X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/87c27947d5bd2d11abfcd33d91754edcdaf478ac..afcb07ba438a01c65d701902dfcb39b04a0719ec:/cookbooks/apt/recipes/default.rb diff --git a/cookbooks/apt/recipes/default.rb b/cookbooks/apt/recipes/default.rb index 198a4b88d..2ead9baf2 100644 --- a/cookbooks/apt/recipes/default.rb +++ b/cookbooks/apt/recipes/default.rb @@ -21,25 +21,37 @@ package %w[ apt apt-transport-https gnupg - update-notifier-common ] +package "update-notifier-common" if platform?("ubuntu") + file "/etc/motd.tail" do action :delete end -template "/etc/apt/preferences.d/99-chef" do - source "preferences.erb" - owner "root" - group "root" - mode "644" +apt_preference "cciss-vol-status" do + pin "origin *.ubuntu.com" + pin_priority "1100" end apt_update "/etc/apt/sources.list" do action :nothing end -if node[:kernel][:machine] == "x86_64" +dpkg_arch = node[:packages][:systemd][:arch] + +if platform?("debian") + archive_host = "deb.debian.org" + archive_security_host = archive_host + archive_distro = "debian" + archive_security_distro = "debian-security" + archive_suites = %w[main updates backports security] + archive_components = %w[main contrib non-free non-free-firmware] + backport_packages = case node[:lsb][:codename] + when "bookworm" then %W[amd64-microcode exim4 firmware-free firmware-nonfree intel-microcode libosmium linux-signed-#{dpkg_arch} osm2pgsql otrs2 pyosmium smartmontools systemd cgi-mapserver] + else %W[] + end +elsif intel? archive_host = if node[:country] "#{node[:country]}.archive.ubuntu.com" else @@ -47,10 +59,18 @@ if node[:kernel][:machine] == "x86_64" end archive_security_host = "security.ubuntu.com" archive_distro = "ubuntu" + archive_security_distro = archive_distro + archive_suites = %w[main updates backports security] + archive_components = %w[main restricted universe multiverse] + backport_packages = %w[] else archive_host = "ports.ubuntu.com" archive_security_host = archive_host archive_distro = "ubuntu-ports" + archive_security_distro = archive_distro + archive_suites = %w[main updates backports security] + archive_components = %w[main restricted universe multiverse] + backport_packages = %w[] end template "/etc/apt/sources.list" do @@ -58,115 +78,38 @@ template "/etc/apt/sources.list" do owner "root" group "root" mode "644" - variables :archive_host => archive_host, :archive_security_host => archive_security_host, :archive_distro => archive_distro, :codename => node[:lsb][:codename] + variables :archive_host => archive_host, + :archive_security_host => archive_security_host, + :archive_distro => archive_distro, + :archive_security_distro => archive_security_distro, + :archive_suites => archive_suites, + :archive_components => archive_components, + :codename => node[:lsb][:codename] notifies :update, "apt_update[/etc/apt/sources.list]", :immediately end -repository_actions = Hash.new do |_, repository| - node[:apt][:sources].include?(repository) ? :add : :remove -end - -apt_repository "ubuntugis-stable" do - action repository_actions["ubuntugis-stable"] - uri "ppa:ubuntugis/ppa" -end - -apt_repository "ubuntugis-unstable" do - action repository_actions["ubuntugis-unstable"] - uri "ppa:ubuntugis/ubuntugis-unstable" -end - -apt_repository "git-core" do - action repository_actions["git-core"] - uri "ppa:git-core/ppa" +if backport_packages.empty? + apt_preference "backports" do + action :remove + end +else + apt_preference "backports" do + glob backport_packages.sort.map { |p| "src:#{p}" }.join(" ") + pin "release n=#{node[:lsb][:codename]}-backports" + pin_priority "500" + end end -apt_repository "maxmind" do - action repository_actions["maxmind"] - uri "ppa:maxmind/ppa" +execute "apt-cache-gencaches" do + action :nothing + command "apt-cache gencaches" + subscribes :run, "apt_preference[backports]", :immediately end apt_repository "openstreetmap" do - action repository_actions["openstreetmap"] - uri "ppa:osmadmins/ppa" -end - -apt_repository "management-component-pack" do - action repository_actions["management-component-pack"] - uri "https://downloads.linux.hpe.com/SDR/repo/mcp" - distribution "bionic/current-gen9" - components ["non-free"] - key "C208ADDE26C2B797" -end - -apt_repository "hwraid" do - action repository_actions["hwraid"] - uri "https://hwraid.le-vert.net/ubuntu" - distribution "precise" - components ["main"] - key "6005210E23B3D3B4" -end - -apt_repository "nginx" do - action repository_actions["nginx"] - arch "amd64" - uri "https://nginx.org/packages/ubuntu" - components ["nginx"] - key "ABF5BD827BD9BF62" -end - -apt_repository "elasticsearch6.x" do - action repository_actions["elasticsearch6.x"] - uri "https://artifacts.elastic.co/packages/6.x/apt" - distribution "stable" - components ["main"] - key "D27D666CD88E42B4" -end - -apt_repository "elasticsearch8.x" do - action repository_actions["elasticsearch8.x"] - uri "https://artifacts.elastic.co/packages/8.x/apt" - distribution "stable" - components ["main"] - key "D27D666CD88E42B4" -end - -apt_repository "passenger" do - action repository_actions["passenger"] - uri "https://oss-binaries.phusionpassenger.com/apt/passenger" - components ["main"] - key "561F9B9CAC40B2F7" -end - -apt_repository "postgresql" do - action repository_actions["postgresql"] - uri "https://apt.postgresql.org/pub/repos/apt" - distribution "#{node[:lsb][:codename]}-pgdg" - components ["main"] - key "7FCC7D46ACCC4CF8" -end - -apt_repository "docker" do - action repository_actions["docker"] - uri "https://download.docker.com/linux/ubuntu" - arch "amd64" - components ["stable"] - key "https://download.docker.com/linux/ubuntu/gpg" -end - -apt_repository "grafana" do - action repository_actions["grafana"] - uri "https://packages.grafana.com/enterprise/deb" - distribution "stable" - components ["main"] - key "https://packages.grafana.com/gpg.key" -end - -apt_repository "timescaledb" do - action repository_actions["timescaledb"] - uri "https://packagecloud.io/timescale/timescaledb/ubuntu" + uri "https://apt.openstreetmap.org" components ["main"] - key "https://packagecloud.io/timescale/timescaledb/gpgkey" + key "https://apt.openstreetmap.org/gpg.key" end package "unattended-upgrades"