Getting started

Client configuration

The debops.apt_cacher_ng role will use the debops.nginx role to configure a proxied access to the cache over a custom subdomain, by default software-cache.{{ ansible_domain }}. This subdomain should be configured in the DNS and point to the server where the proxy is installed. You can open this address in a web browser to access the web interface of Apt-Cacher NG.

To use the Apt-Cacher NG proxy, hosts can either access Apt-Cacher NG directly or via the configured nginx reverse proxy:

  1. To point hosts directly to the Apt-Cacher NG proxy server, include the following line in your inventory:

    apt_proxy__http_url: 'http://software-cache.<domain>:3142/'
    
  2. To point hosts to the nginx reverse proxy include the following line in your inventory:

    apt_proxy__http_url: 'http://software-cache.<domain>/'
    

The debops.apt_proxy role will ensure that the hosts use the given proxy server.

Note

Currently, for HTTPS repositories a direct connection to the destination domain will be used and the proxy server will not be used at all. This might be changed in the future. See this GitHub issue for more information.

Example inventory

To setup Apt-Cacher NG on host given in debops_service_apt_cacher_ng Ansible inventory group:

[debops_service_apt_cacher_ng]
hostname

Example playbook

If you are using this role without DebOps, here's an example Ansible playbook that uses the debops.apt_cacher_ng role:

---

- name: Install and manage the caching HTTP proxy Apt-Cacher NG.
  collections: [ 'debops.debops', 'debops.roles01',
                 'debops.roles02', 'debops.roles03' ]
  hosts: [ 'debops_service_apt_cacher_ng' ]
  become: True

  environment: '{{ inventory__environment | d({})
                   | combine(inventory__group_environment | d({}))
                   | combine(inventory__host_environment  | d({})) }}'

  roles:

    - role: keyring
      tags: [ 'role::keyring', 'skip::keyring', 'role::nginx' ]
      keyring__dependent_apt_keys:
        - '{{ nginx__keyring__dependent_apt_keys }}'

    - role: etc_services
      tags: [ 'role::etc_services', 'skip::etc_services' ]
      etc_services__dependent_list:
        - '{{ apt_cacher_ng__etc_services__dependent_list }}'

    - role: apt_preferences
      tags: [ 'role::apt_preferences', 'skip::apt_preferences' ]
      apt_preferences__dependent_list:
        - '{{ apt_cacher_ng__apt_preferences__dependent_list }}'
        - '{{ nginx_apt_preferences_dependent_list }}'

    - role: ferm
      tags: [ 'role::ferm', 'skip::ferm' ]
      ferm__dependent_rules:
        - '{{ apt_cacher_ng__ferm__dependent_rules }}'
        - '{{ nginx_ferm_dependent_rules }}'

    - role: python
      tags: [ 'role::python', 'skip::python' ]
      python__dependent_packages3:
        - '{{ nginx__python__dependent_packages3 }}'
      python__dependent_packages2:
        - '{{ nginx__python__dependent_packages2 }}'

    - role: nginx
      tags: [ 'role::nginx', 'skip::nginx' ]
      nginx_servers:
        - '{{ apt_cacher_ng__nginx__servers }}'
      nginx_upstreams:
        - '{{ apt_cacher_ng__nginx__upstream }}'

    - role: apt_cacher_ng
      tags: [ 'role::apt_cacher_ng', 'skip::apt_cacher_ng' ]

If you make extensive use of the flexibility of this role and are using AppArmor you might need to use the following playbook instead:

---

## Basically the same playbook as the one in DebOps core with the difference
## that this playbook also uses the debops-contrib.apparmor role to configure
## AppArmor.
- name: Install and manage the caching HTTP proxy Apt-Cacher NG.
  collections: [ 'debops.debops' ]
  hosts: [ 'debops_contrib_service_apt_cacher_ng' ]
  become: True

  environment: '{{ inventory__environment | d({})
                   | combine(inventory__group_environment | d({}))
                   | combine(inventory__host_environment  | d({})) }}'

  roles:

    - role: etc_services
      tags: [ 'role::etc_services' ]
      etc_services__dependent_list:
        - '{{ apt_cacher_ng__etc_services__dependent_list }}'

    - role: apt_preferences
      tags: [ 'role::apt_preferences' ]
      apt_preferences__dependent_list:
        - '{{ apt_cacher_ng__apt_preferences__dependent_list }}'
        - '{{ nginx_apt_preferences_dependent_list }}'

    - role: ferm
      tags: [ 'role::ferm', 'skip::ferm' ]
      ferm__dependent_rules:
        - '{{ apt_cacher_ng__ferm__dependent_rules }}'
        - '{{ nginx_ferm_dependent_rules }}'

    - role: nginx
      tags: [ 'role::nginx' ]
      nginx_servers:
        - '{{ apt_cacher_ng__nginx__servers }}'
      nginx_upstreams:
        - '{{ apt_cacher_ng__nginx__upstream }}'

    - role: debops-contrib.apparmor
      tags: [ 'role::apparmor' ]
      apparmor__local_dependent_config: '{{ apt_cacher_ng__apparmor__dependent_config }}'
      apparmor__tunables_dependent: '{{ apt_cacher_ng__apparmor__tunables_dependent }}'

    - role: apt_cacher_ng
      tags: [ 'role::apt_cacher_ng' ]

The playbook is shipped with this role under ./docs/playbooks/apt_cacher_ng-apparmor.yml from which you can symlink it to your playbook directory. In case you use multiple DebOps Contrib roles, consider using the DebOps Contrib playbooks.