debops.apt_install default variables

Role configuration

apt_install__enabled

Enable or disable support for debops.apt_install role.

apt_install__enabled: True
apt_install__distribution

The variable that indicates host operating system distribution, used to conditionally select packages for installation.

apt_install__distribution: '{{ ansible_local.core.distribution
                               |d(ansible_lsb.id|d(ansible_distribution)) }}'
apt_install__distribution_release

The variable that indicates host distribution release, used to conditionally select packages for installation.

apt_install__distribution_release: '{{ ansible_local.core.distribution_release
                                       |d(ansible_lsb.codename|d(ansible_distribution_release)) }}'
apt_install__archive_areas_map

A dictionary that maps different parts of the package archive to each distribution. By default the role expects all of the archives to be enabled.

apt_install__archive_areas_map:
  'Debian': [ 'main', 'contrib', 'non-free' ]
  'Ubuntu': [ 'main', 'restricted', 'universe', 'multiverse' ]
apt_install__archive_areas

List of package archive areas which are currently available. This list is used to conditionally enable packages for installation, depending on availability of a given archive area.

apt_install__archive_areas: '{{ ansible_local.apt.components
                                |d(apt_install__archive_areas_map[apt_install__distribution] | d([])) }}'
apt_install__condition_map

Definition of the values to compare apt_install__all_packages against. This map is used internally in the apt_install__all_packages lookup template.

apt_install__condition_map:
  'distribution': '{{ apt_install__distribution }}'
  'release': '{{ apt_install__distribution_release }}'
  'areas': '{{ apt_install__archive_areas }}'
apt_install__state

How the apt Ansible module should install the selected packages:

present

Only make sure that the packages on the list are present on the host.

latest

Install the latest version of available packages, according to APT preferences.

By default role will make sure to update the packages to their latest version on first run, and just keep the current version on subsequent runs.

apt_install__state: '{{ "present"
                        if (ansible_local|d() and ansible_local.apt_install|d() and
                            (ansible_local.apt_install.configured|d(True))|bool)
                        else "latest" }}'
apt_install__no_kernel_hints

Enable or disable configuration of the hints about upgraded kernel requiring a reboot of the host, created by the needrestart package. By default these hints will be disabled, which helps with non-interactive APT package installation done by Ansible.

apt_install__no_kernel_hints: '{{ True
                                  if ("needrestart" in apt_install__conditional_whitelist_packages)
                                  else False }}'
apt_install__recommends

Boolean variable that controls installation of recommended packages.

apt_install__recommends: False
apt_install__update_cache

Enable or disable APT cache updates.

apt_install__update_cache: True
apt_install__cache_valid_time

Amount of time between APT cache updates in seconds.

apt_install__cache_valid_time: '{{ ansible_local.core.cache_valid_time|d(60 * 60 * 24 * 7) }}'

Debconf package configuration

These lists can be used to insert new values into the debconf database. This allow to overwrite some default answer before installing a package and avoid using dpkg-reconfigure to set the wanted answer. See apt_install__debconf for more details.

apt_install__debconf

List of values to configure for all hosts in the Ansible inventory.

apt_install__debconf: []
apt_install__group_debconf

List of values to configure for hosts in specific Ansible inventory group.

apt_install__group_debconf: []
apt_install__host_debconf

List of values to configure for specific hosts in the Ansible inventory.

apt_install__host_debconf: []

APT package lists

The APT packages to install are split into multiple lists to easier modification. You can specify name of each package directly or use a YAML dictionary to better control when a package should be installed. See apt_install__all_packages for more details.

apt_install__base_packages

Default base packages to install.

apt_install__base_packages:
  - 'ed'
  - 'lsb-release'
  - 'make'
  - 'git'
  - 'curl'
  - 'rsync'
  - 'bsdutils'
  - 'acl'
apt_install__shell_packages

Command line creature comforts, when you need to login to the remote host.

apt_install__shell_packages:
  - 'ncurses-term'
  - 'tmux'
  - 'less'
  - 'file'
  - 'psmisc'
  - 'lsof'
  - 'tree'
  - 'htop'
  - 'iftop'
  - 'nload'
  - 'nmon'
  - 'mtr-tiny'
  - 'mc'
apt_install__editor_packages

List of text editors to install.

apt_install__editor_packages:

  # The role also sets ``vim.basic`` as the default editor via
  # the :envvar:`apt_install__default_alternatives` variable.
  # If you change this list, remember to update that variable as well,
  # otherwise the playbook execution will break.
  - 'vim'
apt_install__packages

List of APT packages to install on all hosts in Ansible inventory.

apt_install__packages: []
apt_install__group_packages

List of APT packages to install on hosts in a specific group in Ansible inventory.

apt_install__group_packages: []
apt_install__host_packages

List of APT packages to install on specific hosts in Ansible inventory.

apt_install__host_packages: []
apt_install__dependent_packages

List of APT packages to install for other Ansible roles, for usage as a dependent role.

apt_install__dependent_packages: []
apt_install__conditional_whitelist_packages

List of APT package names which will be used to compare against packages requested for installation. This list is exposed in the defaults so that you don't need to modify the conditional list below to enable or disable packages.

apt_install__conditional_whitelist_packages:
  - 'irqbalance'
  - 'uptimed'
  - 'libpam-systemd'
  - 'haveged'
  - 'gnupg-curl'
  - 'needrestart'
  - 'open-vm-tools'
apt_install__conditional_packages

List of APT packages installed under certain conditions.

apt_install__conditional_packages:

  - name: 'irqbalance'
    whitelist: '{{ apt_install__conditional_whitelist_packages }}'
    state: '{{ "present"
               if (ansible_processor_cores >= 2 and
                   (ansible_virtualization_role is undefined or
                    ansible_virtualization_role not in [ "guest" ]))
               else "absent" }}'

  - name: 'uptimed'
    whitelist: '{{ apt_install__conditional_whitelist_packages }}'
    state: '{{ "present"
               if (ansible_virtualization_role is undefined or
                   ansible_virtualization_role not in [ "guest" ])
               else "absent" }}'

  - name: 'libpam-systemd'
    whitelist: '{{ apt_install__conditional_whitelist_packages }}'
    state: '{{ "present" if (ansible_service_mgr == "systemd") else "absent" }}'

  - name: 'haveged'
    # KVM is capable of providing entropy to guests however this needs to be
    # configured on the hypervisor host and thus can not always be done if one
    # only controls a guest.
    whitelist: '{{ apt_install__conditional_whitelist_packages }}'
    state: '{{ "present"
               if (ansible_virtualization_role|d("guest") in [ "guest" ] and
                   ansible_virtualization_type|d("unknown") not in ["lxc", "openvz"]
               )
               else "absent" }}'

  - name: 'gnupg-curl'
    # This package is needed when you want to access HKPS keyservers.
    whitelist: '{{ apt_install__conditional_whitelist_packages }}'
    state: '{{ "present"
               if ansible_distribution_release in
                  [ "wheezy", "jessie", "precise", "trusty", "xenial" ]
               else "absent" }}'

  - name: 'needrestart'
    # Install the package on newer OS releases.
    whitelist: '{{ apt_install__conditional_whitelist_packages }}'
    state: '{{ "present"
               if ansible_distribution_release not in [ "precise" ]
               else "absent" }}'

  - name: 'open-vm-tools'
    whitelist: '{{ apt_install__conditional_whitelist_packages }}'
    state: '{{ "present"
               if (ansible_virtualization_role|d("guest") in [ "guest" ] and
                   ansible_virtualization_type|d("unknown") in [ "VMware" ])
               else "absent" }}'
apt_install__firmware_packages

Certain systems require free or non-free firmware for correct operation. This list of packages will ensure that the required firmware is installed.

apt_install__firmware_packages:

  - name: 'amd64-microcode'
    # Non-free microcode firmware for AMD CPUs. These patches mitigate security
    # issues like Spectre and fix other types of incorrect processor behaviour.
    # The package only needs to be installed on physical machines. To protect
    # virtual machines, be sure to set the correct CPU flags in QEMU:
    # https://www.qemu.org/docs/master/system/target-i386.html#important-cpu-features-for-intel-x86-hosts
    distribution: [ 'Debian', 'Devuan', 'Ubuntu' ]
    areas: '{{ [ "main" ]
               if ansible_distribution in [ "Ubuntu" ]
               else [ "non-free" ] }}'
    state: '{{ "present"
               if ansible_virtualization_role == "host" and
                  "AuthenticAMD" in ansible_processor
               else "absent" }}'

  - name: 'firmware-linux-free'
    distribution: [ 'Debian' ]
    state: '{{ "present" if (ansible_form_factor in [ "Rack Mount Chassis" ])
                         and (ansible_virtualization_role is undefined or
                              ansible_virtualization_role not in [ "guest" ])
                         and (ansible_kernel.find("-pve") == -1)
                         else "absent" }}'

  - name: 'firmware-linux-nonfree'
    distribution: [ 'Debian' ]
    areas: [ 'non-free' ]
    state: '{{ "present" if (ansible_form_factor in [ "Rack Mount Chassis" ])
                         and (ansible_virtualization_role is undefined or
                              ansible_virtualization_role not in [ "guest" ])
                         and (ansible_kernel.find("-pve") == -1)
                         else "absent" }}'

  - name: 'intel-microcode'
    # Same as amd64-microcode, but for Intel CPUs.
    distribution: [ 'Debian', 'Devuan', 'Ubuntu' ]
    areas: '{{ [ "main" ]
               if ansible_distribution in [ "Ubuntu" ]
               else [ "non-free" ] }}'
    state: '{{ "present" if ansible_virtualization_role == "host" and
                            "GenuineIntel" in ansible_processor
                         else "absent" }}'

  - name: 'linux-firmware'
    distribution: [ 'Ubuntu' ]
    state: '{{ "present" if (ansible_form_factor in [ "Rack Mount Chassis" ])
                             and (ansible_virtualization_role is undefined or
                              ansible_virtualization_role not in [ "guest" ])
                         else "absent" }}'

  - name: 'linux-firmware-nonfree'
    distribution: [ 'Ubuntu' ]
    release: [ 'precise', 'trusty', 'wily' ]
    areas: [ 'multiverse' ]
    state: '{{ "present" if (ansible_form_factor in [ "Rack Mount Chassis" ])
                             and (ansible_virtualization_role is undefined or
                              ansible_virtualization_role not in [ "guest" ])
                         else "absent" }}'
apt_install__all_packages

The master list of APT packages to install, passed to the lookup template for conditional processing.

apt_install__all_packages:
  - '{{ apt_install__base_packages }}'
  - '{{ apt_install__shell_packages }}'
  - '{{ apt_install__editor_packages }}'
  - '{{ apt_install__packages }}'
  - '{{ apt_install__group_packages }}'
  - '{{ apt_install__host_packages }}'
  - '{{ apt_install__dependent_packages }}'
  - '{{ apt_install__conditional_packages }}'
  - '{{ apt_install__firmware_packages }}'

Configuration for other Ansible roles

apt_install__apt_preferences__dependent_list

Configuration for the debops.apt_preferences role.

apt_install__apt_preferences__dependent_list:

  - package: 'git git-*'
    backports: [ 'wheezy' ]
    reason:  'Better support for git submodules - https://stackoverflow.com/a/7593496'
    by_role: 'debops.apt_install'

  - package: 'irqbalance'
    backports: [ 'wheezy' ]
    reason:  'Issues in wheezy package - http://debian.distrosfaqs.org/debian-user/wheezy-irqbalance/'
    by_role: 'debops.apt_install'

  - package: 'irqbalance'
    backports: [ 'jessie' ]
    reason:  'Bug fixes and memory leak fixes.'
    by_role: 'debops.apt_install'

  - package: 'needrestart needrestart-*'
    backports: [ 'wheezy', 'jessie', 'trusty' ]
    reason: 'Better support for container technologies'
    by_role: 'debops.apt_install'