amy/fruit-bowl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: initial commit

Browse source
This commit is contained in:
root 2025-04-01 17:40:03 +00:00
commit 2dfb19d1a1
457 changed files with 40577 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1019
environments/production/thirdparty/apt/CHANGELOG.md vendored Normal file
View file

File diff suppressed because it is too large Load diff

2
environments/production/thirdparty/apt/CODEOWNERS vendored Normal file
View file

@ -0,0 +1,2 @@
# Setting ownership to the modules team
* @puppetlabs/modules @bastelfreak @smortex

3
environments/production/thirdparty/apt/CONTRIBUTING.md vendored Normal file
View file

@ -0,0 +1,3 @@
# Contributing to Puppet modules
Check out our [Contributing to Supported Modules Blog Post](https://puppetlabs.github.io/iac/docs/contributing_to_a_module.html) to find all the information that you will need.

692
environments/production/thirdparty/apt/HISTORY.md vendored Normal file
View file

@ -0,0 +1,692 @@
## 5.0.1
[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/5.0.0...5.0.1)
### Fixed
- \(MODULES-7540\) - add apt-transport-https with https [\#775](https://github.com/puppetlabs/puppetlabs-apt/pull/775) ([tphoney](https://github.com/tphoney))
## [5.0.0](https://github.com/puppetlabs/puppetlabs-apt/tree/5.0.0) (2018-07-18)
[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/4.5.1...5.0.0)
### Changed
- \[FM-6956\] Removal of unsupported Debian 7 from apt [\#760](https://github.com/puppetlabs/puppetlabs-apt/pull/760) ([david22swan](https://github.com/david22swan))
### Added
- \(MODULES-7467\) Update apt to support Ubuntu 18.04 [\#769](https://github.com/puppetlabs/puppetlabs-apt/pull/769) ([david22swan](https://github.com/david22swan))
- Support managing login configurations in /etc/apt/auth.conf [\#752](https://github.com/puppetlabs/puppetlabs-apt/pull/752) ([antaflos](https://github.com/antaflos))
### Fixed
- \(MODULES-7327\) - Update README with supported OS [\#767](https://github.com/puppetlabs/puppetlabs-apt/pull/767) ([pmcmaw](https://github.com/pmcmaw))
- \(bugfix\) Dont run ftp tests in travis [\#766](https://github.com/puppetlabs/puppetlabs-apt/pull/766) ([tphoney](https://github.com/tphoney))
- \(maint\) make apt testing more stable, cleanup [\#764](https://github.com/puppetlabs/puppetlabs-apt/pull/764) ([tphoney](https://github.com/tphoney))
- Remove .length from variable $pin\_release in app [\#754](https://github.com/puppetlabs/puppetlabs-apt/pull/754) ([paladox](https://github.com/paladox))
- Replace UTF-8 whitespace in comment [\#748](https://github.com/puppetlabs/puppetlabs-apt/pull/748) ([bernhardschmidt](https://github.com/bernhardschmidt))
- Fix "E: Unable to locate package -y" [\#747](https://github.com/puppetlabs/puppetlabs-apt/pull/747) ([aboks](https://github.com/aboks))
- Fix automatic coercion warning [\#743](https://github.com/puppetlabs/puppetlabs-apt/pull/743) ([smortex](https://github.com/smortex))
## Supported Release [4.5.1]
### Summary
This release fixes CVE-2018-6508 which is a potential arbitrary code execution via tasks.
### Fixed
- Fix init task for arbitrary remote code
## Supported Release [4.5.0]
### Summary
This release uses the PDK convert functionality which in return makes the module PDK compliant. It also includes a roll up of maintenance changes.
### Added
- PDK convert apt ([MODULES-6452](https://tickets.puppet.com/browse/MODULES-6452)).
- Testing on Travis using rvm 2.4.1.
- Modulesync updates.
### Fixed
- Changes to address additional Rubocop failures.
- (maint) Addressing puppet-lint doc warnings.
### Removed
- `gem update bundler` command in .travis.yml due to ([MODULES-6339](https://tickets.puppet.com/browse/MODULES-6339)).
## Supported Release [4.4.1]
### Summary
This release is to update the formatting of the module, Rubocop having been run for all ruby files and been set to run automatically on all future commits.
### Changed
- Rubocop has been implemented.
## Supported Release [4.4.0]
### Summary
This release is a rollup of new features and fixes.
#### Added
- Install `apt-transport-https` if using Debian 7, 8, 9 or Ubuntu 14.04, 16.04.
- Adds a boolean option `direct` to proxy settings to bypass `https_proxy` if not set.
- Adds facter facts for `dist-upgrade` apt updates.
#### Changed
- Update class is now private.
- Some tidyup of ruby code from Rubocop.
- Fixed circular dependency for package dirmngr.
- Debian updates are no longer treated as security updates.
- Legacy functions have been removed.
- Updates to tests.
#### Fixed
- [(MODULES-4265)](https://tickets.puppetlabs.com/browse/MODULES-4265) Detect security updates from multiple sources.
## Supported Release [4.3.0]
### Summary
This release is adding Tasks to the apt module.
#### Added
- Add a task that allows apt-get update and upgrade
## Supported Release [4.2.0]
### Summary
This release is primarily to fix an error around GPG keys in Debian 9, but includes some other small features and fixes as well.
#### Added
- `apt_package_security_updates` fact
- The ability to modify the loglevel of `Exec['apt_update'}`
- Puppet 5 support
#### Changed
- Ubuntu 16.04 now uses `software-priorities-common`
#### Removed
- Debian 6, Ubuntu 10.04 and 12.04 support. Existing compatibility remains intact but bugs will not be prioritized for these OSes.
#### Fixed
- **[(MODULES-4686)](https://tickets.puppetlabs.com/browse/MODULES-4686) an error that was causing GPG keyserver imports to fail on Debian 9**
## Supported Release 4.1.0
### Summary
This release removes Data in Modules due to current compatibility issues and reinstates the params.pp file. Also includes a couple of bug fixes.
#### Features
- (MODULES-4973) Data in Modules which was introduced in the last release has now been reverted due to compatibility issues.
#### Bugfixes
- Now apt_key only sends the auth basic header when userinfo can be parsed from the URL.
- Reverted the removal of Evolving Web's attribution in NOTICE file.
- Test added to ensure empty string allowed for $release in apt::source.
## Supported Release 3.0.0 and 4.0.0
### Summary
This release adds new Puppet 4 features: data in modules, EPP templates, the $facts hash, and data types. This release is fully backwards compatible to existing Puppet 4 configurations and provides you with deprecation warnings for every argument that will not work as expected with the final 4.0.0 release. See the stdlib docs here for an in-depth discussion of this: https://github.com/puppetlabs/puppetlabs-stdlib#validate_legacy
If you want to learn more about the new features used or you wish to upgrade a module yourself, have a look at the NTP: A Puppet 4 language update blog post.
If you're still running Puppet 3, remain on the latest puppetlabs-apt 2.x release for now, and see the documentation to upgrade to Puppet 4.
#### Changes
Data in modules: Moves all distribution and OS-dependent defaults into YAML files in data/, alleviating the need for a params class. Note that while this feature is currently still classed as experimental, the final implementation will support the changes here.
EPP templating: Uses the Puppet language as a base for templates to create simpler and safer templates. No need for Ruby anymore!
The $facts hash: Makes facts visibly distinct from other variables for more readable and maintainable code. This helps eliminate confusion if you use a local variable whose name happens to match that of a common fact.
Data types for validation: Helps you find and replace deprecated code in existing validate functions with stricter, more readable data type notation. First upgrade to the 3.0.0 release of this module, and address all deprecation warnings before upgrading to the final 4.0.0 release. Please see the stdlib docs for an in-depth discussion of this process.
#### Bugfixes
- Fix apt::source epp template regression introduced in 3.0.0 for the architecture parameter
## Supported Release 2.4.0
### Summary
A release that includes only a couple of additional features, but includes several cleanups and bugfixes around existing issues.
#### Features
- Tests updated to check for idempotency.
- (MODULES-4224) Implementation of beaker-module_install_helper.
- Deprecation warnings are now handled by the deprecation function in stdlib.
#### Bugfixes
- Now http and https sources fixed for apt_key and can take a userinfo.
- GPG key update.
- Notify_update param now defaults to true to avoid validation errors.
- Implement retry on tests which pull key from a key server which sometimes times out (transient error).
- String comparison error now comphensated for in update.pp.
- (MODULES-4104) Removal of the port number from repository location in order to get the host name of the repository.
- Puppet lint warnings addressed.
- A few small readme issues addressed.
## Supported Release 2.3.0
### Summary
A release containing many bugfixes with additional features.
#### Features
- Apt_updates facts now use /usr/bin/apt-get.
- Addition of notify update to apt::source.
- Update to newest modulesync_configs.
- Installs software-properties-common for Xenial.
- Modulesync updates.
- Add ability to specify a hash of apt::conf defines.
#### Bugfixes
- A clean up of spec/defines/key_compat_specs, also now runs under STRICT_VARIABLES.
- Apt::setting expects priority to be an integer, set defaults accordingly.
- Fixed version check for Ubuntu on 16.04.
- Now uses hkps.pool.sks-keyservers.net instead of pgp.mit.edu.
- Updates and fixes to tests. General cleanup.
- Fixed regexp for $ensure params.
- Apt/params: Remove unused LSB facts.
- Replaced `-s` with `-f` in ppa rspec tests - After the repository is added, the "${::apt::sources_list_d}/${sources_list_d_filename}" file is created as an empty file. The unless condition of Exec["add-apt-repository-${name}"] calls test -s, which returns 1 if the file is empty. Because the file is empty, the unless condition is never true and the repository is added on every execution. This change replaces the -s test condition with -f, which is true if the file exists or false otherwise.
- Limit non-strict parsing to pre-3.5.0 only - Puppet 3.5.0 introduced strict variables and the module handles strict variables by using the defined() function. This does not work on prior versions of puppet so we now gate based on that version. Puppet 4 series has a new setting `strict` that may be set to enforce strict variables while `strict_variables` remains unset (see PUP-6358) which causes the conditional in manifests/params.pp to erroniously use non-strict 3.5-era parsing and fail. This new conditional corrects the cases such that strict variable behavior happens on versions 3.5.0 and later.
## Supported Release 2.2.2
### Summary
Several bug fixes and the addition of support updates to Debian 8 and Ubuntu Wily.
#### Bugfixes
- Small fixes to descriptions within the readme and the addition of some examples.
- Updates to run on Ubuntu Wily.
- Fixed apt_key tempfile race condition.
- Run stages limitation added to the documentation.
- Remove unneeded whitespace in source.list template.
- Handle PPA names that contain a plus character.
- Update to current msync configs.
- Avoid duplicate package resources when package_manage => true.
- Avoid multiple package resource declarations.
- Ensure PPAs in tests have valid form.
- Look for correct sources.list.d file for apt::ppa.
- Debian 8 support addiiton to metadata.
## Supported Release 2.2.1
### Summary
Small release for support of newer PE versions. This increments the version of PE in the metadata.json file.
## 2015-09-29 - Supported Release 2.2.0
### Summary
This release includes a few bugfixes.
#### Features
- Adds an `ensure` parameter for user control of proxy presence.
- Adds ability to set `notify_update` to `apt::conf` (MODULES-2269).
- Apt pins no longer trigger an `apt-get update` run.
- Adds support for creating pins from main class.
#### Bugfixes
- Updates to use the official Debian mirrors.
- Fixes path to `preferences` and `preferences.d`
- Fixes pinning for backports (MODULES-2446).
- Fixes the name/extension of the preferences files.
## 2015-07-28 - Supported Release 2.1.1
### Summary
This release includes a few bugfixes.
#### Bugfixes
- Fix incorrect use of anchoring (MODULES-2190)
- Use correct comment type for apt.conf files
- Test fixes
- Documentation fixes
## 2015-06-16 - Supported Release 2.1.0
### Summary
This release largely makes `apt::key` and `apt::source` API-compatible with the 1.8.x versions for ease in upgrading, and also addresses some compatibility issues with older versions of Puppet.
#### Features
- Add API compatibility to `apt::key` and `apt::source`
- Added `apt_reboot_required` fact
#### Bugfixes
- Fix compatibility with Puppet versions 3.0-3.4
- Work around future parser bug PUP-4133
## 2015-04-28 - Supported Release 2.0.1
### Summary
This bug fixes a few compatibility issues that came up with the 2.0.0 release, and includes test and documentation updates.
#### Bugfixes
- Fix incompatibility with keyrings containing multiple keys
- Fix bugs preventing the module from working with Puppet < 3.5.0
## 2015-04-07 - Supported Release 2.0.0
### Summary
This is a major rewrite of the apt module. Many classes and defines were removed, but all existing functionality should still work. Please carefully review documentation before upgrading.
#### Backwards-incompatible changes
As this is a major rewrite of the module there are a great number of backwards incompatible changes. Please review this and the updated README carefully before upgrading.
##### `apt_key`
- `keyserver_options` parameter renamed to `options`
##### `apt::backports`
- This no longer works out of the box on Linux Mint. If using this on mint, you must specify the `location`, `release`, `repos`, and `key` parameters. [Example](examples/backports.pp)
##### `apt::builddep`
- This define was removed. Functionality can be matched passing 'build-dep' to `install_options` in the package resource. [Example](examples/builddep.pp)
##### `apt::debian::testing`
- This class was removed. Manually add an `apt::source` instead. [Example](examples/debian_testing.pp)
##### `apt::debian::unstable`
- This class was removed. Manually add an `apt::source` instead. [Example](examples/debian_unstable.pp)
##### `apt::force`
- This define was removed. Functionallity can be matched by setting `install_options` in the package resource. See [here](examples/force.pp) for how to set the options.
##### `apt::hold`
- This define was removed. Simply use an `apt::pin` with `priority => 1001` for the same functionality.
##### `apt`
- `always_apt_update` - This parameter was removed. Use `update => { 'frequency' => 'always' }` instead.
- `apt_update_frequency` - This parameter was removed. Use `update => { 'frequency' => <frequency> }` instead.
- `disable_keys` - This parameter was removed. See this [example](examples/disable_keys.pp) if you need this functionality.
- `proxy_host` - This parameter was removed. Use `proxy => { 'host' => <host> }` instead.
- `proxy_port` - This parameter was removed. Use `proxy => { 'port' => <port> }` instead.
- `purge_sources_list` - This parameter was removed. Use `purge => { 'sources.list' => <bool> }` instead.
- `purge_sources_list_d` - This parameter was removed. Use `purge => { 'sources.list.d' => <bool> }` instead.
- `purge_preferences` - This parameter was removed. Use `purge => { 'preferences' => <bool> }` instead.
- `purge_preferences_d` - This parameter was removed. Use `purge => { 'preferences.d' => <bool> }` instead.
- `update_timeout` - This parameter was removed. Use `update => { 'timeout' => <timeout> }` instead.
- `update_tries` - This parameter was removed. Use `update => { 'tries' => <tries> }` instead.
##### `apt::key`
- `key` - This parameter was renamed to `id`.
- `key_content` - This parameter was renamed to `content`.
- `key_source` - This parameter was renamed to `source`.
- `key_server` - This parameter was renamed to `server`.
- `key_options` - This parameter was renamed to `options`.
##### `apt::release`
- This class was removed. See this [example](examples/release.pp) for how to achieve this functionality.
##### `apt::source`
- `include_src` - This parameter was removed. Use `include => { 'src' => <bool> }` instead. ***NOTE*** This now defaults to false.
- `include_deb` - This parameter was removed. Use `include => { 'deb' => <bool> }` instead.
- `required_packages` - This parameter was removed. Use package resources for these packages if needed.
- `key` - This can either be a key id or a hash including key options. If using a hash, `key => { 'id' => <id> }` must be specified.
- `key_server` - This parameter was removed. Use `key => { 'server' => <server> }` instead.
- `key_content` - This parameter was removed. Use `key => { 'content' => <content> }` instead.
- `key_source` - This parameter was removed. Use `key => { 'source' => <source> }` instead.
- `trusted_source` - This parameter was renamed to `allow_unsigned`.
##### `apt::unattended_upgrades`
- This class was removed and is being republished under the puppet-community namespace. The git repository is available [here](https://github.com/puppet-community/puppet-unattended_upgrades) and it will be published to the forge [here](https://forge.puppetlabs.com/puppet/unattended_upgrades).
#### Changes to default behavior
- By default purge unmanaged files in 'sources.list', 'sources.list.d', 'preferences', and 'preferences.d'.
- Changed default for `package_manage` in `apt::ppa` to `false`. Set to `true` in a single PPA if you need the package to be managed.
- `apt::source` will no longer include the `src` entries by default.
- `pin` in `apt::source` now defaults to `undef` instead of `false`
#### Features
- Added the ability to pass hashes of `apt::key`s, `apt::ppa`s, and `apt::setting`s to `apt`.
- Added 'https' key to `proxy` hash to allow disabling `https_proxy` for the `apt::ppa` environment.
- Added `apt::setting` define to abstract away configuration.
- Added the ability to pass hashes to `pin` and `key` in `apt::backports` and `apt::source`.
#### Bugfixes
- Fixes for strict variables.
## 2015-03-17 - Supported Release 1.8.0
### Summary
This is the last planned feature release of the 1.x series of this module. All new features will be evaluated for puppetlabs-apt 2.x.
This release includes many important features, including support for full fingerprints, and fixes issues where `apt_key` was not supporting user/password and `apt_has_updates` was not properly parsing the `apt-check` output.
#### Changes to default behavior
- The apt module will now throw warnings if you don't use full fingerprints for `apt_key`s
#### Features
- Use gpg to check keys to work around https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/1409117 (MODULES-1675)
- Add 'oldstable' to the default update origins for wheezy
- Add utopic, vivid, and cumulus compatibility
- Add support for full fingerprints
- New parameter for `apt::source`
- `trusted_source`
- New parameters for `apt::ppa`
- `package_name`
- `package_manage`
- New parameter for `apt::unattended_upgrades`
- `legacy_origin`
- Separate `apt::pin` from `apt::backports` to allow pin by release instead of origin
#### Bugfixes
- Cleanup lint and future parser issues
- Fix to support username and passwords again for `apt_key` (MODULES-1119)
- Fix issue where `apt::force` `$install_check` didn't work with non-English locales (MODULES-1231)
- Allow 5 digit ports in `apt_key`
- Fix for `ensure => absent` in `apt_key` (MODULES-1661)
- Fix `apt_has_updates` not parsing `apt-check` output correctly
- Fix inconsistent headers across files (MODULES-1200)
- Clean up formatting for 50unattended-upgrades.erb
## 2014-10-28 - Supported Release 1.7.0
### Summary
This release includes several new features, documentation and test improvements, and a few bug fixes.
#### Features
- Updated unit and acceptance tests
- Update module to work with Linux Mint
- Documentation updates
- Future parser / strict variables support
- Improved support for long GPG keys
- New parameters!
- Added `apt_update_frequency` to apt
- Added `cfg_files` and `cfg_missing` parameters to apt::force
- Added `randomsleep` to apt::unattended_upgrades
- Added `apt_update_last_success` fact
- Refactored facts for performance improvements
#### Bugfixes
- Update apt::builddep to require Exec['apt_update'] instead of notifying it
- Clean up lint errors
## 2014-08-20 - Supported Release 1.6.0
### Summary
#### Features
- Allow URL or domain name for key_server parameter
- Allow custom comment for sources list
- Enable auto-update for Debian squeeze LTS
- Add facts showing available updates
- Test refactoring
#### Bugfixes
- Allow dashes in URL or domain for key_server parameter
## 2014-08-13 - Supported Release 1.5.3
### Summary
This is a bugfix releases. It addresses a bad regex, failures with unicode
characters, and issues with the $proxy_host handling in apt::ppa.
#### Features
- Synced files from Modulesync
#### Bugfixes
- Fix regex to follow APT requirements in apt::pin
- Fix for unicode characters
- Fix inconsistent $proxy_host handling in apt and apt::ppa
- Fix typo in README
- Fix broken acceptance tests
## 2014-07-15 - Supported Release 1.5.2
### Summary
This release merely updates metadata.json so the module can be uninstalled and
upgraded via the puppet module command.
## 2014-07-10 - Supported Release 1.5.1
### Summary
This release has added tests to ensure graceful failure on OSX.
## 2014-06-04 - Release 1.5.0
### Summary
This release adds support for Ubuntu 14.04. It also includes many new features
and important bugfixes. One huge change is that apt::key was replaced with
apt_key, which allows you to use puppet resource apt_key to inventory keys on
your system.
Special thanks to daenney, our intrepid unofficial apt maintainer!
#### Features
- Add support for Ubuntu Trusty!
- Add apt::hold define
- Generate valid *.pref files in apt::pin
- Made pin_priority configurable for apt::backports
- Add apt_key type and provider
- Rename "${apt_conf_d}/proxy" to "${apt_conf_d}/01proxy"
- apt::key rewritten to use apt_key type
- Add support for update_tries to apt::update
#### Bugfixes
- Typo fixes
- Fix unattended upgrades
- Removed bogus line when using purge_preferences
- Fix apt::force to upgrade allow packages to be upgraded to the pacakge from the specified release
## 2014-03-04 - Supported Release 1.4.2
### Summary
This is a supported release. This release tidies up 1.4.1 and re-enables
support for Ubuntu 10.04
#### Features
#### Bugfixes
- Fix apt:ppa to include the -y Ubuntu 10.04 requires.
- Documentation changes.
- Test fixups.
#### Known Bugs
* No known issues.
## 2014-02-13 1.4.1
### Summary
This is a bugfix release.
#### Bugfixes
- Fix apt::force unable to upgrade packages from releases other than its original
- Removed a few refeneces to aptitude instead of apt-get for portability
- Removed call to getparam() due to stdlib dependency
- Correct apt::source template when architecture is provided
- Retry package installs if apt is locked
- Use root to exec in apt::ppa
- Updated tests and converted acceptance tests to beaker
## 2013-10-08 - Release 1.4.0
### Summary
Minor bugfix and allow the timeout to be adjusted.
#### Features
- Add an `updates_timeout` to apt::params
#### Bugfixes
- Ensure apt::ppa can read a ppa removed by hand.
## 2013-10-08 - Release 1.3.0
### Summary
This major feature in this release is the new apt::unattended_upgrades class,
allowing you to handle Ubuntu's unattended feature. This allows you to select
specific packages to automatically upgrade without any further user
involvement.
In addition we extend our Wheezy support, add proxy support to apt:ppa and do
various cleanups and tweaks.
#### Features
- Add apt::unattended_upgrades support for Ubuntu.
- Add wheezy backports support.
- Use the geoDNS http.debian.net instead of the main debian ftp server.
- Add `options` parameter to apt::ppa in order to pass options to apt-add-repository command.
- Add proxy support for apt::ppa (uses proxy_host and proxy_port from apt).
#### Bugfixes
- Fix regsubst() calls to quote single letters (for future parser).
- Fix lint warnings and other misc cleanup.
## 2013-07-03 - Release 1.2.0
#### Features
- Add geppetto `.project` natures
- Add GH auto-release
- Add `apt::key::key_options` parameter
- Add complex pin support using distribution properties for `apt::pin` via new properties:
- `apt::pin::codename`
- `apt::pin::release_version`
- `apt::pin::component`
- `apt::pin::originator`
- `apt::pin::label`
- Add source architecture support to `apt::source::architecture`
#### Bugfixes
- Use apt-get instead of aptitude in apt::force
- Update default backports location
- Add dependency for required packages before apt-get update
## 2013-06-02 - Release 1.1.1
### Summary
This is a bug fix release that resolves a number of issues:
* By changing template variable usage, we remove the deprecation warnings
for Puppet 3.2.x
* Fixed proxy file removal, when proxy absent
Some documentation, style and whitespaces changes were also merged. This
release also introduced proper rspec-puppet unit testing on Travis-CI to help
reduce regression.
Thanks to all the community contributors below that made this patch possible.
#### Detail Changes
* fix minor comment type (Chris Rutter)
* whitespace fixes (Michael Moll)
* Update travis config file (William Van Hevelingen)
* Build all branches on travis (William Van Hevelingen)
* Standardize travis.yml on pattern introduced in stdlib (William Van Hevelingen)
* Updated content to conform to README best practices template (Lauren Rother)
* Fix apt::release example in readme (Brian Galey)
* add @ to variables in template (Peter Hoeg)
* Remove deprecation warnings for pin.pref.erb as well (Ken Barber)
* Update travis.yml to latest versions of puppet (Ken Barber)
* Fix proxy file removal (Scott Barber)
* Add spec test for removing proxy configuration (Dean Reilly)
* Fix apt::key listing longer than 8 chars (Benjamin Knofe)
## Release 1.1.0
### Summary
This release includes Ubuntu 12.10 (Quantal) support for PPAs.
---
## 2012-05-25 - Puppet Labs <info@puppetlabs.com> - Release 0.0.4
### Summary
* Fix ppa list filename when there is a period in the PPA name
* Add .pref extension to apt preferences files
* Allow preferences to be purged
* Extend pin support
## 2012-05-04 - Puppet Labs <info@puppetlabs.com> - Release 0.0.3
### Summary
* only invoke apt-get update once
* only install python-software-properties if a ppa is added
* support 'ensure => absent' for all defined types
* add apt::conf
* add apt::backports
* fixed Modulefile for module tool dependency resolution
* configure proxy before doing apt-get update
* use apt-get update instead of aptitude for apt::ppa
* add support to pin release
## 2012-03-26 - Puppet Labs <info@puppetlabs.com> - Release 0.0.2
### Summary
* 41cedbb (#13261) Add real examples to smoke tests.
* d159a78 (#13261) Add key.pp smoke test
* 7116c7a (#13261) Replace foo source with puppetlabs source
* 1ead0bf Ignore pkg directory.
* 9c13872 (#13289) Fix some more style violations
* 0ea4ffa (#13289) Change test scaffolding to use a module & manifest dir fixture path
* a758247 (#13289) Clean up style violations and fix corresponding tests
* 99c3fd3 (#13289) Add puppet lint tests to Rakefile
* 5148cbf (#13125) Apt keys should be case insensitive
* b9607a4 Convert apt::key to use anchors
## 2012-03-07 - Puppet Labs <info@puppetlabs.com> - Release 0.0.1
### Summary
* d4fec56 Modify apt::source release parameter test
* 1132a07 (#12917) Add contributors to README
* 8cdaf85 (#12823) Add apt::key defined type and modify apt::source to use it
* 7c0d10b (#12809) $release should use $lsbdistcodename and fall back to manual input
* be2cc3e (#12522) Adjust spec test for splitting purge
* 7dc60ae (#12522) Split purge option to spare sources.list
* 9059c4e Fix source specs to test all key permutations
* 8acb202 Add test for python-software-properties package
* a4af11f Check if python-software-properties is defined before attempting to define it.
* 1dcbf3d Add tests for required_packages change
* f3735d2 Allow duplicate $required_packages
* 74c8371 (#12430) Add tests for changes to apt module
* 97ebb2d Test two sources with the same key
* 1160bcd (#12526) Add ability to reverse apt { disable_keys => true }
* 2842d73 Add Modulefile to puppet-apt
* c657742 Allow the use of the same key in multiple sources
* 8c27963 (#12522) Adding purge option to apt class
* 997c9fd (#12529) Add unit test for apt proxy settings
* 50f3cca (#12529) Add parameter to support setting a proxy for apt
* d522877 (#12094) Replace chained .with_* with a hash
* 8cf1bd0 (#12094) Remove deprecated spec.opts file
* 2d688f4 (#12094) Add rspec-puppet tests for apt
* 0fb5f78 (#12094) Replace name with path in file resources
* f759bc0 (#11953) Apt::force passes $version to aptitude
* f71db53 (#11413) Add spec test for apt::force to verify changes to unless
* 2f5d317 (#11413) Update dpkg query used by apt::force
* cf6caa1 (#10451) Add test coverage to apt::ppa
* 0dd697d include_src parameter in example; Whitespace cleanup
* b662eb8 fix typos in "repositories"
* 1be7457 Fix (#10451) - apt::ppa fails to "apt-get update" when new PPA source is added
* 864302a Set the pin priority before adding the source (Fix #10449)
* 1de4e0a Refactored as per mlitteken
* 1af9a13 Added some crazy bash madness to check if the ppa is installed already. Otherwise the manifest tries to add it on every run!
* 52ca73e (#8720) Replace Apt::Ppa with Apt::Builddep
* 5c05fa0 added builddep command.
* a11af50 added the ability to specify the content of a key
* c42db0f Fixes ppa test.
* 77d2b0d reformatted whitespace to match recommended style of 2 space indentation.
* 27ebdfc ignore swap files.
* 377d58a added smoke tests for module.
* 18f614b reformatted apt::ppa according to recommended style.
* d8a1e4e Created a params class to hold global data.
* 636ae85 Added two params for apt class
* 148fc73 Update LICENSE.
* ed2d19e Support ability to add more than one PPA
* 420d537 Add call to apt-update after add-apt-repository in apt::ppa
* 945be77 Add package definition for python-software-properties
* 71fc425 Abs paths for all commands
* 9d51cd1 Adding LICENSE
* 71796e3 Heading fix in README
* 87777d8 Typo in README
* f848bac First commit
[5.0.1]:https://github.com/puppetlabs/puppetlabs-apt/compare/5.0.0...5.0.1
[5.0.0]:https://github.com/puppetlabs/puppetlabs-apt/compare/4.5.1...5.0.0
[4.5.1]:https://github.com/puppetlabs/puppetlabs-apt/compare/4.5.0...4.5.1
[4.5.0]:https://github.com/puppetlabs/puppetlabs-apt/compare/4.4.1...4.5.0
[4.4.1]:https://github.com/puppetlabs/puppetlabs-apt/compare/4.4.0...4.4.1
[4.4.0]:https://github.com/puppetlabs/puppetlabs-apt/compare/4.3.0...4.4.0
[4.3.0]:https://github.com/puppetlabs/puppetlabs-apt/compare/4.2.0...4.3.0
[4.2.0]:https://github.com/puppetlabs/puppetlabs-apt/compare/4.1.0...4.2.0

202
environments/production/thirdparty/apt/LICENSE vendored Normal file
View file

@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

6
environments/production/thirdparty/apt/MAINTAINERS.md vendored Normal file
View file

@ -0,0 +1,6 @@
## Maintenance
Maintainers:
- Puppet Forge Modules Team `forge-modules |at| puppet |dot| com`
Tickets: https://tickets.puppet.com/browse/MODULES. Make sure to set component to `apt`.

37
environments/production/thirdparty/apt/NOTICE vendored Normal file
View file

@ -0,0 +1,37 @@
Puppet Module - puppetlabs-apt
Copyright 2017 Puppet, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Copyright (c) 2011 Evolving Web Inc.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

401
environments/production/thirdparty/apt/README.md vendored Normal file
View file

@ -0,0 +1,401 @@
# apt
#### Table of Contents
1. [Module Description - What the module does and why it is useful](#module-description)
1. [Setup - The basics of getting started with apt](#setup)
* [What apt affects](#what-apt-affects)
* [Beginning with apt](#beginning-with-apt)
1. [Usage - Configuration options and additional functionality](#usage)
* [Add GPG keys](#add-gpg-keys)
* [Prioritize backports](#prioritize-backports)
* [Update the list of packages](#update-the-list-of-packages)
* [Pin a specific release](#pin-a-specific-release)
* [Add a Personal Package Archive repository](#add-a-personal-package-archive-repository)
* [Configure Apt from Hiera](#configure-apt-from-hiera)
* [Replace the default sources.list file](#replace-the-default-sourceslist-file)
1. [Reference - An under-the-hood peek at what the module is doing and how](#reference)
1. [Limitations - OS compatibility, etc.](#limitations)
1. [License](#license)
1. [Development - Guide for contributing to the module](#development)
<a id="module-description"></a>
## Module Description
The apt module lets you use Puppet to manage APT (Advanced Package Tool) sources, keys, and other configuration options.
APT is a package manager available on Debian, Ubuntu, and several other operating systems. The apt module provides a series of classes, defines, types, and facts to help you automate APT package management.
**Note**: Prior to Puppet 7, for this module to correctly autodetect which version of
Debian/Ubuntu (or derivative) you're running, you need to make sure the `lsb-release` package is
installed. With Puppet 7 the `lsb-release` package is not needed.
<a id="setup"></a>
## Setup
<a id="what-apt-affects"></a>
### What apt affects
* Your system's `preferences` file and `preferences.d` directory
* Your system's `sources.list` file and `sources.list.d` directory
* Your system's `apt.conf.d` directory
* System repositories
* Authentication keys
**Note:** This module offers `purge` parameters which, if set to `true`, **destroy** any configuration on the node's `sources.list(.d)`, `preferences(.d)` and `apt.conf.d` that you haven't declared through Puppet. The default for these parameters is `false`.
<a id="beginning-with-apt"></a>
### Beginning with apt
To use the apt module with default parameters, declare the `apt` class.
```puppet
include apt
```
**Note:** The main `apt` class is required by all other classes, types, and defined types in this module. You must declare it whenever you use the module.
<a id="usage"></a>
## Usage
<a id="add-gpg-keys"></a>
### Add GPG keys
You can fetch GPG keys via HTTP, Puppet URI, or local filesystem. The key can be in GPG binary format, or ASCII armored, but the filename should have the appropriate extension (`.gpg` for keys in binary format; or `.asc` for ASCII armored keys).
#### Fetch via HTTP
```puppet
apt::keyring { 'puppetlabs-keyring.gpg':
source => 'https://apt.puppetlabs.com/keyring.gpg',
}
```
#### Fetch via Puppet URI
```puppet
apt::keyring { 'puppetlabs-keyring.gpg':
source => 'puppet:///modules/my_module/local_puppetlabs-keyring.gpg',
}
```
Alternatively `apt::key` can be used.
**Warning** `apt::key` is deprecated in the latest Debian and Ubuntu releases. Please use apt::keyring instead.
**Warning:** Using short key IDs presents a serious security issue, potentially leaving you open to collision attacks. We recommend you always use full fingerprints to identify your GPG keys. This module allows short keys, but issues a security warning if you use them.
Declare the `apt::key` defined type:
```puppet
apt::key { 'puppetlabs':
id => '6F6B15509CF8E59E6E469F327F438280EF8D349F',
server => 'pgp.mit.edu',
options => 'http-proxy="http://proxyuser:proxypass@example.org:3128"',
}
```
<a id="prioritize-backports"></a>
### Prioritize backports
```puppet
class { 'apt::backports':
pin => 500,
}
```
By default, the `apt::backports` class drops a pin file for backports, pinning it to a priority of 200. This is lower than the normal default of 500, so packages with `ensure => latest` don't get upgraded from backports without your explicit permission.
If you raise the priority through the `pin` parameter to 500, normal policy goes into effect and Apt installs or upgrades to the newest version. This means that if a package is available from backports, it and its dependencies are pulled in from backports unless you explicitly set the `ensure` attribute of the `package` resource to `installed`/`present` or a specific version.
<a id="update-the-list-of-packages"></a>
### Update the list of packages
By default, Puppet runs `apt-get update` on the first Puppet run after you include the `apt` class, and anytime `notify => Exec['apt_update']` occurs; i.e., whenever config files get updated or other relevant changes occur. If you set `update['frequency']` to 'always', the update runs on every Puppet run. You can also set `update['frequency']` to 'hourly', 'daily', 'weekly' or any integer value >= 60:
```puppet
class { 'apt':
update => {
frequency => 'daily',
},
}
```
When `Exec['apt_update']` is triggered, it generates a `notice`-level message. Because the default [logging level for agents](https://puppet.com/docs/puppet/latest/configuration.html#loglevel) is `notice`, this causes the repository update to appear in agent logs. To silence these updates from the default log output, set the [loglevel](https://puppet.com/docs/puppet/latest/metaparameter.html#loglevel) metaparameter for `Exec['apt_update']` above the agent logging level:
```puppet
class { 'apt':
update => {
frequency => 'daily',
loglevel => 'debug',
},
}
```
> **NOTE:** Every `Exec['apt_update']` run will generate a corrective change, even if the apt caches are not updated. For example, setting an update frequency of `always` can result in every Puppet run resulting in a corrective change. This is a known issue. For details, see [MODULES-10763](https://tickets.puppetlabs.com/browse/MODULES-10763).
<a id="pin-a-specific-release"></a>
### Pin a specific release
```puppet
apt::pin { 'karmic': priority => 700 }
apt::pin { 'karmic-updates': priority => 700 }
apt::pin { 'karmic-security': priority => 700 }
```
You can also specify more complex pins using distribution properties:
```puppet
apt::pin { 'stable':
priority => -10,
originator => 'Debian',
release_version => '3.0',
component => 'main',
label => 'Debian'
}
```
To pin multiple packages, pass them to the `packages` parameter as an array or a space-delimited string.
<a id="add-a-personal-package-archive-repository"></a>
### Add a Personal Package Archive (PPA) repository
```puppet
apt::ppa { 'ppa:drizzle-developers/ppa': }
```
### Add an Apt source to `/etc/apt/sources.list.d/`
```puppet
apt::source { 'debian_unstable':
comment => 'This is the iWeb Debian unstable mirror',
location => 'http://debian.mirror.iweb.ca/debian/',
release => 'unstable',
repos => 'main contrib non-free non-free-firmware',
pin => '-10',
key => {
'id' => 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553',
'server' => 'subkeys.pgp.net',
},
include => {
'src' => true,
'deb' => true,
},
}
```
To use the Puppet Apt repository as a source:
```puppet
apt::source { 'puppetlabs':
location => 'http://apt.puppetlabs.com',
repos => 'main',
key => {
'id' => '6F6B15509CF8E59E6E469F327F438280EF8D349F',
'server' => 'pgp.mit.edu',
},
}
```
### Adding name and source to the key parameter of apt::source, which then manages modern apt gpg keyrings
The `name` parameter of key hash should contain the filename with extension (such as `puppetlabs.gpg`).
```puppet
apt::source { 'puppetlabs':
comment => 'Puppet8',
location => 'https://apt.puppetlabs.com/',
repos => 'puppet8',
key => {
'name' => 'puppetlabs.gpg',
'source' => 'https://apt.puppetlabs.com/keyring.gpg',
},
}
```
<a id="configure-apt-from-hiera"></a>
### Generating a DEB822 .sources file
You can also generate a DEB822 format .sources file. This example covers most of the available options.
Use the `source_format` parameter to choose between 'list' and 'sources' (DEB822) formats.
```puppet
apt::source { 'debian':
source_format => 'sources'
comment => 'Official Debian Repository',
enabled => true,
types => ['deb', 'deb-src'],
location => ['http://fr.debian.org/debian', 'http://de.debian.org/debian']
release => ['stable', 'stable-updates', 'stable-backports'],
repos => ['main', 'contrib', 'non-free'],
architecture => ['amd64', 'i386'],
allow_unsigned => true,
keyring => '/etc/apt/keyrings/debian.gpg'
notify_update => false
}
```
### Configure Apt from Hiera
Instead of specifying your sources directly as resources, you can instead just include the `apt` class, which will pick up the values automatically from hiera.
```yaml
apt::sources:
'debian_unstable':
comment: 'This is the iWeb Debian unstable mirror'
location: 'http://debian.mirror.iweb.ca/debian/'
release: 'unstable'
repos: 'main contrib non-free non-free-firmware'
pin: '-10'
key:
id: 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553'
server: 'subkeys.pgp.net'
include:
src: true
deb: true
'puppetlabs':
location: 'http://apt.puppetlabs.com'
repos: 'main'
key:
id: '6F6B15509CF8E59E6E469F327F438280EF8D349F'
server: 'pgp.mit.edu'
```
<a id="replace-the-default-sourceslist-file"></a>
### Replace the default `sources.list` file
The following example replaces the default `/etc/apt/sources.list`. Along with this code, be sure to use the `purge` parameter, or you might get duplicate source warnings when running Apt.
```puppet
apt::source { "archive.ubuntu.com-${facts['os']['distro']['codename']}":
location => 'http://archive.ubuntu.com/ubuntu',
key => '630239CC130E1A7FD81A27B140976EAF437D05B5',
repos => 'main universe multiverse restricted',
}
apt::source { "archive.ubuntu.com-${facts['os']['distro']['codename']}-security":
location => 'http://archive.ubuntu.com/ubuntu',
key => '630239CC130E1A7FD81A27B140976EAF437D05B5',
repos => 'main universe multiverse restricted',
release => "${facts['os']['distro']['codename']}-security"
}
apt::source { "archive.ubuntu.com-${facts['os']['distro']['codename']}-updates":
location => 'http://archive.ubuntu.com/ubuntu',
key => '630239CC130E1A7FD81A27B140976EAF437D05B5',
repos => 'main universe multiverse restricted',
release => "${facts['os']['distro']['codename']}-updates"
}
apt::source { "archive.ubuntu.com-${facts['os']['distro']['codename']}-backports":
location => 'http://archive.ubuntu.com/ubuntu',
key => '630239CC130E1A7FD81A27B140976EAF437D05B5',
repos => 'main universe multiverse restricted',
release => "${facts['os']['distro']['codename']}-backports"
}
```
### Manage login configuration settings for an APT source or proxy in `/etc/apt/auth.conf`
Starting with APT version 1.5, you can define login configuration settings, such as
username and password, for APT sources or proxies that require authentication
in the `/etc/apt/auth.conf` file. This is preferable to embedding login
information directly in `source.list` entries, which are usually world-readable.
The `/etc/apt/auth.conf` file follows the format of netrc (used by ftp or
curl) and has restrictive file permissions. See [here](https://manpages.debian.org/testing/apt/apt_auth.conf.5.en.html) for details.
Use the optional `apt::auth_conf_entries` parameter to specify an array of hashes containing login configuration settings. These hashes may only contain the `machine`, `login` and `password` keys.
```puppet
class { 'apt':
auth_conf_entries => [
{
'machine' => 'apt-proxy.example.net',
'login' => 'proxylogin',
'password' => 'proxypassword',
},
{
'machine' => 'apt.example.com/ubuntu',
'login' => 'reader',
'password' => 'supersecret',
},
],
}
```
<a id="reference"></a>
## Reference
### Facts
* `apt_updates`: The number of installed packages with available updates from `upgrade`.
* `apt_dist_updates`: The number of installed packages with available updates from `dist-upgrade`.
* `apt_security_updates`: The number of installed packages with available security updates from `upgrade`.
* `apt_security_dist_updates`: The number of installed packages with available security updates from `dist-upgrade`.
* `apt_package_updates`: The names of all installed packages with available updates from `upgrade`. In Facter 2.0 and later this data is formatted as an array; in earlier versions it is a comma-delimited string.
* `apt_package_dist_updates`: The names of all installed packages with available updates from `dist-upgrade`. In Facter 2.0 and later this data is formatted as an array; in earlier versions it is a comma-delimited string.
* `apt_update_last_success`: The date, in epochtime, of the most recent successful `apt-get update` run (based on the mtime of /var/lib/apt/periodic/update-success-stamp).
* `apt_reboot_required`: Determines if a reboot is necessary after updates have been installed.
### More Information
See [REFERENCE.md](https://github.com/puppetlabs/puppetlabs-apt/blob/main/REFERENCE.md) for all other reference documentation.
<a id="limitations"></a>
## Limitations
This module is not designed to be split across [run stages](https://docs.puppetlabs.com/puppet/latest/reference/lang_run_stages.html).
For an extensive list of supported operating systems, see [metadata.json](https://github.com/puppetlabs/puppetlabs-apt/blob/main/metadata.json)
### Adding new sources or PPAs
If you are adding a new source or PPA and trying to install packages from the new source or PPA on the same Puppet run, your `package` resource should depend on `Class['apt::update']`, as well as depending on the `Apt::Source` or the `Apt::Ppa`. You can also add [collectors](https://docs.puppetlabs.com/puppet/latest/reference/lang_collectors.html) to ensure that all packages happen after `apt::update`, but this can lead to dependency cycles and has implications for [virtual resources](https://docs.puppetlabs.com/puppet/latest/reference/lang_collectors.html#behavior). Before running the command below, ensure that all packages have the provider set to apt.
```puppet
Class['apt::update'] -> Package <| provider == 'apt' |>
```
## License
This codebase is licensed under the Apache2.0 licensing, however due to the nature of the codebase the open source dependencies may also use a combination of [AGPL](https://opensource.org/license/agpl-v3/), [BSD-2](https://opensource.org/license/bsd-2-clause/), [BSD-3](https://opensource.org/license/bsd-3-clause/), [GPL2.0](https://opensource.org/license/gpl-2-0/), [LGPL](https://opensource.org/license/lgpl-3-0/), [MIT](https://opensource.org/license/mit/) and [MPL](https://opensource.org/license/mpl-2-0/) Licensing.
## Development
Acceptance tests for this module leverage [puppet_litmus](https://github.com/puppetlabs/puppet_litmus).
To run the acceptance tests follow the instructions [here](https://puppetlabs.github.io/litmus/Running-acceptance-tests.html).
You can also find a tutorial and walkthrough of using Litmus and the PDK on [YouTube](https://www.youtube.com/watch?v=FYfR7ZEGHoE).
If you run into an issue with this module, or if you would like to request a feature, please [file a ticket](https://github.com/puppetlabs/puppetlabs-apt/issues).
Every Monday the Puppet IA Content Team has [office hours](https://puppet.com/community/office-hours) in the [Puppet Community Slack](http://slack.puppet.com/), alternating between an EMEA friendly time (1300 UTC) and an Americas friendly time (0900 Pacific, 1700 UTC).
If you have problems getting this module up and running, please [contact Support](http://puppetlabs.com/services/customer-support).
If you submit a change to this module, be sure to regenerate the reference documentation as follows:
```bash
puppet strings generate --format markdown --out REFERENCE.md
```

1432
environments/production/thirdparty/apt/REFERENCE.md vendored Normal file
View file

File diff suppressed because it is too large Load diff

1
environments/production/thirdparty/apt/data/common.yaml vendored Normal file
View file

@ -0,0 +1 @@
--- {}

3
environments/production/thirdparty/apt/data/os/Debian.yaml vendored Normal file
View file

@ -0,0 +1,3 @@
apt::backports:
location: http://deb.debian.org/debian
repos: main contrib non-free

3
environments/production/thirdparty/apt/data/os/Debian/12.yaml vendored Normal file
View file

@ -0,0 +1,3 @@
apt::backports:
location: http://deb.debian.org/debian
repos: main contrib non-free non-free-firmware

7
environments/production/thirdparty/apt/data/os/Ubuntu.yaml vendored Normal file
View file

@ -0,0 +1,7 @@
apt::backports:
location: http://archive.ubuntu.com/ubuntu
repos: main universe multiverse restricted
apt::ppa_options:
- -y
apt::ppa_package: software-properties-common

7
environments/production/thirdparty/apt/examples/backports.pp vendored Normal file
View file

@ -0,0 +1,7 @@
# Set up a backport for Linux Mint qiana
class { 'apt': }
class { 'apt::backports':
location => 'http://us.archive.ubuntu.com/ubuntu',
release => 'trusty-backports',
repos => 'main universe multiverse restricted',
}

3
environments/production/thirdparty/apt/examples/builddep.pp vendored Normal file
View file

@ -0,0 +1,3 @@
package { 'glusterfs-server':
install_options => 'build-dep',
}

18
environments/production/thirdparty/apt/examples/debian_testing.pp vendored Normal file
View file

@ -0,0 +1,18 @@
package { 'debian-keyring':
ensure => present,
}
package { 'debian-archive-keyring':
ensure => present,
}
apt::source { 'debian_testing':
location => 'http://debian.mirror.iweb.ca/debian/',
release => 'testing',
repos => 'main contrib non-free',
pin => '-10',
key => {
id => 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553',
server => 'subkeys.pgp.net',
},
}

18
environments/production/thirdparty/apt/examples/debian_unstable.pp vendored Normal file
View file

@ -0,0 +1,18 @@
package { 'debian-keyring':
ensure => present,
}
package { 'debian-archive-keyring':
ensure => present,
}
apt::source { 'debian_unstable':
location => 'http://debian.mirror.iweb.ca/debian/',
release => 'unstable',
repos => 'main contrib non-free',
pin => '-10',
key => {
id => 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553',
server => 'subkeys.pgp.net',
},
}

5
environments/production/thirdparty/apt/examples/disable_keys.pp vendored Normal file
View file

@ -0,0 +1,5 @@
#Note: This is generally a bad idea. You should not disable verifying repository signatures.
apt::conf { 'unauth':
priority => 99,
content => 'APT::Get::AllowUnauthenticated 1;',
}

4
environments/production/thirdparty/apt/examples/fancy_progress.pp vendored Normal file
View file

@ -0,0 +1,4 @@
apt::conf { 'progressbar':
priority => 99,
content => 'Dpkg::Progress-Fancy "1";',
}

28
environments/production/thirdparty/apt/examples/force.pp vendored Normal file
View file

@ -0,0 +1,28 @@
#if you need to specify a release
$rel_string = '-t <release>'
#else
$rel_string = ''
#if you need to specify a version
$ensure = '<version>'
#else
$ensure = installed
#if overwrite existing cfg files
$config_files = '-o Dpkg::Options::="--force-confnew"'
#elsif force use of old files
$config_files = '-o Dpkg::Options::="--force-confold"'
#elsif update only unchanged files
$config_files = '-o Dpkg::Options::="--force-confdef"'
#else
$config_files = ''
#if install missing configuration files for the package
$config_missing = '-o Dpkg::Options::="--force-confmiss"'
#else
$config_missing = ''
package { '<package>':
ensure => $ensure,
install_options => "${config_files} ${config_missing} ${rel_string}",
}

5
environments/production/thirdparty/apt/examples/hold.pp vendored Normal file
View file

@ -0,0 +1,5 @@
apt::pin { 'hold-vim':
packages => 'vim',
version => '2:7.4.488-5',
priority => 1001,
}

6
environments/production/thirdparty/apt/examples/key.pp vendored Normal file
View file

@ -0,0 +1,6 @@
# Declare Apt key for apt.puppetlabs.com source
apt::key { 'puppetlabs':
id => 'D6811ED3ADEEB8441AF5AA8F4528B6CD9E61EF26',
server => 'keyserver.ubuntu.com',
options => 'http-proxy="http://proxyuser:proxypass@example.org:3128"',
}

3
environments/production/thirdparty/apt/examples/mark.pp vendored Normal file
View file

@ -0,0 +1,3 @@
apt::mark { 'vim':
setting => 'auto',
}

5
environments/production/thirdparty/apt/examples/pin.pp vendored Normal file
View file

@ -0,0 +1,5 @@
# pin a release in apt, useful for unstable repositories
apt::pin { 'foo':
packages => '*',
priority => 0,
}

4
environments/production/thirdparty/apt/examples/ppa.pp vendored Normal file
View file

@ -0,0 +1,4 @@
class { 'apt': }
# Example declaration of an Apt PPA
apt::ppa { 'ppa:ubuntuhandbook1/apps': }

4
environments/production/thirdparty/apt/examples/release.pp vendored Normal file
View file

@ -0,0 +1,4 @@
apt::conf { 'release':
content => 'APT::Default-Release "karmic";',
priority => '01',
}

35
environments/production/thirdparty/apt/examples/source.pp vendored Normal file
View file

@ -0,0 +1,35 @@
# Declare the apt class to manage /etc/apt/sources.list and /etc/sources.list.d
class { 'apt': }
# Install the puppetlabs apt source
# Release is automatically obtained from facts.
apt::source { 'puppetlabs':
location => 'http://apt.puppetlabs.com',
repos => 'main',
key => {
id => '6F6B15509CF8E59E6E469F327F438280EF8D349F',
server => 'keyserver.ubuntu.com',
},
}
# test two sources with the same key
apt::source { 'debian_testing':
location => 'http://debian.mirror.iweb.ca/debian/',
release => 'testing',
repos => 'main contrib non-free non-free-firmware',
key => {
id => 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553',
server => 'keyserver.ubuntu.com',
},
pin => '-10',
}
apt::source { 'debian_unstable':
location => 'http://debian.mirror.iweb.ca/debian/',
release => 'unstable',
repos => 'main contrib non-free non-free-firmware',
key => {
id => 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553',
server => 'keyserver.ubuntu.com',
},
pin => '-10',
}

1
environments/production/thirdparty/apt/examples/unattended_upgrades.pp vendored Normal file
View file

@ -0,0 +1 @@
# TODO

1
environments/production/thirdparty/apt/files/15update-stamp vendored Normal file
View file

@ -0,0 +1 @@
APT::Update::Post-Invoke-Success {"touch /var/lib/apt/periodic/update-success-stamp 2>/dev/null || true";};

21
environments/production/thirdparty/apt/hiera.yaml vendored Normal file
View file

@ -0,0 +1,21 @@
---
version: 5
defaults: # Used for any hierarchy level that omits these keys.
datadir: data # This path is relative to hiera.yaml's directory.
data_hash: yaml_data # Use the built-in YAML backend.
hierarchy:
- name: "os.family/major release"
paths:
# Used to distinguish between Debian and Ubuntu
- "os/%{facts.os.name}/%{facts.os.release.major}.yaml"
- "os/%{facts.os.family}/%{facts.os.release.major}.yaml"
# Used for Solaris
- "os/%{facts.os.family}/%{facts.kernelrelease}.yaml"
- name: "os.family"
paths:
- "os/%{facts.os.name}.yaml"
- "os/%{facts.os.family}.yaml"
- name: 'common'
path: 'common.yaml'

9
environments/production/thirdparty/apt/lib/facter/apt_reboot_required.rb vendored Normal file
View file

@ -0,0 +1,9 @@
# frozen_string_literal: true
# apt_reboot_required.rb
Facter.add(:apt_reboot_required) do
confine 'os.family': 'Debian'
setcode do
File.file?('/var/run/reboot-required')
end
end

13
environments/production/thirdparty/apt/lib/facter/apt_sources.rb vendored Normal file
View file

@ -0,0 +1,13 @@
# frozen_string_literal: true
# This fact lists the .list filenames that are used by apt.
Facter.add(:apt_sources) do
confine 'os.family': 'Debian'
setcode do
sources = ['sources.list']
Dir.glob('/etc/apt/sources.list.d/*.{list,sources}').each do |file|
sources.push(File.basename(file))
end
sources
end
end

18
environments/production/thirdparty/apt/lib/facter/apt_update_last_success.rb vendored Normal file
View file

@ -0,0 +1,18 @@
# frozen_string_literal: true
require 'facter'
# This is derived from the file /var/lib/apt/periodic/update-success-stamp
# This is generated upon a successful apt-get update run natively in ubuntu.
# the Puppetlabs-apt module deploys this same functionality for other debian-ish OSes
Facter.add('apt_update_last_success') do
confine 'os.family': 'Debian'
setcode do
if File.exist?('/var/lib/apt/periodic/update-success-stamp')
# get epoch time
File.mtime('/var/lib/apt/periodic/update-success-stamp').to_i
else
-1
end
end
end

103
environments/production/thirdparty/apt/lib/facter/apt_updates.rb vendored Normal file
View file

@ -0,0 +1,103 @@
# frozen_string_literal: true
apt_package_updates = nil
apt_dist_updates = nil
# Executes the upgrading of packages
# @param
# upgrade_option Type of upgrade passed into apt-get command arguments i.e. 'upgrade' or 'dist-upgrade'
def get_updates(upgrade_option)
apt_updates = nil
if File.executable?('/usr/bin/apt-get')
apt_get_result = Facter::Core::Execution.execute("/usr/bin/apt-get -s -o Debug::NoLocking=true #{upgrade_option} 2>&1")
unless apt_get_result.nil?
apt_updates = [[], []]
apt_get_result.each_line do |line|
next unless %r{^Inst\s}.match?(line)
package = line.gsub(%r{^Inst\s([^\s]+)\s.*}, '\1').strip
apt_updates[0].push(package)
security_matches = [
%r{ Debian-Security:},
%r{ Ubuntu[^\s]+-security[, ]},
%r{ gNewSense[^\s]+-security[, ]},
]
re = Regexp.union(security_matches)
apt_updates[1].push(package) if line.match(re)
end
end
end
apt_updates
end
Facter.add('apt_has_updates') do
confine 'os.family': 'Debian'
setcode do
apt_package_updates = get_updates('upgrade')
apt_package_updates != [[], []] if !apt_package_updates.nil? && apt_package_updates.length == 2
end
end
Facter.add('apt_has_dist_updates') do
confine 'os.family': 'Debian'
setcode do
apt_dist_updates = get_updates('dist-upgrade')
apt_dist_updates != [[], []] if !apt_dist_updates.nil? && apt_dist_updates.length == 2
end
end
Facter.add('apt_package_updates') do
confine apt_has_updates: true
setcode do
apt_package_updates[0]
end
end
Facter.add('apt_package_dist_updates') do
confine apt_has_dist_updates: true
setcode do
apt_dist_updates[0]
end
end
Facter.add('apt_package_security_updates') do
confine apt_has_updates: true
setcode do
apt_package_updates[1]
end
end
Facter.add('apt_package_security_dist_updates') do
confine apt_has_dist_updates: true
setcode do
apt_dist_updates[1]
end
end
Facter.add('apt_updates') do
confine apt_has_updates: true
setcode do
Integer(apt_package_updates[0].length)
end
end
Facter.add('apt_dist_updates') do
confine apt_has_dist_updates: true
setcode do
Integer(apt_dist_updates[0].length)
end
end
Facter.add('apt_security_updates') do
confine apt_has_updates: true
setcode do
Integer(apt_package_updates[1].length)
end
end
Facter.add('apt_security_dist_updates') do
confine apt_has_dist_updates: true
setcode do
Integer(apt_dist_updates[1].length)
end
end

240
environments/production/thirdparty/apt/lib/puppet/provider/apt_key/apt_key.rb vendored Normal file
View file

@ -0,0 +1,240 @@
# frozen_string_literal: true
require 'open-uri'
begin
require 'net/ftp'
rescue LoadError
# Ruby 3.0 changed net-ftp to a default gem
end
require 'tempfile'
Puppet::Type.type(:apt_key).provide(:apt_key) do
desc 'apt-key provider for apt_key resource'
confine 'os.family': :debian
defaultfor 'os.family': :debian
commands apt_key: 'apt-key'
commands gpg: '/usr/bin/gpg'
def self.instances
key_array = []
cli_args = ['adv', '--no-tty', '--list-keys', '--with-colons', '--fingerprint', '--fixed-list-mode']
key_output = apt_key(cli_args).encode('UTF-8', 'binary', invalid: :replace, undef: :replace, replace: '')
pub_line = nil
fpr_lines = []
sub_lines = []
lines = key_output.split("\n")
lines.each_index do |i|
if lines[i].start_with?('pub')
pub_line = lines[i]
# starting a new public key, so reset fpr_lines and sub_lines
fpr_lines = []
sub_lines = []
elsif lines[i].start_with?('fpr')
fpr_lines << lines[i]
elsif lines[i].start_with?('sub')
sub_lines << lines[i]
end
next unless (pub_line && !fpr_lines.empty?) && (!lines[i + 1] || lines[i + 1].start_with?('pub'))
line_hash = key_line_hash(pub_line, fpr_lines)
expired = line_hash[:key_expired] || subkeys_all_expired(sub_lines)
key_array << new(
name: line_hash[:key_fingerprint],
id: line_hash[:key_long],
fingerprint: line_hash[:key_fingerprint],
short: line_hash[:key_short],
long: line_hash[:key_long],
ensure: :present,
expired: expired,
expiry: line_hash[:key_expiry].nil? ? nil : line_hash[:key_expiry].strftime('%Y-%m-%d'),
size: line_hash[:key_size],
type: line_hash[:key_type],
created: line_hash[:key_created].strftime('%Y-%m-%d'),
)
end
key_array
end
def self.prefetch(resources)
apt_keys = instances
resources.each_key do |name|
case name.length
when 40
provider = apt_keys.find { |key| key.fingerprint == name }
resources[name].provider = provider if provider
when 16
provider = apt_keys.find { |key| key.long == name }
resources[name].provider = provider if provider
when 8
provider = apt_keys.find { |key| key.short == name }
resources[name].provider = provider if provider
end
end
end
def self.subkeys_all_expired(sub_lines)
return false if sub_lines.empty?
sub_lines.each do |line|
return false if line.split(':')[1] == '-'
end
true
end
def self.key_line_hash(pub_line, fpr_lines)
pub_split = pub_line.split(':')
fpr_split = fpr_lines.first.split(':')
fingerprint = fpr_split.last
return_hash = {
key_fingerprint: fingerprint,
key_long: fingerprint[-16..], # last 16 characters of fingerprint
key_short: fingerprint[-8..], # last 8 characters of fingerprint
key_size: pub_split[2],
key_type: nil,
key_created: Time.at(pub_split[5].to_i),
key_expired: pub_split[1] == 'e',
key_expiry: pub_split[6].empty? ? nil : Time.at(pub_split[6].to_i)
}
# set key type based on types defined in /usr/share/doc/gnupg/DETAILS.gz
case pub_split[3]
when '1'
return_hash[:key_type] = :rsa
when '17'
return_hash[:key_type] = :dsa
when '18'
return_hash[:key_type] = :ecc
when '19'
return_hash[:key_type] = :ecdsa
end
return_hash
end
def source_to_file(value)
parsed_value = URI.parse(value)
if parsed_value.scheme.nil?
raise(_('The file %{_value} does not exist') % { _value: value }) unless File.exist?(value)
# Because the tempfile method has to return a live object to prevent GC
# of the underlying file from occuring too early, we also have to return
# a file object here. The caller can still call the #path method on the
# closed file handle to get the path.
f = File.open(value, 'r')
f.close
f
else
exceptions = [OpenURI::HTTPError]
exceptions << Net::FTPPermError if defined?(Net::FTPPermError)
begin
# Only send basic auth if URL contains userinfo
# Some webservers (e.g. Amazon S3) return code 400 if empty basic auth is sent
if parsed_value.userinfo.nil?
key = if parsed_value.scheme == 'https' && resource[:weak_ssl] == true
URI.open(parsed_value, ssl_verify_mode: OpenSSL::SSL::VERIFY_NONE).read
else
parsed_value.read
end
else
user_pass = parsed_value.userinfo.split(':')
parsed_value.userinfo = ''
key = URI.open(parsed_value, http_basic_authentication: user_pass).read
end
rescue *exceptions => e
raise(_('%{_e} for %{_resource}') % { _e: e.message, _resource: resource[:source] })
rescue SocketError
raise(_('could not resolve %{_resource}') % { _resource: resource[:source] })
else
tempfile(key)
end
end
end
# The tempfile method needs to return the tempfile object to the caller, so
# that it doesn't get deleted by the GC immediately after it returns. We
# want the caller to control when it goes out of scope.
def tempfile(content)
file = Tempfile.new('apt_key')
file.write content
file.close
# confirm that the fingerprint from the file, matches the long key that is in the manifest
if name.size == 40
if File.executable? command(:gpg)
extracted_key = execute(["#{command(:gpg)} --no-tty --with-fingerprint --with-colons #{file.path} | awk -F: '/^fpr:/ { print $10 }'"], failonfail: false)
extracted_key = extracted_key.chomp
found_match = false
extracted_key.each_line do |line|
found_match = true if line.chomp == name
end
unless found_match
raise(_('The id in your manifest %{_resource} and the fingerprint from content/source don\'t match. Check for an error in the id and content/source is legitimate.') % { _resource: resource[:name] }) # rubocop:disable Layout/LineLength
end
else
warning('/usr/bin/gpg cannot be found for verification of the id.')
end
end
file
end
def exists?
# report expired keys as non-existing when refresh => true
@property_hash[:ensure] == :present && !(resource[:refresh] && @property_hash[:expired])
end
def create
command = []
if resource[:source].nil? && resource[:content].nil?
# Breaking up the command like this is needed because it blows up
# if --recv-keys isn't the last argument.
command.push('adv', '--no-tty', '--keyserver', resource[:server])
command.push('--keyserver-options', resource[:options]) unless resource[:options].nil?
command.push('--recv-keys', resource[:id])
elsif resource[:content]
key_file = tempfile(resource[:content])
command.push('add', key_file.path)
elsif resource[:source]
key_file = source_to_file(resource[:source])
command.push('add', key_file.path)
# In case we really screwed up, better safe than sorry.
else
raise(_('an unexpected condition occurred while trying to add the key: %{_resource}') % { _resource: resource[:id] })
end
apt_key(command)
@property_hash[:ensure] = :present
end
def destroy
loop do
apt_key('del', resource.provider.short)
r = execute(["#{command(:apt_key)} list | grep '/#{resource.provider.short}\s'"], failonfail: false)
break unless r.exitstatus.zero?
end
@property_hash.clear
end
def read_only(_value)
raise(_('This is a read-only property.'))
end
mk_resource_methods
# Alias the setters of read-only properties
# to the read_only function.
alias_method :created=, :read_only
alias_method :expired=, :read_only
alias_method :expiry=, :read_only
alias_method :size=, :read_only
alias_method :type=, :read_only
end

146
environments/production/thirdparty/apt/lib/puppet/type/apt_key.rb vendored Normal file
View file

@ -0,0 +1,146 @@
# frozen_string_literal: true
require 'pathname'
require 'puppet/parameter/boolean'
Puppet::Type.newtype(:apt_key) do
@doc = <<-MANIFEST
@summary This type provides Puppet with the capabilities to manage GPG keys needed
by apt to perform package validation. Apt has it's own GPG keyring that can
be manipulated through the `apt-key` command.
@example Basic usage
apt_key { '6F6B15509CF8E59E6E469F327F438280EF8D349F':
source => 'http://apt.puppetlabs.com/pubkey.gpg'
}
**Autorequires**
If Puppet is given the location of a key file which looks like an absolute
path this type will autorequire that file.
@api private
MANIFEST
ensurable
validate do
raise(_('ensure => absent and refresh => true are mutually exclusive')) if self[:refresh] == true && self[:ensure] == :absent
raise(_('The properties content and source are mutually exclusive.')) if self[:content] && self[:source]
warning(_('The id should be a full fingerprint (40 characters), see README.')) if self[:id].length < 40
end
newparam(:id, namevar: true) do
desc 'The ID of the key you want to manage.'
# GPG key ID's should be either 32-bit (short) or 64-bit (long) key ID's
# and may start with the optional 0x, or they can be 40-digit key fingerprints
newvalues(%r{\A(0x)?[0-9a-fA-F]{8}\Z}, %r{\A(0x)?[0-9a-fA-F]{16}\Z}, %r{\A(0x)?[0-9a-fA-F]{40}\Z})
munge do |value|
id = if value.start_with?('0x')
value.partition('0x').last.upcase
else
value.upcase
end
id
end
end
newparam(:content) do
desc 'The content of, or string representing, a GPG key.'
end
newparam(:source) do
desc 'Location of a GPG key file, /path/to/file, ftp://, http:// or https://'
newvalues(%r{\Ahttps?://}, %r{\Aftp://}, %r{\A/\w+})
end
autorequire(:file) do
self[:source] if self[:source] && Pathname.new(self[:source]).absolute?
end
newparam(:server) do
desc 'The key server to fetch the key from based on the ID. It can either be a domain name or url.'
defaultto :'keyserver.ubuntu.com'
newvalues(%r{\A((hkp|hkps|http|https)://)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?(/[a-zA-Z\d\-_.]+)*/?$})
end
newparam(:options) do
desc 'Additional options to pass to apt-key\'s --keyserver-options.'
end
newparam(:refresh, boolean: true, parent: Puppet::Parameter::Boolean) do
desc 'When true, recreate an existing expired key'
defaultto false
end
newparam(:weak_ssl, boolean: true, parent: Puppet::Parameter::Boolean) do
desc 'When true and source uses https, accepts download of keys without SSL verification'
defaultto false
end
newproperty(:fingerprint) do
desc <<-MANIFEST
The 40-digit hexadecimal fingerprint of the specified GPG key.
This property is read-only.
MANIFEST
end
newproperty(:long) do
desc <<-MANIFEST
The 16-digit hexadecimal id of the specified GPG key.
This property is read-only.
MANIFEST
end
newproperty(:short) do
desc <<-MANIFEST
The 8-digit hexadecimal id of the specified GPG key.
This property is read-only.
MANIFEST
end
newproperty(:expired) do
desc <<-MANIFEST
Indicates if the key has expired.
This property is read-only.
MANIFEST
end
newproperty(:expiry) do
desc <<-MANIFEST
The date the key will expire, or nil if it has no expiry date.
This property is read-only.
MANIFEST
end
newproperty(:size) do
desc <<-MANIFEST
The key size, usually a multiple of 1024.
This property is read-only.
MANIFEST
end
newproperty(:type) do
desc <<-MANIFEST
The key type, one of: rsa, dsa, ecc, ecdsa
This property is read-only.
MANIFEST
end
newproperty(:created) do
desc <<-MANIFEST
Date the key was created.
This property is read-only.
MANIFEST
end
end

119
environments/production/thirdparty/apt/manifests/backports.pp vendored Normal file
View file

@ -0,0 +1,119 @@
# @summary Manages backports.
#
# @example Set up a backport source for Ubuntu
# include apt::backports
#
# @param location
# Specifies an Apt repository containing the backports to manage. Valid options: a string containing a URL. Default value for Debian and
# Ubuntu varies:
#
# - Debian: 'http://deb.debian.org/debian'
#
# - Ubuntu: 'http://archive.ubuntu.com/ubuntu'
#
# @param release
# Specifies a distribution of the Apt repository containing the backports to manage. Used in populating the `sources.list` configuration file.
# Default: on Debian and Ubuntu, `${fact('os.distro.codename')}-backports`. We recommend keeping this default, except on other operating
# systems.
#
# @param repos
# Specifies a component of the Apt repository containing the backports to manage. Used in populating the `sources.list` configuration file.
# Default value for Debian and Ubuntu varies:
#
# - Debian: 'main contrib non-free non-free-firmware'
#
# - Ubuntu: 'main universe multiverse restricted'
#
# @param key
# Specifies a key to authenticate the backports. Valid options: a string to be passed to the id parameter of the apt::key defined type, or a
# hash of parameter => value pairs to be passed to apt::key's id, server, content, source, and/or options parameters.
#
# @param keyring
# Absolute path to a file containing the PGP keyring used to sign this
# repository. Value is passed to the apt::source and used to set signed-by on
# the source entry.
#
# @param pin
# Specifies a pin priority for the backports. Valid options: a number or string to be passed to the `id` parameter of the `apt::pin` defined
# type, or a hash of `parameter => value` pairs to be passed to `apt::pin`'s corresponding parameters.
#
# @param include
# Specifies whether to include 'deb' or 'src', or both.
#
class apt::backports (
Optional[Stdlib::HTTPUrl] $location = undef,
Optional[String[1]] $release = undef,
Optional[String[1]] $repos = undef,
Optional[Variant[String[1], Hash]] $key = undef,
Stdlib::AbsolutePath $keyring = "/usr/share/keyrings/${facts['os']['name'].downcase}-archive-keyring.gpg",
Variant[Integer, String[1], Hash] $pin = 200,
Hash $include = {},
) {
include apt
if $location {
$_location = $location
}
if $release {
$_release = $release
}
if $repos {
$_repos = $repos
}
if (!($facts['os']['name'] == 'Debian' or $facts['os']['name'] == 'Ubuntu')) {
unless $location and $release and $repos {
fail('If not on Debian or Ubuntu, you must explicitly pass location, release, and repos')
}
}
unless $location {
$_location = $apt::backports['location']
}
unless $release {
if fact('os.distro.codename') {
$_release = "${fact('os.distro.codename')}-backports"
} else {
fail('os.distro.codename fact not available: release parameter required')
}
}
unless $repos {
$_repos = $apt::backports['repos']
}
$_keyring = if $key {
undef
} else {
$keyring
}
if $pin =~ Hash {
$_pin = $pin
} elsif $pin =~ Numeric or $pin =~ String {
$pin_type = $facts['os']['name'] ? {
'Debian' => 'codename',
'Ubuntu' => 'release',
}
$_pin = {
'priority' => $pin,
$pin_type => $_release,
}
} else {
fail('pin must be either a string, number or hash')
}
apt::source { 'backports':
location => $_location,
release => $_release,
repos => $_repos,
include => $include,
key => $key,
keyring => $_keyring,
pin => $_pin,
}
}

35
environments/production/thirdparty/apt/manifests/conf.pp vendored Normal file
View file

@ -0,0 +1,35 @@
# @summary Specifies a custom Apt configuration file.
#
# @param content
# Required unless `ensure` is set to 'absent'. Directly supplies content for the configuration file.
#
# @param ensure
# Specifies whether the configuration file should exist.
#
# @param priority
# Determines the order in which Apt processes the configuration file. Files with lower priority numbers are loaded first.
# Valid options: a string containing an integer or an integer.
#
# @param notify_update
# Specifies whether to trigger an `apt-get update` run.
#
define apt::conf (
Optional[String[1]] $content = undef,
Enum['present', 'absent'] $ensure = present,
Variant[String[1], Integer[0]] $priority = 50,
Optional[Boolean] $notify_update = undef,
) {
unless $ensure == 'absent' {
unless $content {
fail('Need to pass in content parameter')
}
}
$confheadertmp = epp('apt/_conf_header.epp')
apt::setting { "conf-${name}":
ensure => $ensure,
priority => $priority,
content => "${confheadertmp}${content}",
notify_update => $notify_update,
}
}

457
environments/production/thirdparty/apt/manifests/init.pp vendored Normal file
View file

@ -0,0 +1,457 @@
# @summary Main class, includes all other classes.
#
# @see https://docs.puppetlabs.com/references/latest/function.html#createresources for the create resource function
#
# @param provider
# Specifies the provider that should be used by apt::update.
#
# @param keyserver
# Specifies a keyserver to provide the GPG key. Valid options: a string containing a domain name or a full URL (http://, https://, or
# hkp://).
#
# @param key_options
# Specifies the default options for apt::key resources.
#
# @param ppa_options
# Supplies options to be passed to the `add-apt-repository` command.
#
# @param ppa_package
# Names the package that provides the `apt-add-repository` command.
#
# @param backports
# Specifies some of the default parameters used by apt::backports. Valid options: a hash made up from the following keys:
#
# @option backports [String] :location
# See apt::backports for documentation.
#
# @option backports [String] :repos
# See apt::backports for documentation.
#
# @option backports [String] :key
# See apt::backports for documentation.
#
# @param confs
# Hash of `apt::conf` resources.
#
# @param update
# Configures various update settings. Valid options: a hash made up from the following keys:
#
# @option update [String] :frequency
# Specifies how often to run `apt-get update`. If the exec resource `apt_update` is notified,
# `apt-get update` runs regardless of this value.
# Valid options:
# 'always' (at every Puppet run);
# 'hourly' (if the value of `apt_update_last_success` is less than current epoch time minus 3600);
# 'daily' (if the value of `apt_update_last_success` is less than current epoch time minus 86400);
# 'weekly' (if the value of `apt_update_last_success` is less than current epoch time minus 604800);
# Integer (if the value of `apt_update_last_success` is less than current epoch time minus provided Integer value);
# 'reluctantly' (only if the exec resource `apt_update` is notified).
# Default: 'reluctantly'.
#
# @option update [Integer] :loglevel
# Specifies the log level of logs outputted to the console. Default: undef.
#
# @option update [Integer] :timeout
# Specifies how long to wait for the update to complete before canceling it. Valid options: an integer, in seconds. Default: undef.
#
# @option update [Integer] :tries
# Specifies how many times to retry the update after receiving a DNS or HTTP error. Default: undef.
#
# @param update_defaults
# The default update settings that are combined and merged with the passed `update` value
#
# @param purge
# Specifies whether to purge any existing settings that aren't managed by Puppet. Valid options: a hash made up from the following keys:
#
# @option purge [Boolean] :sources.list
# Specifies whether to purge any unmanaged entries from sources.list. Default false.
#
# @option purge [Boolean] :sources.list.d
# Specifies whether to purge any unmanaged entries from sources.list.d. Default false.
#
# @option purge [Boolean] :preferences
# Specifies whether to purge any unmanaged entries from preferences. Default false.
#
# @option purge [Boolean] :preferences.d.
# Specifies whether to purge any unmanaged entries from preferences.d. Default false.
#
# @param purge_defaults
# The default purge settings that are combined and merged with the passed `purge` value
#
# @param proxy
# Configures Apt to connect to a proxy server. Valid options: a hash matching the locally defined type apt::proxy.
#
# @param proxy_defaults
# The default proxy settings that are combined and merged with the passed `proxy` value
#
# @param sources
# Hash of `apt::source` resources.
#
# @param keys
# Hash of `apt::key` resources.
#
# @param keyrings
# Hash of `apt::keyring` resources.
#
# @param ppas
# Hash of `apt::ppa` resources.
#
# @param pins
# Hash of `apt::pin` resources.
#
# @param settings
# Hash of `apt::setting` resources.
#
# @param manage_auth_conf
# Specifies whether to manage the /etc/apt/auth.conf file. When true, the file will be overwritten with the entries specified in
# the auth_conf_entries parameter. When false, the file will be ignored (note that this does not set the file to absent.
#
# @param auth_conf_entries
# An optional array of login configuration settings (hashes) that are recorded in the file /etc/apt/auth.conf. This file has a netrc-like
# format (similar to what curl uses) and contains the login configuration for APT sources and proxies that require authentication. See
# https://manpages.debian.org/testing/apt/apt_auth.conf.5.en.html for details. If specified each hash must contain the keys machine, login and
# password and no others. Specifying manage_auth_conf and not specifying this parameter will set /etc/apt/auth.conf to absent.
#
# @param auth_conf_owner
# The owner of the file /etc/apt/auth.conf.
#
# @param root
# Specifies root directory of Apt executable.
#
# @param sources_list
# Specifies the path of the sources_list file to use.
#
# @param sources_list_d
# Specifies the path of the sources_list.d file to use.
#
# @param conf_d
# Specifies the path of the conf.d file to use.
#
# @param preferences
# Specifies the path of the preferences file to use.
#
# @param preferences_d
# Specifies the path of the preferences.d file to use.
#
# @param config_files
# A hash made up of the various configuration files used by Apt.
#
# @param sources_list_force
# Specifies whether to perform force purge or delete.
#
# @param include_defaults
# The package types to include by default.
#
# @param apt_conf_d
# The path to the file `apt.conf.d`
#
# @param source_key_defaults
# The fault `source_key` settings
#
class apt (
Hash $update_defaults = {
'frequency' => 'reluctantly',
'loglevel' => undef,
'timeout' => undef,
'tries' => undef,
},
Hash $purge_defaults = {
'sources.list' => false,
'sources.list.d' => false,
'preferences' => false,
'preferences.d' => false,
'apt.conf.d' => false,
},
Hash $proxy_defaults = {
'ensure' => undef,
'host' => undef,
'port' => 8080,
'https' => false,
'https_acng' => false,
'direct' => false,
},
Hash $include_defaults = {
'deb' => true,
'src' => false,
},
Stdlib::Absolutepath $provider = '/usr/bin/apt-get',
Stdlib::Host $keyserver = 'keyserver.ubuntu.com',
Optional[String[1]] $key_options = undef,
Optional[Array[String[1]]] $ppa_options = undef,
Optional[String[1]] $ppa_package = undef,
Optional[Hash] $backports = undef,
Hash $confs = {},
Hash $update = {},
Hash $purge = {},
Apt::Proxy $proxy = {},
Hash $sources = {},
Hash $keys = {},
Hash $keyrings = {},
Hash $ppas = {},
Hash $pins = {},
Hash $settings = {},
Boolean $manage_auth_conf = true,
Array[Apt::Auth_conf_entry] $auth_conf_entries = [],
String[1] $auth_conf_owner = '_apt',
Stdlib::Absolutepath $root = '/etc/apt',
Stdlib::Absolutepath $sources_list = "${root}/sources.list",
Stdlib::Absolutepath $sources_list_d = "${root}/sources.list.d",
Stdlib::Absolutepath $conf_d = "${root}/apt.conf.d",
Stdlib::Absolutepath $preferences = "${root}/preferences",
Stdlib::Absolutepath $preferences_d = "${root}/preferences.d",
Stdlib::Absolutepath $apt_conf_d = "${root}/apt.conf.d",
Hash $config_files = {
'conf' => {
'path' => $conf_d,
'ext' => '',
},
'pref' => {
'path' => $preferences_d,
'ext' => '.pref',
},
'list' => {
'path' => $sources_list_d,
'ext' => '.list',
},
'sources' => {
'path' => $sources_list_d,
'ext' => '.sources',
},
},
Boolean $sources_list_force = false,
Hash $source_key_defaults = {
'server' => $keyserver,
'options' => undef,
'content' => undef,
'source' => undef,
},
) {
if $facts['os']['family'] != 'Debian' {
fail('This module only works on Debian or derivatives like Ubuntu')
}
if $update['frequency'] {
assert_type(
Variant[Enum['always','hourly','daily','weekly','reluctantly'],Integer[60]],
$update['frequency'],
)
}
if $update['timeout'] {
assert_type(Integer, $update['timeout'])
}
if $update['tries'] {
assert_type(Integer, $update['tries'])
}
$_update = $apt::update_defaults + $update
include apt::update
if $purge['sources.list'] {
assert_type(Boolean, $purge['sources.list'])
}
if $purge['sources.list.d'] {
assert_type(Boolean, $purge['sources.list.d'])
}
if $purge['preferences'] {
assert_type(Boolean, $purge['preferences'])
}
if $purge['preferences.d'] {
assert_type(Boolean, $purge['preferences.d'])
}
if $sources_list_force {
assert_type(Boolean, $sources_list_force)
}
if $purge['apt.conf.d'] {
assert_type(Boolean, $purge['apt.conf.d'])
}
$_purge = $apt::purge_defaults + $purge
if $proxy['perhost'] {
$_perhost = $proxy['perhost'].map |$item| {
$_item = $apt::proxy_defaults + $item
$_scheme = $_item['https'] ? {
true => 'https',
default => 'http',
}
$_port = $_item['port'] ? {
Integer => ":${_item['port']}",
default => ''
}
$_target = $_item['direct'] ? {
true => 'DIRECT',
default => "${_scheme}://${_item['host']}${_port}/",
}
$item + { 'scheme' => $_scheme, 'target' => $_target, }
}
} else {
$_perhost = {}
}
$_proxy = $apt::proxy_defaults + $proxy + { 'perhost' => $_perhost }
$confheadertmp = epp('apt/_conf_header.epp')
$proxytmp = epp('apt/proxy.epp', { 'proxies' => $_proxy })
$updatestamptmp = file('apt/15update-stamp')
if $_proxy['ensure'] == 'absent' or $_proxy['host'] {
apt::setting { 'conf-proxy':
ensure => $_proxy['ensure'],
priority => '01',
content => "${confheadertmp}${proxytmp}",
}
}
if $sources_list_force {
$sources_list_ensure = $_purge['sources.list'] ? {
true => absent,
default => file,
}
$sources_list_content = $_purge['sources.list'] ? {
true => nil,
default => undef,
}
} else {
$sources_list_ensure = $_purge['sources.list'] ? {
true => file,
default => file,
}
$sources_list_content = $_purge['sources.list'] ? {
true => "# Repos managed by puppet.\n",
default => undef,
}
}
$preferences_ensure = $_purge['preferences'] ? {
true => absent,
default => file,
}
apt::setting { 'conf-update-stamp':
priority => 15,
content => "${confheadertmp}${updatestamptmp}",
}
file { 'sources.list':
ensure => $sources_list_ensure,
path => $apt::sources_list,
owner => root,
group => root,
content => $sources_list_content,
notify => Class['apt::update'],
}
file { 'sources.list.d':
ensure => directory,
path => $apt::sources_list_d,
owner => root,
group => root,
purge => $_purge['sources.list.d'],
recurse => $_purge['sources.list.d'],
notify => Class['apt::update'],
}
file { 'preferences':
ensure => $preferences_ensure,
path => $apt::preferences,
owner => root,
group => root,
notify => Class['apt::update'],
}
file { 'preferences.d':
ensure => directory,
path => $apt::preferences_d,
owner => root,
group => root,
purge => $_purge['preferences.d'],
recurse => $_purge['preferences.d'],
notify => Class['apt::update'],
}
file { 'apt.conf.d':
ensure => directory,
path => $apt::apt_conf_d,
owner => root,
group => root,
purge => $_purge['apt.conf.d'],
recurse => $_purge['apt.conf.d'],
notify => Class['apt::update'],
}
$confs.each |$key, $value| {
apt::conf { $key:
* => $value,
}
}
$sources.each |$key, $value| {
apt::source { $key:
* => $value,
}
}
$keys.each |$key, $value| {
apt::key { $key:
* => $value,
}
}
$keyrings.each |$key, $data| {
apt::keyring { $key:
* => $data,
}
}
$ppas.each |$key, $value| {
apt::ppa { $key:
* => $value,
}
}
$settings.each |$key, $value| {
apt::setting { $key:
* => $value,
}
}
if $manage_auth_conf {
$auth_conf_ensure = $auth_conf_entries ? {
[] => 'absent',
default => 'present',
}
$auth_conf_tmp = stdlib::deferrable_epp('apt/auth_conf.epp',
{
'auth_conf_entries' => $auth_conf_entries,
},
)
file { '/etc/apt/auth.conf':
ensure => $auth_conf_ensure,
owner => $auth_conf_owner,
group => 'root',
mode => '0600',
content => Sensitive($auth_conf_tmp),
notify => Class['apt::update'],
}
}
$pins.each |$key, $value| {
apt::pin { $key:
* => $value,
}
}
case $facts['os']['name'] {
'Debian': {
stdlib::ensure_packages(['gnupg'])
}
'Ubuntu': {
stdlib::ensure_packages(['gnupg'])
}
default: {
# Nothing in here
}
}
}

104
environments/production/thirdparty/apt/manifests/key.pp vendored Normal file
View file

@ -0,0 +1,104 @@
# @summary Manages the GPG keys that Apt uses to authenticate packages.
#
# @note
# The apt::key defined type makes use of the apt_key type, but includes extra functionality to help prevent duplicate keys.
#
# @example Declare Apt key for apt.puppetlabs.com source
# apt::key { 'puppetlabs':
# id => '6F6B15509CF8E59E6E469F327F438280EF8D349F',
# server => 'keyserver.ubuntu.com',
# options => 'http-proxy="http://proxyuser:proxypass@example.org:3128"',
# }
#
# @param id
# Specifies a GPG key to authenticate Apt package signatures. Valid options: a string containing a key ID (8 or 16 hexadecimal
# characters, optionally prefixed with "0x") or a full key fingerprint (40 hexadecimal characters).
#
# @param ensure
# Specifies whether the key should exist. Using `refreshed` will make keys
# auto update when they have expired (assuming a new key exists on the key
# server).
#
# @param content
# Supplies the entire GPG key. Useful in case the key can't be fetched from a remote location and using a file resource is inconvenient.
#
# @param source
# Specifies the location of an existing GPG key file to copy. Valid options: a string containing a URL (ftp://, http://, or https://) or
# an absolute path.
#
# @param server
# Specifies a keyserver to provide the GPG key. Valid options: a string containing a domain name or a full URL (http://, https://,
# hkp:// or hkps://). The hkps:// protocol is currently only supported on Ubuntu 18.04.
#
# @param weak_ssl
# Specifies whether strict SSL verification on a https URL should be disabled.
#
# @param options
# Passes additional options to `apt-key adv --keyserver-options`.
#
define apt::key (
Pattern[/\A(0x)?[0-9a-fA-F]{8}\Z/, /\A(0x)?[0-9a-fA-F]{16}\Z/, /\A(0x)?[0-9a-fA-F]{40}\Z/] $id = $title,
Enum['present', 'absent', 'refreshed'] $ensure = present,
Optional[String[1]] $content = undef,
Optional[Pattern[/\Ahttps?:\/\//, /\Aftp:\/\//, /\A\/\w+/]] $source = undef,
Pattern[/\A((hkp|hkps|http|https):\/\/)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?(\/[a-zA-Z\d\-_.]+)*\/?$/] $server = $apt::keyserver,
Boolean $weak_ssl = false,
Optional[String[1]] $options = $apt::key_options,
) {
case $ensure {
/^(refreshed|present)$/: {
if defined(Anchor["apt_key ${id} absent"]) {
fail("key with id ${id} already ensured as absent")
}
if !defined(Anchor["apt_key ${id} present"]) {
apt_key { $title:
ensure => present,
refresh => $ensure == 'refreshed',
id => $id,
source => $source,
content => $content,
server => $server,
weak_ssl => $weak_ssl,
options => $options,
} -> anchor { "apt_key ${id} present": }
case $facts['os']['name'] {
'Debian': {
stdlib::ensure_packages(['gnupg'])
Apt::Key<| title == $title |>
}
'Ubuntu': {
stdlib::ensure_packages(['gnupg'])
Apt::Key<| title == $title |>
}
default: {
# Nothing in here
}
}
}
}
/^absent$/: {
if defined(Anchor["apt_key ${id} present"]) {
fail("key with id ${id} already ensured as present")
}
if !defined(Anchor["apt_key ${id} absent"]) {
apt_key { $title:
ensure => $ensure,
id => $id,
source => $source,
content => $content,
server => $server,
weak_ssl => $weak_ssl,
options => $options,
} -> anchor { "apt_key ${id} absent": }
}
}
default: {
fail("Invalid \'ensure\' value \'${ensure}\' for apt::key")
}
}
}

72
environments/production/thirdparty/apt/manifests/keyring.pp vendored Normal file
View file

@ -0,0 +1,72 @@
# @summary Manage GPG keyrings for apt repositories
#
# @example Download the puppetlabs apt keyring
# apt::keyring { 'puppetlabs-keyring.gpg':
# source => 'https://apt.puppetlabs.com/keyring.gpg',
# }
# @example Deploy the apt source and associated keyring file
# apt::source { 'puppet8-release':
# location => 'http://apt.puppetlabs.com',
# repos => 'puppet8',
# key => {
# name => 'puppetlabs-keyring.gpg',
# source => 'https://apt.puppetlabs.com/keyring.gpg'
# }
# }
#
# @param dir
# Path to the directory where the keyring will be stored.
#
# @param filename
# Optional filename for the keyring. It should also contain extension along with the filename.
#
# @param mode
# File permissions of the keyring.
#
# @param source
# Source of the keyring file. Mutually exclusive with 'content'.
#
# @param content
# Content of the keyring file. Mutually exclusive with 'source'.
#
# @param ensure
# Ensure presence or absence of the resource.
#
define apt::keyring (
Stdlib::Absolutepath $dir = '/etc/apt/keyrings',
String[1] $filename = $name,
Stdlib::Filemode $mode = '0644',
Optional[Stdlib::Filesource] $source = undef,
Optional[String[1]] $content = undef,
Enum['present','absent'] $ensure = 'present',
) {
ensure_resource('file', $dir, { ensure => 'directory', mode => '0755', })
if $source and $content {
fail("Parameters 'source' and 'content' are mutually exclusive")
} elsif $ensure == 'present' and ! $source and ! $content {
fail("One of 'source' or 'content' parameters are required")
}
$file = "${dir}/${filename}"
case $ensure {
'present': {
file { $file:
ensure => 'file',
mode => $mode,
owner => 'root',
group => 'root',
source => $source,
content => $content,
}
}
'absent': {
file { $file:
ensure => $ensure,
}
}
default: {
fail("Invalid 'ensure' value '${ensure}' for apt::keyring")
}
}
}

37
environments/production/thirdparty/apt/manifests/mark.pp vendored Normal file
View file

@ -0,0 +1,37 @@
# @summary Manages apt-mark settings
#
# @param setting
# Specifies the behavior of apt in case of no more dependencies installed
# https://manpages.debian.org/stable/apt/apt-mark.8.en.html
#
define apt::mark (
Enum['auto','manual','hold','unhold'] $setting,
) {
if $title !~ /^[a-z0-9][a-z0-9.+\-]+$/ {
fail("Invalid package name: ${title}")
}
if $setting == 'unhold' {
$unless_cmd = undef
} else {
$action = "show${setting}"
# It would be ideal if we could break out this command in to an array of args, similar
# to $onlyif_cmd and $command. However, in this case it wouldn't work as expected due
# to the inclusion of a pipe character.
# When passed to the exec function, the posix provider will strip everything to the right of the pipe,
# causing the command to return a full list of packages for the given action.
# The trade off is to use an interpolated string knowing that action is built from an enum value and
# title is pre-validated.
$unless_cmd = ["/usr/bin/apt-mark ${action} ${title} | grep ${title} -q"]
}
$onlyif_cmd = [['/usr/bin/dpkg', '-l', $title]]
$command = ['/usr/bin/apt-mark', $setting, $title]
exec { "apt-mark ${setting} ${title}":
command => $command,
onlyif => $onlyif_cmd,
unless => $unless_cmd,
}
}

136
environments/production/thirdparty/apt/manifests/pin.pp vendored Normal file
View file

@ -0,0 +1,136 @@
# @summary Manages Apt pins. Does not trigger an apt-get update run.
#
# @see https://manpages.debian.org/stable/apt/apt_preferences.5.en.html for context on these parameters
#
# @param ensure
# Specifies whether the pin should exist.
#
# @param explanation
# Supplies a comment to explain the pin. Default: "${caller_module_name}: ${name}".
#
# @param order
# Determines the order in which Apt processes the pin file. Files with lower order numbers are loaded first.
#
# @param packages
# Specifies which package(s) to pin.
#
# @param priority
# Sets the priority of the package. If multiple versions of a given package are available, `apt-get` installs the one with the highest
# priority number (subject to dependency constraints).
#
# @param release
# Tells APT to prefer packages that support the specified release. Typical values include 'stable', 'testing', and 'unstable'.
#
# @param release_version
# Tells APT to prefer packages that support the specified operating system release version (such as Debian release version 7).
#
# @param component
# Names the licensing component associated with the packages in the directory tree of the Release file.
#
# @param originator
# Names the originator of the packages in the directory tree of the Release file.
#
# @param label
# Names the label of the packages in the directory tree of the Release file.
#
# @param origin
# The package origin (the hostname part of the package's sources.list entry)
#
# @param version
# The version of the package
#
# @param codename
# The codename of the release
#
define apt::pin (
Enum['file', 'present', 'absent'] $ensure = present,
Optional[String[1]] $explanation = undef,
Variant[Integer[0]] $order = 50,
Variant[String[1], Array[String[1]]] $packages = '*',
Variant[Integer, String[1]] $priority = 0,
Optional[String[1]] $release = undef, # a=
Optional[String[1]] $origin = undef,
Optional[String[1]] $version = undef,
Optional[String[1]] $codename = undef, # n=
Optional[String[1]] $release_version = undef, # v=
Optional[String[1]] $component = undef, # c=
Optional[String[1]] $originator = undef, # o=
Optional[String[1]] $label = undef, # l=
) {
if $explanation {
$_explanation = $explanation
} else {
if defined('$caller_module_name') { # strict vars check
$_explanation = "${caller_module_name}: ${name}"
} else {
$_explanation = ": ${name}"
}
}
$pin_release_array = [
$release,
$codename,
$release_version,
$component,
$originator,
$label,
]
$pin_release = join($pin_release_array, '')
# Read the manpage 'apt_preferences(5)', especially the chapter
# 'The Effect of APT Preferences' to understand the following logic
# and the difference between specific and general form
if $packages =~ Array {
$packages_string = join($packages, ' ')
} else {
$packages_string = $packages
}
if $packages_string != '*' { # specific form
if ( $pin_release != '' and ( $origin or $version )) or
( $version and ( $pin_release != '' or $origin )) {
fail('parameters release, origin, and version are mutually exclusive')
}
} else { # general form
if $version {
fail('parameter version cannot be used in general form')
}
if ( $pin_release != '' and $origin ) {
fail('parameters release and origin are mutually exclusive')
}
}
# According to man 5 apt_preferences:
# The files have either no or "pref" as filename extension
# and only contain alphanumeric, hyphen (-), underscore (_) and period
# (.) characters. Otherwise APT will print a notice that it has ignored a
# file, unless that file matches a pattern in the
# Dir::Ignore-Files-Silently configuration list - in which case it will
# be silently ignored.
$file_name = regsubst($title, '[^0-9a-z\-_\.]', '_', 'IG')
$headertmp = epp('apt/_header.epp')
$pinpreftmp = epp('apt/pin.pref.epp', {
'name' => $name,
'pin_release' => $pin_release,
'release' => $release,
'codename' => $codename,
'release_version' => $release_version,
'component' => $component,
'originator' => $originator,
'label' => $label,
'version' => $version,
'origin' => $origin,
'explanation' => $_explanation,
'packages_string' => $packages_string,
'priority' => $priority,
})
apt::setting { "pref-${file_name}":
ensure => $ensure,
priority => $order,
content => "${headertmp}${pinpreftmp}",
notify_update => false,
}
}

128
environments/production/thirdparty/apt/manifests/ppa.pp vendored Normal file
View file

@ -0,0 +1,128 @@
# @summary Manages PPA repositories using `add-apt-repository`. Not supported on Debian.
#
# @example Declaration of an Apt PPA
# apt::ppa { 'ppa:openstack-ppa/bleeding-edge': }
#
# @param ensure
# Specifies whether the PPA should exist.
#
# @param options
# Supplies options to be passed to the `add-apt-repository` command.
#
# @param release
# Specifies the operating system of your node. Valid options: a string containing a valid LSB distribution codename.
# Optional if `puppet facts show os.distro.codename` returns your correct distribution release codename.
#
# @param dist
# Specifies the distribution of your node. Valid options: a string containing a valid distribution codename.
# Optional if `puppet facts show os.name` returns your correct distribution name.
#
# @param package_name
# Names the package that provides the `apt-add-repository` command.
#
# @param package_manage
# Specifies whether Puppet should manage the package that provides `apt-add-repository`.
#
define apt::ppa (
Enum['present', 'absent'] $ensure = 'present',
Optional[Array[String[1]]] $options = $apt::ppa_options,
Optional[String[1]] $release = fact('os.distro.codename'),
Optional[String[1]] $dist = $facts['os']['name'],
Optional[String[1]] $package_name = $apt::ppa_package,
Boolean $package_manage = false,
) {
unless $release {
fail('os.distro.codename fact not available: release parameter required')
}
if $dist == 'Debian' {
fail('apt::ppa is not currently supported on Debian.')
}
# Validate the resource name
if $name !~ /^ppa:([a-zA-Z0-9\-_.]+)\/([a-zA-z0-9\-_\.]+)$/ {
fail("Invalid PPA name: ${name}")
}
$distid = downcase($dist)
$dash_filename = regsubst($name, '^ppa:([^/]+)/(.+)$', "\\1-${distid}-\\2")
$underscore_filename = regsubst($name, '^ppa:([^/]+)/(.+)$', "\\1_${distid}_\\2")
$dash_filename_no_slashes = regsubst($dash_filename, '/', '-', 'G')
$dash_filename_no_specialchars = regsubst($dash_filename_no_slashes, '[\.\+]', '_', 'G')
$underscore_filename_no_slashes = regsubst($underscore_filename, '/', '-', 'G')
$underscore_filename_no_specialchars = regsubst($underscore_filename_no_slashes, '[\.\+]', '_', 'G')
$sources_list_d_filename = if versioncmp($facts['os']['release']['full'], '23.10') < 0 {
"${dash_filename_no_specialchars}-${release}.list"
} else {
"${dash_filename_no_specialchars}-${release}.sources"
}
if versioncmp($facts['os']['release']['full'], '21.04') < 0 {
$trusted_gpg_d_filename = "${underscore_filename_no_specialchars}.gpg"
} else {
$trusted_gpg_d_filename = "${dash_filename_no_specialchars}.gpg"
}
# This is the location of our main exec script.
$cache_path = $facts['puppet_vardir']
$script_path = "${cache_path}/add-apt-repository-${dash_filename_no_specialchars}-${release}.sh"
if $ensure == 'present' {
if $package_manage {
stdlib::ensure_packages($package_name)
$_require = [File['sources.list.d'], Package[$package_name]]
} else {
$_require = File['sources.list.d']
}
$_proxy = $apt::_proxy
if $_proxy['host'] {
if $_proxy['https'] {
$_proxy_env = ["http_proxy=http://${$_proxy['host']}:${$_proxy['port']}", "https_proxy=https://${$_proxy['host']}:${$_proxy['port']}"]
} else {
$_proxy_env = ["http_proxy=http://${$_proxy['host']}:${$_proxy['port']}"]
}
} else {
$_proxy_env = []
}
unless $sources_list_d_filename in $facts['apt_sources'] {
$script_content = epp('apt/add-apt-repository.sh.epp', {
command => ['/usr/bin/add-apt-repository', shell_join($options), $name],
sources_list_d_path => $apt::sources_list_d,
sources_list_d_filename => $sources_list_d_filename,
}
)
file { "add-apt-repository-script-${name}":
ensure => 'file',
path => $script_path,
content => $script_content,
mode => '0755',
}
exec { "add-apt-repository-${name}":
environment => $_proxy_env,
command => $script_path,
logoutput => 'on_failure',
notify => Class['apt::update'],
require => $_require,
before => File["${apt::sources_list_d}/${sources_list_d_filename}"],
}
}
file { "${apt::sources_list_d}/${sources_list_d_filename}": }
}
else {
tidy { "remove-apt-repository-script-${name}":
path => $script_path,
}
tidy { "remove-apt-repository-${name}":
path => "${apt::sources_list_d}/${sources_list_d_filename}",
notify => Class['apt::update'],
}
}
}

77
environments/production/thirdparty/apt/manifests/setting.pp vendored Normal file
View file

@ -0,0 +1,77 @@
# @summary Manages Apt configuration files.
#
# @see https://www.puppet.com/docs/puppet/latest/types/file.html#file-attributes for more information on source and content parameters
#
# @param priority
# Determines the order in which Apt processes the configuration file. Files with higher priority numbers are loaded first.
#
# @param ensure
# Specifies whether the file should exist.
#
# @param source
# Required, unless `content` is set. Specifies a source file to supply the content of the configuration file. Cannot be used in combination
# with `content`. Valid options: see link above for Puppet's native file type source attribute.
#
# @param content
# Required, unless `source` is set. Directly supplies content for the configuration file. Cannot be used in combination with `source`. Valid
# options: see link above for Puppet's native file type content attribute.
#
# @param notify_update
# Specifies whether to trigger an `apt-get update` run.
#
define apt::setting (
Variant[String[1], Integer[0]] $priority = 50,
Enum['file', 'present', 'absent'] $ensure = file,
Optional[String[1]] $source = undef,
Optional[String[1]] $content = undef,
Boolean $notify_update = true,
) {
if $content and $source {
fail('apt::setting cannot have both content and source')
}
if $ensure != 'absent' {
if !$content and !$source {
fail('apt::setting needs either of content or source')
}
}
$title_array = split($title, '-')
$setting_type = $title_array[0]
$base_name = join(delete_at($title_array, 0), '-')
assert_type(Pattern[/\Aconf\z/, /\Apref\z/, /\Alist\z/, /\Asources\z/], $setting_type) |$a, $b| {
fail("apt::setting resource name/title must start with either 'conf-', 'pref-', 'list-', or 'sources-'")
}
if $priority !~ Integer {
# need this to allow zero-padded priority.
assert_type(Pattern[/^\d+$/], $priority) |$a, $b| {
fail('apt::setting priority must be an integer or a zero-padded integer')
}
}
if $setting_type in ['list', 'pref', 'sources'] {
$_priority = ''
} else {
$_priority = $priority
}
$_path = $apt::config_files[$setting_type]['path']
$_ext = $apt::config_files[$setting_type]['ext']
if $notify_update {
$_notify = Class['apt::update']
} else {
$_notify = undef
}
file { "${_path}/${_priority}${base_name}${_ext}":
ensure => $ensure,
owner => 'root',
group => 'root',
content => $content,
source => $source,
notify => $_notify,
}
}

363
environments/production/thirdparty/apt/manifests/source.pp vendored Normal file
View file

@ -0,0 +1,363 @@
# @summary Manages the Apt sources in /etc/apt/sources.list.d/.
#
# @example Install the puppetlabs apt source
# apt::source { 'puppetlabs':
# location => 'http://apt.puppetlabs.com',
# repos => 'main',
# key => {
# id => '6F6B15509CF8E59E6E469F327F438280EF8D349F',
# server => 'keyserver.ubuntu.com',
# },
# }
#
# @example Download key behaviour to handle modern apt gpg keyrings. The `name` parameter in the key hash should be given with
# extension. Absence of extension will result in file formation with just name and no extension.
# apt::source { 'puppetlabs':
# location => 'http://apt.puppetlabs.com',
# comment => 'Puppet8',
# key => {
# 'name' => 'puppetlabs.gpg',
# 'source' => 'https://apt.puppetlabs.com/keyring.gpg',
# },
# }
#
# @example Install the puppetlabs apt source (deb822 format)
# apt::source { 'puppetlabs':
# source_format => 'sources'
# location => ['http://apt.puppetlabs.com'],
# repos => ['puppet8'],
# keyring => '/etc/apt/keyrings/puppetlabs.gpg',
# }
#
# @param source_format
# The file format to use for the apt source. See https://wiki.debian.org/SourcesList
#
# @param location
# Required, unless ensure is set to 'absent'. Specifies an Apt repository. Valid options: a string containing a repository URL.
# DEB822: Supports an array of URL values
#
# @param types
# DEB822: The package types this source manages.
#
# @param enabled
# DEB822: Enable or Disable the APT source.
#
# @param comment
# Supplies a comment for adding to the Apt source file.
#
# @param ensure
# Specifies whether the Apt source file should exist.
#
# @param release
# Specifies a distribution of the Apt repository.
# DEB822: Supports an array of values
#
# @param repos
# Specifies a component of the Apt repository.
# DEB822: Supports an array of values
#
# @param include
# Configures include options. Valid options: a hash of available keys.
#
# @option include [Boolean] :deb
# Specifies whether to request the distribution's compiled binaries.
#
# @option include [Boolean] :src
# Specifies whether to request the distribution's uncompiled source code.
#
# @param key
# Creates an `apt::keyring` in `/etc/apt/keyrings` (or anywhere on disk given `filename`) Valid options:
# * a hash of `parameter => value` pairs to be passed to `file`: `name` (title), `content`, `source`, `filename`
#
# The following inputs are valid for the (deprecated) `apt::key` defined type. Valid options:
# * a string to be passed to the `id` parameter of the `apt::key` defined type
# * a hash of `parameter => value` pairs to be passed to `apt::key`: `id`, `server`, `content`, `source`, `weak_ssl`, `options`
#
# @param keyring
# Absolute path to a file containing the PGP keyring used to sign this repository. Value is used to set signed-by on the source entry.
# This is not necessary if the key is installed with `key` param above.
# See https://wiki.debian.org/DebianRepository/UseThirdParty for details.
#
# @param pin
# Creates a declaration of the apt::pin defined type. Valid options: a number or string to be passed to the `priority` parameter of the
# `apt::pin` defined type, or a hash of `parameter => value` pairs to be passed to `apt::pin`'s corresponding parameters.
#
# @param architecture
# Tells Apt to only download information for specified architectures. Valid options: a string containing one or more architecture names,
# separated by commas (e.g., 'i386' or 'i386,alpha,powerpc').
# (if unspecified, Apt downloads information for all architectures defined in the Apt::Architectures option)
# DEB822: Supports an array of values
#
# @param allow_unsigned
# Specifies whether to authenticate packages from this release, even if the Release file is not signed or the signature can't be checked.
#
# @param allow_insecure
# Specifies whether to allow downloads from insecure repositories.
#
# @param notify_update
# Specifies whether to trigger an `apt-get update` run.
#
# @param check_valid_until
# Specifies whether to check if the package release date is valid.
#
define apt::source (
Enum['list', 'sources'] $source_format = 'list',
Array[Enum['deb','deb-src'], 1, 2] $types = ['deb'],
Optional[Variant[String[1], Array[String[1]]]] $location = undef,
String[1] $comment = $name,
Boolean $enabled = true, # deb822
Enum['present', 'absent'] $ensure = present,
Optional[Variant[String[0], Array[String[0]]]] $release = undef,
Variant[String[1], Array[String[1]]] $repos = 'main',
Hash $include = {},
Optional[Variant[String[1], Hash]] $key = undef,
Optional[Stdlib::AbsolutePath] $keyring = undef,
Optional[Variant[Hash, Integer, String[1]]] $pin = undef,
Optional[Variant[String[1], Array[String[1]]]] $architecture = undef,
Optional[Boolean] $allow_unsigned = undef,
Optional[Boolean] $allow_insecure = undef,
Optional[Boolean] $check_valid_until = undef,
Boolean $notify_update = true,
) {
include apt
$_before = Apt::Setting["list-${title}"]
case $source_format {
'list': {
$_file_suffix = $source_format
if !$release {
if fact('os.distro.codename') {
$_release = fact('os.distro.codename')
} else {
fail('os.distro.codename fact not available: release parameter required')
}
} else {
$_release = $release
}
if $release =~ Pattern[/\/$/] {
$_components = $_release
} elsif $repos =~ Array {
$_components = join([$_release] + $repos, ' ')
} else {
$_components = "${_release} ${repos}"
}
if $ensure == 'present' {
if ! $location {
fail('cannot create a source entry without specifying a location')
}
elsif ($apt::proxy['https_acng']) and ($location =~ /(?i:^https:\/\/)/) {
$_location = regsubst($location, 'https://','http://HTTPS///')
}
else {
$_location = $location
}
} else {
$_location = undef
}
$includes = $apt::include_defaults + $include
if $keyring {
if $key {
fail('parameters key and keyring are mutually exclusive')
} else {
$_list_keyring = $keyring
}
} elsif $key {
if $key =~ Hash {
unless $key['name'] or $key['id'] {
fail('key hash must contain a key name (for apt::keyring) or an id (for apt::key)')
}
if $key['id'] {
# defaults like keyserver are only relevant to apt::key
$_key = $apt::source_key_defaults + $key
} else {
$_key = $key
}
} else {
$_key = { 'id' => assert_type(String[1], $key) }
}
if $_key['ensure'] {
$_key_ensure = $_key['ensure']
} else {
$_key_ensure = $ensure
}
# Old keyserver keys handled by apt-key
if $_key =~ Hash and $_key['id'] {
# We do not want to remove keys when the source is absent.
if $ensure == 'present' {
apt::key { "Add key: ${$_key['id']} from Apt::Source ${title}":
ensure => $_key_ensure,
id => $_key['id'],
server => $_key['server'],
content => $_key['content'],
source => $_key['source'],
options => $_key['options'],
weak_ssl => $_key['weak_ssl'],
before => $_before,
}
}
$_list_keyring = undef
}
# Modern apt keyrings
elsif $_key =~ Hash and $_key['name'] {
apt::keyring { $_key['name']:
ensure => $_key_ensure,
content => $_key['content'],
source => $_key['source'],
dir => $_key['dir'],
filename => $_key['filename'],
mode => $_key['mode'],
before => $_before,
}
$_list_keyring = if $_key['dir'] and $_key['filename'] {
"${_key['dir']}${_key['filename']}"
} elsif $_key['filename'] {
"/etc/apt/keyrings/${_key['filename']}"
} elsif $_key['dir'] {
"${_key['dir']}${_key['name']}"
} else {
"/etc/apt/keyrings/${_key['name']}"
}
}
} else {
# No `key` nor `keyring` provided
$_list_keyring = undef
}
$header = epp('apt/_header.epp')
if $architecture {
$_architecture = regsubst($architecture, '\baarch64\b', 'arm64')
} else {
$_architecture = undef
}
$source_content = epp('apt/source.list.epp', {
'comment' => $comment,
'includes' => $includes,
'options' => delete_undef_values({
'arch' => $_architecture,
'trusted' => $allow_unsigned ? { true => 'yes', false => undef, default => undef },
'allow-insecure' => $allow_insecure ? { true => 'yes', false => undef, default => undef },
'signed-by' => $_list_keyring,
'check-valid-until' => $check_valid_until? { true => undef, false => 'false', default => undef },
},
),
'location' => $_location,
'components' => $_components,
}
)
if $pin {
if $pin =~ Hash {
$_pin = $pin + { 'ensure' => $ensure, 'before' => $_before }
} elsif ($pin =~ Numeric or $pin =~ String) {
$url_split = split($location, '[:\/]+')
$host = $url_split[1]
$_pin = {
'ensure' => $ensure,
'priority' => $pin,
'before' => $_before,
'origin' => $host,
}
} else {
fail('Received invalid value for pin parameter')
}
apt::pin { $name:
* => $_pin,
}
}
}
'sources': {
$_file_suffix = $source_format
if $pin {
warning("'pin' parameter is not supported with deb822 format.")
}
if $key {
warning("'key' parameter is not supported with deb822 format.")
}
if $ensure == 'present' {
if ! $location {
fail('cannot create a source entry without specifying a location')
}
}
if $location !~ Array {
warning('For deb822 sources, location must be specified as an array.')
$_location = [$location]
} else {
$_location = $location
}
if !$release {
if fact('os.distro.codename') {
$_release = [fact('os.distro.codename')]
} else {
fail('os.distro.codename fact not available: release parameter required')
}
} elsif $release !~ Array {
warning("For deb822 sources, 'release' must be specified as an array. Converting to array.")
$_release = [$release]
} else {
$_release = $release
}
if $repos !~ Array {
warning("For deb822 sources, 'repos' must be specified as an array. Converting to array.")
$_repos = split($repos, /\s+/)
} else {
$_repos = $repos
}
if $architecture and $architecture !~ Array {
warning("For deb822 sources, 'architecture' must be specified as an array. Converting to array.")
$_architecture = split($architecture, '[,]')
} else {
$_architecture = $architecture
}
case $ensure {
'present': {
$header = epp('apt/_header.epp')
$source_content = epp('apt/source_deb822.epp', delete_undef_values({
'uris' => $_location,
'suites' => $_release,
'components' => $_repos,
'types' => $types,
'comment' => $comment,
'enabled' => $enabled ? { true => 'yes', false => 'no' },
'architectures' => $_architecture,
'allow_insecure' => $allow_insecure ? { true => 'yes', false => 'no', default => undef },
'repo_trusted' => $allow_unsigned ? { true => 'yes', false => 'no', default => undef },
'check_valid_until' => $check_valid_until ? { true => 'yes', false => 'no', default => undef },
'signed_by' => $keyring,
}
)
)
}
'absent': {
$header = undef
$source_content = undef
}
default: {
fail('Unexpected value for $ensure parameter.')
}
}
}
default: {
fail("Unexpected APT source format: ${source_format}")
}
}
apt::setting { "${_file_suffix}-${name}":
ensure => $ensure,
content => "${header}${source_content}",
notify_update => $notify_update,
}
}

98
environments/production/thirdparty/apt/manifests/update.pp vendored Normal file
View file

@ -0,0 +1,98 @@
# @summary Updates the list of available packages using apt-get update.
#
# @api private
#
class apt::update {
assert_private()
#TODO: to catch if apt_update_last_success has the value of -1 here. If we
#opt to do this, a info/warn would likely be all you'd need likely to happen
#on the first run, but if it's not run in awhile something is likely borked
#with apt and we'd want to know about it.
case $apt::_update['frequency'] {
'always': {
$_kick_apt = true
}
Integer[60]:{
#compare current date with the apt_update_last_success fact to determine
#if we should kick apt_update.
$int_threshold = (Integer(Timestamp().strftime('%s')) - Integer($apt::_update['frequency']))
if $facts['apt_update_last_success'] {
if $facts['apt_update_last_success'] + 0 < $int_threshold {
$_kick_apt = true
} else {
$_kick_apt = false
}
} else {
#if apt-get update has not successfully run, we should kick apt_update
$_kick_apt = true
}
}
'hourly':{
#compare current date with the apt_update_last_success fact to determine
#if we should kick apt_update.
$hourly_threshold = (Integer(Timestamp().strftime('%s')) - 3600)
if $facts['apt_update_last_success'] {
if $facts['apt_update_last_success'] + 0 < $hourly_threshold {
$_kick_apt = true
} else {
$_kick_apt = false
}
} else {
#if apt-get update has not successfully run, we should kick apt_update
$_kick_apt = true
}
}
'daily': {
#compare current date with the apt_update_last_success fact to determine
#if we should kick apt_update.
$daily_threshold = (Integer(Timestamp().strftime('%s')) - 86400)
if $facts['apt_update_last_success'] {
if $facts['apt_update_last_success'] + 0 < $daily_threshold {
$_kick_apt = true
} else {
$_kick_apt = false
}
} else {
#if apt-get update has not successfully run, we should kick apt_update
$_kick_apt = true
}
}
'weekly':{
#compare current date with the apt_update_last_success fact to determine
#if we should kick apt_update.
$weekly_threshold = (Integer(Timestamp().strftime('%s')) - 604800)
if $facts['apt_update_last_success'] {
if $facts['apt_update_last_success'] + 0 < $weekly_threshold {
$_kick_apt = true
} else {
$_kick_apt = false
}
} else {
#if apt-get update has not successfully run, we should kick apt_update
$_kick_apt = true
}
}
default: {
#catches 'reluctantly', and any other value (which should not occur).
#do nothing.
$_kick_apt = false
}
}
if $_kick_apt {
$_refresh = false
} else {
$_refresh = true
}
exec { 'apt_update':
command => "${apt::provider} update",
loglevel => $apt::_update['loglevel'],
logoutput => 'on_failure',
refreshonly => $_refresh,
timeout => $apt::_update['timeout'],
tries => $apt::_update['tries'],
try_sleep => 1,
}
}

42
environments/production/thirdparty/apt/metadata.json vendored Normal file
View file

@ -0,0 +1,42 @@
{
"name": "puppetlabs-apt",
"version": "10.0.1",
"author": "puppetlabs",
"summary": "Provides an interface for managing Apt source, key, and definitions with Puppet",
"license": "Apache-2.0",
"source": "https://github.com/puppetlabs/puppetlabs-apt",
"project_page": "https://github.com/puppetlabs/puppetlabs-apt",
"issues_url": "https://github.com/puppetlabs/puppetlabs-apt/issues",
"dependencies": [
{
"name": "puppetlabs/stdlib",
"version_requirement": ">= 9.0.0 < 10.0.0"
}
],
"operatingsystem_support": [
{
"operatingsystem": "Debian",
"operatingsystemrelease": [
"11",
"12"
]
},
{
"operatingsystem": "Ubuntu",
"operatingsystemrelease": [
"18.04",
"20.04",
"22.04"
]
}
],
"requirements": [
{
"name": "puppet",
"version_requirement": ">= 7.0.0 < 9.0.0"
}
],
"template-url": "https://github.com/puppetlabs/pdk-templates.git#main",
"template-ref": "tags/3.2.0.4-0-g5d17ec1",
"pdk-version": "3.2.0"
}

2
environments/production/thirdparty/apt/pdk.yaml vendored Normal file
View file

@ -0,0 +1,2 @@
---
ignore: []

37
environments/production/thirdparty/apt/provision.yaml vendored Normal file
View file

@ -0,0 +1,37 @@
---
default:
provisioner: docker
images:
- litmusimage/debian:9
vagrant:
provisioner: vagrant
images:
- centos/7
- generic/ubuntu1804
docker_deb:
provisioner: docker
images:
- litmusimage/debian:9
- litmusimage/debian:10
docker_ub_6:
provisioner: docker
images:
- litmusimage/ubuntu:18.04
- litmusimage/ubuntu:20.04
docker_el7:
provisioner: docker
images: []
release_checks_6:
provisioner: abs
images:
- debian-9-x86_64
- debian-10-x86_64
- ubuntu-1804-x86_64
- ubuntu-2004-x86_64
release_checks_7:
provisioner: abs
images:
- debian-9-x86_64
- debian-10-x86_64
- ubuntu-1804-x86_64
- ubuntu-2004-x86_64

10
environments/production/thirdparty/apt/tasks/init.json vendored Normal file
View file

@ -0,0 +1,10 @@
{
"description": "Allows you to perform apt-get functions",
"input_method": "stdin",
"parameters": {
"action": {
"description": "Action to perform with apt-get",
"type": "Enum[update, upgrade, dist-upgrade, autoremove]"
}
}
}

34
environments/production/thirdparty/apt/tasks/init.rb vendored Executable file
View file

@ -0,0 +1,34 @@
#!/opt/puppetlabs/puppet/bin/ruby
# frozen_string_literal: true
require 'json'
require 'open3'
require 'puppet'
def apt_get(action)
cmd = ['apt-get', action]
cmd << '-y' if ['upgrade', 'dist-upgrade', 'autoremove'].include?(action)
if ['upgrade', 'dist-upgrade', 'autoremove'].include?(action)
ENV['DEBIAN_FRONTEND'] = 'noninteractive'
cmd << '-o'
cmd << 'Dpkg::Options="--force-confdef"'
cmd << '-o'
cmd << 'Dpkg::Options="--force-confold"'
end
stdout, stderr, status = Open3.capture3(*cmd)
raise Puppet::Error, stderr if status != 0
{ status: stdout.strip }
end
params = JSON.parse($stdin.read)
action = params['action']
begin
result = apt_get(action)
puts result.to_json
exit 0
rescue Puppet::Error => e
puts({ status: 'failure', error: e.message }.to_json)
exit 1
end

1
environments/production/thirdparty/apt/templates/_conf_header.epp vendored Normal file
View file

@ -0,0 +1 @@
// This file is managed by Puppet. DO NOT EDIT.

1
environments/production/thirdparty/apt/templates/_header.epp vendored Normal file
View file

@ -0,0 +1 @@
# This file is managed by Puppet. DO NOT EDIT.

8
environments/production/thirdparty/apt/templates/add-apt-repository.sh.epp vendored Normal file
View file

@ -0,0 +1,8 @@
<%- | Array $command, String $sources_list_d_path, String $sources_list_d_filename | -%>
<%= $command.join(' ') %>
if [ $? -gt 0 ]; then
rm <%= $sources_list_d_path %>/<%= $sources_list_d_filename %>
exit 1
fi

6
environments/production/thirdparty/apt/templates/auth_conf.epp vendored Normal file
View file

@ -0,0 +1,6 @@
// This file is managed by Puppet. DO NOT EDIT.
<% if $auth_conf_entries != [] { -%>
<% $auth_conf_entries.each | $auth_conf_entry | { -%>
machine <%= $auth_conf_entry['machine'] %> login <%= $auth_conf_entry['login'] %> password <%= $auth_conf_entry['password'] %>
<% } -%>
<% } -%>

26
environments/production/thirdparty/apt/templates/pin.pref.epp vendored Normal file
View file

@ -0,0 +1,26 @@
<%- | $name, $pin_release, $release, $codename, $release_version, $component, $originator, $label, $version, $origin, $explanation, $packages_string, $priority | -%>
<%-
$pin =
if $pin_release != '' {
$options = [
unless $release =~ Undef { "a=${release}" },
unless $codename =~ Undef { "n=${codename}" },
unless $release_version =~ Undef { "v=${release_version}"},
unless $component =~ Undef { "c=${component}" },
unless $originator =~ Undef { "o=${originator}" },
unless $label =~ Undef { "l=${label}" },
].filter |$x| { $x != undef }
"release ${options.join(', ')}" }
elsif $version and "${version}".length > 0 {
"version ${version}" }
elsif $origin and $origin.length > 0 {
"origin ${origin}" }
else {
"release a=${name}" #Default value
}
-%>
Explanation: <%= $explanation %>
Package: <%= $packages_string %>
Pin: <%= $pin %>
Pin-Priority: <%= $priority %>

10
environments/production/thirdparty/apt/templates/proxy.epp vendored Normal file
View file

@ -0,0 +1,10 @@
<%- | Hash $proxies | -%>
<% $proxies['perhost'].each |$proxy| { -%>
Acquire::<%= $proxy['scheme'] %>::proxy::<%= $proxy['scope'] %> "<%= $proxy['target'] %>";
<% } -%>
Acquire::http::proxy "http://<%= $proxies['host'] %>:<%= $proxies['port'] %>/";
<%- if $proxies['https'] { %>
Acquire::https::proxy "https://<%= $proxies['host'] %>:<%= $proxies['port'] %>/";
<%- } elsif $proxies['direct'] { -%>
Acquire::https::proxy "DIRECT";
<%- } -%>

8
environments/production/thirdparty/apt/templates/source.list.epp vendored Normal file
View file

@ -0,0 +1,8 @@
<%- | String $comment, Hash $includes, Hash $options, $location, String $components | -%>
# <%= $comment %>
<%- if $includes['deb'] { -%>
deb <% if !$options.empty() { -%>[<%= $options.map |$key, $value| { if !$value.empty() { "${key}=${value}" } }.join(" ") %>] <% } -%> <%= $location %> <%= $components %>
<%- } -%>
<%- if $includes['src'] { -%>
deb-src <% if !$options.empty() { -%>[<%= $options.map |$key, $value| { if !$value.empty() { "${key}=${value}" } }.join(" ") %>] <% } -%> <%= $location %> <%= $components %>
<%- } -%>

36
environments/production/thirdparty/apt/templates/source_deb822.epp vendored Normal file
View file

@ -0,0 +1,36 @@
<% | String $comment,
Enum['yes','no'] $enabled,
Array[String] $types,
Array[String] $uris,
Array[String] $suites,
Array[String] $components,
Optional[Array] $architectures = undef,
Optional[Enum['yes','no']] $allow_insecure = undef,
Optional[Enum['yes','no']] $repo_trusted = undef,
Optional[Enum['yes','no']] $check_valid_until = undef,
Optional[Variant[Stdlib::AbsolutePath,Array[String]]] $signed_by = undef,
| -%>
# <%= $comment %>
Enabled: <%= $enabled %>
Types: <% $types.each |String $type| { -%> <%= $type %> <% } %>
URIs: <% $uris.each | String $uri | { -%> <%= $uri %> <% } %>
Suites: <% $suites.each | String $suite | { -%> <%= $suite %> <% } %>
Components: <% $components.each | String $component | { -%> <%= $component %> <% } %>
<% if $architectures { -%>
Architectures:<% $architectures.each | String $arch | { %> <%= $arch %><% } %>
<%- } -%>
<% if $allow_insecure { -%>
Allow-Insecure: <%= $allow_insecure %>
<% } -%>
<% if $repo_trusted { -%>
Trusted: <%= $repo_trusted %>
<% } -%>
<% if $check_valid_until { -%>
Check-Valid-Until: <%= $check_valid_until %>
<% } -%>
<% if $signed_by { -%>
Signed-By: <% if type($signed_by) =~ Type[Array] { -%><%- $signed_by.each |String $keyring| { -%><%= $keyring %> <% } -%>
<%- } -%>
<%- elsif type($signed_by) =~ Type[String] { -%>
<%= $signed_by -%>
<%- }} %>

20
environments/production/thirdparty/apt/types/auth_conf_entry.pp vendored Normal file
View file

@ -0,0 +1,20 @@
# @summary Login configuration settings that are recorded in the file `/etc/apt/auth.conf`.
#
# @see https://manpages.debian.org/testing/apt/apt_auth.conf.5.en.html for more information
#
# @param machine
# Hostname of machine to connect to.
#
# @param login
# Specifies the username to connect with.
#
# @param password
# Specifies the password to connect with.
#
type Apt::Auth_conf_entry = Struct[
{
machine => String[1],
login => String,
password => String
}
]

28
environments/production/thirdparty/apt/types/proxy.pp vendored Normal file
View file

@ -0,0 +1,28 @@
# @summary Configures Apt to connect to a proxy server.
#
# @param ensure
# Specifies whether the proxy should exist. Valid options: 'file', 'present', and 'absent'. Prefer 'file' over 'present'.
#
# @param host
# Specifies a proxy host to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: a string containing a hostname.
#
# @param port
# Specifies a proxy port to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: an integer containing a port number.
#
# @param https
# Specifies whether to enable https proxies.
#
# @param direct
# Specifies whether or not to use a `DIRECT` https proxy if http proxy is used but https is not.
#
type Apt::Proxy = Struct[
{
ensure => Optional[Enum['file', 'present', 'absent']],
host => Optional[String],
port => Optional[Integer[0, 65535]],
https => Optional[Boolean],
https_acng => Optional[Boolean],
direct => Optional[Boolean],
perhost => Optional[Array[Apt::Proxy_Per_Host]],
}
]

26
environments/production/thirdparty/apt/types/proxy_per_host.pp vendored Normal file
View file

@ -0,0 +1,26 @@
# @summary Adds per-host overrides to the system default APT proxy configuration
#
# @param scope
# Specifies the scope of the override. Valid options: a string containing a hostname.
#
# @param host
# Specifies a proxy host to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: a string containing a hostname.
#
# @param port
# Specifies a proxy port to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: an integer containing a port number.
#
# @param https
# Specifies whether to enable https for this override.
#
# @param direct
# Specifies whether or not to use a `DIRECT` target to bypass the system default proxy.
#
type Apt::Proxy_Per_Host = Struct[
{
scope => String,
host => Optional[String],
port => Optional[Integer[1, 65535]],
https => Optional[Boolean],
direct => Optional[Boolean],
}
]

583
environments/production/thirdparty/docker/CHANGELOG.md vendored Normal file
View file

@ -0,0 +1,583 @@
<!-- markdownlint-disable MD024 -->
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).
## [v10.2.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v10.2.0) - 2025-03-10
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v10.1.0...v10.2.0)
### Added
- (GH-962) Allow Amazon Linux 2 and newer versions [#972](https://github.com/puppetlabs/puppetlabs-docker/pull/972) ([rjd1](https://github.com/rjd1))
## [v10.1.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v10.1.0) - 2024-12-18
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v10.0.1...v10.1.0)
### Added
- Add support for EL9 [#1007](https://github.com/puppetlabs/puppetlabs-docker/pull/1007) ([ghoneycutt](https://github.com/ghoneycutt))
## [v10.0.1](https://github.com/puppetlabs/puppetlabs-docker/tree/v10.0.1) - 2024-07-13
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v10.0.0...v10.0.1)
### Fixed
- systemd service overrides: restore whitespace to pre-conversion [#983](https://github.com/puppetlabs/puppetlabs-docker/pull/983) ([kenyon](https://github.com/kenyon))
## [v10.0.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v10.0.0) - 2024-07-04
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v9.1.0...v10.0.0)
### Changed
- Use the docker-compose-plugin via 'docker compose' instead of 'docker-compose' [#975](https://github.com/puppetlabs/puppetlabs-docker/pull/975) ([nathanlcarlson](https://github.com/nathanlcarlson))
### Fixed
- (CAT-1143)-Conversion_of_erb_templates_to_epp [#944](https://github.com/puppetlabs/puppetlabs-docker/pull/944) ([praj1001](https://github.com/praj1001))
## [v9.1.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v9.1.0) - 2023-07-19
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v9.0.1...v9.1.0)
### Added
- CONT-568 : Adding deferred function for password [#918](https://github.com/puppetlabs/puppetlabs-docker/pull/918) ([malikparvez](https://github.com/malikparvez))
## [v9.0.1](https://github.com/puppetlabs/puppetlabs-docker/tree/v9.0.1) - 2023-07-06
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v8.0.0...v9.0.1)
### Fixed
- (CONT-1196) - Remove deprecated function merge [#935](https://github.com/puppetlabs/puppetlabs-docker/pull/935) ([Ramesh7](https://github.com/Ramesh7))
## [v8.0.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v8.0.0) - 2023-07-05
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v7.0.0...v8.0.0)
### Changed
- pdksync - (MAINT) - Require Stdlib 9.x [#921](https://github.com/puppetlabs/puppetlabs-docker/pull/921) ([LukasAud](https://github.com/LukasAud))
### Added
- (CONT-1121) - Add support for CentOS 8 [#926](https://github.com/puppetlabs/puppetlabs-docker/pull/926) ([jordanbreen28](https://github.com/jordanbreen28))
## [v7.0.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v7.0.0) - 2023-05-02
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v6.1.0...v7.0.0)
### Changed
- (CONT-776) - Add Puppet 8/Drop Puppet 6 [#910](https://github.com/puppetlabs/puppetlabs-docker/pull/910) ([jordanbreen28](https://github.com/jordanbreen28))
## [v6.1.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v6.1.0) - 2023-04-28
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v6.0.2...v6.1.0)
### Added
- (CONT-351) Syntax update [#901](https://github.com/puppetlabs/puppetlabs-docker/pull/901) ([LukasAud](https://github.com/LukasAud))
### Fixed
- Fix `docker` fact with recent version of docker [#897](https://github.com/puppetlabs/puppetlabs-docker/pull/897) ([smortex](https://github.com/smortex))
- Use puppet yaml helper to workaround psych >4 breaking changes [#877](https://github.com/puppetlabs/puppetlabs-docker/pull/877) ([gfargeas](https://github.com/gfargeas))
## [v6.0.2](https://github.com/puppetlabs/puppetlabs-docker/tree/v6.0.2) - 2022-12-08
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v6.0.1...v6.0.2)
### Fixed
- (CONT-24) docker_stack always redoploying [#878](https://github.com/puppetlabs/puppetlabs-docker/pull/878) ([david22swan](https://github.com/david22swan))
## [v6.0.1](https://github.com/puppetlabs/puppetlabs-docker/tree/v6.0.1) - 2022-11-25
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v6.0.0...v6.0.1)
### Fixed
- Revert "(maint) Hardening manifests and tasks" [#875](https://github.com/puppetlabs/puppetlabs-docker/pull/875) ([pmcmaw](https://github.com/pmcmaw))
## [v6.0.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v6.0.0) - 2022-11-21
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v5.1.0...v6.0.0)
### Changed
- (CONT-263) Bumping required puppet version [#871](https://github.com/puppetlabs/puppetlabs-docker/pull/871) ([LukasAud](https://github.com/LukasAud))
- docker_run_flags: Shellescape any provided values [#869](https://github.com/puppetlabs/puppetlabs-docker/pull/869) ([LukasAud](https://github.com/LukasAud))
- (maint) Hardening manifests and tasks [#863](https://github.com/puppetlabs/puppetlabs-docker/pull/863) ([LukasAud](https://github.com/LukasAud))
## [v5.1.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v5.1.0) - 2022-10-21
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v5.0.0...v5.1.0)
### Added
- Add missing extra_systemd_parameters values to docker-run.erb [#851](https://github.com/puppetlabs/puppetlabs-docker/pull/851) ([cbowman0](https://github.com/cbowman0))
### Fixed
- pdksync - (CONT-130) Dropping Support for Debian 9 [#859](https://github.com/puppetlabs/puppetlabs-docker/pull/859) ([jordanbreen28](https://github.com/jordanbreen28))
- Change `stop_wait_time` value to match Docker default [#858](https://github.com/puppetlabs/puppetlabs-docker/pull/858) ([sebcdri](https://github.com/sebcdri))
## [v5.0.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v5.0.0) - 2022-08-19
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v4.4.0...v5.0.0)
### Changed
- Remove log_driver limitations [#792](https://github.com/puppetlabs/puppetlabs-docker/pull/792) ([timdeluxe](https://github.com/timdeluxe))
### Added
- pdksync - (GH-cat-11) Certify Support for Ubuntu 22.04 [#850](https://github.com/puppetlabs/puppetlabs-docker/pull/850) ([david22swan](https://github.com/david22swan))
- adding optional variable for package_key_check_source to RedHat [#846](https://github.com/puppetlabs/puppetlabs-docker/pull/846) ([STaegtmeier](https://github.com/STaegtmeier))
- New create_user parameter on main class [#841](https://github.com/puppetlabs/puppetlabs-docker/pull/841) ([traylenator](https://github.com/traylenator))
## [v4.4.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v4.4.0) - 2022-06-01
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v4.3.0...v4.4.0)
### Added
- Update Docker Compose to handle symbols [#834](https://github.com/puppetlabs/puppetlabs-docker/pull/834) ([sili72](https://github.com/sili72))
### Fixed
- Avoid empty array to -net parameter [#837](https://github.com/puppetlabs/puppetlabs-docker/pull/837) ([chelnak](https://github.com/chelnak))
- (GH-785) Fix duplicate stack matching [#836](https://github.com/puppetlabs/puppetlabs-docker/pull/836) ([chelnak](https://github.com/chelnak))
- Fix docker-compose, network and volumes not applying on 1st run, fix other idempotency [#833](https://github.com/puppetlabs/puppetlabs-docker/pull/833) ([canihavethisone](https://github.com/canihavethisone))
- Fixed docker facts to check for active swarm clusters before running docker swarm sub-commands. [#817](https://github.com/puppetlabs/puppetlabs-docker/pull/817) ([nmaludy](https://github.com/nmaludy))
## [v4.3.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v4.3.0) - 2022-05-16
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v4.2.1...v4.3.0)
### Added
- Add tmpdir option to docker_compose [#823](https://github.com/puppetlabs/puppetlabs-docker/pull/823) ([canihavethisone](https://github.com/canihavethisone))
- Support different Architectures (like `aarch64`) when installing Compose [#812](https://github.com/puppetlabs/puppetlabs-docker/pull/812) ([mpdude](https://github.com/mpdude))
### Fixed
- Only install docker-ce-cli with docker-ce [#827](https://github.com/puppetlabs/puppetlabs-docker/pull/827) ([vchepkov](https://github.com/vchepkov))
- remove some legacy facts [#802](https://github.com/puppetlabs/puppetlabs-docker/pull/802) ([traylenator](https://github.com/traylenator))
- Fix missing comma in docker::image example [#787](https://github.com/puppetlabs/puppetlabs-docker/pull/787) ([Vincevrp](https://github.com/Vincevrp))
- allow docker::networks::networks param to be undef [#783](https://github.com/puppetlabs/puppetlabs-docker/pull/783) ([jhoblitt](https://github.com/jhoblitt))
## [v4.2.1](https://github.com/puppetlabs/puppetlabs-docker/tree/v4.2.1) - 2022-04-14
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v4.2.0...v4.2.1)
### Fixed
- Fix permission denied issue introduced in v4.2.0 [#820](https://github.com/puppetlabs/puppetlabs-docker/pull/820) ([chelnak](https://github.com/chelnak))
## [v4.2.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v4.2.0) - 2022-04-11
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v4.1.2...v4.2.0)
### Added
- pdksync - (FM-8922) - Add Support for Windows 2022 [#801](https://github.com/puppetlabs/puppetlabs-docker/pull/801) ([david22swan](https://github.com/david22swan))
- (IAC-1729) Add Support for Debian 11 [#799](https://github.com/puppetlabs/puppetlabs-docker/pull/799) ([david22swan](https://github.com/david22swan))
### Fixed
- pdksync - (GH-iac-334) Remove Support for Ubuntu 14.04/16.04 [#807](https://github.com/puppetlabs/puppetlabs-docker/pull/807) ([david22swan](https://github.com/david22swan))
- Fix idempotency when using scaling with docker-compose [#805](https://github.com/puppetlabs/puppetlabs-docker/pull/805) ([canihavethisone](https://github.com/canihavethisone))
- Make RedHat version check respect acknowledge_unsupported_os [#788](https://github.com/puppetlabs/puppetlabs-docker/pull/788) ([PolaricEntropy](https://github.com/PolaricEntropy))
## [v4.1.2](https://github.com/puppetlabs/puppetlabs-docker/tree/v4.1.2) - 2021-09-27
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v4.1.1...v4.1.2)
### Fixed
- pdksync - (IAC-1598) - Remove Support for Debian 8 [#775](https://github.com/puppetlabs/puppetlabs-docker/pull/775) ([david22swan](https://github.com/david22swan))
- Prefer timeout to time_limit for Facter::Core::Execution [#774](https://github.com/puppetlabs/puppetlabs-docker/pull/774) ([smortex](https://github.com/smortex))
- Fix facts gathering [#773](https://github.com/puppetlabs/puppetlabs-docker/pull/773) ([smortex](https://github.com/smortex))
## [v4.1.1](https://github.com/puppetlabs/puppetlabs-docker/tree/v4.1.1) - 2021-08-26
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v4.1.0...v4.1.1)
### Fixed
- (IAC-1741) Allow stdlib v8.0.0 [#767](https://github.com/puppetlabs/puppetlabs-docker/pull/767) ([david22swan](https://github.com/david22swan))
- Remove stderr empty check to avoid docker_params_changed failures when warnings appear [#764](https://github.com/puppetlabs/puppetlabs-docker/pull/764) ([cedws](https://github.com/cedws))
- Duplicate declaration statement: docker_params_changed is already declared [#763](https://github.com/puppetlabs/puppetlabs-docker/pull/763) ([basti-nis](https://github.com/basti-nis))
- Timeout for hangs of the docker_client in the facts generation [#759](https://github.com/puppetlabs/puppetlabs-docker/pull/759) ([carabasdaniel](https://github.com/carabasdaniel))
## [v4.1.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v4.1.0) - 2021-06-28
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v4.0.1...v4.1.0)
### Added
- Add syslog_facility parameter to docker::run [#755](https://github.com/puppetlabs/puppetlabs-docker/pull/755) ([waipeng](https://github.com/waipeng))
### Fixed
- Fix docker::volumes hiera example [#754](https://github.com/puppetlabs/puppetlabs-docker/pull/754) ([pskopnik](https://github.com/pskopnik))
- Allow force update non-latest tagged image [#752](https://github.com/puppetlabs/puppetlabs-docker/pull/752) ([yanjunding](https://github.com/yanjunding))
- Allow management of the docker-ce-cli package [#740](https://github.com/puppetlabs/puppetlabs-docker/pull/740) ([kenyon](https://github.com/kenyon))
## [v4.0.1](https://github.com/puppetlabs/puppetlabs-docker/tree/v4.0.1) - 2021-05-26
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v4.0.0...v4.0.1)
### Fixed
- (IAC-1497) - Removal of unsupported `translate` dependency [#737](https://github.com/puppetlabs/puppetlabs-docker/pull/737) ([david22swan](https://github.com/david22swan))
- add simple quotes around env service flag [#706](https://github.com/puppetlabs/puppetlabs-docker/pull/706) ([adrianiurca](https://github.com/adrianiurca))
## [v4.0.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v4.0.0) - 2021-03-04
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v3.14.0...v4.0.0)
## [v3.14.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v3.14.0) - 2021-03-04
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v3.13.1...v3.14.0)
### Changed
- pdksync - Remove Puppet 5 from testing and bump minimal version to 6.0.0 [#718](https://github.com/puppetlabs/puppetlabs-docker/pull/718) ([carabasdaniel](https://github.com/carabasdaniel))
### Fixed
- [MODULES-10898] Disable forced docker service restart for RedHat 7 and docker server 1.13 [#730](https://github.com/puppetlabs/puppetlabs-docker/pull/730) ([carabasdaniel](https://github.com/carabasdaniel))
- Make it possible to use pod's network [#725](https://github.com/puppetlabs/puppetlabs-docker/pull/725) ([seriv](https://github.com/seriv))
## [v3.13.1](https://github.com/puppetlabs/puppetlabs-docker/tree/v3.13.1) - 2021-02-02
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v3.13.0...v3.13.1)
### Fixed
- (IAC-1218) - docker_params_changed should be run by agent [#705](https://github.com/puppetlabs/puppetlabs-docker/pull/705) ([adrianiurca](https://github.com/adrianiurca))
- Fix systemd units for systemd versions < v230 [#704](https://github.com/puppetlabs/puppetlabs-docker/pull/704) ([benningm](https://github.com/benningm))
- setting HOME environment to /root [#698](https://github.com/puppetlabs/puppetlabs-docker/pull/698) ([adrianiurca](https://github.com/adrianiurca))
## [v3.13.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v3.13.0) - 2020-12-14
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v3.12.1...v3.13.0)
### Added
- pdksync - (feat) - Bump Puppet boundary [#687](https://github.com/puppetlabs/puppetlabs-docker/pull/687) ([daianamezdrea](https://github.com/daianamezdrea))
- Ensure image digest checksum before starting [#673](https://github.com/puppetlabs/puppetlabs-docker/pull/673) ([tmanninger](https://github.com/tmanninger))
- Support multiple mirrors #659 [#669](https://github.com/puppetlabs/puppetlabs-docker/pull/669) ([TheLocehiliosan](https://github.com/TheLocehiliosan))
### Fixed
- Options to docker-compose should be an Array, not a String [#695](https://github.com/puppetlabs/puppetlabs-docker/pull/695) ([adrianiurca](https://github.com/adrianiurca))
- fixing issue #689 by setting HOME in docker command [#692](https://github.com/puppetlabs/puppetlabs-docker/pull/692) ([sdinten](https://github.com/sdinten))
- (MAINT) Use docker-compose config instead file parsing [#672](https://github.com/puppetlabs/puppetlabs-docker/pull/672) ([rbelnap](https://github.com/rbelnap))
- Fix array of additional flags [#671](https://github.com/puppetlabs/puppetlabs-docker/pull/671) ([CAPSLOCK2000](https://github.com/CAPSLOCK2000))
- Test against OS family rather than name [#667](https://github.com/puppetlabs/puppetlabs-docker/pull/667) ([bodgit](https://github.com/bodgit))
## [v3.12.1](https://github.com/puppetlabs/puppetlabs-docker/tree/v3.12.1) - 2020-10-14
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v3.12.0...v3.12.1)
### Fixed
- Fix misplaced backslash in start template [#666](https://github.com/puppetlabs/puppetlabs-docker/pull/666) ([optiz0r](https://github.com/optiz0r))
## [v3.12.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v3.12.0) - 2020-09-29
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v3.11.0...v3.12.0)
### Added
- Add docker swarm join-tokens as facts [#651](https://github.com/puppetlabs/puppetlabs-docker/pull/651) ([oschusler](https://github.com/oschusler))
### Fixed
- (IAC-982) - Remove inappropriate terminology [#654](https://github.com/puppetlabs/puppetlabs-docker/pull/654) ([david22swan](https://github.com/david22swan))
## [v3.11.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v3.11.0) - 2020-08-11
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v3.10.2...v3.11.0)
### Added
- Fix #584: Deal with Arrays for the net list [#647](https://github.com/puppetlabs/puppetlabs-docker/pull/647) ([MG2R](https://github.com/MG2R))
- pdksync - (IAC-973) - Update travis/appveyor to run on new default branch main [#643](https://github.com/puppetlabs/puppetlabs-docker/pull/643) ([david22swan](https://github.com/david22swan))
### Fixed
- [MODULES-10734] - improve params detection on docker::run [#648](https://github.com/puppetlabs/puppetlabs-docker/pull/648) ([adrianiurca](https://github.com/adrianiurca))
## [v3.10.2](https://github.com/puppetlabs/puppetlabs-docker/tree/v3.10.2) - 2020-07-17
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v3.10.1...v3.10.2)
### Fixed
- (MODULES-10691) - Add root_dir in daemon.json [#632](https://github.com/puppetlabs/puppetlabs-docker/pull/632) ([daianamezdrea](https://github.com/daianamezdrea))
- Fixing the fix 'Fix the docker_compose options parameter position #378' [#631](https://github.com/puppetlabs/puppetlabs-docker/pull/631) ([awegmann](https://github.com/awegmann))
- Blocking ordering between non-Windows service stops [#622](https://github.com/puppetlabs/puppetlabs-docker/pull/622) ([AndrewLipscomb](https://github.com/AndrewLipscomb))
- Allow all 3.x docker-compose minor versions [#620](https://github.com/puppetlabs/puppetlabs-docker/pull/620) ([runejuhl](https://github.com/runejuhl))
## [v3.10.1](https://github.com/puppetlabs/puppetlabs-docker/tree/v3.10.1) - 2020-05-28
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v3.10.0...v3.10.1)
### Fixed
- Fix unreachable StartLimitBurst value in unit template [#616](https://github.com/puppetlabs/puppetlabs-docker/pull/616) ([omeinderink](https://github.com/omeinderink))
- (MODULES-9696) remove docker_home_dirs fact [#613](https://github.com/puppetlabs/puppetlabs-docker/pull/613) ([carabasdaniel](https://github.com/carabasdaniel))
- [MODULES-10629] Throw error when docker login fails [#610](https://github.com/puppetlabs/puppetlabs-docker/pull/610) ([carabasdaniel](https://github.com/carabasdaniel))
- (maint) - facts fix for centos [#608](https://github.com/puppetlabs/puppetlabs-docker/pull/608) ([david22swan](https://github.com/david22swan))
- major adjustments for current code style [#607](https://github.com/puppetlabs/puppetlabs-docker/pull/607) ([crazymind1337](https://github.com/crazymind1337))
## [v3.10.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v3.10.0) - 2020-04-23
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v3.9.1...v3.10.0)
### Added
- [IAC-291] Convert acceptance tests to Litmus [#585](https://github.com/puppetlabs/puppetlabs-docker/pull/585) ([carabasdaniel](https://github.com/carabasdaniel))
- Updated: Add Docker service (create, remote, scale) tasks [#582](https://github.com/puppetlabs/puppetlabs-docker/pull/582) ([Flask](https://github.com/Flask))
- Add after_start and after_stop options to docker::run define [#580](https://github.com/puppetlabs/puppetlabs-docker/pull/580) ([jantman](https://github.com/jantman))
- Make docker::machine::url configurable [#569](https://github.com/puppetlabs/puppetlabs-docker/pull/569) ([baurmatt](https://github.com/baurmatt))
- Let docker.service start docker services managed by puppetlabs/docker… [#563](https://github.com/puppetlabs/puppetlabs-docker/pull/563) ([jhejl](https://github.com/jhejl))
- Allow bypassing curl package ensure if needed [#477](https://github.com/puppetlabs/puppetlabs-docker/pull/477) ([esalberg](https://github.com/esalberg))
### Fixed
- Enforce TLS1.2 on Windows; minor fixes for RH-based testing [#603](https://github.com/puppetlabs/puppetlabs-docker/pull/603) ([carabasdaniel](https://github.com/carabasdaniel))
- [MODULES-10628] Update documentation for docker volume and set options as parameter [#599](https://github.com/puppetlabs/puppetlabs-docker/pull/599) ([carabasdaniel](https://github.com/carabasdaniel))
- Allow module to work on SLES [#591](https://github.com/puppetlabs/puppetlabs-docker/pull/591) ([npwalker](https://github.com/npwalker))
- (maint) Fix missing stubs in docker_spec.rb [#589](https://github.com/puppetlabs/puppetlabs-docker/pull/589) ([Filipovici-Andrei](https://github.com/Filipovici-Andrei))
- Add Hiera lookups for resources in init.pp [#586](https://github.com/puppetlabs/puppetlabs-docker/pull/586) ([fe80](https://github.com/fe80))
- Use standardized quote type to help tests pass [#566](https://github.com/puppetlabs/puppetlabs-docker/pull/566) ([DLeich](https://github.com/DLeich))
- Minimal changes to work with podman-docker [#562](https://github.com/puppetlabs/puppetlabs-docker/pull/562) ([seriv](https://github.com/seriv))
## [v3.9.1](https://github.com/puppetlabs/puppetlabs-docker/tree/v3.9.1) - 2020-01-20
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v3.9.0...v3.9.1)
### Fixed
- (maint) fix dependencies of powershell to 4.0.0 [#568](https://github.com/puppetlabs/puppetlabs-docker/pull/568) ([sheenaajay](https://github.com/sheenaajay))
## [v3.9.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v3.9.0) - 2019-12-09
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v3.8.0...v3.9.0)
### Added
- Add option for RemainAfterExit [#549](https://github.com/puppetlabs/puppetlabs-docker/pull/549) ([vdavidoff](https://github.com/vdavidoff))
### Fixed
- Fix error does not show when image:tag does not exists (#552) [#553](https://github.com/puppetlabs/puppetlabs-docker/pull/553) ([rafaelcarv](https://github.com/rafaelcarv))
- Allow defining the name of the docker-compose symlink [#544](https://github.com/puppetlabs/puppetlabs-docker/pull/544) ([gtufte](https://github.com/gtufte))
- Clarify usage of docker_stack type up_args and fix link to docs [#537](https://github.com/puppetlabs/puppetlabs-docker/pull/537) ([jacksgt](https://github.com/jacksgt))
- Move StartLimit* options to [Unit], fix StartLimitIntervalSec [#531](https://github.com/puppetlabs/puppetlabs-docker/pull/531) ([runejuhl](https://github.com/runejuhl))
## [v3.8.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v3.8.0) - 2019-10-01
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v3.7.0-bna...v3.8.0)
### Added
- pdksync - Add support on Debian10 [#525](https://github.com/puppetlabs/puppetlabs-docker/pull/525) ([lionce](https://github.com/lionce))
### Fixed
- Fix multiple additional flags for docker_network [#523](https://github.com/puppetlabs/puppetlabs-docker/pull/523) ([lemrouch](https://github.com/lemrouch))
- :bug: Fix wrong service detach handling [#520](https://github.com/puppetlabs/puppetlabs-docker/pull/520) ([khaefeli](https://github.com/khaefeli))
- Fix aliased plugin names [#514](https://github.com/puppetlabs/puppetlabs-docker/pull/514) ([koshatul](https://github.com/koshatul))
## [v3.7.0-bna](https://github.com/puppetlabs/puppetlabs-docker/tree/v3.7.0-bna) - 2019-08-08
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/e2.6...v3.7.0-bna)
### Added
- Add new Docker Swarm Tasks (node ls, rm, update; service scale) [#509](https://github.com/puppetlabs/puppetlabs-docker/pull/509) ([khaefeli](https://github.com/khaefeli))
### Fixed
- Fixing error: [#516](https://github.com/puppetlabs/puppetlabs-docker/pull/516) ([darshannnn](https://github.com/darshannnn))
## [e2.6](https://github.com/puppetlabs/puppetlabs-docker/tree/e2.6) - 2019-07-26
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v3.7.0...e2.6)
## [v3.7.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v3.7.0) - 2019-07-19
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/v3.6.0...v3.7.0)
### Added
- Added option to override docker-compose download location [#482](https://github.com/puppetlabs/puppetlabs-docker/pull/482) ([piquet90](https://github.com/piquet90))
## [v3.6.0](https://github.com/puppetlabs/puppetlabs-docker/tree/v3.6.0) - 2019-06-25
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/3.5.0...v3.6.0)
### Changed
- (FM-8100) Update minimum supported Puppet version to 5.5.10 [#486](https://github.com/puppetlabs/puppetlabs-docker/pull/486) ([eimlav](https://github.com/eimlav))
### Added
- (FM-8151) Add Windows Server 2019 support [#493](https://github.com/puppetlabs/puppetlabs-docker/pull/493) ([eimlav](https://github.com/eimlav))
- Support for docker machine download and install [#466](https://github.com/puppetlabs/puppetlabs-docker/pull/466) ([acurus-puppetmaster](https://github.com/acurus-puppetmaster))
- Add service_provider parameter to docker::run [#376](https://github.com/puppetlabs/puppetlabs-docker/pull/376) ([jameslikeslinux](https://github.com/jameslikeslinux))
### Fixed
- Tasks frozen string [#499](https://github.com/puppetlabs/puppetlabs-docker/pull/499) ([khaefeli](https://github.com/khaefeli))
- Fix #239 local_user permission denied [#497](https://github.com/puppetlabs/puppetlabs-docker/pull/497) ([thde](https://github.com/thde))
- (MODULES-9193) Revert part of MODULES-9177 [#490](https://github.com/puppetlabs/puppetlabs-docker/pull/490) ([eimlav](https://github.com/eimlav))
- (MODULES-9177) Fix version validation regex [#489](https://github.com/puppetlabs/puppetlabs-docker/pull/489) ([eimlav](https://github.com/eimlav))
- Fix publish flag being erroneously added to docker service commands [#471](https://github.com/puppetlabs/puppetlabs-docker/pull/471) ([twistedduck](https://github.com/twistedduck))
- Fix container running check to work for windows hosts [#470](https://github.com/puppetlabs/puppetlabs-docker/pull/470) ([florindragos](https://github.com/florindragos))
- Allow images tagged latest to update on each run [#468](https://github.com/puppetlabs/puppetlabs-docker/pull/468) ([electrofelix](https://github.com/electrofelix))
- Fix docker::image to not run images [#465](https://github.com/puppetlabs/puppetlabs-docker/pull/465) ([hugotanure](https://github.com/hugotanure))
## [3.5.0](https://github.com/puppetlabs/puppetlabs-docker/tree/3.5.0) - 2019-03-14
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/3.4.0...3.5.0)
### Fixed
- fix(syntax): Remove duplicate parenthesis [#454](https://github.com/puppetlabs/puppetlabs-docker/pull/454) ([jfroche](https://github.com/jfroche))
- Docker::Services:: fix command parameter used with an array [#452](https://github.com/puppetlabs/puppetlabs-docker/pull/452) ([jacksgt](https://github.com/jacksgt))
- docker::services: Fix using multiple published ports [#447](https://github.com/puppetlabs/puppetlabs-docker/pull/447) ([jacksgt](https://github.com/jacksgt))
## [3.4.0](https://github.com/puppetlabs/puppetlabs-docker/tree/3.4.0) - 2019-02-25
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/e2.0...3.4.0)
## [e2.0](https://github.com/puppetlabs/puppetlabs-docker/tree/e2.0) - 2019-02-21
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/3.3.0...e2.0)
### Fixed
- fixing errors with bundle file conditional statement [#436](https://github.com/puppetlabs/puppetlabs-docker/pull/436) ([davejrt](https://github.com/davejrt))
- #432 Fix frozen string error [#434](https://github.com/puppetlabs/puppetlabs-docker/pull/434) ([khaefeli](https://github.com/khaefeli))
## [3.3.0](https://github.com/puppetlabs/puppetlabs-docker/tree/3.3.0) - 2019-02-13
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/3.2.0...3.3.0)
## [3.2.0](https://github.com/puppetlabs/puppetlabs-docker/tree/3.2.0) - 2019-01-17
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/3.1.0...3.2.0)
### Fixed
- centos repo fix [#413](https://github.com/puppetlabs/puppetlabs-docker/pull/413) ([davejrt](https://github.com/davejrt))
- rhel fix [#412](https://github.com/puppetlabs/puppetlabs-docker/pull/412) ([davejrt](https://github.com/davejrt))
- fixing various issues with tests across all supported OS [#406](https://github.com/puppetlabs/puppetlabs-docker/pull/406) ([davejrt](https://github.com/davejrt))
- Fix shared scripts on non systemd systems [#400](https://github.com/puppetlabs/puppetlabs-docker/pull/400) ([glorpen](https://github.com/glorpen))
- Do not load powershell profiles [#396](https://github.com/puppetlabs/puppetlabs-docker/pull/396) ([florindragos](https://github.com/florindragos))
- Fix stack acceptance tests [#395](https://github.com/puppetlabs/puppetlabs-docker/pull/395) ([florindragos](https://github.com/florindragos))
- fixing acceptance tests on debian [#393](https://github.com/puppetlabs/puppetlabs-docker/pull/393) ([davejrt](https://github.com/davejrt))
- fixing deep merge issue and yaml alias [#387](https://github.com/puppetlabs/puppetlabs-docker/pull/387) ([davejrt](https://github.com/davejrt))
- Adds a Usage example for daemon level extra_parameters [#386](https://github.com/puppetlabs/puppetlabs-docker/pull/386) ([mpepping](https://github.com/mpepping))
- Fixing create_resources for volumes [#384](https://github.com/puppetlabs/puppetlabs-docker/pull/384) ([andytechdad](https://github.com/andytechdad))
- Fix the docker_compose options parameter position [#378](https://github.com/puppetlabs/puppetlabs-docker/pull/378) ([FlorentPoinsaut](https://github.com/FlorentPoinsaut))
- Allow multiple values for subnet in docker_network [#371](https://github.com/puppetlabs/puppetlabs-docker/pull/371) ([florindragos](https://github.com/florindragos))
- Cloud 2191 fix stack acceptance test [#368](https://github.com/puppetlabs/puppetlabs-docker/pull/368) ([MWilsonPuppet](https://github.com/MWilsonPuppet))
- Create shared start/stop scripts for better extensibility [#367](https://github.com/puppetlabs/puppetlabs-docker/pull/367) ([glorpen](https://github.com/glorpen))
- Fixing incorrect variable names in docker_compose/ruby.rb [#365](https://github.com/puppetlabs/puppetlabs-docker/pull/365) ([lowerpuppet](https://github.com/lowerpuppet))
- update docker_stack to fix registry auth option [#364](https://github.com/puppetlabs/puppetlabs-docker/pull/364) ([davejrt](https://github.com/davejrt))
- Fix registry local_user functionalitity. [#353](https://github.com/puppetlabs/puppetlabs-docker/pull/353) ([stejanse](https://github.com/stejanse))
- Fix windows default paths [#326](https://github.com/puppetlabs/puppetlabs-docker/pull/326) ([florindragos](https://github.com/florindragos))
## [3.1.0](https://github.com/puppetlabs/puppetlabs-docker/tree/3.1.0) - 2018-10-22
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/3.0.0...3.1.0)
### Fixed
- Fix acceptance tests for windows [#349](https://github.com/puppetlabs/puppetlabs-docker/pull/349) ([florindragos](https://github.com/florindragos))
- pinning puppet version to fix failing spec tests [#346](https://github.com/puppetlabs/puppetlabs-docker/pull/346) ([MWilsonPuppet](https://github.com/MWilsonPuppet))
## [3.0.0](https://github.com/puppetlabs/puppetlabs-docker/tree/3.0.0) - 2018-09-27
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/2.0.0...3.0.0)
### Fixed
- Fix docker swarm tasks boolean params [#338](https://github.com/puppetlabs/puppetlabs-docker/pull/338) ([florindragos](https://github.com/florindragos))
- CLOUD-2069 Adding support for multiple compose files. [#332](https://github.com/puppetlabs/puppetlabs-docker/pull/332) ([MWilsonPuppet](https://github.com/MWilsonPuppet))
- fixes puppet run failures with no IPAM driver [#329](https://github.com/puppetlabs/puppetlabs-docker/pull/329) ([davejrt](https://github.com/davejrt))
- CLOUD-2078-Uninstall Docker on Linux [#328](https://github.com/puppetlabs/puppetlabs-docker/pull/328) ([MWilsonPuppet](https://github.com/MWilsonPuppet))
- Fix error messages from docker facts if docker not running [#325](https://github.com/puppetlabs/puppetlabs-docker/pull/325) ([stdietrich](https://github.com/stdietrich))
- Fix docker-compose provider to support images built on the fly [#320](https://github.com/puppetlabs/puppetlabs-docker/pull/320) ([florindragos](https://github.com/florindragos))
- fixing bug in upstart systems [#304](https://github.com/puppetlabs/puppetlabs-docker/pull/304) ([davejrt](https://github.com/davejrt))
- Fix for registry password not being inserted due to single quotes [#299](https://github.com/puppetlabs/puppetlabs-docker/pull/299) ([ConorPKeegan](https://github.com/ConorPKeegan))
- Fix docker registry idempotency and add windows acceptance tests [#298](https://github.com/puppetlabs/puppetlabs-docker/pull/298) ([florindragos](https://github.com/florindragos))
- Regex fix [#292](https://github.com/puppetlabs/puppetlabs-docker/pull/292) ([davejrt](https://github.com/davejrt))
## [2.0.0](https://github.com/puppetlabs/puppetlabs-docker/tree/2.0.0) - 2018-07-18
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/1.1.0...2.0.0)
### Fixed
- fixes restarting containers with changes to run arguments [#283](https://github.com/puppetlabs/puppetlabs-docker/pull/283) ([davejrt](https://github.com/davejrt))
- fix "start a container with cpuset" acceptance test on ubuntu1404 [#236](https://github.com/puppetlabs/puppetlabs-docker/pull/236) ([mihaibuzgau](https://github.com/mihaibuzgau))
## [1.1.0](https://github.com/puppetlabs/puppetlabs-docker/tree/1.1.0) - 2018-03-16
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/e1.1...1.1.0)
### Fixed
- (maint)CLOUD-1768 Fixing incorrect cpuset flag #183 [#187](https://github.com/puppetlabs/puppetlabs-docker/pull/187) ([MWilsonPuppet](https://github.com/MWilsonPuppet))
## [e1.1](https://github.com/puppetlabs/puppetlabs-docker/tree/e1.1) - 2018-02-15
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/1.0.5...e1.1)
### Fixed
- fix typo [#149](https://github.com/puppetlabs/puppetlabs-docker/pull/149) ([seriv](https://github.com/seriv))
## [1.0.5](https://github.com/puppetlabs/puppetlabs-docker/tree/1.0.5) - 2018-01-31
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/1.0.4...1.0.5)
## [1.0.4](https://github.com/puppetlabs/puppetlabs-docker/tree/1.0.4) - 2018-01-03
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/1.0.3...1.0.4)
## [1.0.3](https://github.com/puppetlabs/puppetlabs-docker/tree/1.0.3) - 2018-01-03
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/e1.0...1.0.3)
## [e1.0](https://github.com/puppetlabs/puppetlabs-docker/tree/e1.0) - 2017-12-21
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/1.0.2...e1.0)
## [1.0.2](https://github.com/puppetlabs/puppetlabs-docker/tree/1.0.2) - 2017-11-17
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/1.0.1...1.0.2)
## [1.0.1](https://github.com/puppetlabs/puppetlabs-docker/tree/1.0.1) - 2017-10-15
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/1.0.0...1.0.1)
## [1.0.0](https://github.com/puppetlabs/puppetlabs-docker/tree/1.0.0) - 2017-10-11
[Full Changelog](https://github.com/puppetlabs/puppetlabs-docker/compare/790d08e2a1191db1b6c61f299d259fcd28cfa4e0...1.0.0)

2
environments/production/thirdparty/docker/CODEOWNERS vendored Normal file
View file

@ -0,0 +1,2 @@
# Setting ownership to the modules team
* @puppetlabs/modules

3
environments/production/thirdparty/docker/CONTRIBUTING.md vendored Normal file
View file

@ -0,0 +1,3 @@
# Contributing to Puppet modules
Check out our [Contributing to Supported Modules Blog Post](https://puppetlabs.github.io/iac/docs/contributing_to_a_module.html) to find all the information that you will need.

187
environments/production/thirdparty/docker/CONTRIBUTORS.md vendored Normal file
View file

@ -0,0 +1,187 @@
554 Gareth Rushgrove
25 Kyle Anderson
14 Jo Vandeginste
14 Andrew Teixeira
11 Javier Bértoli
10 Justin Dray
10 Nikita Tarasov
10 Vahram Sukyas
9 Patrick Hemmer
9 rafael_chicoli
8 Jonathan Tripathy
8 n0coast
8 James Carr
8 pandrew
8 jfarrell
7 Lars van de Kerkhof
7 Lukas Waslowski
7 Jean-Francois Roche
7 Cornel Foltea
7 Elias Probst
6 Paul Morgan
6 Alex Hornung
6 Joshua Hoblitt
6 Tomas Doran
6 Scott Coulton
5 Casper Bruun
5 Camille Mougey
5 paschdan
5 Fredrik Thulin
4 Cristian Falcas
4 Janos Feher
4 scott coulton
4 Christophe Fonteyne
4 Clayton O'Neill
4 Vilmos Nebehaj
4 Brandon Rochon
4 Ben Langfeld
4 Frank Kleine
4 Bradley Cicenas
4 Wim Bonthuis
3 Edward Midolo
3 Greg Hardy
3 Jonathan Sokolowski
3 hcguersoy
3 Hylke Stapersma
3 James Edwards
3 Vikraman Choudhury
3 Brian Johnson
3 Thomas Krille
3 Bryan Jen
3 Terry Zink
3 Ryan Fowler
3 Rasmus Johansson
3 Rafael Chicoli
3 Daniel Platt
3 Mason Malone
3 Markus Frosch
3 Darren Coxall
3 Andrew Stangl
3 David Schmitt
3 Marji Cermak
2 Sam Grimee
2 Alex Crowe
2 Alexandre RAOUL
2 Benjamin Pineau
2 Bill Simon
2 Bob Potter
2 Caleb Tomlinson
2 Carles Amigó
2 Daniel Panteleit
2 David Danzilio
2 Dominic Becker
2 Hal Deadman
2 Hunter Haugen
2 Ilya Kalinin
2 Jo Vanvoorden
2 Joaquin
2 Josh Samuelson
2 Marc Schaer
2 Mickaël PERRIN
2 Nikita
2 Paul Otto
2 Reser, Ben
2 Rhommel Lamas
2 Ricardo Oliveira
2 Ricky Cook
2 Rob Terhaar
2 Salimane Adjao Moustapha
2 William Leese
2 Wouter Scheele
2 Zsolt Keseru
2 bcicen
2 coreone
2 krall
2 sebastian cole
1 Felix Bechstein
1 Justin Stoller
1 Kasumi Hanazuki
1 Keith Thornhill
1 Eugene Malihins
1 Elliot Huffman
1 Dylan Cochran
1 Maarten Claes
1 Aron Parsons
1 Mario Weigel
1 Dmitriy Myaskovskiy
1 Mark Kusch
1 Darragh Bailey
1 Martin Dietze
1 Martin Prebio
1 Daniel Werdermann
1 Michael Gorsuch
1 Michael Hackner
1 Michael Wells
1 Mick Pollard
1 Mickaël FORTUNATO
1 kasisnu
1 Mike Terzo
1 Nathan Flynn
1 Nathan R Valentine
1 Neil Parley
1 keith
1 Daniel Lawrence
1 Oriol Fitó
1 Daniel Klockenkämper
1 Daniel Holz
1 will vuong
1 Pierre Radermecker
1 Povilas Daukintis
1 Colin Hebert
1 Chris Wendt
1 ladoe00
1 mh
1 mujiburger
1 Andreas de Pretis
1 Alexander Dudko
1 Robin Westin Larsson
1 Chris Hoffman
1 Alex Elman
1 Adam Stephens
1 Sam Grimee (BDB)
1 Sam Weston
1 Saverio Proto
1 Chris Crewdson
1 Sean Sube
1 Tassilo Schweyer
1 Chadwick Banning
1 Bryan Belanger
1 Tim Bishop
1 Tim Hartmann
1 Tim Sharpe
1 Tom De Vylder
1 Tom Mast
1 Bruno Léon
1 Tomasz Tarczynski
1 Brandon Weeks
1 Vebjorn Ljosa
1 Brad Cowie
1 Benjamin Merot
1 Adriaan Peeters
1 Ben Ford
1 sauce@freenode
1 Adam Yohrling
1 andygodwin
1 willpayne
1 bob
1 James Abley
1 James Green
1 Jakub Husak
1 Huaqing Zheng
1 Harald Skoglund
1 Jing Dong
1 Hane, Jason
1 ssube
1 fluential
1 Joaquin Henriquez
1 Jonas Renggli
1 HIngst, Arne-Kristian
1 Grcic Ivan GEOINFO
1 Jos Houtman
1 Josef Johansson
1 Josh Brown
1 Arran Walker
1 Geoff Meakin
1 Joshua Spence
1 Justin Riley
1 Schusler, Olaf

205
environments/production/thirdparty/docker/HISTORY.md vendored Normal file
View file

@ -0,0 +1,205 @@
# 3.5.0
Changes range for dependent modules
Use multiple networks in docker::run and docker::services
Fixes quotes with docker::services command
Publish multiple ports to docker::services
A full list of issues and PRs associated with this release can be found [here](https://github.com/puppetlabs/puppetlabs-docker/milestone/7?closed=1)
# 3.4.0
Introduces docker_stack type and provider
Fixes frozen string in docker swarm token task
Acceptance testing updates
Allow use of newer translate module
A full list of issues and PRs associated with this release can be found [here](https://github.com/puppetlabs/puppetlabs-docker/milestone/6?closed=1)
# Version 3.3.0
Pins apt repo to 500 to ensure packages are updated
Fixes issue in docker fact failing when docker is not started
Acceptance testing updates
Allows more recent version of the reboot module
A full list of issues and PRs associated with this release can be found [here](https://github.com/puppetlabs/puppetlabs-docker/milestone/5?closed=1)
# Version 3.2.0
Adds in support for Puppet 6
Containers will be restared due to script changes in [PR #367](https://github.com/puppetlabs/puppetlabs-docker/pull/367)
A full list of issues and PRs associated with this release can be found [here](https://github.com/puppetlabs/puppetlabs-docker/milestone/4?closed=1)
# Version 3.1.0
Adding in the following faetures/functionality
- Docker Stack support on Windows.
# Version 3.0.0
Various fixes for github issues
- 206
- 226
- 241
- 280
- 281
- 287
- 289
- 294
- 303
- 312
- 314
Adding in the following features/functionality
-Support for multiple compose files.
A full list of issues and PRs associated with this release can be found [here](https://github.com/puppetlabs/puppetlabs-docker/issues?q=is%3Aissue+milestone%3AV3.0.0+is%3Aclosed)
# Version 2.0.0
Various fixes for github issues
- 193
- 197
- 198
- 203
- 207
- 208
- 209
- 211
- 212
- 213
- 215
- 216
- 217
- 218
- 223
- 224
- 225
- 228
- 229
- 230
- 232
- 234
- 237
- 243
- 245
- 255
- 256
- 259
Adding in the following features/functionality
- Ability to define swarm clusters in Hiera.
- Support docker compose file V2.3.
- Support refresh only flag.
- Support for Docker healthcheck and unhealthy container restart.
- Support for Docker on Windows:
- Add docker ee support for windows server 2016.
- Docker image on Windows.
- Docker run on Windows.
- Docker compose on Windows.
- Docker swarm on Windows.
- Add docker exec functionality for docker on windows.
- Add storage driver for Windows.
A full list of issues and PRs associated with this release can be found [here](https://github.com/puppetlabs/puppetlabs-docker/milestone/2?closed=1)
# Version 1.1.0
Various fixes for Github issues
- 183
- 173
- 173
- 167
- 163
- 161
Adding in the following features/functionality
- IPv6 support
- Define type for docker plugins
A full list of issues and PRs associated with this release can be found [here](https://github.com/puppetlabs/puppetlabs-docker/milestone/1?closed=1)
# Version 1.0.5
Various fixes for Github issues
- 98
- 104
- 115
- 122
- 124
Adding in the following features/functionality
- Removed all unsupported OS related code from module
- Removed EPEL dependency
- Added http support in compose proxy
- Added in rubocop support and i18 gem support
- Type and provider for docker volumes
- Update apt module to latest
- Added in support for a registry mirror
- Facts for docker version and docker info
- Fixes for $pass_hash undef
- Fixed typo in param.pp
- Replaced deprecated stblib functions with data types
# Version 1.0.4
Correcting changelog
# Version 1.0.3
Various fixes for Github issues
- 33
- 68
- 74
- 77
- 84
Adding in the following features/functionality:
- Add tasks to update existing service
- Backwards compatible TMPDIR
- Optional GPG check on repos
- Force pull on image tag 'latest'
- Add support for overlay2.override_kernel_check setting
- Add docker network fact
- Add pw hash for registry login idompodency
- Additional flags for creating a network
- Fixing incorrect repo url for redhat
# Version 1.0.2
Various fixes for Github issues
- 9
- 11
- 15
- 21
Add tasks support for Docker Swarm
# Version 1.0.1
Updated metadata and CHANGELOG
# Version 1.0.0
Forked for garethr/docker v5.3.0
Added support for:
- Docker services within a swarm cluster
- Swarm mode
- Docker secrets

207
environments/production/thirdparty/docker/LICENSE vendored Normal file
View file

@ -0,0 +1,207 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction, and
distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by the
copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all other
entities that control, are controlled by, or are under common control with
that entity. For the purposes of this definition, "control" means (i) the
power, direct or indirect, to cause the direction or management of such
entity, whether by contract or otherwise, or (ii) ownership of
fifty percent (50%) or more of the outstanding shares, or (iii) beneficial
ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity exercising
permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation source,
and configuration files.
"Object" form shall mean any form resulting from mechanical transformation
or translation of a Source form, including but not limited to compiled
object code, generated documentation, and conversions to
other media types.
"Work" shall mean the work of authorship, whether in Source or Object
form, made available under the License, as indicated by a copyright notice
that is included in or attached to the work (an example is provided in the
Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object form,
that is based on (or derived from) the Work and for which the editorial
revisions, annotations, elaborations, or other modifications represent,
as a whole, an original work of authorship. For the purposes of this
License, Derivative Works shall not include works that remain separable
from, or merely link (or bind by name) to the interfaces of, the Work and
Derivative Works thereof.
"Contribution" shall mean any work of authorship, including the original
version of the Work and any modifications or additions to that Work or
Derivative Works thereof, that is intentionally submitted to Licensor for
inclusion in the Work by the copyright owner or by an individual or
Legal Entity authorized to submit on behalf of the copyright owner.
For the purposes of this definition, "submitted" means any form of
electronic, verbal, or written communication sent to the Licensor or its
representatives, including but not limited to communication on electronic
mailing lists, source code control systems, and issue tracking systems
that are managed by, or on behalf of, the Licensor for the purpose of
discussing and improving the Work, but excluding communication that is
conspicuously marked or otherwise designated in writing by the copyright
owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity on
behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License.
Subject to the terms and conditions of this License, each Contributor
hereby grants to You a perpetual, worldwide, non-exclusive, no-charge,
royalty-free, irrevocable copyright license to reproduce, prepare
Derivative Works of, publicly display, publicly perform, sublicense,
and distribute the Work and such Derivative Works in
Source or Object form.
3. Grant of Patent License.
Subject to the terms and conditions of this License, each Contributor
hereby grants to You a perpetual, worldwide, non-exclusive, no-charge,
royalty-free, irrevocable (except as stated in this section) patent
license to make, have made, use, offer to sell, sell, import, and
otherwise transfer the Work, where such license applies only to those
patent claims licensable by such Contributor that are necessarily
infringed by their Contribution(s) alone or by combination of their
Contribution(s) with the Work to which such Contribution(s) was submitted.
If You institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work or a
Contribution incorporated within the Work constitutes direct or
contributory patent infringement, then any patent licenses granted to
You under this License for that Work shall terminate as of the date such
litigation is filed.
4. Redistribution.
You may reproduce and distribute copies of the Work or Derivative Works
thereof in any medium, with or without modifications, and in Source or
Object form, provided that You meet the following conditions:
1. You must give any other recipients of the Work or Derivative Works a
copy of this License; and
2. You must cause any modified files to carry prominent notices stating
that You changed the files; and
3. You must retain, in the Source form of any Derivative Works that You
distribute, all copyright, patent, trademark, and attribution notices from
the Source form of the Work, excluding those notices that do not pertain
to any part of the Derivative Works; and
4. If the Work includes a "NOTICE" text file as part of its distribution,
then any Derivative Works that You distribute must include a readable copy
of the attribution notices contained within such NOTICE file, excluding
those notices that do not pertain to any part of the Derivative Works,
in at least one of the following places: within a NOTICE text file
distributed as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or, within a
display generated by the Derivative Works, if and wherever such
third-party notices normally appear. The contents of the NOTICE file are
for informational purposes only and do not modify the License.
You may add Your own attribution notices within Derivative Works that You
distribute, alongside or as an addendum to the NOTICE text from the Work,
provided that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and may
provide additional or different license terms and conditions for use,
reproduction, or distribution of Your modifications, or for any such
Derivative Works as a whole, provided Your use, reproduction, and
distribution of the Work otherwise complies with the conditions
stated in this License.
5. Submission of Contributions.
Unless You explicitly state otherwise, any Contribution intentionally
submitted for inclusion in the Work by You to the Licensor shall be under
the terms and conditions of this License, without any additional
terms or conditions. Notwithstanding the above, nothing herein shall
supersede or modify the terms of any separate license agreement you may
have executed with Licensor regarding such Contributions.
6. Trademarks.
This License does not grant permission to use the trade names, trademarks,
service marks, or product names of the Licensor, except as required for
reasonable and customary use in describing the origin of the Work and
reproducing the content of the NOTICE file.
7. Disclaimer of Warranty.
Unless required by applicable law or agreed to in writing, Licensor
provides the Work (and each Contributor provides its Contributions)
on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
either express or implied, including, without limitation, any warranties
or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS
FOR A PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any risks
associated with Your exercise of permissions under this License.
8. Limitation of Liability.
In no event and under no legal theory, whether in tort
(including negligence), contract, or otherwise, unless required by
applicable law (such as deliberate and grossly negligent acts) or agreed
to in writing, shall any Contributor be liable to You for damages,
including any direct, indirect, special, incidental, or consequential
damages of any character arising as a result of this License or out of
the use or inability to use the Work (including but not limited to damages
for loss of goodwill, work stoppage, computer failure or malfunction,
or any and all other commercial damages or losses), even if such
Contributor has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability.
While redistributing the Work or Derivative Works thereof, You may choose
to offer, and charge a fee for, acceptance of support, warranty,
indemnity, or other liability obligations and/or rights consistent with
this License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf of any
other Contributor, and only if You agree to indemnify, defend, and hold
each Contributor harmless for any liability incurred by, or claims
asserted against, such Contributor by reason of your accepting any such
warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work
To apply the Apache License to your work, attach the following boilerplate
notice, with the fields enclosed by brackets "[]" replaced with your own
identifying information. (Don't include the brackets!) The text should be
enclosed in the appropriate comment syntax for the file format. We also
recommend that a file or class name and description of purpose be included
on the same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright 2013 Gareth Rushgrove
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
or implied. See the License for the specific language governing
permissions and limitations under the License.

1041
environments/production/thirdparty/docker/README.md vendored Normal file
View file

File diff suppressed because it is too large Load diff

4629
environments/production/thirdparty/docker/REFERENCE.md vendored Normal file
View file

File diff suppressed because it is too large Load diff

1
environments/production/thirdparty/docker/data/common.yaml vendored Normal file
View file

@ -0,0 +1 @@
--- {}

12
environments/production/thirdparty/docker/functions/sanitised_name.pp vendored Normal file
View file

@ -0,0 +1,12 @@
# == Function: docker::sanitised_name
#
# Function to sanitise container name.
#
# === Parameters
#
# [*name*]
# Name to sanitise
#
function docker::sanitised_name($name) {
regsubst($name, '[^0-9A-Za-z.\-_]', '-', 'G')
}

21
environments/production/thirdparty/docker/hiera.yaml vendored Normal file
View file

@ -0,0 +1,21 @@
---
version: 5
defaults: # Used for any hierarchy level that omits these keys.
datadir: data # This path is relative to hiera.yaml's directory.
data_hash: yaml_data # Use the built-in YAML backend.
hierarchy:
- name: "osfamily/major release"
paths:
# Used to distinguish between Debian and Ubuntu
- "os/%{facts.os.name}/%{facts.os.release.major}.yaml"
- "os/%{facts.os.family}/%{facts.os.release.major}.yaml"
# Used for Solaris
- "os/%{facts.os.family}/%{facts.kernelrelease}.yaml"
- name: "osfamily"
paths:
- "os/%{facts.os.name}.yaml"
- "os/%{facts.os.family}.yaml"
- name: 'common'
path: 'common.yaml'

152
environments/production/thirdparty/docker/lib/facter/docker.rb vendored Normal file
View file

@ -0,0 +1,152 @@
# frozen_string_literal: true
require 'facter'
require 'json'
Facter.add(:docker_systemroot) do
confine osfamily: :windows
setcode do
Puppet::Util.get_env('SystemRoot')
end
end
Facter.add(:docker_program_files_path) do
confine osfamily: :windows
setcode do
Puppet::Util.get_env('ProgramFiles')
end
end
Facter.add(:docker_program_data_path) do
confine osfamily: :windows
setcode do
Puppet::Util.get_env('ProgramData')
end
end
Facter.add(:docker_user_temp_path) do
confine osfamily: :windows
setcode do
Puppet::Util.get_env('TEMP')
end
end
docker_command = if Facter.value(:kernel) == 'windows'
'powershell -NoProfile -NonInteractive -NoLogo -ExecutionPolicy Bypass -c docker'
else
'docker'
end
def interfaces
Facter.value(:interfaces).split(',')
end
Facter.add(:docker_version) do
confine { Facter::Core::Execution.which('docker') }
setcode do
value = Facter::Core::Execution.execute(
"#{docker_command} version --format '{{json .}}'", timeout: 90
)
JSON.parse(value)
end
end
Facter.add(:docker_client_version) do
setcode do
docker_version = Facter.value(:docker_version)
if docker_version
if docker_version['Client'].nil?
docker_version['Version']
else
docker_version['Client']['Version']
end
end
end
end
Facter.add(:docker_server_version) do
setcode do
docker_version = Facter.value(:docker_version)
if docker_version && !docker_version['Server'].nil? && docker_version['Server'].is_a?(Hash)
docker_version['Server']['Version']
else
nil
end
end
end
Facter.add(:docker_worker_join_token) do
confine { Facter::Core::Execution.which('docker') }
setcode do
# only run `docker swarm` commands if this node is in active in a cluster
docker_json_str = Facter::Core::Execution.execute(
"#{docker_command} info --format '{{json .}}'", timeout: 90
)
begin
docker = JSON.parse(docker_json_str)
if docker.fetch('Swarm', {})['LocalNodeState'] == 'active'
val = Facter::Core::Execution.execute(
"#{docker_command} swarm join-token worker -q", timeout: 90
)
end
rescue JSON::ParserError
nil
end
val
end
end
Facter.add(:docker_manager_join_token) do
confine { Facter::Core::Execution.which('docker') }
setcode do
# only run `docker swarm` commands if this node is in active in a cluster
docker_json_str = Facter::Core::Execution.execute(
"#{docker_command} info --format '{{json .}}'", timeout: 90
)
begin
docker = JSON.parse(docker_json_str)
if docker.fetch('Swarm', {})['LocalNodeState'] == 'active'
val = Facter::Core::Execution.execute(
"#{docker_command} swarm join-token manager -q", timeout: 90
)
end
rescue JSON::ParserError
nil
end
val
end
end
Facter.add(:docker) do
confine { Facter::Core::Execution.which('docker') }
setcode do
docker_version = Facter.value(:docker_client_version)
if docker_version&.match?(%r{\A(1\.1[3-9]|[2-9]|\d{2,})\.})
docker_json_str = Facter::Core::Execution.execute(
"#{docker_command} info --format '{{json .}}'", timeout: 90
)
begin
docker = JSON.parse(docker_json_str)
docker['network'] = {}
docker['network']['managed_interfaces'] = {}
network_list = Facter::Core::Execution.execute("#{docker_command} network ls | tail -n +2", timeout: 90)
docker_network_names = []
network_list.each_line { |line| docker_network_names.push line.split[1] }
docker_network_ids = []
network_list.each_line { |line| docker_network_ids.push line.split[0] }
docker_network_names.each do |network|
inspect = JSON.parse(Facter::Core::Execution.execute("#{docker_command} network inspect #{network}", timeout: 90))
docker['network'][network] = inspect[0]
network_id = docker['network'][network]['Id'][0..11]
interfaces.each do |iface|
docker['network']['managed_interfaces'][iface] = network if %r{#{network_id}}.match?(iface)
end
end
docker
rescue JSON::ParserError
nil
end
end
end
end

12
environments/production/thirdparty/docker/lib/puppet/functions/docker/env.rb vendored Normal file
View file

@ -0,0 +1,12 @@
# frozen_string_literal: true
Puppet::Functions.create_function(:'docker::env') do
dispatch :env do
param 'Array', :args
return_type 'Array'
end
def env(args)
args
end
end

155
environments/production/thirdparty/docker/lib/puppet/functions/docker_params_changed.rb vendored Normal file
View file

@ -0,0 +1,155 @@
# frozen_string_literal: true
Puppet::Functions.create_function(:docker_params_changed) do
dispatch :detect_changes do
param 'Hash', :opts
return_type 'String'
end
def run_with_powershell(cmd)
"powershell.exe -Command \"& {#{cmd}}\" "
end
def remove_cidfile(cidfile, osfamily)
delete_command = if osfamily == 'windows'
run_with_powershell("del #{cidfile}")
else
"rm -f #{cidfile}"
end
_stdout, _stderr, _status = Open3.capture3(delete_command)
end
def start_container(name, osfamily)
start_command = if osfamily == 'windows'
run_with_powershell("docker start #{name}")
else
"docker start #{name}"
end
_stdout, _stderr, _status = Open3.capture3(start_command)
end
def stop_container(name, osfamily)
stop_command = if osfamily == 'windows'
run_with_powershell("docker stop #{name}")
else
"docker stop #{name}"
end
_stdout, _stderr, _status = Open3.capture3(stop_command)
end
def remove_container(name, osfamily, stop_wait_time, cidfile)
stop_command = if osfamily == 'windows'
run_with_powershell("docker stop --time=#{stop_wait_time} #{name}")
else
"docker stop --time=#{stop_wait_time} #{name}"
end
_stdout, _stderr, _status = Open3.capture3(stop_command)
remove_command = if osfamily == 'windows'
run_with_powershell("docker rm -v #{name}")
else
"docker rm -v #{name}"
end
_stdout, _stderr, _status = Open3.capture3(remove_command)
remove_cidfile(cidfile, osfamily)
end
def create_container(cmd, osfamily, image)
pull_command = if osfamily == 'windows'
run_with_powershell("docker pull #{image} -q")
else
"docker pull #{image} -q"
end
_stdout, _stderr, _status = Open3.capture3(pull_command)
create_command = if osfamily == 'windows'
run_with_powershell(cmd)
else
cmd
end
_stdout, _stderr, _status = Open3.capture3(create_command)
end
def detect_changes(opts)
require 'open3'
require 'json'
return_value = 'No changes detected'
if opts['sanitised_title'] && opts['osfamily']
stdout, _stderr, status = Open3.capture3("docker inspect #{opts['sanitised_title']}")
if status.to_s.include?('exit 0')
param_changed = false
inspect_hash = JSON.parse(stdout)[0]
# check if the image was changed
param_changed = true if opts['image'] && opts['image'] != inspect_hash['Config']['Image']
# check if something on volumes or mounts was changed(a new volume/mount was added or removed)
param_changed = true if opts['volumes'].is_a?(String) && opts['volumes'].include?(':') && opts['volumes'] != inspect_hash['Mounts'].to_a[0] && opts['osfamily'] != 'windows'
param_changed = true if opts['volumes'].is_a?(String) && !opts['volumes'].include?(':') && opts['volumes'] != inspect_hash['Config']['Volumes'].to_a[0] && opts['osfamily'] != 'windows'
param_changed = true if opts['volumes'].is_a?(String) && opts['volumes'].scan(%r{(?=:)}).count == 2 && opts['volumes'] != inspect_hash['Mounts'].to_a[0] && opts['osfamily'] == 'windows'
if opts['volumes'].is_a?(String) && opts['volumes'].scan(%r{(?=:)}).count == 1 && opts['volumes'] != inspect_hash['Config']['Volumes'].to_a[0] && opts['osfamily'] == 'windows'
param_changed = true
end
pp_paths = opts['volumes'].reject { |item| item.include?(':') } if opts['volumes'].is_a?(Array) && opts['osfamily'] != 'windows'
pp_mounts = opts['volumes'].select { |item| item.include?(':') } if opts['volumes'].is_a?(Array) && opts['osfamily'] != 'windows'
pp_paths = opts['volumes'].select { |item| item.scan(%r{(?=:)}).count == 1 } if opts['volumes'].is_a?(Array) && opts['osfamily'] == 'windows'
pp_mounts = opts['volumes'].select { |item| item.scan(%r{(?=:)}).count == 2 } if opts['volumes'].is_a?(Array) && opts['osfamily'] == 'windows'
inspect_paths = if inspect_hash['Config']['Volumes']
inspect_hash['Config']['Volumes'].keys
else
[]
end
param_changed = true if pp_paths != inspect_paths
names = inspect_hash['Mounts'].map { |item| item.values[1] } if inspect_hash['Mounts']
pp_names = pp_mounts.map { |item| item.split(':')[0] } if pp_mounts
names = names.select { |item| pp_names.include?(item) } if names && pp_names
destinations = inspect_hash['Mounts'].map { |item| item.values[3] } if inspect_hash['Mounts']
pp_destinations = pp_mounts.map { |item| item.split(':')[1] } if pp_mounts && opts['osfamily'] != 'windows'
pp_destinations = pp_mounts.map { |item| "#{item.split(':')[1].downcase}:#{item.split(':')[2]}" } if pp_mounts && opts['osfamily'] == 'windows'
destinations = destinations.select { |item| pp_destinations.include?(item) } if destinations && pp_destinations
param_changed = true if pp_names != names
param_changed = true if pp_destinations != destinations
param_changed = true if pp_mounts != [] && inspect_hash['Mounts'].nil?
# check if something on ports was changed(some ports were added or removed)
ports = inspect_hash['HostConfig']['PortBindings'].keys
ports = ports.map { |item| item.split('/')[0] }
pp_ports = opts['ports'].sort if opts['ports'].is_a?(Array)
pp_ports = [opts['ports']] if opts['ports'].is_a?(String)
param_changed = true if pp_ports && pp_ports != ports
if param_changed
remove_container(opts['sanitised_title'], opts['osfamily'], opts['stop_wait_time'], opts['cidfile'])
create_container(opts['command'], opts['osfamily'], opts['image'])
return_value = 'Param changed'
end
else
create_container(opts['command'], opts['osfamily'], opts['image']) unless File.exist?(opts['cidfile'])
_stdout, _stderr, status = Open3.capture3("docker inspect #{opts['sanitised_title']}")
unless status.to_s.include?('exit 0')
remove_cidfile(opts['cidfile'], opts['osfamily'])
create_container(opts['command'], opts['osfamily'], opts['image'])
end
return_value = 'No changes detected'
end
else
return_value = 'Arg required missing'
end
if opts['container_running']
start_container(opts['sanitised_title'], opts['osfamily'])
else
stop_container(opts['sanitised_title'], opts['osfamily'])
end
return_value
end
end

25
environments/production/thirdparty/docker/lib/puppet/parser/functions/docker_exec_flags.rb vendored Normal file
View file

@ -0,0 +1,25 @@
# frozen_string_literal: true
require 'shellwords'
#
# docker_exec_flags.rb
#
module Puppet::Parser::Functions
# Transforms a hash into a string of docker exec flags
newfunction(:docker_exec_flags, type: :rvalue) do |args|
opts = args[0] || {}
flags = []
flags << '--detach=true' if opts['detach']
flags << '--interactive=true' if opts['interactive']
flags << '--tty=true' if opts['tty']
opts['env']&.each do |namevaluepair|
flags << "--env #{namevaluepair}"
end
flags.flatten.join(' ')
end
end

20
environments/production/thirdparty/docker/lib/puppet/parser/functions/docker_plugin_enable_flags.rb vendored Normal file
View file

@ -0,0 +1,20 @@
# frozen_string_literal: true
require 'shellwords'
#
# docker_plugin_remove_flags.rb
#
module Puppet::Parser::Functions
# Transforms a hash into a string of docker plugin remove flags
newfunction(:docker_plugin_enable_flags, type: :rvalue) do |args|
opts = args[0] || {}
flags = []
flags << '--force' if opts['force_remove'] == true
if opts['plugin_alias'] && opts['plugin_alias'].to_s != 'undef'
flags << "'#{opts['plugin_alias']}'"
elsif opts['plugin_name'] && opts['plugin_name'].to_s != 'undef'
flags << "'#{opts['plugin_name']}'"
end
flags.flatten.join(' ')
end
end

24
environments/production/thirdparty/docker/lib/puppet/parser/functions/docker_plugin_install_flags.rb vendored Normal file
View file

@ -0,0 +1,24 @@
# frozen_string_literal: true
require 'shellwords'
#
# docker_plugin_install_flags.rb
#
module Puppet::Parser::Functions
# Transforms a hash into a string of docker plugin install flags
newfunction(:docker_plugin_install_flags, type: :rvalue) do |args|
opts = args[0] || {}
flags = []
flags << "--alias #{opts['plugin_alias']}" if opts['plugin_alias'] && opts['plugin_alias'].to_s != 'undef'
flags << '--disable' if opts['disable_on_install'] == true
flags << '--disable-content-trust' if opts['disable_content_trust'] == true
flags << '--grant-all-permissions' if opts['grant_all_permissions'] == true
flags << "'#{opts['plugin_name']}'" if opts['plugin_name'] && opts['plugin_name'].to_s != 'undef'
if opts['settings'].is_a? Array
opts['settings'].each do |setting|
flags << setting.to_s
end
end
flags.flatten.join(' ')
end
end

16
environments/production/thirdparty/docker/lib/puppet/parser/functions/docker_plugin_remove_flags.rb vendored Normal file
View file

@ -0,0 +1,16 @@
# frozen_string_literal: true
require 'shellwords'
#
# docker_plugin_remove_flags.rb
#
module Puppet::Parser::Functions
# Transforms a hash into a string of docker plugin remove flags
newfunction(:docker_plugin_remove_flags, type: :rvalue) do |args|
opts = args[0] || {}
flags = []
flags << '--force' if opts['force_remove'] == true
flags << "'#{opts['plugin_name']}'" if opts['plugin_name'] && opts['plugin_name'].to_s != 'undef'
flags.flatten.join(' ')
end
end

96
environments/production/thirdparty/docker/lib/puppet/parser/functions/docker_run_flags.rb vendored Normal file
View file

@ -0,0 +1,96 @@
# frozen_string_literal: true
#
# docker_run_flags.rb
#
module Puppet::Parser::Functions
newfunction(:'docker::escape', type: :rvalue) do |args|
subject = args[0]
escape_function = if self['facts'] && self['facts']['os']['family'] == 'windows'
'stdlib::powershell_escape'
else
'stdlib::shell_escape'
end
call_function(escape_function, subject)
end
# Transforms a hash into a string of docker flags
newfunction(:docker_run_flags, type: :rvalue) do |args|
opts = args[0] || {}
flags = []
flags << "-u #{call_function('docker::escape', [opts['username']])}" if opts['username']
flags << "-h #{call_function('docker::escape', [opts['hostname']])}" if opts['hostname']
flags << "--restart '#{opts['restart']}'" if opts['restart']
if opts['net']
if opts['net'].is_a? String
flags << "--net #{call_function('docker::escape', [opts['net']])}"
elsif opts['net'].is_a? Array
flags += opts['net'].map { |item| ["--net #{call_function('docker::escape', [item])}"] }
end
end
flags << "-m #{opts['memory_limit']}" if opts['memory_limit']
cpusets = [opts['cpuset']].flatten.compact
unless cpusets.empty?
value = cpusets.join(',')
flags << "--cpuset-cpus=#{value}"
end
flags << '-n false' if opts['disable_network']
flags << '--privileged' if opts['privileged']
flags << "--health-cmd='#{opts['health_check_cmd']}'" if opts['health_check_cmd'] && opts['health_check_cmd'].to_s != 'undef'
flags << "--health-interval=#{opts['health_check_interval']}s" if opts['health_check_interval'] && opts['health_check_interval'].to_s != 'undef'
flags << '-t' if opts['tty']
flags << '--read-only=true' if opts['read_only']
params_join_char = if opts['osfamily'] && opts['osfamily'].to_s != 'undef'
opts['osfamily'].casecmp('windows').zero? ? " `\n" : " \\\n"
else
" \\\n"
end
multi_flags = ->(values, fmt) {
filtered = [values].flatten.compact
filtered.map { |val| (fmt + params_join_char) % call_function('docker::escape', [val]) }
}
[
['--dns %s', 'dns'],
['--dns-search %s', 'dns_search'],
['--expose=%s', 'expose'],
['--link %s', 'links'],
['--lxc-conf=%s', 'lxc_conf'],
['--volumes-from %s', 'volumes_from'],
['-e %s', 'env'],
['--env-file %s', 'env_file'],
['-p %s', 'ports'],
['-l %s', 'labels'],
['--add-host %s', 'hostentries'],
['-v %s', 'volumes'],
].each do |(format, key)|
values = opts[key]
new_flags = multi_flags.call(values, format)
flags.concat(new_flags)
end
opts['extra_params'].each do |param|
flags << param
end
# Some software (inc systemd) will truncate very long lines using glibc's
# max line length. Wrap options across multiple lines with '\' to avoid
flags.flatten.join(params_join_char)
end
end

33
environments/production/thirdparty/docker/lib/puppet/parser/functions/docker_secrets_flags.rb vendored Normal file
View file

@ -0,0 +1,33 @@
# frozen_string_literal: true
require 'shellwords'
#
# docker_secrets_flags.rb
#
module Puppet::Parser::Functions
# Transforms a hash into a string of docker swarm init flags
newfunction(:docker_secrets_flags, type: :rvalue) do |args|
opts = args[0] || {}
flags = []
flags << 'create' if opts['ensure'].to_s == 'present'
flags << "'#{opts['secret_name']}'" if opts['secret_name'] && opts['secret_name'].to_s != 'undef'
flags << "'#{opts['secret_path']}'" if opts['secret_path'] && opts['secret_path'].to_s != 'undef'
multi_flags = ->(values, format) {
filtered = [values].flatten.compact
filtered.map { |val| format + (" \\\n" % val) }
}
[
['-l %s', 'label'],
].each do |(format, key)|
values = opts[key]
new_flags = multi_flags.call(values, format)
flags.concat(new_flags)
end
flags.flatten.join(' ')
end
end

83
environments/production/thirdparty/docker/lib/puppet/parser/functions/docker_service_flags.rb vendored Normal file
View file

@ -0,0 +1,83 @@
# frozen_string_literal: true
require 'shellwords'
#
# docker_service_flags.rb
#
module Puppet::Parser::Functions
# Transforms a hash into a string of docker swarm init flags
newfunction(:docker_service_flags, type: :rvalue) do |args|
opts = args[0] || {}
flags = []
flags << "'#{opts['service_name']}'" if opts['service_name'] && opts['service_name'].to_s != 'undef'
flags << '--detach' if opts['detach'].to_s != 'false'
if opts['env'].is_a? Array
opts['env'].each do |env|
flags << "--env '#{env}'"
end
end
if opts['label'].is_a? Array
opts['label'].each do |label|
flags << "--label #{label}"
end
end
if opts['mounts'].is_a? Array
opts['mounts'].each do |mount|
flags << "--mount #{mount}"
end
end
if opts['networks'].is_a? Array
opts['networks'].each do |network|
flags << "--network #{network}"
end
end
if opts['publish'].is_a? Array
opts['publish'].each do |port|
flags << "--publish #{port}"
end
elsif opts['publish'] && opts['publish'].to_s != 'undef'
flags << "--publish '#{opts['publish']}'"
end
flags << "--replicas '#{opts['replicas']}'" if opts['replicas'] && opts['replicas'].to_s != 'undef'
flags << '--tty' if opts['tty'].to_s != 'false'
flags << "--user '#{opts['user']}'" if opts['user'] && opts['user'].to_s != 'undef'
flags << "--workdir '#{opts['workdir']}'" if opts['workdir'] && opts['workdir'].to_s != 'undef'
if opts['extra_params'].is_a? Array
opts['extra_params'].each do |param|
flags << param
end
end
flags << "-H '#{opts['host_socket']}'" if opts['host_socket'] && opts['host_socket'].to_s != 'undef'
if opts['registry_mirror'].is_a? Array
opts['registry_mirror'].each do |param|
flags << "--registry-mirror='#{param}'"
end
elsif opts['registry_mirror'] && opts['registry_mirror'].to_s != 'undef'
flags << "--registry-mirror='#{opts['registry_mirror']}'"
end
flags << "'#{opts['image']}'" if opts['image'] && opts['image'].to_s != 'undef'
if opts['command'].is_a? Array
flags << opts['command'].join(' ')
elsif opts['command'] && opts['command'].to_s != 'undef'
flags << opts['command'].to_s
end
flags.flatten.join(' ')
end
end

29
environments/production/thirdparty/docker/lib/puppet/parser/functions/docker_stack_flags.rb vendored Normal file
View file

@ -0,0 +1,29 @@
# frozen_string_literal: true
require 'shellwords'
#
# docker_stack_flags.rb
#
module Puppet::Parser::Functions
# Transforms a hash into a string of docker stack flags
newfunction(:docker_stack_flags, type: :rvalue) do |args|
opts = args[0] || {}
flags = []
flags << "--bundle-file '#{opts['bundle_file']}'" if opts['bundle_file'] && opts['bundle_file'].to_s != 'undef'
if opts['compose_files'] && opts['compose_files'].to_s != 'undef'
opts['compose_files'].each do |file|
flags << "--compose-file '#{file}'"
end
end
flags << "--resolve-image '#{opts['resolve_image']}'" if opts['resolve_image'] && opts['resolve_image'].to_s != 'undef'
flags << '--prune' if opts['prune'] && opts['prune'].to_s != 'undef'
flags << '--with-registry-auth' if opts['with_registry_auth'] && opts['with_registry_auth'].to_s != 'undef'
flags.flatten.join(' ')
end
end

43
environments/production/thirdparty/docker/lib/puppet/parser/functions/docker_swarm_init_flags.rb vendored Normal file
View file

@ -0,0 +1,43 @@
# frozen_string_literal: true
require 'shellwords'
#
# docker_swarm_init_flags.rb
#
module Puppet::Parser::Functions
# Transforms a hash into a string of docker swarm init flags
newfunction(:docker_swarm_init_flags, type: :rvalue) do |args|
opts = args[0] || {}
flags = []
flags << 'init' if opts['init'].to_s != 'false'
flags << "--advertise-addr '#{opts['advertise_addr']}'" if opts['advertise_addr'] && opts['advertise_addr'].to_s != 'undef'
flags << '--autolock' if opts['autolock'].to_s != 'false'
flags << "--cert-expiry '#{opts['cert_expiry']}'" if opts['cert_expiry'] && opts['cert_expiry'].to_s != 'undef'
if opts['default_addr_pool'].is_a? Array
opts['default_addr_pool'].each do |default_addr_pool|
flags << "--default-addr-pool #{default_addr_pool}"
end
end
flags << "--default-addr-pool-mask-length '#{opts['default_addr_pool_mask_length']}'" if opts['default_addr_pool_mask_length'] && opts['default_addr_pool_mask_length'].to_s != 'undef'
flags << "--dispatcher-heartbeat '#{opts['dispatcher_heartbeat']}'" if opts['dispatcher_heartbeat'] && opts['dispatcher_heartbeat'].to_s != 'undef'
flags << "--external-ca '#{opts['external_ca']}'" if opts['external_ca'] && opts['external_ca'].to_s != 'undef'
flags << '--force-new-cluster' if opts['force_new_cluster'].to_s != 'false'
flags << "--listen-addr '#{opts['listen_addr']}'" if opts['listen_addr'] && opts['listen_addr'].to_s != 'undef'
flags << "--max-snapshots '#{opts['max_snapshots']}'" if opts['max_snapshots'] && opts['max_snapshots'].to_s != 'undef'
flags << "--snapshot-interval '#{opts['snapshot_interval']}'" if opts['snapshot_interval'] && opts['snapshot_interval'].to_s != 'undef'
flags.flatten.join(' ')
end
end

23
environments/production/thirdparty/docker/lib/puppet/parser/functions/docker_swarm_join_flags.rb vendored Normal file
View file

@ -0,0 +1,23 @@
# frozen_string_literal: true
require 'shellwords'
#
# docker_swarm_join_flags.rb
#
module Puppet::Parser::Functions
# Transforms a hash into a string of docker swarm init flags
newfunction(:docker_swarm_join_flags, type: :rvalue) do |args|
opts = args[0] || {}
flags = []
flags << 'join' if opts['join'].to_s != 'false'
flags << "--advertise-addr '#{opts['advertise_addr']}'" if opts['advertise_addr'] && opts['advertise_addr'].to_s != 'undef'
flags << "--listen-addr \"#{opts['listen_addr']}\"" if opts['listen_addr'] && opts['listen_addr'].to_s != 'undef'
flags << "--token '#{opts['token']}'" if opts['token'] && opts['token'].to_s != 'undef'
flags.flatten.join(' ')
end
end

109
environments/production/thirdparty/docker/lib/puppet/provider/docker_compose/ruby.rb vendored Normal file
View file

@ -0,0 +1,109 @@
# frozen_string_literal: true
require 'deep_merge'
Puppet::Type.type(:docker_compose).provide(:ruby) do
desc 'Support for Puppet running Docker Compose'
mk_resource_methods
has_command(:docker, 'docker')
def set_tmpdir
return unless resource[:tmpdir]
# Check if the the tmpdir target exists
Puppet.warning("#{resource[:tmpdir]} (defined as docker_compose tmpdir) does not exist") unless Dir.exist?(resource[:tmpdir])
# Set TMPDIR environment variable only if defined among resources and exists
ENV['TMPDIR'] = resource[:tmpdir] if Dir.exist?(resource[:tmpdir])
end
def exists?
Puppet.info("Checking for compose project #{name}")
compose_services = {}
compose_containers = []
set_tmpdir
# get merged config using docker-compose config
args = ['compose', compose_files, '-p', name, 'config'].insert(3, resource[:options]).compact
compose_output = Puppet::Util::Yaml.safe_load(execute([command(:docker)] + args, combine: false), [Symbol])
containers = docker([
'ps',
'--format',
"'{{.Label \"com.docker.compose.service\"}}-{{.Image}}'",
'--filter',
"label=com.docker.compose.project=#{name}",
]).split("\n")
compose_containers.push(*containers)
compose_services = compose_output['services']
return false if compose_services.count != compose_containers.uniq.count
counts = Hash[*compose_services.each.map { |key, array|
image = array['image'] || get_image(key, compose_services)
Puppet.info("Checking for compose service #{key} #{image}")
[key, compose_containers.count("'#{key}-#{image}'")]
}.flatten]
# No containers found for the project
if counts.empty? ||
# Containers described in the compose file are not running
counts.any? { |_k, v| v.zero? } ||
# The scaling factors in the resource do not match the number of running containers
(resource[:scale] && counts.merge(resource[:scale]) != counts)
false
else
true
end
end
def get_image(service_name, compose_services)
image = compose_services[service_name]['image']
unless image
if compose_services[service_name]['extends']
image = get_image(compose_services[service_name]['extends'], compose_services)
elsif compose_services[service_name]['build']
image = "#{name}_#{service_name}"
end
end
image
end
def create
Puppet.info("Running compose project #{name}")
args = ['compose', compose_files, '-p', name, 'up', '-d', '--remove-orphans'].insert(3, resource[:options]).insert(5, resource[:up_args]).compact
docker(args)
return unless resource[:scale]
instructions = resource[:scale].map { |k, v| "#{k}=#{v}" }
Puppet.info("Scaling compose project #{name}: #{instructions.join(' ')}")
args = ['compose', compose_files, '-p', name, 'scale'].insert(3, resource[:options]).compact + instructions
docker(args)
end
def destroy
Puppet.info("Removing all containers for compose project #{name}")
kill_args = ['compose', compose_files, '-p', name, 'kill'].insert(3, resource[:options]).compact
docker(kill_args)
rm_args = ['compose', compose_files, '-p', name, 'rm', '--force', '-v'].insert(3, resource[:options]).compact
docker(rm_args)
end
def restart
return unless exists?
Puppet.info("Rebuilding and Restarting all containers for compose project #{name}")
kill_args = ['compose', compose_files, '-p', name, 'kill'].insert(3, resource[:options]).compact
docker(kill_args)
build_args = ['compose', compose_files, '-p', name, 'build'].insert(3, resource[:options]).compact
docker(build_args)
create
end
def compose_files
resource[:compose_files].map { |x| ['-f', x] }.flatten
end
end

95
environments/production/thirdparty/docker/lib/puppet/provider/docker_network/ruby.rb vendored Normal file
View file

@ -0,0 +1,95 @@
# frozen_string_literal: true
require 'json'
Puppet::Type.type(:docker_network).provide(:ruby) do
desc 'Support for Docker Networking'
mk_resource_methods
has_command(:docker, 'docker')
def network_conf
flags = ['network', 'create']
multi_flags = ->(values, format) {
filtered = [values].flatten.compact
filtered.map { |val| format % val }
}
[
['--driver=%s', :driver],
['--subnet=%s', :subnet],
['--gateway=%s', :gateway],
['--ip-range=%s', :ip_range],
['--ipam-driver=%s', :ipam_driver],
['--aux-address=%s', :aux_address],
['--opt=%s', :options],
].each do |(format, key)|
values = resource[key]
new_flags = multi_flags.call(values, format)
flags.concat(new_flags)
end
if defined?(resource[:additional_flags])
additional_flags = []
if resource[:additional_flags].is_a?(String)
additional_flags = resource[:additional_flags].split
elsif resource[:additional_flags].is_a?(Array)
additional_flags = resource[:additional_flags]
end
additional_flags.each do |additional_flag|
flags << additional_flag
end
end
flags << resource[:name]
end
def self.instances
output = docker(['network', 'ls'])
lines = output.split("\n")
lines.shift # remove header row
lines.map do |line|
_, name, driver = line.split
inspect = docker(['network', 'inspect', name])
obj = JSON.parse(inspect).first
ipam_driver = (obj['IPAM']['Driver'] unless obj['IPAM']['Driver'].nil?)
subnet = (obj['IPAM']['Config'].first['Subnet'] if !(obj['IPAM']['Config'].nil? || obj['IPAM']['Config'].empty?) && (obj['IPAM']['Config'].first.key? 'Subnet'))
new(
name: name,
id: obj['Id'],
ipam_driver: ipam_driver,
subnet: subnet,
ensure: :present,
driver: driver,
)
end
end
def self.prefetch(resources)
instances.each do |prov|
if resource = resources[prov.name] # rubocop:disable Lint/AssignmentInCondition
resource.provider = prov
end
end
end
def flush
raise Puppet::Error, _('Docker network does not support mutating existing networks') if !@property_hash.empty? && @property_hash[:ensure] != :absent
end
def exists?
Puppet.info("Checking if docker network #{name} exists")
@property_hash[:ensure] == :present
end
def create
Puppet.info("Creating docker network #{name}")
docker(network_conf)
end
def destroy
Puppet.info("Removing docker network #{name}")
docker(['network', 'rm', name])
end
end

88
environments/production/thirdparty/docker/lib/puppet/provider/docker_stack/ruby.rb vendored Normal file
View file

@ -0,0 +1,88 @@
# frozen_string_literal: true
require 'deep_merge'
Puppet::Type.type(:docker_stack).provide(:ruby) do
desc 'Support for Puppet running Docker Stacks'
mk_resource_methods
has_command(:docker, 'docker')
def exists?
Puppet.info("Checking for stack #{name}")
stack_services = {}
stack_containers = []
resource[:compose_files].each do |file|
compose_file = YAML.safe_load(File.read(file), [], [], true)
# rubocop:disable Style/StringLiterals
containers = docker([
'ps',
'--format',
"{{.Label \"com.docker.swarm.service.name\"}}-{{.Image}}",
'--filter',
"label=com.docker.stack.namespace=#{name}",
]).split("\n").each do |c|
c.slice!("#{name}_")
end
stack_containers.push(*containers)
stack_containers.uniq!
# rubocop:enable Style/StringLiterals
case compose_file['version']
when %r{^3(\.[0-7])?$}
stack_services.merge!(compose_file['services'])
else
raise(Puppet::Error, "Unsupported docker compose file syntax version \"#{compose_file['version']}\"!")
end
end
return false if stack_services.count != stack_containers.count
counts = Hash[*stack_services.each.map { |key, array|
image = array['image'] || get_image(key, stack_services)
image = "#{image}:latest" unless image.include?(':')
Puppet.info("Checking for compose service #{key} #{image}")
["#{key}-#{image}", stack_containers.count("#{key}-#{image}")]
}.flatten]
# No containers found for the project
if counts.empty? ||
# Containers described in the compose file are not running
counts.any? { |_k, v| v.zero? }
false
else
true
end
end
def get_image(service_name, stack_services)
image = stack_services[service_name]['image']
unless image
if stack_services[service_name]['extends']
image = get_image(stack_services[service_name]['extends'], stack_services)
elsif stack_services[service_name]['build']
image = "#{name}_#{service_name}"
end
end
image
end
def create
Puppet.info("Running stack #{name}")
args = ['stack', 'deploy', compose_files, name].insert(1, bundle_file).insert(4, resource[:up_args]).compact
docker(args)
end
def destroy
Puppet.info("Removing docker stack #{name}")
rm_args = ['stack', 'rm', name]
docker(rm_args)
end
def bundle_file
return resource[:bundle_file].map { |x| ['-c', x] }.flatten unless resource[:bundle_file].nil?
end
def compose_files
resource[:compose_files].map { |x| ['-c', x] }.flatten
end
end

70
environments/production/thirdparty/docker/lib/puppet/provider/docker_volume/ruby.rb vendored Normal file
View file

@ -0,0 +1,70 @@
# frozen_string_literal: true
require 'json'
Puppet::Type.type(:docker_volume).provide(:ruby) do
desc 'Support for Docker Volumes'
mk_resource_methods
has_command(:docker, 'docker')
def volume_conf
flags = ['volume', 'create']
multi_flags = ->(values, format) {
filtered = [values].flatten.compact
filtered.map { |val| format % val }
}
[
['--driver=%s', :driver],
['--opt=%s', :options],
].each do |(format, key)|
values = resource[key]
new_flags = multi_flags.call(values, format)
flags.concat(new_flags)
end
flags << resource[:name]
end
def self.instances
output = docker(['volume', 'ls'])
lines = output.split("\n")
lines.shift # remove header row
lines.map do |line|
driver, name = line.split
inspect = docker(['volume', 'inspect', name])
obj = JSON.parse(inspect).first
new(
name: name,
mountpoint: obj['Mountpoint'],
options: obj['Options'],
ensure: :present,
driver: driver,
)
end
end
def self.prefetch(resources)
instances.each do |prov|
if (resource = resources[prov.name])
resource.provider = prov
end
end
end
def exists?
Puppet.info("Checking if docker volume #{name} exists")
@property_hash[:ensure] == :present
end
def create
Puppet.info("Creating docker volume #{name}")
docker(volume_conf)
end
def destroy
Puppet.info("Removing docker volume #{name}")
docker(['volume', 'rm', name])
end
end

61
environments/production/thirdparty/docker/lib/puppet/type/docker_compose.rb vendored Normal file
View file

@ -0,0 +1,61 @@
# frozen_string_literal: true
Puppet::Type.newtype(:docker_compose) do
@doc = 'A type representing a Docker Compose file'
ensurable
def refresh
provider.restart
end
newparam(:scale) do
desc 'A hash of compose services and number of containers.'
validate do |value|
raise _('scale should be a Hash') unless value.is_a? Hash
raise _('The name of the compose service in scale should be a String') unless value.all? { |k, _v| k.is_a? String }
raise _('The number of containers in scale should be an Integer') unless value.all? { |_k, v| v.is_a? Integer }
end
end
newparam(:options) do
desc 'Additional options to be passed directly to docker-compose.'
validate do |value|
raise _('options should be an Array') unless value.is_a? Array
end
end
newparam(:up_args) do
desc 'Arguments to be passed directly to docker-compose up.'
validate do |value|
raise _('up_args should be a String') unless value.is_a? String
end
end
newparam(:compose_files, array_matching: :all) do
desc 'An array of Docker Compose Files paths.'
validate do |value|
raise _('compose files should be an array') unless value.is_a? Array
end
end
newparam(:name) do
isnamevar
desc 'The name of the project'
end
newparam(:tmpdir) do
desc "Override the temporary directory used by docker-compose.
This property is useful when the /tmp directory has been mounted
with the noexec option. Or is otherwise being prevented It allows the module consumer to redirect
docker-composes temporary files to a known directory.
The directory passed to this property must exist and be accessible
by the user that is executing the puppet agent.
"
validate do |value|
raise _('tmpdir should be a String') unless value.is_a? String
end
end
end

50
environments/production/thirdparty/docker/lib/puppet/type/docker_network.rb vendored Normal file
View file

@ -0,0 +1,50 @@
# frozen_string_literal: true
Puppet::Type.newtype(:docker_network) do
@doc = 'Type representing a Docker network'
ensurable
newparam(:name) do
isnamevar
desc 'The name of the network'
end
newproperty(:driver) do
desc 'The network driver used by the network'
end
newparam(:subnet, array_matching: :all) do
desc 'The subnet in CIDR format that represents a network segment'
end
newparam(:gateway) do
desc 'An ipv4 or ipv6 gateway for the server subnet'
end
newparam(:ip_range) do
desc 'The range of IP addresses used by the network'
end
newproperty(:ipam_driver) do
desc 'The IPAM (IP Address Management) driver'
end
newparam(:aux_address) do
desc 'Auxiliary ipv4 or ipv6 addresses used by the Network driver'
end
newparam(:options) do
desc 'Additional options for the network driver'
end
newparam(:additional_flags) do
desc "Additional flags for the 'docker network create'"
end
newproperty(:id) do
desc 'The ID of the network provided by Docker'
validate do |value|
raise(Puppet::ParseError, "#{value} is read-only and is only available via puppet resource.")
end
end
end

33
environments/production/thirdparty/docker/lib/puppet/type/docker_stack.rb vendored Normal file
View file

@ -0,0 +1,33 @@
# frozen_string_literal: true
Puppet::Type.newtype(:docker_stack) do
@doc = 'A type representing a Docker Stack'
ensurable
newparam(:bundle_file) do
desc 'Path to a Distributed Application Bundle file.'
validate do |value|
raise _('bundle files should be a string') unless value.is_a? String
end
end
newparam(:compose_files, array_matching: :all) do
desc 'An array of Docker Compose Files paths.'
validate do |value|
raise _('compose files should be an array') unless value.is_a? Array
end
end
newparam(:up_args) do
desc 'Arguments to be passed directly to docker stack deploy.'
validate do |value|
raise _('up_args should be a String') unless value.is_a? String
end
end
newparam(:name) do
isnamevar
desc 'The name of the stack'
end
end

26
environments/production/thirdparty/docker/lib/puppet/type/docker_volume.rb vendored Normal file
View file

@ -0,0 +1,26 @@
# frozen_string_literal: true
Puppet::Type.newtype(:docker_volume) do
@doc = 'A type representing a Docker volume'
ensurable
newparam(:name) do
isnamevar
desc 'The name of the volume'
end
newproperty(:driver) do
desc 'The volume driver used by the volume'
end
newparam(:options) do
desc 'Additional options for the volume driver'
end
newproperty(:mountpoint) do
desc 'The location that the volume is mounted to'
validate do |value|
raise(Puppet::ParseError, "#{value} is read-only and is only available via puppet resource.")
end
end
end

54
environments/production/thirdparty/docker/manifests/compose.pp vendored Normal file
View file

@ -0,0 +1,54 @@
# @summary install Docker Compose using the recommended curl command.
#
# @param ensure
# Whether to install or remove Docker Compose
# Valid values are absent present
#
# @param version
# The version of Docker Compose to install.
#
class docker::compose (
Enum[present,absent] $ensure = present,
Optional[String] $version = undef,
) {
include docker
if $docker::manage_package {
include docker::params
$_version = $version ? {
undef => $docker::params::compose_version,
default => $version,
}
if $_version and $ensure != 'absent' {
$package_ensure = $_version
} else {
$package_ensure = $ensure
}
case $facts['os']['family'] {
'Debian': {
$_require = $docker::use_upstream_package_source ? {
true => [Apt::Source['docker'], Class['apt::update']],
false => undef,
}
}
'RedHat': {
$_require = $docker::use_upstream_package_source ? {
true => Yumrepo['docker'],
false => undef,
}
}
'Windows': {
fail('The docker compose portion of this module is not supported on Windows')
}
default: {
fail('The docker compose portion of this module only works on Debian or RedHat')
}
}
package { 'docker-compose-plugin':
ensure => $package_ensure,
require => $_require,
}
}
}

16
environments/production/thirdparty/docker/manifests/config.pp vendored Normal file
View file

@ -0,0 +1,16 @@
# @summary Configuration for docker
# @api private
#
class docker::config {
if $facts['os']['family'] != 'windows' {
$docker::docker_users.each |$user| {
docker::system_user { $user:
create_user => $docker::create_user,
}
}
} else {
$docker::docker_users.each |$user| {
docker::windows_account { $user: }
}
}
}

81
environments/production/thirdparty/docker/manifests/exec.pp vendored Normal file
View file

@ -0,0 +1,81 @@
# @summary
# A define which executes a command inside a container.
#
# @param detach
# @param interactive
# @param env
# @param tty
# @param container
# @param command
# @param unless
# @param sanitise_name
# @param refreshonly
# @param onlyif
#
define docker::exec (
Boolean $detach = false,
Boolean $interactive = false,
Array $env = [],
Boolean $tty = false,
Optional[String] $container = undef,
Optional[String] $command = undef,
Optional[String] $unless = undef,
Boolean $sanitise_name = true,
Boolean $refreshonly = false,
Optional[String] $onlyif = undef,
) {
include docker::params
$docker_command = $docker::params::docker_command
if $facts['os']['family'] == 'windows' {
$exec_environment = "PATH=${facts['docker_program_files_path']}/Docker/"
$exec_timeout = 3000
$exec_path = ["${facts['docker_program_files_path']}/Docker/",]
$exec_provider = 'powershell'
} else {
$exec_environment = 'HOME=/root'
$exec_path = ['/bin', '/usr/bin',]
$exec_timeout = 0
$exec_provider = undef
}
$docker_exec_flags = docker_exec_flags({
detach => $detach,
interactive => $interactive,
tty => $tty,
env => any2array($env),
}
)
if $sanitise_name {
$sanitised_container = regsubst($container, '[^0-9A-Za-z.\-_]', '-', 'G')
} else {
$sanitised_container = $container
}
$exec = "${docker_command} exec ${docker_exec_flags} ${sanitised_container} ${command}"
$unless_command = $unless ? {
undef => undef,
'' => undef,
default => "${docker_command} exec ${docker_exec_flags} ${sanitised_container} ${$unless}",
}
$onlyif_command = $onlyif ? {
undef => undef,
'' => undef,
'running' => "${docker_command} ps --no-trunc --format='table {{.Names}}' | grep '^${sanitised_container}$'",
default => $onlyif
}
exec { $exec:
environment => $exec_environment,
onlyif => $onlyif_command,
path => $exec_path,
refreshonly => $refreshonly,
timeout => $exec_timeout,
provider => $exec_provider,
unless => $unless_command,
}
}

185
environments/production/thirdparty/docker/manifests/image.pp vendored Normal file
View file

@ -0,0 +1,185 @@
# @summary
# Module to install an up-to-date version of a Docker image
# from the registry
#
# @param ensure
# Whether you want the image present or absent.
#
# @param image
# If you want the name of the image to be different from the
# name of the puppet resource you can pass a value here.
#
# @param image_tag
# If you want a specific tag of the image to be installed
#
# @param image_digest
# If you want a specific content digest of the image to be installed
#
# @param docker_file
# If you want to add a docker image from specific docker file
#
# @param docker_tar
# If you want to load a docker image from specific docker tar
#
# @param force
#
# @param docker_dir
#
define docker::image (
Enum[present,absent,latest] $ensure = 'present',
Optional[Pattern[/^[\S]*$/]] $image = $title,
Optional[String] $image_tag = undef,
Optional[String] $image_digest = undef,
Boolean $force = false,
Optional[String] $docker_file = undef,
Optional[String] $docker_dir = undef,
Optional[String] $docker_tar = undef,
) {
include docker::params
$docker_command = $docker::params::docker_command
if $facts['os']['family'] == 'windows' {
$update_docker_image_template = 'docker/windows/update_docker_image.ps1.epp'
$update_docker_image_path = "${facts['docker_user_temp_path']}/update_docker_image.ps1"
$exec_environment = "PATH=${facts['docker_program_files_path']}/Docker/"
$exec_timeout = 3000
$update_docker_image_owner = undef
$exec_path = ["${facts['docker_program_files_path']}/Docker/",]
$exec_provider = 'powershell'
} else {
$update_docker_image_template = 'docker/update_docker_image.sh.epp'
$update_docker_image_path = '/usr/local/bin/update_docker_image.sh'
$update_docker_image_owner = 'root'
$exec_environment = 'HOME=/root'
$exec_path = ['/bin', '/usr/bin',]
$exec_timeout = 0
$exec_provider = undef
}
$parameters = {
'docker_command' => $docker_command,
}
# Wrapper used to ensure images are up to date
ensure_resource('file', $update_docker_image_path,
{
ensure => $docker::params::ensure,
owner => $update_docker_image_owner,
group => $update_docker_image_owner,
mode => '0555',
content => epp($update_docker_image_template, $parameters),
}
)
if ($docker_file) and ($docker_tar) {
fail('docker::image must not have both $docker_file and $docker_tar set')
}
if ($docker_dir) and ($docker_tar) {
fail('docker::image must not have both $docker_dir and $docker_tar set')
}
if ($image_digest) and ($docker_file) {
fail('docker::image must not have both $image_digest and $docker_file set')
}
if ($image_digest) and ($docker_dir) {
fail('docker::image must not have both $image_digest and $docker_dir set')
}
if ($image_digest) and ($docker_tar) {
fail('docker::image must not have both $image_digest and $docker_tar set')
}
if $force {
$image_force = '-f '
} else {
$image_force = ''
}
if $image_tag {
$image_arg = "${image}:${image_tag}"
$image_remove = "${docker_command} rmi ${image_force}${image}:${image_tag}"
$image_find = "${docker_command} images -q ${image}:${image_tag}"
} elsif $image_digest {
$image_arg = "${image}@${image_digest}"
$image_remove = "${docker_command} rmi ${image_force}${image}:${image_digest}"
$image_find = "${docker_command} images -q ${image}@${image_digest}"
} else {
$image_arg = $image
$image_remove = "${docker_command} rmi ${image_force}${image}"
$image_find = "${docker_command} images -q ${image}"
}
if $facts['os']['family'] == 'windows' {
$_image_find = "If (-not (${image_find}) ) { Exit 1 }"
} else {
$_image_find = "${image_find} | grep ."
}
if ($docker_dir) and ($docker_file) {
$image_install = "${docker_command} build -t ${image_arg} -f ${docker_file} ${docker_dir}"
} elsif $docker_dir {
$image_install = "${docker_command} build -t ${image_arg} ${docker_dir}"
} elsif $docker_file {
if $facts['os']['family'] == windows {
$image_install = "Get-Content ${docker_file} -Raw | ${docker_command} build -t ${image_arg} -"
} else {
$image_install = "${docker_command} build -t ${image_arg} - < ${docker_file}"
}
} elsif $docker_tar {
$image_install = "${docker_command} load -i ${docker_tar}"
} else {
if $facts['os']['family'] == 'windows' {
$image_install = "& ${update_docker_image_path} -DockerImage ${image_arg}"
} else {
$image_install = "${update_docker_image_path} ${image_arg}"
}
}
if $ensure == 'absent' {
exec { $image_remove:
path => $exec_path,
environment => $exec_environment,
onlyif => $_image_find,
provider => $exec_provider,
timeout => $exec_timeout,
logoutput => true,
}
} elsif $ensure == 'latest' or $image_tag == 'latest' or $force {
notify { "Check if image ${image_arg} is in-sync":
noop => false,
}
~> exec { $image_install:
environment => $exec_environment,
path => $exec_path,
timeout => $exec_timeout,
returns => ['0', '2'],
require => File[$update_docker_image_path],
provider => $exec_provider,
logoutput => true,
}
~> exec { "echo 'Update of ${image_arg} complete'":
environment => $exec_environment,
path => $exec_path,
timeout => $exec_timeout,
require => File[$update_docker_image_path],
provider => $exec_provider,
logoutput => true,
refreshonly => true,
}
} elsif $ensure == 'present' {
exec { $image_install:
unless => $_image_find,
environment => $exec_environment,
path => $exec_path,
timeout => $exec_timeout,
returns => ['0', '2'],
require => File[$update_docker_image_path],
provider => $exec_provider,
logoutput => true,
}
}
Docker::Image <| title == $title |>
}

9
environments/production/thirdparty/docker/manifests/images.pp vendored Normal file
View file

@ -0,0 +1,9 @@
# @summary
#
# @param images
#
class docker::images (
Hash $images
) {
create_resources(docker::image, $images)
}

Some files were not shown because too many files have changed in this diff Show more