debops.apt_install default variables¶
Sections
Role configuration¶
-
apt_install__enabled¶
Enable or disable support for debops.apt_install role.
apt_install__enabled: True
-
apt_install__distribution¶
The variable that indicates host operating system distribution, used to conditionally select packages for installation.
apt_install__distribution: '{{ ansible_local.core.distribution
| d(ansible_lsb.id | d(ansible_distribution)) }}'
-
apt_install__distribution_release¶
The variable that indicates host distribution release, used to conditionally select packages for installation.
apt_install__distribution_release: '{{ ansible_local.core.distribution_release
| d(ansible_lsb.codename | d(ansible_distribution_release)) }}'
-
apt_install__archive_areas_map¶
A dictionary that maps different parts of the package archive to each distribution. By default the role expects all of the archives to be enabled.
apt_install__archive_areas_map:
'Debian': [ 'main', 'contrib', 'non-free' ]
'Ubuntu': [ 'main', 'restricted', 'universe', 'multiverse' ]
-
apt_install__archive_areas¶
List of package archive areas which are currently available. This list is used to conditionally enable packages for installation, depending on availability of a given archive area.
apt_install__archive_areas: '{{ ansible_local.apt.components
| d(apt_install__archive_areas_map[apt_install__distribution] | d([])) }}'
-
apt_install__condition_map¶
Definition of the values to compare apt_install__all_packages against.
This map is used internally in the apt_install__all_packages lookup
template.
apt_install__condition_map:
'distribution': '{{ apt_install__distribution }}'
'release': '{{ apt_install__distribution_release }}'
'areas': '{{ apt_install__archive_areas }}'
-
apt_install__state¶
How the apt Ansible module should install the selected packages:
present- Only make sure that the packages on the list are present on the host.
latest- Install the latest version of available packages, according to APT preferences.
By default role will make sure to update the packages to their latest version on first run, and just keep the current version on subsequent runs.
apt_install__state: '{{ "present"
if (ansible_local | d() and ansible_local.apt_install | d() and
(ansible_local.apt_install.configured | d(True)) | bool)
else "latest" }}'
-
apt_install__no_kernel_hints¶
Enable or disable configuration of the hints about upgraded kernel requiring a reboot of the host, created by the needrestart package. By default these hints will be disabled, which helps with non-interactive APT package installation done by Ansible.
apt_install__no_kernel_hints: '{{ True
if ("needrestart" in apt_install__conditional_whitelist_packages)
else False }}'
-
apt_install__recommends¶
Boolean variable that controls installation of recommended packages.
apt_install__recommends: False
-
apt_install__update_cache¶
Enable or disable APT cache updates.
apt_install__update_cache: True
-
apt_install__cache_valid_time¶
Amount of time between APT cache updates in seconds.
apt_install__cache_valid_time: '{{ ansible_local.core.cache_valid_time | d(60 * 60 * 24 * 7) }}'
Debconf package configuration¶
These lists can be used to insert new values into the debconf database. This
allow to overwrite some default answer before installing a package and avoid
using dpkg-reconfigure to set the wanted answer.
See apt_install__debconf for more details.
-
apt_install__debconf¶
List of values to configure for all hosts in the Ansible inventory.
apt_install__debconf: []
-
apt_install__group_debconf¶
List of values to configure for hosts in specific Ansible inventory group.
apt_install__group_debconf: []
-
apt_install__host_debconf¶
List of values to configure for specific hosts in the Ansible inventory.
apt_install__host_debconf: []
APT package lists¶
The APT packages to install are split into multiple lists to easier modification. You can specify name of each package directly or use a YAML dictionary to better control when a package should be installed. See apt_install__all_packages for more details.
-
apt_install__base_packages¶
Default base packages to install.
apt_install__base_packages:
- 'ed'
- 'lsb-release'
- 'make'
- 'git'
- 'curl'
- 'rsync'
- 'bsdutils'
- 'acl'
-
apt_install__shell_packages¶
Command line creature comforts, when you need to login to the remote host.
apt_install__shell_packages:
- 'ncurses-term'
- 'tmux'
- 'less'
- 'file'
- 'psmisc'
- 'lsof'
- 'tree'
- 'htop'
- 'iftop'
- 'nload'
- 'nmon'
- 'mtr-tiny'
- 'mc'
-
apt_install__editor_packages¶
List of text editors to install.
apt_install__editor_packages:
# The role also sets ``vim.basic`` as the default editor via
# the :envvar:`apt_install__default_alternatives` variable.
# If you change this list, remember to update that variable as well,
# otherwise the playbook execution will break.
- 'vim'
-
apt_install__packages¶
List of APT packages to install on all hosts in Ansible inventory.
apt_install__packages: []
-
apt_install__group_packages¶
List of APT packages to install on hosts in a specific group in Ansible inventory.
apt_install__group_packages: []
-
apt_install__host_packages¶
List of APT packages to install on specific hosts in Ansible inventory.
apt_install__host_packages: []
-
apt_install__dependent_packages¶
List of APT packages to install for other Ansible roles, for usage as a dependent role.
apt_install__dependent_packages: []
-
apt_install__conditional_whitelist_packages¶
List of APT package names which will be used to compare against packages requested for installation. This list is exposed in the defaults so that you don't need to modify the conditional list below to enable or disable packages.
apt_install__conditional_whitelist_packages:
- 'irqbalance'
- 'uptimed'
- 'libpam-systemd'
- 'haveged'
- 'gnupg-curl'
- 'needrestart'
- 'open-vm-tools'
-
apt_install__conditional_packages¶
List of APT packages installed under certain conditions.
apt_install__conditional_packages:
- name: 'irqbalance'
whitelist: '{{ apt_install__conditional_whitelist_packages }}'
state: '{{ "present"
if (ansible_processor_cores >= 2 and
(ansible_virtualization_role is undefined or
ansible_virtualization_role not in ["guest"]))
else "absent" }}'
- name: 'uptimed'
whitelist: '{{ apt_install__conditional_whitelist_packages }}'
state: '{{ "present"
if (ansible_virtualization_role is undefined or
ansible_virtualization_role not in ["guest"])
else "absent" }}'
- name: 'libpam-systemd'
whitelist: '{{ apt_install__conditional_whitelist_packages }}'
state: '{{ "present" if (ansible_service_mgr == "systemd") else "absent" }}'
- name: 'haveged'
# KVM is capable of providing entropy to guests however this needs to be
# configured on the hypervisor host and thus can not always be done if one
# only controls a guest.
whitelist: '{{ apt_install__conditional_whitelist_packages }}'
state: '{{ "present"
if (ansible_virtualization_role | d("guest") in ["guest"] and
ansible_virtualization_type | d("unknown") not in ["lxc", "openvz"] and
not (ansible_local | d() and ansible_local.apt_install | d() and
ansible_local.apt_install.have_virtual_rng | d(False) | bool))
else "absent" }}'
- name: 'gnupg-curl'
# This package is needed when you want to access HKPS keyservers.
whitelist: '{{ apt_install__conditional_whitelist_packages }}'
state: '{{ "present"
if ansible_distribution_release in
["trusty", "xenial"]
else "absent" }}'
- name: 'needrestart'
whitelist: '{{ apt_install__conditional_whitelist_packages }}'
state: 'present'
- name: 'open-vm-tools'
whitelist: '{{ apt_install__conditional_whitelist_packages }}'
state: '{{ "present"
if (ansible_virtualization_role | d("guest") in ["guest"] and
ansible_virtualization_type | d("unknown") in ["VMware"])
else "absent" }}'
-
apt_install__firmware_packages¶
Certain systems require free or non-free firmware for correct operation. This list of packages will ensure that the required firmware is installed.
apt_install__firmware_packages:
- name: 'amd64-microcode'
# Non-free microcode firmware for AMD CPUs. These patches mitigate security
# issues like Spectre and fix other types of incorrect processor behaviour.
# The package only needs to be installed on physical machines. To protect
# virtual machines, be sure to set the correct CPU flags in QEMU:
# https://www.qemu.org/docs/master/system/target-i386.html#important-cpu-features-for-intel-x86-hosts
distribution: [ 'Debian', 'Devuan', 'Ubuntu' ]
areas: '{{ ["main"]
if ansible_distribution in ["Ubuntu"]
else ["non-free"] }}'
state: '{{ "present"
if ansible_virtualization_role == "host" and
"AuthenticAMD" in ansible_processor
else "absent" }}'
- name: 'firmware-linux-free'
distribution: [ 'Debian' ]
state: '{{ "present" if (ansible_form_factor in ["Rack Mount Chassis"])
and (ansible_virtualization_role is undefined or
ansible_virtualization_role not in ["guest"])
and (ansible_kernel.find("-pve") == "-1")
else "absent" }}'
- name: 'firmware-linux-nonfree'
distribution: [ 'Debian' ]
areas: [ 'non-free' ]
state: '{{ "present" if (ansible_form_factor in ["Rack Mount Chassis"])
and (ansible_virtualization_role is undefined or
ansible_virtualization_role not in ["guest"])
and (ansible_kernel.find("-pve") == "-1")
else "absent" }}'
- name: 'intel-microcode'
# Same as amd64-microcode, but for Intel CPUs.
distribution: [ 'Debian', 'Devuan', 'Ubuntu' ]
areas: '{{ ["main"]
if ansible_distribution in ["Ubuntu"]
else ["non-free"] }}'
state: '{{ "present" if ansible_virtualization_role == "host" and
"GenuineIntel" in ansible_processor
else "absent" }}'
- name: 'linux-firmware'
distribution: [ 'Ubuntu' ]
state: '{{ "present" if (ansible_form_factor in ["Rack Mount Chassis"])
and (ansible_virtualization_role is undefined or
ansible_virtualization_role not in ["guest"])
else "absent" }}'
- name: 'linux-firmware-nonfree'
distribution: [ 'Ubuntu' ]
release: [ 'precise', 'trusty', 'wily' ]
areas: [ 'multiverse' ]
state: '{{ "present" if (ansible_form_factor in ["Rack Mount Chassis"])
and (ansible_virtualization_role is undefined or
ansible_virtualization_role not in ["guest"])
else "absent" }}'
-
apt_install__all_packages¶
The master list of APT packages to install, passed to the lookup template for conditional processing.
apt_install__all_packages:
- '{{ apt_install__base_packages }}'
- '{{ apt_install__shell_packages }}'
- '{{ apt_install__editor_packages }}'
- '{{ apt_install__packages }}'
- '{{ apt_install__group_packages }}'
- '{{ apt_install__host_packages }}'
- '{{ apt_install__dependent_packages }}'
- '{{ apt_install__conditional_packages }}'
- '{{ apt_install__firmware_packages }}'
Alternative package symlinks¶
These lists can be used to define alternative symlinks for certain packages
which provide similar functionality, using update-alternatives package.
See apt_install__alternatives for more details.
-
apt_install__default_alternatives¶
List of default alternative symlinks set by the role.
apt_install__default_alternatives:
# The role also installs the ``vim`` package via the
# :envvar:`apt_install__editor_packages` variable.
- name: 'editor'
path: '/usr/bin/vim.basic'
-
apt_install__alternatives¶
List of alternative symlinks configured for all packages in the Ansible inventory.
apt_install__alternatives: []
-
apt_install__group_alternatives¶
List of alternative symlinks configured for hosts in specific Ansible inventory group.
apt_install__group_alternatives: []
-
apt_install__host_alternatives¶
List of alternative symlinks configured for specific hosts in the Ansible inventory.
apt_install__host_alternatives: []
Configuration for other Ansible roles¶
-
apt_install__apt_preferences__dependent_list¶
Configuration for the debops.apt_preferences role.
apt_install__apt_preferences__dependent_list:
- package: 'needrestart needrestart-*'
backports: [ 'trusty' ]
reason: 'Better support for container technologies'
by_role: 'debops.apt_install'