debops.apt_cacher_ng default variables

Packages and installation

apt_cacher_ng__base_packages

List of base packages to install.

apt_cacher_ng__base_packages:
  - 'apt-cacher-ng'

apt_cacher_ng__enabled

Should the Apt-Cacher NG service be enabled?

apt_cacher_ng__enabled: True

apt_cacher_ng__deploy_state

What is the desired state which this role should achieve? Possible options:

present

Default. Ensure that Apt-Cacher NG is installed and configured as requested.

absent

Ensure that Apt-Cacher NG is uninstalled and it's configuration is removed.

purge

Same as absent but additionally also ensures that the cache directories is removed.

apt_cacher_ng__deploy_state: 'present'

apt_cacher_ng__configuration_files

This variable allows you to change which configuration files this role is going to create and which permissions to use for them.

src

String, optional, defaults to {{ item.path }}. Corresponds with the name of the template file.

path

String, required. Corresponds with the target name and provides the default name of the template file.

owner

String, optional, defaults to root. Unix user which owns the configuration file.

group

String, optional, defaults to root. Unix group of the configuration file.

mode

String, optional, defaults to 0640. Unix permissions of the configuration file.

divert

Boolean, optional, defaults to True. Should the original configuration file be diverted away before creating our version of the file?

apt_cacher_ng__configuration_files:

  - path: 'etc/apt-cacher-ng/backends_debian'
    mode: '0644'
  - path: 'etc/apt-cacher-ng/backends_ubuntu'
    mode: '0644'
  - path: 'etc/apt-cacher-ng/backends_gentoo'
    mode: '0644'
    divert: False
  - path: 'etc/apt-cacher-ng/acng.conf'
    mode: '0644'
  - path: 'etc/apt-cacher-ng/security.conf'
    group: 'apt-cacher-ng'
    mode: '0640'
  - path: 'etc/apt-cacher-ng/userinfo.html'
    mode: '0644'
    divert: False

Network related settings

apt_cacher_ng__port

TCP server port for incoming http (or HTTP proxy) connections. Can be set to 9999 to emulate apt-proxy.

apt_cacher_ng__port: 3142

apt_cacher_ng__bind_address

List of addresses or hostnames to listen on. Each entry must be an exact local address which is associated with a local interface. DNS resolution is performed using getaddrinfo(3) for all available protocols (IPv4, IPv6, ...). Using a protocol specific format will create binding(s) only on protocol specific socket(s), e. g. 0.0.0.0 will listen only to IPv4.

Examples:

apt_cacher_ng__bind_address:
  - 'localhost'
  - '192.168.7.254'
  - 'publicNameOnMainInterface'

Defaults to listening on all interfaces and protocols.

apt_cacher_ng__bind_address: []

apt_cacher_ng__fqdn

The FQDN subdomain of the Apt-Cacher NG proxy which will be used by nginx webserver.

apt_cacher_ng__fqdn: 'software-cache.{{ ansible_domain }}'

apt_cacher_ng__proxy

The specification of another HTTP proxy which shall be used for downloads. It can include user name and password but see the manual for limitations.

Examples:

apt_cacher_ng__proxy: 'https://username:proxypassword@proxy.example.net:3129'

Defaults to using a direct connection.

apt_cacher_ng__proxy: ''

apt_cacher_ng__connect_protocol

Specifies the IP protocol families to use for remote connections. Order does matter, first specified are considered first.

Examples:

apt_cacher_ng__connect_protocol:
  - 'v4'
  # - 'v6'

Only use IPv4 connections for connecting to upstream mirrors.

Defaults to using native order of the system's TCP/IP stack, influenced by the apt_cacher_ng__bind_address value.

apt_cacher_ng__connect_protocol: []

apt_cacher_ng__offline_mode

Forbid outgoing connections and work without an internet connection or respond with 503 error where it's not possible.

apt_cacher_ng__offline_mode: False

apt_cacher_ng__network_timeout

Network timeout for outgoing connections, in seconds.

apt_cacher_ng__network_timeout: 60

apt_cacher_ng__max_download_speed_kib

It's possible to limit the processing speed of download agents to set an overall download speed limit. Unit: KiB/s, Default: unlimited.

apt_cacher_ng__max_download_speed_kib: ''

Upstream mirrors

apt_cacher_ng__upstream_mirror_debian

Which upstream mirror(s) should be used for Debian repositories? One mirror per line. Set to an empty string to let the package scripts from Apt-Cacher NG decide which upstream mirror to use.

apt_cacher_ng__upstream_mirror_debian: '{{ ansible_local.apt.default_sources_map.Debian[0]
                                           |d("http://deb.debian.org/debian") }}'

apt_cacher_ng__upstream_mirror_ubuntu

Which upstream mirror(s) should be used for Ubuntu repositories? One mirror per line. Set to an empty string to let the package scripts from Apt-Cacher NG decide which upstream mirror to use.

apt_cacher_ng__upstream_mirror_ubuntu: '{{ ansible_local.apt.default_sources_map.Ubuntu[0]
                                           |d("http://archive.ubuntu.com/ubuntu") }}'

apt_cacher_ng__upstream_mirror_gentoo

Which upstream mirror(s) should be used for Gentoo repositories? One mirror per line. Set to an empty string to let the package scripts from Apt-Cacher NG decide which upstream mirror to use.

apt_cacher_ng__upstream_mirror_gentoo: '{{ ansible_local.apt.default_sources_map.Gentoo[0]|d("") }}'

Cache directory

apt_cacher_ng__cache_dir

Storage directory for downloaded data and related maintenance activity.

apt_cacher_ng__cache_dir: '/var/cache/apt-cacher-ng'

apt_cacher_ng__cache_dir_owner

Unix user which owns the cache directory and it's contents.

apt_cacher_ng__cache_dir_owner: 'apt-cacher-ng'

apt_cacher_ng__cache_dir_group

Unix group of the cache directory and it's contents..

apt_cacher_ng__cache_dir_group: 'apt-cacher-ng'

apt_cacher_ng__dir_perms

Default permission set of freshly created files and directories, as octal numbers (see chmod(1) for details). Can by limited by the umask value (see umask(2) for details) if it's set in the environment of the starting shell, e. g. in apt-cacher-ng init script or in its configuration file.

apt_cacher_ng__dir_perms: '02755'

apt_cacher_ng__file_perms

Default permission set of freshly created files and directories, as octal numbers (see chmod(1) for details). Can by limited by the umask value (see umask(2) for details) if it's set in the environment of the starting shell, e. g. in apt-cacher-ng init script or in its configuration file.

apt_cacher_ng__file_perms: '00644'

apt_cacher_ng__cache_dir_enforce_permissions

Should the permissions of the cache directory and it's content be enforced (changed to the specified owner, group and mode)?

Options:

strict

Go thought all files and directories and enforce the permissions on each Ansible run.

Warning

This can slow down the role execution time even when the changes have already been applied. The main factor is the number of files/directories in your cache directory.

lazy

Check the _expending_damaged file in the root of apt_cacher_ng__cache_dir and only enforce permissions on all other files if this one file needed to be changed.

disabled

Don't enforce permissions.

apt_cacher_ng__cache_dir_enforce_permissions: 'lazy'

Management credentials

apt_cacher_ng__user

Username for basic authentication required to visit pages with administrative functionality.

apt_cacher_ng__user: 'admin'

apt_cacher_ng__password

Password for basic authentication required to visit pages with administrative functionality.

apt_cacher_ng__password: '{{ lookup("password", secret + "/credentials/" +
                             inventory_hostname + "/apt_cacher_ng/" +
                             apt_cacher_ng__user + "/password length=24") }}'

Tuning, debugging and further options

apt_cacher_ng__log_dir

Log file directory, can be set empty to disable logging.

apt_cacher_ng__log_dir: '/var/log/apt-cacher-ng'

apt_cacher_ng__support_dir

A place to look for additional configuration and resource files if they are not found in the configuration directory.

apt_cacher_ng__support_dir: '/usr/lib/apt-cacher-ng'

apt_cacher_ng__debug

A bitmask type value declaring the logging verbosity and behavior of the error log writing. Non-zero value triggers at least faster log file flushing.

Some higher bits only working with a special debug build of apt-cacher-ng, see the manual for details. The setting has an alias named UnbufferLogs. Setting apt_cacher_ng__debug: 1 will result in unbuffer log writes.

Warning

This can write significant amount of data into the apt-cacher.err logfile.

0. No debug printing.
1. Log file buffers are flushed faster.
2. Some additional information appears within usual transfer/error logs.

4. Extra debug information is written to apt-cacher.err (also enables lots of additional trace points when apt-cacher-ng binary is built with debug configuration, see section 9.6 for details).

apt_cacher_ng__debug: 0

apt_cacher_ng__verbose_log

Enables extended client information in log entries. When set to True, only activity type, time and transfer sizes are logged.

apt_cacher_ng__verbose_log: True

apt_cacher_ng__force_managed

Forbid downloads from locations that are directly specified in the user request, i.e. all downloads must be processed by the preconfigured remapping backends. Set to False by default to allow to download other repositories via the proxy like download.owncloud.org.

apt_cacher_ng__force_managed: False

apt_cacher_ng__expiration_threshold

Days before considering an unreferenced file expired (to be deleted).

Warning

If the value is set too low and particular index files are not available for some days (mirror downtime) then there is a risk of removal of still useful package files.

apt_cacher_ng__expiration_threshold: 4

apt_cacher_ng__expiration_abort_on_problems

Stop expiration when a critical problem appears, issue like a failed update of an index file in the preparation step.

Warning

Don't set this option to zero or empty without considering possible consequences like a sudden and complete cache data loss.

apt_cacher_ng__expiration_abort_on_problems: 'default'

apt_cacher_ng__dns_cache_seconds

There is a small in-memory cache for DNS resolution data, expired by this timeout (in seconds). Internal caching is disabled if set to a value less than zero.

apt_cacher_ng__dns_cache_seconds: 1800

apt_cacher_ng__log_submitted_origin

Trust the downstream HTTP proxy and log the X-Forwarded-For header as the client IP address.

apt_cacher_ng__log_submitted_origin: True

apt_cacher_ng__user_agent

The version string reported to the peer, to be displayed as HTTP client (and version) in the logs of the mirror.

Warning

Expect side effects! Some archives use this header to guess capabilities of the client (i.e. allow redirection and/or https links) and change their behaviour accordingly but ACNG might not support the expected features.

Default is the compiled in UserAgent: Yet Another HTTP Client/1.2.3p4

apt_cacher_ng__user_agent: 'default'

apt_cacher_ng__recompress_bz2

In some cases the Import and Expiration tasks might create fresh volatile data for internal use by reconstructing them using patch files. This by-product might be recompressed with bzip2 and with some luck the resulting file becomes identical to the *.bz2 file on the server which can be used by APT when requesting a complete version of this file. The downside of this feature is higher CPU load on the server during the maintenance tasks, and the outcome might have not much value in a LAN where all clients update their data often and regularly and therefore usually don't need the full version of the index file.

apt_cacher_ng__recompress_bz2: False

apt_cacher_ng__custom

Configuration block for Apt-Cacher NG for additional configuration for example custom remap settings.

apt_cacher_ng__custom: ''

Network accessibility

apt_cacher_ng__allow

Allow access to Apt-Cacher NG from specified IP addresses or CIDR networks. If not specified, allows access from all networks.

apt_cacher_ng__allow: []

apt_cacher_ng__group_allow

Allow access to Apt-Cacher NG from specified IP addresses or CIDR networks. If not specified, allows access from all networks.

apt_cacher_ng__group_allow: []

apt_cacher_ng__host_allow

Allow access to Apt-Cacher NG from specified IP addresses or CIDR networks. If not specified, allows access from all networks.

apt_cacher_ng__host_allow: []

apt_cacher_ng__interfaces

List of network interfaces from which to allow access to Apt-Cacher NG. If not specified, allows access from all interfaces.

apt_cacher_ng__interfaces: []

Role-dependent configuration

apt_cacher_ng__etc_services__dependent_list

Configuration for the debops.etc_services role which registers port numbers for Apt-Cacher NG.

apt_cacher_ng__etc_services__dependent_list:

  - name: 'acng'
    port: '{{ apt_cacher_ng__port }}'
    comment: 'Apt-Cacher NG caching proxy server'
    delete: '{{ apt_cacher_ng__deploy_state != "present" }}'

apt_cacher_ng__apt_preferences__dependent_list

Configuration for the debops.apt_preferences role.

apt_cacher_ng__apt_preferences__dependent_list:

  - package: 'apt-cacher-ng libssl*'
    backports: [ 'wheezy', 'jessie' ]
    reason: 'http://httpredir.debian.org/debian is not included in the deb_mirrors.gz file of apt-cacher-ng as of 0.8.0-3 (latest in Debian Jessie). This can result in unnecessary resource (bandwidth, storage) usage. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782643'
    by_role: 'debops.apt_cacher_ng'
    delete: '{{ apt_cacher_ng__deploy_state != "present" }}'

apt_cacher_ng__ferm__dependent_rules

Configuration for ferm firewall. It should be added when debops.ferm role is used to configure Apt-Cacher NG firewall rules.

apt_cacher_ng__ferm__dependent_rules:

  - type: 'accept'
    dport: [ 'acng' ]
    saddr: '{{ (apt_cacher_ng__allow|d([]) | list) +
      (apt_cacher_ng__group_allow   |d([]) | list) +
      (apt_cacher_ng__host_allow    |d([]) | list) }}'
    accept_any: True
    interface: '{{ apt_cacher_ng__interfaces }}'
    weight: '40'
    by_role: 'debops.apt_cacher_ng'
    name: 'http_proxy'
    rule_state: '{{ apt_cacher_ng__deploy_state }}'

apt_cacher_ng__apparmor__dependent_config

Configuration for the debops-contrib.apparmor role.

apt_cacher_ng__apparmor__dependent_config:

  'usr.sbin.apt-cacher-ng':
      ## Seems this change is not possible thought the ``@{APT_CACHE_DIR}``
      ## variable without changing the profile file directly?
    - comment: 'Allow Apt-Cacher-Ng access to the cache directory'
      by_role: 'debops.apt_cacher_ng'
      delete: '{{ apt_cacher_ng__deploy_state != "present" }}'
      rules:
        - '{{ apt_cacher_ng__cache_dir }}/ r'
        - '{{ apt_cacher_ng__cache_dir }}/** rw'

apt_cacher_ng__upstream_servers

List of upstream nginx proxy servers.

apt_cacher_ng__upstream_servers:
  - 'localhost:{{ apt_cacher_ng__port }}'

apt_cacher_ng__nginx__upstream

The nginx upstream configuration, managed by debops.nginx role.

apt_cacher_ng__nginx__upstream:
  enabled: True
  name: 'apt-cacher-ng'
  server: '{{ apt_cacher_ng__upstream_servers }}'

apt_cacher_ng__nginx__servers

List of nginx server configurations managed by the debops.nginx role. There is a separate configuration for HTTP and HTTPS connections to allow access for hosts without SSL support installed.

apt_cacher_ng__nginx__servers:

  - by_role: 'debops.apt_cacher_ng'
    name: [ '{{ apt_cacher_ng__fqdn }}' ]
    filename: 'debops.apt_cacher_ng_http'
    enabled: True
    allow: '{{ apt_cacher_ng__allow + apt_cacher_ng__group_allow + apt_cacher_ng__host_allow }}'
    ssl: False
    webroot_create: False
    type: 'proxy'
    proxy_pass: 'http://apt-cacher-ng'
    proxy_options: |
      if ($request_uri !~ "^/.*(\.js|\.css|\.html|\.ico)(.*)?$") {
              rewrite ^/(.*)$ /$host/$1 break;
      }
      proxy_redirect off;
      proxy_buffering off;
    options: |
      location ~ /acng-report.html {
              return 307 https://$host$request_uri;
      }

  - by_role: 'debops.apt_cacher_ng'
    name: [ '{{ apt_cacher_ng__fqdn }}' ]
    filename: 'debops.apt_cacher_ng_https'
    enabled: True
    allow: '{{ apt_cacher_ng__allow + apt_cacher_ng__group_allow + apt_cacher_ng__host_allow }}'
    state: '{{ "present" if (ansible_local.pki|d()) else "absent" }}'
    listen: False
    webroot_create: False
    type: 'proxy'
    proxy_pass: 'http://apt-cacher-ng'
    proxy_options: |
      if ($request_uri !~ "^/.*(\.js|\.css|\.html|\.ico)(.*)?$") {
              rewrite ^/(.*)$ /$host/$1 break;
      }
      proxy_redirect off;
      proxy_buffering off;