts for better extensibility [#367](https://github.com/puppetlabs/puppetlabs-docker/pull/367) ([glorpen](https://github.com/glorpen)) +- Fixing incorrect variable names in docker_compose/ruby.rb [#365](https://github.com/puppetlabs/puppetlabs-docker/pull/365) ([lowerpuppet](https://github.com/lowerpuppet)) +- update docker_stack to fix registry auth option [#364](https://github.com/puppetlabs/puppetlabs-docker/pull/364) ([davejrt](https://github.com/davejrt)) +- Fix registry local_user functionalitity. [#353](https://github.com/puppetlabs/puppetlabs-docker/pull/353) ([stejanse](https://github.com/stejanse)) +- Fix windows default paths [#326](https://github.com/puppetlabs/puppetlabs-docker/pull/326) ([florindragos](https://github.com/florindragos)) + +## [3.1.0](https://github.com/puppetlabs/puppetlabs-docker/tree/3.1.0) - 2018-10-22 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/3.0.0...3.1.0) + +### Fixed + +- Fix acceptance tests for windows [#349](https://github.com/puppetlabs/puppetlabs-docker/pull/349) ([florindragos](https://github.com/florindragos)) +- pinning puppet version to fix failing spec tests [#346](https://github.com/puppetlabs/puppetlabs-docker/pull/346) ([MWilsonPuppet](https://github.com/MWilsonPuppet)) + +## [3.0.0](https://github.com/puppetlabs/puppetlabs-docker/tree/3.0.0) - 2018-09-27 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/2.0.0...3.0.0) + +### Fixed + +- Fix docker swarm tasks boolean params [#338](https://github.com/puppetlabs/puppetlabs-docker/pull/338) ([florindragos](https://github.com/florindragos)) +- CLOUD-2069 Adding support for multiple compose files. [#332](https://github.com/puppetlabs/puppetlabs-docker/pull/332) ([MWilsonPuppet](https://github.com/MWilsonPuppet)) +- fixes puppet run failures with no IPAM driver [#329](https://github.com/puppetlabs/puppetlabs-docker/pull/329) ([davejrt](https://github.com/davejrt)) +- CLOUD-2078-Uninstall Docker on Linux [#328](https://github.com/puppetlabs/puppetlabs-docker/pull/328) ([MWilsonPuppet](https://github.com/MWilsonPuppet)) +- Fix error messages from docker facts if docker not running [#325](https://github.com/puppetlabs/puppetlabs-docker/pull/325) ([stdietrich](https://github.com/stdietrich)) +- Fix docker-compose provider to support images built on the fly [#320](https://github.com/puppetlabs/puppetlabs-docker/pull/320) ([florindragos](https://github.com/florindragos)) +- fixing bug in upstart systems [#304](https://github.com/puppetlabs/puppetlabs-docker/pull/304) ([davejrt](https://github.com/davejrt)) +- Fix for registry password not being inserted due to single quotes [#299](https://github.com/puppetlabs/puppetlabs-docker/pull/299) ([ConorPKeegan](https://github.com/ConorPKeegan)) +- Fix docker registry idempotency and add windows acceptance tests [#298](https://github.com/puppetlabs/puppetlabs-docker/pull/298) ([florindragos](https://github.com/florindragos)) +- Regex fix [#292](https://github.com/puppetlabs/puppetlabs-docker/pull/292) ([davejrt](https://github.com/davejrt)) + +## [2.0.0](https://github.com/puppetlabs/puppetlabs-docker/tree/2.0.0) - 2018-07-18 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/1.1.0...2.0.0) + +### Fixed + +- fixes restarting containers with changes to run arguments [#283](https://github.com/puppetlabs/puppetlabs-docker/pull/283) ([davejrt](https://github.com/davejrt)) +- fix "start a container with cpuset" acceptance test on ubuntu1404 [#236](https://github.com/puppetlabs/puppetlabs-docker/pull/236) ([mihaibuzgau](https://github.com/mihaibuzgau)) + +## [1.1.0](https://github.com/puppetlabs/puppetlabs-docker/tree/1.1.0) - 2018-03-16 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/e1.1...1.1.0) + +### Fixed + +- (maint)CLOUD-1768 Fixing incorrect cpuset flag #183 [#187](https://github.com/puppetlabs/puppetlabs-docker/pull/187) ([MWilsonPuppet](https://github.com/MWilsonPuppet)) + +## [e1.1](https://github.com/puppetlabs/puppetlabs-docker/tree/e1.1) - 2018-02-15 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/1.0.5...e1.1) + +### Fixed + +- fix typo [#149](https://github.com/puppetlabs/puppetlabs-docker/pull/149) ([seriv](https://github.com/seriv)) + +## [1.0.5](https://github.com/puppetlabs/puppetlabs-docker/tree/1.0.5) - 2018-01-31 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/1.0.4...1.0.5) + +## [1.0.4](https://github.com/puppetlabs/puppetlabs-docker/tree/1.0.4) - 2018-01-03 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/1.0.3...1.0.4) + +## [1.0.3](https://github.com/puppetlabs/puppetlabs-docker/tree/1.0.3) - 2018-01-03 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/e1.0...1.0.3) + +## [e1.0](https://github.com/puppetlabs/puppetlabs-docker/tree/e1.0) - 2017-12-21 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/1.0.2...e1.0) + +## [1.0.2](https://github.com/puppetlabs/puppetlabs-docker/tree/1.0.2) - 2017-11-17 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/1.0.1...1.0.2) + +## [1.0.1](https://github.com/puppetlabs/puppetlabs-docker/tree/1.0.1) - 2017-10-15 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/1.0.0...1.0.1) + +## [1.0.0](https://github.com/puppetlabs/puppetlabs-docker/tree/1.0.0) - 2017-10-11 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/790d08e2a1191db1b6c61f299d259fcd28cfa4e0...1.0.0) diff --git a/environments/production/thirdparty/docker/CODEOWNERS b/environments/production/thirdparty/docker/CODEOWNERS new file mode 100644 index 0000000..a5d109e --- /dev/null +++ b/environments/production/thirdparty/docker/CODEOWNERS @@ -0,0 +1,2 @@ +# Setting ownership to the modules team +* @puppetlabs/modules diff --git a/environments/production/thirdparty/docker/CONTRIBUTING.md b/environments/production/thirdparty/docker/CONTRIBUTING.md new file mode 100644 index 0000000..e7a3a7c --- /dev/null +++ b/environments/production/thirdparty/docker/CONTRIBUTING.md @@ -0,0 +1,3 @@ +# Contributing to Puppet modules + +Check out our [Contributing to Supported Modules Blog Post](https://puppetlabs.github.io/iac/docs/contributing_to_a_module.html) to find all the information that you will need. diff --git a/environments/production/thirdparty/docker/CONTRIBUTORS.md b/environments/production/thirdparty/docker/CONTRIBUTORS.md new file mode 100644 index 0000000..edaaf38 --- /dev/null +++ b/environments/production/thirdparty/docker/CONTRIBUTORS.md @@ -0,0 +1,187 @@ + 554 Gareth Rushgrove + 25 Kyle Anderson + 14 Jo Vandeginste + 14 Andrew Teixeira + 11 Javier Bértoli + 10 Justin Dray + 10 Nikita Tarasov + 10 Vahram Sukyas + 9 Patrick Hemmer + 9 rafael_chicoli + 8 Jonathan Tripathy + 8 n0coast + 8 James Carr + 8 pandrew + 8 jfarrell + 7 Lars van de Kerkhof + 7 Lukas Waslowski + 7 Jean-Francois Roche + 7 Cornel Foltea + 7 Elias Probst + 6 Paul Morgan + 6 Alex Hornung + 6 Joshua Hoblitt + 6 Tomas Doran + 6 Scott Coulton + 5 Casper Bruun + 5 Camille Mougey + 5 paschdan + 5 Fredrik Thulin + 4 Cristian Falcas + 4 Janos Feher + 4 scott coulton + 4 Christophe Fonteyne + 4 Clayton O'Neill + 4 Vilmos Nebehaj + 4 Brandon Rochon + 4 Ben Langfeld + 4 Frank Kleine + 4 Bradley Cicenas + 4 Wim Bonthuis + 3 Edward Midolo + 3 Greg Hardy + 3 Jonathan Sokolowski + 3 hcguersoy + 3 Hylke Stapersma + 3 James Edwards + 3 Vikraman Choudhury + 3 Brian Johnson + 3 Thomas Krille + 3 Bryan Jen + 3 Terry Zink + 3 Ryan Fowler + 3 Rasmus Johansson + 3 Rafael Chicoli + 3 Daniel Platt + 3 Mason Malone + 3 Markus Frosch + 3 Darren Coxall + 3 Andrew Stangl + 3 David Schmitt + 3 Marji Cermak + 2 Sam Grimee + 2 Alex Crowe + 2 Alexandre RAOUL + 2 Benjamin Pineau + 2 Bill Simon + 2 Bob Potter + 2 Caleb Tomlinson + 2 Carles Amigó + 2 Daniel Panteleit + 2 David Danzilio + 2 Dominic Becker + 2 Hal Deadman + 2 Hunter Haugen + 2 Ilya Kalinin + 2 Jo Vanvoorden + 2 Joaquin + 2 Josh Samuelson + 2 Marc Schaer + 2 Mickaël PERRIN + 2 Nikita + 2 Paul Otto + 2 Reser, Ben + 2 Rhommel Lamas + 2 Ricardo Oliveira + 2 Ricky Cook + 2 Rob Terhaar + 2 Salimane Adjao Moustapha + 2 William Leese + 2 Wouter Scheele + 2 Zsolt Keseru + 2 bcicen + 2 coreone + 2 krall + 2 sebastian cole + 1 Felix Bechstein + 1 Justin Stoller + 1 Kasumi Hanazuki + 1 Keith Thornhill + 1 Eugene Malihins + 1 Elliot Huffman + 1 Dylan Cochran + 1 Maarten Claes + 1 Aron Parsons + 1 Mario Weigel + 1 Dmitriy Myaskovskiy + 1 Mark Kusch + 1 Darragh Bailey + 1 Martin Dietze + 1 Martin Prebio + 1 Daniel Werdermann + 1 Michael Gorsuch + 1 Michael Hackner + 1 Michael Wells + 1 Mick Pollard + 1 Mickaël FORTUNATO + 1 kasisnu + 1 Mike Terzo + 1 Nathan Flynn + 1 Nathan R Valentine + 1 Neil Parley + 1 keith + 1 Daniel Lawrence + 1 Oriol Fitó + 1 Daniel KlockenkÀmper + 1 Daniel Holz + 1 will vuong + 1 Pierre Radermecker + 1 Povilas Daukintis + 1 Colin Hebert + 1 Chris Wendt + 1 ladoe00 + 1 mh + 1 mujiburger + 1 Andreas de Pretis + 1 Alexander Dudko + 1 Robin Westin Larsson + 1 Chris Hoffman + 1 Alex Elman + 1 Adam Stephens + 1 Sam Grimee (BDB) + 1 Sam Weston + 1 Saverio Proto + 1 Chris Crewdson + 1 Sean Sube + 1 Tassilo Schweyer + 1 Chadwick Banning + 1 Bryan Belanger + 1 Tim Bishop + 1 Tim Hartmann + 1 Tim Sharpe + 1 Tom De Vylder + 1 Tom Mast + 1 Bruno Léon + 1 Tomasz Tarczynski + 1 Brandon Weeks + 1 Vebjorn Ljosa + 1 Brad Cowie + 1 Benjamin Merot + 1 Adriaan Peeters + 1 Ben Ford + 1 sauce@freenode + 1 Adam Yohrling + 1 andygodwin + 1 willpayne + 1 bob + 1 James Abley + 1 James Green + 1 Jakub Husak + 1 Huaqing Zheng + 1 Harald Skoglund + 1 Jing Dong + 1 Hane, Jason + 1 ssube + 1 fluential + 1 Joaquin Henriquez + 1 Jonas Renggli + 1 HIngst, Arne-Kristian + 1 Grcic Ivan GEOINFO + 1 Jos Houtman + 1 Josef Johansson + 1 Josh Brown + 1 Arran Walker + 1 Geoff Meakin + 1 Joshua Spence + 1 Justin Riley + 1 Schusler, Olaf diff --git a/environments/production/thirdparty/docker/HISTORY.md b/environments/production/thirdparty/docker/HISTORY.md new file mode 100644 index 0000000..62ad54b --- /dev/null +++ b/environments/production/thirdparty/docker/HISTORY.md @@ -0,0 +1,205 @@ +# 3.5.0 + +Changes range for dependent modules + +Use multiple networks in docker::run and docker::services + +Fixes quotes with docker::services command + +Publish multiple ports to docker::services + +A full list of issues and PRs associated with this release can be found [here](https://github.com/puppetlabs/puppetlabs-docker/milestone/7?closed=1) + +# 3.4.0 + +Introduces docker_stack type and provider + +Fixes frozen string in docker swarm token task + +Acceptance testing updates + +Allow use of newer translate module + +A full list of issues and PRs associated with this release can be found [here](https://github.com/puppetlabs/puppetlabs-docker/milestone/6?closed=1) + + +# Version 3.3.0 + +Pins apt repo to 500 to ensure packages are updated + +Fixes issue in docker fact failing when docker is not started + +Acceptance testing updates + +Allows more recent version of the reboot module + +A full list of issues and PRs associated with this release can be found [here](https://github.com/puppetlabs/puppetlabs-docker/milestone/5?closed=1) + +# Version 3.2.0 + +Adds in support for Puppet 6 + +Containers will be restared due to script changes in [PR #367](https://github.com/puppetlabs/puppetlabs-docker/pull/367) + +A full list of issues and PRs associated with this release can be found [here](https://github.com/puppetlabs/puppetlabs-docker/milestone/4?closed=1) + +# Version 3.1.0 + +Adding in the following faetures/functionality + +- Docker Stack support on Windows. + +# Version 3.0.0 + +Various fixes for github issues +- 206 +- 226 +- 241 +- 280 +- 281 +- 287 +- 289 +- 294 +- 303 +- 312 +- 314 + +Adding in the following features/functionality + +-Support for multiple compose files. + +A full list of issues and PRs associated with this release can be found [here](https://github.com/puppetlabs/puppetlabs-docker/issues?q=is%3Aissue+milestone%3AV3.0.0+is%3Aclosed) + + +# Version 2.0.0 + +Various fixes for github issues +- 193 +- 197 +- 198 +- 203 +- 207 +- 208 +- 209 +- 211 +- 212 +- 213 +- 215 +- 216 +- 217 +- 218 +- 223 +- 224 +- 225 +- 228 +- 229 +- 230 +- 232 +- 234 +- 237 +- 243 +- 245 +- 255 +- 256 +- 259 + +Adding in the following features/functionality + +- Ability to define swarm clusters in Hiera. +- Support docker compose file V2.3. +- Support refresh only flag. +- Support for Docker healthcheck and unhealthy container restart. +- Support for Docker on Windows: + - Add docker ee support for windows server 2016. + - Docker image on Windows. + - Docker run on Windows. + - Docker compose on Windows. + - Docker swarm on Windows. + - Add docker exec functionality for docker on windows. + - Add storage driver for Windows. + +A full list of issues and PRs associated with this release can be found [here](https://github.com/puppetlabs/puppetlabs-docker/milestone/2?closed=1) + + +# Version 1.1.0 + +Various fixes for Github issues +- 183 +- 173 +- 173 +- 167 +- 163 +- 161 + +Adding in the following features/functionality + +- IPv6 support +- Define type for docker plugins + +A full list of issues and PRs associated with this release can be found [here](https://github.com/puppetlabs/puppetlabs-docker/milestone/1?closed=1) + + +# Version 1.0.5 + +Various fixes for Github issues +- 98 +- 104 +- 115 +- 122 +- 124 + +Adding in the following features/functionality + +- Removed all unsupported OS related code from module +- Removed EPEL dependency +- Added http support in compose proxy +- Added in rubocop support and i18 gem support +- Type and provider for docker volumes +- Update apt module to latest +- Added in support for a registry mirror +- Facts for docker version and docker info +- Fixes for $pass_hash undef +- Fixed typo in param.pp +- Replaced deprecated stblib functions with data types + +# Version 1.0.4 + +Correcting changelog + +# Version 1.0.3 +Various fixes for Github issues + - 33 + - 68 + - 74 + - 77 + - 84 + +Adding in the following features/functionality: + + - Add tasks to update existing service + - Backwards compatible TMPDIR + - Optional GPG check on repos + - Force pull on image tag 'latest' + - Add support for overlay2.override_kernel_check setting + - Add docker network fact + - Add pw hash for registry login idompodency + - Additional flags for creating a network + - Fixing incorrect repo url for redhat + +# Version 1.0.2 +Various fixes for Github issues + - 9 + - 11 + - 15 + - 21 +Add tasks support for Docker Swarm + +# Version 1.0.1 +Updated metadata and CHANGELOG + +# Version 1.0.0 +Forked for garethr/docker v5.3.0 +Added support for: +- Docker services within a swarm cluster +- Swarm mode +- Docker secrets diff --git a/environments/production/thirdparty/docker/LICENSE b/environments/production/thirdparty/docker/LICENSE new file mode 100644 index 0000000..bf02323 --- /dev/null +++ b/environments/production/thirdparty/docker/LICENSE @@ -0,0 +1,207 @@ +Apache License +Version 2.0, January 2004 +http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, and + distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by the + copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all other + entities that control, are controlled by, or are under common control with + that entity. For the purposes of this definition, "control" means (i) the + power, direct or indirect, to cause the direction or management of such + entity, whether by contract or otherwise, or (ii) ownership of + fifty percent (50%) or more of the outstanding shares, or (iii) beneficial + ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity exercising + permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation source, + and configuration files. + + "Object" form shall mean any form resulting from mechanical transformation + or translation of a Source form, including but not limited to compiled + object code, generated documentation, and conversions to + other media types. + + "Work" shall mean the work of authorship, whether in Source or Object + form, made available under the License, as indicated by a copyright notice + that is included in or attached to the work (an example is provided in the + Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object form, + that is based on (or derived from) the Work and for which the editorial + revisions, annotations, elaborations, or other modifications represent, + as a whole, an original work of authorship. For the purposes of this + License, Derivative Works shall not include works that remain separable + from, or merely link (or bind by name) to the interfaces of, the Work and + Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including the original + version of the Work and any modifications or additions to that Work or + Derivative Works thereof, that is intentionally submitted to Licensor for + inclusion in the Work by the copyright owner or by an individual or + Legal Entity authorized to submit on behalf of the copyright owner. + For the purposes of this definition, "submitted" means any form of + electronic, verbal, or written communication sent to the Licensor or its + representatives, including but not limited to communication on electronic + mailing lists, source code control systems, and issue tracking systems + that are managed by, or on behalf of, the Licensor for the purpose of + discussing and improving the Work, but excluding communication that is + conspicuously marked or otherwise designated in writing by the copyright + owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity on + behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. + + Subject to the terms and conditions of this License, each Contributor + hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, + royalty-free, irrevocable copyright license to reproduce, prepare + Derivative Works of, publicly display, publicly perform, sublicense, + and distribute the Work and such Derivative Works in + Source or Object form. + +3. Grant of Patent License. + + Subject to the terms and conditions of this License, each Contributor + hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, + royalty-free, irrevocable (except as stated in this section) patent + license to make, have made, use, offer to sell, sell, import, and + otherwise transfer the Work, where such license applies only to those + patent claims licensable by such Contributor that are necessarily + infringed by their Contribution(s) alone or by combination of their + Contribution(s) with the Work to which such Contribution(s) was submitted. + If You institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work or a + Contribution incorporated within the Work constitutes direct or + contributory patent infringement, then any patent licenses granted to + You under this License for that Work shall terminate as of the date such + litigation is filed. + +4. Redistribution. + + You may reproduce and distribute copies of the Work or Derivative Works + thereof in any medium, with or without modifications, and in Source or + Object form, provided that You meet the following conditions: + + 1. You must give any other recipients of the Work or Derivative Works a + copy of this License; and + + 2. You must cause any modified files to carry prominent notices stating + that You changed the files; and + + 3. You must retain, in the Source form of any Derivative Works that You + distribute, all copyright, patent, trademark, and attribution notices from + the Source form of the Work, excluding those notices that do not pertain + to any part of the Derivative Works; and + + 4. If the Work includes a "NOTICE" text file as part of its distribution, + then any Derivative Works that You distribute must include a readable copy + of the attribution notices contained within such NOTICE file, excluding + those notices that do not pertain to any part of the Derivative Works, + in at least one of the following places: within a NOTICE text file + distributed as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, within a + display generated by the Derivative Works, if and wherever such + third-party notices normally appear. The contents of the NOTICE file are + for informational purposes only and do not modify the License. + You may add Your own attribution notices within Derivative Works that You + distribute, alongside or as an addendum to the NOTICE text from the Work, + provided that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and may + provide additional or different license terms and conditions for use, + reproduction, or distribution of Your modifications, or for any such + Derivative Works as a whole, provided Your use, reproduction, and + distribution of the Work otherwise complies with the conditions + stated in this License. + +5. Submission of Contributions. + + Unless You explicitly state otherwise, any Contribution intentionally + submitted for inclusion in the Work by You to the Licensor shall be under + the terms and conditions of this License, without any additional + terms or conditions. Notwithstanding the above, nothing herein shall + supersede or modify the terms of any separate license agreement you may + have executed with Licensor regarding such Contributions. + +6. Trademarks. + + This License does not grant permission to use the trade names, trademarks, + service marks, or product names of the Licensor, except as required for + reasonable and customary use in describing the origin of the Work and + reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. + + Unless required by applicable law or agreed to in writing, Licensor + provides the Work (and each Contributor provides its Contributions) + on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + either express or implied, including, without limitation, any warranties + or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS + FOR A PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any risks + associated with Your exercise of permissions under this License. + +8. Limitation of Liability. + + In no event and under no legal theory, whether in tort + (including negligence), contract, or otherwise, unless required by + applicable law (such as deliberate and grossly negligent acts) or agreed + to in writing, shall any Contributor be liable to You for damages, + including any direct, indirect, special, incidental, or consequential + damages of any character arising as a result of this License or out of + the use or inability to use the Work (including but not limited to damages + for loss of goodwill, work stoppage, computer failure or malfunction, + or any and all other commercial damages or losses), even if such + Contributor has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. + + While redistributing the Work or Derivative Works thereof, You may choose + to offer, and charge a fee for, acceptance of support, warranty, + indemnity, or other liability obligations and/or rights consistent with + this License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf of any + other Contributor, and only if You agree to indemnify, defend, and hold + each Contributor harmless for any liability incurred by, or claims + asserted against, such Contributor by reason of your accepting any such + warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work + + To apply the Apache License to your work, attach the following boilerplate + notice, with the fields enclosed by brackets "[]" replaced with your own + identifying information. (Don't include the brackets!) The text should be + enclosed in the appropriate comment syntax for the file format. We also + recommend that a file or class name and description of purpose be included + on the same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2013 Gareth Rushgrove + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + or implied. See the License for the specific language governing + permissions and limitations under the License. diff --git a/environments/production/thirdparty/docker/README.md b/environments/production/thirdparty/docker/README.md new file mode 100644 index 0000000..0466d43 --- /dev/null +++ b/environments/production/thirdparty/docker/README.md @@ -0,0 +1,1041 @@ +[![Puppet Forge](https://img.shields.io/puppetforge/v/puppetlabs/docker.svg)](https://forge.puppetlabs.com/puppetlabs/docker) +[![Puppet Forge Downloads](http://img.shields.io/puppetforge/dt/puppetlabs/docker.svg)](https://forge.puppetlabs.com/puppetlabs/docker) +[![Puppet Forge Endorsement](https://img.shields.io/puppetforge/e/puppetlabs/docker.svg)](https://forge.puppetlabs.com/puppetlabs/docker) + +# Docker + +#### Table of Contents + +1. [Description](#description) +2. [Setup](#setup) + * [Proxy on Windows](#proxy-on-windows) + * [Validating and unit testing the module](#validating-and-unit-testing-the-module) +3. [Usage - Configuration options and additional functionality](#usage) + * [Images](#images) + * [Containers](#containers) + * [Networks](#networks) + * [Volumes](#volumes) + * [Compose](#compose) + * [Machine](#machine) + * [Swarm mode](#swarm-mode) + * [Tasks](#tasks) + * [Docker services](#docker-services) + * [Private registries](#private-registries) + * [Exec](#exec) + * [Plugins](#plugins) +4. [Reference - An under-the-hood peek at what the module is doing and how](#reference) +5. [Limitations - OS compatibility, etc.](#limitations) +6. [License](#license) +7. [Development - Guide for contributing to the module](#development) +8. [Acceptance](#acceptance) + + +## Description + +The Puppet docker module installs, configures, and manages [Docker](https://github.com/docker/docker) from the [Docker repository](https://docs.docker.com/installation/). It supports the latest [Docker CE (Community Edition)](https://www.docker.com/community-edition) for Linux based distributions and [Docker EE(Enterprise Edition)](https://www.docker.com/enterprise-edition) for Windows and Linux as well as legacy releases. + +Due to the new naming convention for Docker packages, this module prefaces any params that refer to the release with `_ce` or `_engine`. Examples of these are documented in this README. + +## Setup + +To create the Docker hosted repository and install the Docker package, add a single class to the manifest file: + +```puppet +include 'docker' +``` + +To configure package sources independently and disable automatically including sources, add the following code to the manifest file: + +```puppet +class { 'docker': + use_upstream_package_source => false, +} +``` + +The latest Docker [repositories](https://docs.docker.com/engine/installation/linux/docker-ce/debian/#set-up-the-repository) are now the default repositories for version 17.06 and above. If you are using an older version, the repositories are still configured based on the version number passed into the module. + +To ensure the module configures the latest repositories, add the following code to the manifest file: + +```puppet +class { 'docker': + version => '17.09.0~ce-0~debian', +} +``` + +Using a version prior to 17.06, configures and installs from the old repositories: + +```puppet +class { 'docker': + version => '1.12.0-0~wheezy', +} +``` + +Docker provides a enterprise addition of the [Docker Engine](https://www.docker.com/enterprise-edition), called Docker EE. To install Docker EE on Debian systems, add the following code to the manifest file: + +```puppet +class { 'docker': + docker_ee => true, + docker_ee_source_location => 'https://', + docker_ee_key_source => 'https://', + docker_ee_key_id => '', +} +``` + +To install Docker EE on RHEL/CentOS: + +```puppet +class { 'docker': + docker_ee => true, + docker_ee_source_location => 'https://', + docker_ee_key_source => 'https://', +} +``` + +For CentOS distributions, the docker module requires packages from the extras repository, which is enabled by default on CentOS. For more information, see the official [CentOS documentation](https://wiki.centos.org/AdditionalResources/Repositories) and the official [Docker documentation](https://docs.docker.com/install/linux/docker-ce/centos/). + +For Red Hat Enterprise Linux (RHEL) based distributions, the docker module uses the upstream repositories. To continue using the legacy distribution packages in the CentOS extras repository, add the following code to the manifest file: + +```puppet +class { 'docker': + use_upstream_package_source => false, + service_overrides_template => false, + docker_ce_package_name => 'docker', +} +``` + +To use the CE packages, add the following code to the manifest file: + +```puppet +class { 'docker': + use_upstream_package_source => false, + repo_opt => '', +} +``` + +By default, the Docker daemon binds to a unix socket at `/var/run/docker.sock`. To change this parameter and update the binding parameter to a tcp socket, add the following code to the manifest file: + +```puppet +class { 'docker': + tcp_bind => ['tcp://127.0.0.1:2375'], + socket_bind => 'unix:///var/run/docker.sock', + ip_forward => true, + iptables => true, + ip_masq => true, + bip => '192.168.1.1/24', + fixed_cidr => '192.168.1.144/28', +} +``` + +For more information about the configuration options for the default docker bridge, see the [Docker documentation](https://docs.docker.com/v17.09/engine/userguide/networking/default_network/custom-docker0/). + +The default group ownership of the Unix control socket differs based on OS. For example, on RHEL using docker-ce packages >=18.09.1, the socket file used by /usr/lib/systemd/system/docker.socket is owned by the docker group. To override this value in /etc/sysconfig/docker and docker.socket (e.g. to use the 'root' group): + +```puppet +class {'docker': + socket_group => 'root', + socket_override => true, +} +``` + +The socket_group parameter also takes a boolean for legacy cases where setting -G in /etc/sysconfig/docker is not desired: + +```puppet +docker::socket_group: false +``` + +To add another service to the After= line in the [Unit] section of the systemd /etc/systemd/system/service-overrides.conf file, use the service_after_override parameter: + +```puppet +docker::service_after_override: containerd.service +``` + +When setting up TLS, upload the related files (CA certificate, server certificate, and key) and include their paths in the manifest file: + +```puppet +class { 'docker': + tcp_bind => ['tcp://0.0.0.0:2376'], + tls_enable => true, + tls_cacert => '/etc/docker/tls/ca.pem', + tls_cert => '/etc/docker/tls/cert.pem', + tls_key => '/etc/docker/tls/key.pem', +} +``` + +To specify which Docker rpm package to install, add the following code to the manifest file: + +```puppet +class { 'docker': + manage_package => true, + use_upstream_package_source => false, + package_engine_name => 'docker-engine' + package_source_location => 'https://get.docker.com/rpm/1.7.0/centos-6/RPMS/x86_64/docker-engine-1.7.0-1.el6.x86_64.rpm', + prerequired_packages => [ 'glibc.i686', 'glibc.x86_64', 'sqlite.i686', 'sqlite.x86_64', 'device-mapper', 'device-mapper-libs', 'device-mapper-event-libs', 'device-mapper-event' ] +} +``` + +To track the latest version of Docker, add the following code to the manifest file: + +```puppet +class { 'docker': + version => latest, +} +``` + +To install docker from a test or edge channel, add the following code to the manifest file: + +```puppet +class { 'docker': + docker_ce_channel => 'test' +} +``` + +To allocate a DNS server to the Docker daemon, add the following code to the manifest file: + +```puppet +class { 'docker': + dns => '8.8.8.8', +} +``` + +To add users to the Docker group, add the following array to the manifest file: + +```puppet +class { 'docker': + docker_users => ['user1', 'user2'], +} +``` + +To add daemon labels, add the following array to the manifest file: + +```puppet +class { 'docker': + labels => ['storage=ssd','stage=production'], +} +``` + +To pass additional parameters to the daemon, add `extra_parameters` to the manifest file: + +```puppet +class { 'docker': + extra_parameters => ['--experimental=true', '--metrics-addr=localhost:9323'], +``` + +To uninstall docker, add the following to the manifest file: + +```puppet +class { 'docker': + ensure => absent +} +``` + +Only Docker EE is supported on Windows. To install docker on Windows 2016 and above, the `docker_ee` parameter must be specified: + +```puppet +class { 'docker': + docker_ee => true +} +``` + +If the curl package is being managed elsewhere and the curl ensure in this module is conflicting, + it can be disabled by setting the following parameter globally or in compose / machine resources: + +```puppet +class { 'docker': + curl_ensure => false +} +``` + +### Proxy on Windows + +To use docker through a proxy on Windows, a System Environment Variable HTTP_PROXY/HTTPS_PROXY must be set. See [Docker Engine on Windows](https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-docker/configure-docker-daemon#proxy-configuration) +This can be done using a different puppet module, such as the puppet-windows_env module. After setting the variable, the docker service must be restarted. + +```puppet +windows_env { 'HTTP_PROXY' + value => 'http://1.2.3.4:80', + notify => Service['docker'], +} +windows_env { 'HTTPS_PROXY' + value => 'http://1.2.3.4:80', + notify => Service['docker'], +} +service { 'docker' + ensure => 'running', +} +```` + +### Validating and unit testing the module + +This module is compliant with the Puppet Development Kit [(PDK)](https://puppet.com/docs/pdk/1.x/pdk.html), which provides tools to help run unit tests on the module and validate the modules' metadata, syntax, and style. + +To run all validations against this module, run the following command: + +```sh +pdk validate +``` + +To change validation behavior, add options flags to the command. For a complete list of command options and usage information, see the PDK command [reference](https://puppet.com/docs/pdk/1.x/pdk_reference.html#pdk-validate-command). + +To unit test the module, run the following command: + +```sh +pdk test unit +``` + +To change unit test behavior, add option flags to the command. For a complete list of command options and usage information, see the PDK command [reference](https://puppet.com/docs/pdk/1.x/pdk_reference.html#pdk-test-unit-command). + +## Usage + +### Images + +Each image requires a unique name; otherwise, the installation fails when a duplicate name is detected. + +To install a Docker image, add the `docker::image` defined type to the manifest file: + +```puppet +docker::image { 'base': } +``` + +The code above is equivalent to running the `docker pull base` command. However, it removes the default five-minute execution timeout. + +To include an optional parameter for installing image tags that is the equivalent to running `docker pull -t="precise" ubuntu`, add the following code to the manifest file: + +```puppet +docker::image { 'ubuntu': + image_tag => 'precise' +} +``` + +Including the `docker_file` parameter is equivalent to running the `docker build -t ubuntu - < /tmp/Dockerfile` command. To add or build an image from a dockerfile that includes the `docker_file` parameter, add the following code to the manifest file: + +```puppet +docker::image { 'ubuntu': + docker_file => '/tmp/Dockerfile' +} +``` + +Including the `docker_dir` parameter is equivalent to running the `docker build -t ubuntu /tmp/ubuntu_image` command. To add or build an image from a dockerfile that includes the `docker_dir` parameter, add the following code to the manifest file: + +```puppet +docker::image { 'ubuntu': + docker_dir => '/tmp/ubuntu_image' +} +``` + +To rebuild an image, subscribe to external events such as Dockerfile changes by adding the following code to the manifest file: + +```puppet +docker::image { 'ubuntu': + docker_file => '/tmp/Dockerfile', + subscribe => File['/tmp/Dockerfile'], +} + +file { '/tmp/Dockerfile': + ensure => file, + source => 'puppet:///modules/someModule/Dockerfile', +} +``` + +To remove an image, add the following code to the manifest file: + +```puppet +docker::image { 'base': + ensure => 'absent' +} + +docker::image { 'ubuntu': + ensure => 'absent', + image_tag => 'precise' +} +``` + +To configure the `docker::images` class when using Hiera, add the following code to the manifest file: + +```yaml +--- + classes: + - docker::images + +docker::images::images: + ubuntu: + image_tag: 'precise' +``` + +### Containers + +To launch containers, add the following code to the manifest file: + +```puppet +docker::run { 'helloworld': + image => 'base', + command => '/bin/sh -c "while true; do echo hello world; sleep 1; done"', +} +``` + +This is equivalent to running the `docker run -d base /bin/sh -c "while true; do echo hello world; sleep 1; done"` command to launch a Docker container managed by the local init system. + +`run` includes a number of optional parameters: + +```puppet +docker::run { 'helloworld': + image => 'base', + detach => true, + service_prefix => 'docker-', + command => '/bin/sh -c "while true; do echo hello world; sleep 1; done"', + ports => ['4444', '4555'], + expose => ['4666', '4777'], + links => ['mysql:db'], + net => ['my-user-def-net','my-user-def-net-2'], + disable_network => false, + volumes => ['/var/lib/couchdb', '/var/log'], + volumes_from => '6446ea52fbc9', + memory_limit => '10m', # (format: '', where unit = b, k, m or g) + cpuset => ['0', '3'], + username => 'example', + hostname => 'example.com', + env => ['FOO=BAR', 'FOO2=BAR2'], + env_file => ['/etc/foo', '/etc/bar'], + labels => ['com.example.foo="true"', 'com.example.bar="false"'], + dns => ['8.8.8.8', '8.8.4.4'], + restart_service => true, + privileged => false, + pull_on_start => false, + before_stop => 'echo "So Long, and Thanks for All the Fish"', + before_start => 'echo "Run this on the host before starting the Docker container"', + after_stop => 'echo "container has stopped"', + after_start => 'echo "container has started"', + after => [ 'container_b', 'mysql' ], + depends => [ 'container_a', 'postgres' ], + stop_wait_time => 10, + read_only => false, + extra_parameters => [ '--restart=always' ], +} +``` + +You can specify the `ports`, `expose`, `env`, `dns`, and `volumes` values with a single string or an array. + +To pull the image before it starts, specify the `pull_on_start` parameter. + +Use the `detach` param to run a container without the `-a` flag. This is only required on systems without `systemd`. This default is set in the params.pp based on the OS. Only override if you understand the consequences and have a specific use case. + +To execute a command before the container starts or stops, specify the `before_start` or `before_stop` parameters, respectively. Similarly, you can set the `after_start` or `after_stop` parameters to run a command after the container starts or stops. + +Adding the container name to the `after` parameter to specify which containers start first affects the generation of the `init.d/systemd` script. + +Add container dependencies to the `depends` parameter. The container starts before this container and stops before the dependent container. This affects the generation of the `init.d/systemd` script. Use the `depend_services` parameter to specify dependencies for general services, which are not Docker related, that start before this container. + +The `extra_parameters` parameter, which contains an array of command line arguments to pass to the `docker run` command, is useful for adding additional or experimental options that the docker module currently does not support. + +By default, automatic restarting of the service on failure is enabled by the service file for systemd based systems. + +It's recommended that an image tag is used at all times with the `docker::run` define type. If not, the latest image is used whether it's in a remote registry or installed on the server already by the `docker::image` define type. + +NOTE: As of v3.0.0, if the latest tag is used the image will be the latest at the time the of the initial puppet run. Any subsequent puppet runs will always reference the latest local image. Therefore, it's recommended that an alternative tag be used, or the image be removed before pulling latest again. + +To use an image tag, add the following code to the manifest file: + +```puppet +docker::run { 'helloworld': + image => 'ubuntu:precise', + command => '/bin/sh -c "while true; do echo hello world; sleep 1; done"', +} +``` + +By default, when the service stops or starts, the generated init scripts remove the container, but not the associated volumes. To change this behaviour, add the following code to the manifest file: + +```puppet +docker::run { 'helloworld': + remove_container_on_start => true, + remove_volume_on_start => false, + remove_container_on_stop => true, + remove_volume_on_stop => false, +} +``` + +If using Hiera, you can configure the `docker::run_instance` class: + +```yaml +--- + classes: + - docker::run_instance + + docker::run_instance::instance: + helloworld: + image: 'ubuntu:precise' + command: '/bin/sh -c "while true; do echo hello world; sleep 1; done"' +``` + +To remove a running container, add the following code to the manifest file. This also removes the systemd service file associated with the container. + +```puppet +docker::run { 'helloworld': + ensure => absent, +} +``` + +To enable the restart of an unhealthy container, add the following code to the manifest file. To set the health check interval time, set the optional health_check_interval parameter. The default health check interval is 30 seconds. + +```puppet +docker::run { 'helloworld': + image => 'base', + command => 'command', + health_check_cmd => '', + restart_on_unhealthy => true, + health_check_interval => '