debops.apt_cacher_ng default variables¶
Sections
Packages and installation¶
-
apt_cacher_ng__base_packages
¶
List of base packages to install.
apt_cacher_ng__base_packages:
- 'apt-cacher-ng'
-
apt_cacher_ng__enabled
¶
Should the Apt-Cacher NG service be enabled?
apt_cacher_ng__enabled: True
-
apt_cacher_ng__deploy_state
¶
What is the desired state which this role should achieve? Possible options:
present
- Default. Ensure that Apt-Cacher NG is installed and configured as requested.
absent
- Ensure that Apt-Cacher NG is uninstalled and it's configuration is removed.
purge
- Same as
absent
but additionally also ensures that the cache directories is removed.
apt_cacher_ng__deploy_state: 'present'
-
apt_cacher_ng__configuration_files
¶
This variable allows you to change which configuration files this role is going to create and which permissions to use for them.
src
- String, optional, defaults to
{{ item.path }}
. Corresponds with the name of the template file. path
- String, required. Corresponds with the target name and provides the default name of the template file.
owner
- String, optional, defaults to
root
. Unix user which owns the configuration file. group
- String, optional, defaults to
root
. Unix group of the configuration file. mode
- String, optional, defaults to
0640
. Unix permissions of the configuration file. divert
- Boolean, optional, defaults to
True
. Should the original configuration file be diverted away before creating our version of the file?
apt_cacher_ng__configuration_files:
- path: 'etc/apt-cacher-ng/backends_debian'
mode: '0644'
- path: 'etc/apt-cacher-ng/backends_ubuntu'
mode: '0644'
- path: 'etc/apt-cacher-ng/backends_gentoo'
mode: '0644'
divert: False
- path: 'etc/apt-cacher-ng/acng.conf'
mode: '0644'
- path: 'etc/apt-cacher-ng/security.conf'
group: 'apt-cacher-ng'
mode: '0640'
- path: 'etc/apt-cacher-ng/userinfo.html'
mode: '0644'
divert: False
Upstream mirrors¶
-
apt_cacher_ng__upstream_mirror_debian
¶
Which upstream mirror(s) should be used for Debian repositories? One mirror per line. Set to an empty string to let the package scripts from Apt-Cacher NG decide which upstream mirror to use.
apt_cacher_ng__upstream_mirror_debian: '{{ ansible_local.apt.default_sources_map.Debian[0]
|d("http://deb.debian.org/debian") }}'
-
apt_cacher_ng__upstream_mirror_ubuntu
¶
Which upstream mirror(s) should be used for Ubuntu repositories? One mirror per line. Set to an empty string to let the package scripts from Apt-Cacher NG decide which upstream mirror to use.
apt_cacher_ng__upstream_mirror_ubuntu: '{{ ansible_local.apt.default_sources_map.Ubuntu[0]
|d("http://archive.ubuntu.com/ubuntu") }}'
-
apt_cacher_ng__upstream_mirror_gentoo
¶
Which upstream mirror(s) should be used for Gentoo repositories? One mirror per line. Set to an empty string to let the package scripts from Apt-Cacher NG decide which upstream mirror to use.
apt_cacher_ng__upstream_mirror_gentoo: '{{ ansible_local.apt.default_sources_map.Gentoo[0]|d("") }}'
Cache directory¶
-
apt_cacher_ng__cache_dir
¶
Storage directory for downloaded data and related maintenance activity.
apt_cacher_ng__cache_dir: '/var/cache/apt-cacher-ng'
-
apt_cacher_ng__cache_dir_owner
¶
Unix user which owns the cache directory and it's contents.
apt_cacher_ng__cache_dir_owner: 'apt-cacher-ng'
-
apt_cacher_ng__cache_dir_group
¶
Unix group of the cache directory and it's contents..
apt_cacher_ng__cache_dir_group: 'apt-cacher-ng'
-
apt_cacher_ng__dir_perms
¶
Default permission set of freshly created files and directories, as octal numbers (see chmod(1) for details). Can by limited by the umask value (see umask(2) for details) if it's set in the environment of the starting shell, e. g. in apt-cacher-ng init script or in its configuration file.
apt_cacher_ng__dir_perms: '02755'
-
apt_cacher_ng__file_perms
¶
Default permission set of freshly created files and directories, as octal numbers (see chmod(1) for details). Can by limited by the umask value (see umask(2) for details) if it's set in the environment of the starting shell, e. g. in apt-cacher-ng init script or in its configuration file.
apt_cacher_ng__file_perms: '00644'
-
apt_cacher_ng__cache_dir_enforce_permissions
¶
Should the permissions of the cache directory and it's content be enforced (changed to the specified owner, group and mode)?
Options:
strict
Go thought all files and directories and enforce the permissions on each Ansible run.
Warning
This can slow down the role execution time even when the changes have already been applied. The main factor is the number of files/directories in your cache directory.
lazy
- Check the
_expending_damaged
file in the root ofapt_cacher_ng__cache_dir
and only enforce permissions on all other files if this one file needed to be changed. disabled
- Don't enforce permissions.
apt_cacher_ng__cache_dir_enforce_permissions: 'lazy'
Management credentials¶
-
apt_cacher_ng__user
¶
Username for basic authentication required to visit pages with administrative functionality.
apt_cacher_ng__user: 'admin'
-
apt_cacher_ng__password
¶
Password for basic authentication required to visit pages with administrative functionality.
apt_cacher_ng__password: '{{ lookup("password", secret + "/credentials/" +
inventory_hostname + "/apt_cacher_ng/" +
apt_cacher_ng__user + "/password length=24") }}'
Tuning, debugging and further options¶
-
apt_cacher_ng__log_dir
¶
Log file directory, can be set empty to disable logging.
apt_cacher_ng__log_dir: '/var/log/apt-cacher-ng'
-
apt_cacher_ng__support_dir
¶
A place to look for additional configuration and resource files if they are not found in the configuration directory.
apt_cacher_ng__support_dir: '/usr/lib/apt-cacher-ng'
-
apt_cacher_ng__debug
¶
A bitmask type value declaring the logging verbosity and behavior of the error log writing. Non-zero value triggers at least faster log file flushing.
Some higher bits only working with a special debug build of apt-cacher-ng,
see the manual for details. The setting has an alias named UnbufferLogs
.
Setting apt_cacher_ng__debug: 1
will result in unbuffer log writes.
Warning
This can write significant amount of data into the
apt-cacher.err
logfile.
- No debug printing.
- Log file buffers are flushed faster.
- Some additional information appears within usual transfer/error logs.
- Extra debug information is written to apt-cacher.err (also enables lots of additional trace points when apt-cacher-ng binary is built with debug configuration, see section 9.6 for details).
apt_cacher_ng__debug: 0
-
apt_cacher_ng__verbose_log
¶
Enables extended client information in log entries. When set to True
,
only activity type, time and transfer sizes are logged.
apt_cacher_ng__verbose_log: True
-
apt_cacher_ng__force_managed
¶
Forbid downloads from locations that are directly specified in the user
request, i.e. all downloads must be processed by the preconfigured remapping
backends.
Set to False
by default to allow to download other repositories via the proxy like
download.owncloud.org.
apt_cacher_ng__force_managed: False
-
apt_cacher_ng__expiration_threshold
¶
Days before considering an unreferenced file expired (to be deleted).
Warning
If the value is set too low and particular index files are not available for some days (mirror downtime) then there is a risk of removal of still useful package files.
apt_cacher_ng__expiration_threshold: 4
-
apt_cacher_ng__expiration_abort_on_problems
¶
Stop expiration when a critical problem appears, issue like a failed update of an index file in the preparation step.
Warning
Don't set this option to zero or empty without considering possible consequences like a sudden and complete cache data loss.
apt_cacher_ng__expiration_abort_on_problems: 'default'
-
apt_cacher_ng__dns_cache_seconds
¶
There is a small in-memory cache for DNS resolution data, expired by this timeout (in seconds). Internal caching is disabled if set to a value less than zero.
apt_cacher_ng__dns_cache_seconds: 1800
-
apt_cacher_ng__log_submitted_origin
¶
Trust the downstream HTTP proxy and log the X-Forwarded-For header as the client IP address.
apt_cacher_ng__log_submitted_origin: True
-
apt_cacher_ng__user_agent
¶
The version string reported to the peer, to be displayed as HTTP client (and version) in the logs of the mirror.
Warning
Expect side effects! Some archives use this header to guess capabilities of the client (i.e. allow redirection and/or https links) and change their behaviour accordingly but ACNG might not support the expected features.
Default is the compiled in UserAgent: Yet Another HTTP Client/1.2.3p4
apt_cacher_ng__user_agent: 'default'
-
apt_cacher_ng__recompress_bz2
¶
In some cases the Import and Expiration tasks might create fresh volatile
data for internal use by reconstructing them using patch files. This
by-product might be recompressed with bzip2 and with some luck the resulting
file becomes identical to the *.bz2
file on the server which can be used by
APT when requesting a complete version of this file.
The downside of this feature is higher CPU load on the server during
the maintenance tasks, and the outcome might have not much value in a LAN
where all clients update their data often and regularly and therefore usually
don't need the full version of the index file.
apt_cacher_ng__recompress_bz2: False
-
apt_cacher_ng__custom
¶
Configuration block for Apt-Cacher NG for additional configuration for example custom remap settings.
apt_cacher_ng__custom: ''
Network accessibility¶
-
apt_cacher_ng__allow
¶
Allow access to Apt-Cacher NG from specified IP addresses or CIDR networks. If not specified, allows access from all networks.
apt_cacher_ng__allow: []
-
apt_cacher_ng__group_allow
¶
Allow access to Apt-Cacher NG from specified IP addresses or CIDR networks. If not specified, allows access from all networks.
apt_cacher_ng__group_allow: []
-
apt_cacher_ng__host_allow
¶
Allow access to Apt-Cacher NG from specified IP addresses or CIDR networks. If not specified, allows access from all networks.
apt_cacher_ng__host_allow: []
-
apt_cacher_ng__interfaces
¶
List of network interfaces from which to allow access to Apt-Cacher NG. If not specified, allows access from all interfaces.
apt_cacher_ng__interfaces: []
Role-dependent configuration¶
-
apt_cacher_ng__etc_services__dependent_list
¶
Configuration for the debops.etc_services role which registers port numbers for Apt-Cacher NG.
apt_cacher_ng__etc_services__dependent_list:
- name: 'acng'
port: '{{ apt_cacher_ng__port }}'
comment: 'Apt-Cacher NG caching proxy server'
delete: '{{ apt_cacher_ng__deploy_state != "present" }}'
-
apt_cacher_ng__apt_preferences__dependent_list
¶
Configuration for the debops.apt_preferences role.
apt_cacher_ng__apt_preferences__dependent_list:
- package: 'apt-cacher-ng libssl*'
backports: [ 'wheezy', 'jessie' ]
reason: 'http://httpredir.debian.org/debian is not included in the deb_mirrors.gz file of apt-cacher-ng as of 0.8.0-3 (latest in Debian Jessie). This can result in unnecessary resource (bandwidth, storage) usage. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782643'
by_role: 'debops.apt_cacher_ng'
delete: '{{ apt_cacher_ng__deploy_state != "present" }}'
-
apt_cacher_ng__ferm__dependent_rules
¶
Configuration for ferm firewall. It should be added when debops.ferm role is used to configure Apt-Cacher NG firewall rules.
apt_cacher_ng__ferm__dependent_rules:
- type: 'accept'
dport: [ 'acng' ]
saddr: '{{ (apt_cacher_ng__allow|d([]) | list) +
(apt_cacher_ng__group_allow |d([]) | list) +
(apt_cacher_ng__host_allow |d([]) | list) }}'
accept_any: True
interface: '{{ apt_cacher_ng__interfaces }}'
weight: '40'
by_role: 'debops.apt_cacher_ng'
name: 'http_proxy'
rule_state: '{{ apt_cacher_ng__deploy_state }}'
-
apt_cacher_ng__apparmor__dependent_config
¶
Configuration for the debops-contrib.apparmor
role.
apt_cacher_ng__apparmor__dependent_config:
'usr.sbin.apt-cacher-ng':
## Seems this change is not possible thought the ``@{APT_CACHE_DIR}``
## variable without changing the profile file directly?
- comment: 'Allow Apt-Cacher-Ng access to the cache directory'
by_role: 'debops.apt_cacher_ng'
delete: '{{ apt_cacher_ng__deploy_state != "present" }}'
rules:
- '{{ apt_cacher_ng__cache_dir }}/ r'
- '{{ apt_cacher_ng__cache_dir }}/** rw'
-
apt_cacher_ng__upstream_servers
¶
List of upstream nginx proxy servers.
apt_cacher_ng__upstream_servers:
- 'localhost:{{ apt_cacher_ng__port }}'
-
apt_cacher_ng__nginx__upstream
¶
The nginx upstream configuration, managed by debops.nginx role.
apt_cacher_ng__nginx__upstream:
enabled: True
name: 'apt-cacher-ng'
server: '{{ apt_cacher_ng__upstream_servers }}'
-
apt_cacher_ng__nginx__servers
¶
List of nginx server configurations managed by the debops.nginx role. There is a separate configuration for HTTP and HTTPS connections to allow access for hosts without SSL support installed.
apt_cacher_ng__nginx__servers:
- by_role: 'debops.apt_cacher_ng'
name: [ '{{ apt_cacher_ng__fqdn }}' ]
filename: 'debops.apt_cacher_ng_http'
enabled: True
allow: '{{ apt_cacher_ng__allow + apt_cacher_ng__group_allow + apt_cacher_ng__host_allow }}'
ssl: False
webroot_create: False
type: 'proxy'
proxy_pass: 'http://apt-cacher-ng'
proxy_options: |
if ($request_uri !~ "^/.*(\.js|\.css|\.html|\.ico)(.*)?$") {
rewrite ^/(.*)$ /$host/$1 break;
}
proxy_redirect off;
proxy_buffering off;
options: |
location ~ /acng-report.html {
return 307 https://$host$request_uri;
}
- by_role: 'debops.apt_cacher_ng'
name: [ '{{ apt_cacher_ng__fqdn }}' ]
filename: 'debops.apt_cacher_ng_https'
enabled: True
allow: '{{ apt_cacher_ng__allow + apt_cacher_ng__group_allow + apt_cacher_ng__host_allow }}'
state: '{{ "present" if (ansible_local.pki|d()) else "absent" }}'
listen: False
webroot_create: False
type: 'proxy'
proxy_pass: 'http://apt-cacher-ng'
proxy_options: |
if ($request_uri !~ "^/.*(\.js|\.css|\.html|\.ico)(.*)?$") {
rewrite ^/(.*)$ /$host/$1 break;
}
proxy_redirect off;
proxy_buffering off;