Getting started

Default configuration

The apt-mirror Debian package creates a simple layout of mirror directories in /var/spool/apt-mirror/ directory and uses a single cron job to manage mirroring. The debops.apt_mirror extends this setup with multiple separate mirror configurations which converge in the same /var/spool/apt-mirror/mirror/ directory and use separate cron jobs for each set of mirrored repositories. This allows for different mirror frequency for specific APT repositories if desired.

The mirrored APT repositories are stored in the /var/spool/apt-mirror/mirror/ directory, which will be published using the nginx webserver via the debops.nginx role. Different APT repositories will be published under subdirectories based on their FQDNs, for example the Debian APT repository will be published as:

http://<mirror.host>/deb.debian.org/debian

An example sources.list(5) entry can look like:

deb http://<mirror.host>/deb.debian.org/debian bullseye main contrib non-free

The default nginx configuration separates HTTP and HTTPS protocols, so that the clients can select which protocol they prefer. Users can modify the nginx configuration if they want to enable HTTP Basic Authentication for the mirror by APT clients.

The APT clients still need to configure the GPG keys for a given mirrored APT repository separately. This can be done using the debops.apt or debops.keyring Ansible roles.

Usage behind a HTTP proxy

The apt-mirror script uses wget behind the scenes to download files. If the mirror is located behind a HTTP proxy, /var/spool/apt-mirror/.wgetrc configuration file with proxy configuration can be used to access the HTTP proxy - it should work both on the command line as well as via the cron job.

Example inventory

To install and configure apt-mirror on a given host, it should be included in a specific Ansible inventory group:

[debops_all_hosts]
hostname

[debops_service_apt_mirror]
hostname

Example playbook

If you are using this role without DebOps, here's an example Ansible playbook that uses the debops.apt_mirror role:

---

- name: Configure APT mirroring service
  collections: [ 'debops.debops', 'debops.roles01',
                 'debops.roles02', 'debops.roles03' ]
  hosts: [ 'debops_service_apt_mirror' ]
  become: True

  environment: '{{ inventory__environment | d({})
                   | combine(inventory__group_environment | d({}))
                   | combine(inventory__host_environment  | d({})) }}'

  roles:

    - role: keyring
      tags: [ 'role::keyring', 'skip::keyring', 'role::nginx' ]
      keyring__dependent_apt_keys:
        - '{{ nginx__keyring__dependent_apt_keys }}'

    - role: apt_preferences
      tags: [ 'role::apt_preferences', 'skip::apt_preferences' ]
      apt_preferences__dependent_list:
        - '{{ nginx__apt_preferences__dependent_list }}'

    - role: ferm
      tags: [ 'role::ferm', 'skip::ferm' ]
      ferm__dependent_rules:
        - '{{ nginx__ferm__dependent_rules }}'

    - role: python
      tags: [ 'role::python', 'skip::python' ]
      python__dependent_packages3:
        - '{{ nginx__python__dependent_packages3 }}'
      python__dependent_packages2:
        - '{{ nginx__python__dependent_packages2 }}'

    - role: nginx
      tags: [ 'role::nginx', 'skip::nginx' ]
      nginx__dependent_servers:
        - '{{ apt_mirror__nginx__dependent_servers }}'

    - role: apt_mirror
      tags: [ 'role::apt_mirror', 'skip::apt_mirror' ]

Ansible tags

You can use Ansible --tags or --skip-tags parameters to limit what tasks are performed during Ansible run. This can be used after a host was first configured to speed up playbook execution, when you are sure that most of the configuration is already in the desired state.

Available role tags:

role::apt_mirror

Main role tag, should be used in the playbook to execute all of the role tasks as well as role dependencies.