Feature #15500: Update Puppet modules: 2018Q4 → 2019Q2 edition
Switch to the puppetlabs/apt module
The shared apt module is deprecated and the shared Puppet modules group decided to switch to https://github.com/puppetlabs/puppetlabs-apt.
See https://gitlab.com/shared-puppet-modules-group/apt/blob/master/UPGRADING.md for migration info. Lots of features we use are missing so this is going to take time. Let's try to make it happen by the end of 2019Q1.
This migration can be split into steps:
migrate away from functionality provided by the shared apt module but that's not supported by puppetlabs/apt: either switch to already supported alternatives, or to "plugins", or submit PRs to puppetlabs/apt listchangesdone done
APT::Periodic+ monitoring check
apt::dpkg_statoverride→ import it in puppet-tails
reach the point where the only functionality we use from the shared apt module is also supported either by puppetlabs/apt directly or by modules that depend on it
- switch to puppetlabs/apt; changes that must happen in lockstep when doing so:
keysparameter but implementation looks scary (do the red flags apply to us?); worst case, follow https://wiki.debian.org/DebianRepository/UseThirdParty and drop the non-ascii-armorded key in
/usr/share/keyrings/example-archive-keyring.gpg+ point to it from
apt::cron→ https://github.com/voxpupuli/puppet-unattended_upgrades: depends on puppetlabs/apt so has to be done in lockstep with the switch to it
tails::apt::repository::*→ puppetlabs/apt provides several was to manage
To list the
apt:: things we use:
git grep -h --only-matching --color=never \ --recurse-submodules -E '\bapt::[^ ]+\b' -- \ hieradata/ manifests/ modules/reprepro/ modules/tails* \ 2>/dev/null \ | sort -u
- Description updated (diff)
Migrated the last thing I could migrate without switching to puppetlabs/apt.
Next steps: prepare a topic branch (= environment) that switches to puppetlabs/apt + adjusts the bare minimum, put a couple non-critical nodes into that environment, fix stuff, and progressively port more code and nodes to that environment until we're done and we can merge this branch into production and put all nodes back into the production environment.