debops.apt default variables
Sections
General configuration
- apt__enabled
Enable or disable this role.
apt__enabled: True
Extra architectures
These lists define extra architectures to be enabled on the host. The main architecture does not need to be defined that way
- apt__extra_architectures
List of extra architectures to configure on all hosts in Ansible inventory.
apt__extra_architectures: []
- apt__group_extra_architectures
List of extra architectures to configure on hosts in specific Ansible inventory group.
apt__group_extra_architectures: []
- apt__host_extra_architectures
List of extra architectures to configure on specific hosts in Ansible inventory.
apt__host_extra_architectures: []
- apt__sources_deploy_state
Enable (if present) or disable (if absent) management of
/etc/apt/sources.list file by the role.
apt__sources_deploy_state: '{{ "present"
if (apt__distribution in [ "Debian", "Raspbian", "Ubuntu", "Devuan" ])
else "absent" }}'
- apt__sources_filter_duplicates
By default role disables duplicate /etc/apt/sources.list entries to
avoid sending mail messages about them by cron. You can set this
variable to False to disable the automatic filtering.
apt__sources_filter_duplicates: True
- apt__nonfree
Boolean. If enabled, non-free repositories of a given distribution will be enabled, otherwise they won't be present.
By default non-free repositories are enabled on hardware-based hosts due to a possible requirement for non-free firmware packages.
apt__nonfree: '{{ True if (ansible_virtualization_role is undefined or
ansible_virtualization_role not in [ "guest" ])
else False }}'
- apt__source_types
List of source types to configure for the default package sources. Supported
choices: deb, deb-src.
apt__source_types: [ 'deb' ]
- apt__remove_default_configuration
Ensure that /etc/apt/apt.conf is absent.
This file might contain APT proxy or other settings which overwrite options
set by debops.apt if present.
Thus the default is to ensure that this file is absent.
apt__remove_default_configuration: True
- apt__cache_valid_time
Update APT cache early in the playbook if it's older than 24h Set to False to disable update (useful when changing APT mirrors)
apt__cache_valid_time: '{{ ansible_local.core.cache_valid_time|d(60 * 60 * 24) }}'
- apt__install_recommends
Enable or disable automatic installation of recommended APT packages.
apt__install_recommends: False
- apt__install_suggests
Enable or disable automatic installation of suggested APT packages.
apt__install_suggests: False
Packages to install
- apt__base_packages
Default base packages to install.
apt__base_packages:
- 'lsb-release'
- 'ca-certificates'
- '{{ "apt-transport-https"
if (ansible_distribution_release in
[ "wheezy", "jessie", "stretch",
"precise", "trusty", "xenial" ])
else [] }}'
- 'gnupg'
- apt__packages
List of additional APT packages to install for APT support.
apt__packages: []
APT packages to purge
These lists define what APT packages should be purged (removed along with their configuration, data files and unused dependencies) from the hosts after APT repositories have been configured. Since this role is applied in the bootstrap playbooks, the packages will be purged early on; this might be useful in certain provisioning setups.
Use only simple APT package names here. For conditional removal, refer to the debops.apt_install role.
- apt__purge_packages
List of APT packages to purge on all hosts in the Ansible inventory.
apt__purge_packages: []
- apt__purge_group_packages
List of APT packages to purge on hosts in a specific Ansible inventory group.
apt__purge_group_packages: []
- apt__purge_host_packages
List of APT packages to purge on specific hosts in the Ansible inventory.
apt__purge_host_packages: []
APT repository keys
These lists define APT GPG keys to configure on hosts to enable authenticated access to additional APT repositories. See apt__keys for more details.
- apt__keys
List of APT GPG keys to configure on all hosts in Ansible inventory.
apt__keys: []
- apt__group_keys
List of APT GPG keys to configure on hosts in specific Ansible inventory group.
apt__group_keys: []
- apt__host_keys
List of APT GPG keys to configure on specific hosts in Ansible inventory.
apt__host_keys: []
APT repositories
These lists define additional APT repositories in
/etc/apt/sources.list.d/ directory. See apt__repositories for
more details.
- apt__repositories
List of additional APT repositories for all hosts in Ansible inventory.
apt__repositories: []
- apt__group_repositories
List of additional APT repositories for hosts in specific Ansible inventory group.
apt__group_repositories: []
- apt__host_repositories
List of additional APT repositories for specific hosts in Ansible inventory.
apt__host_repositories: []
APT deb822 repositories
These lists define additional APT repositories in deb822 format
/etc/apt/sources.list.d/ directory.
- apt__deb822_repositories
List of additional APT repositories for all hosts in Ansible inventory.
apt__deb822_repositories: []
- apt__deb822_group_repositories
List of additional APT repositories for all hosts in Ansible inventory.
apt__deb822_group_repositories: []
- apt__deb822_host_repositories
List of additional APT repositories for all hosts in Ansible inventory.
apt__deb822_host_repositories: []
APT authentication files
These lists define APT authentication information for repositories which require HTTP Basic Authentication to access. See apt__auth_files for more details.
- apt__auth_files
Authentication configuration files which should be present on all hosts in the Ansible inventory.
apt__auth_files: []
- apt__group_auth_files
Authentication configuration files which should be present on hosts in a specific Ansible inventory group.
apt__group_auth_files: []
- apt__host_auth_files
Authentication configuration files which should be present on specific hosts in the Ansible inventory.
apt__host_auth_files: []
APT configuration files
These lists define additional APT configuration files in
/etc/apt/apt.conf.d/ directory.
See apt__conf for more details.
- apt__conf
List of additional APT configuration to add on all hosts in Ansible inventory.
apt__conf: []
- apt__group_conf
List of additional APT configuration to add on hosts in specific Ansible inventory group.
apt__group_conf: []
- apt__host_conf
List of additional APT configuration to add on specific hosts in Ansible inventory.
apt__host_conf: []
Distribution and release detection
- apt__architecture
The system architecture present on the host.
apt__architecture: '{{ apt__architecture_map[ansible_architecture]
| d(ansible_architecture) }}'
- apt__architecture_map
A YAML dictionary which defines a mapping between Ansible architectures and
Debian/Ubuntu ports. Only definitions that are different from the detected
ones are listed here, otherwise the value of ansible_architecture is
used.
apt__architecture_map:
'x86_64': 'amd64'
'armv7l': 'armhf'
- apt__distribution
The Linux distribution present on the host. Note: this deliberately does not default to ansible_local.core.distribution because this local fact is set by the 'core' role, which runs later in the common playbook. Ref: https://github.com/debops/debops/issues/2046#issuecomment-1086702657
apt__distribution: '{{ ansible_lsb.id|d(ansible_distribution) }}'
- apt__distribution_release
The Linux distribution release present on the host. Note: this deliberately does not default to ansible_local.core.distribution_release because this local fact is set by the 'core' role, which runs later in the common playbook. Ref: https://github.com/debops/debops/issues/2046#issuecomment-1086702657
apt__distribution_release: '{{ ansible_lsb.codename
|d(ansible_distribution_release) }}'
- apt__distribution_release_map
YAML dictionary which holds the information about official OS releases. This map is used to configure security repositories only on the OS releases that have them available.
apt__distribution_release_map:
'Debian': [ 'stretch', 'buster', 'bullseye', 'bookworm', 'trixie' ]
'Ubuntu': [ 'trusty', 'xenial', 'bionic' ]
'Devuan': [ 'ascii', 'beowulf' ]
- apt__distribution_suite_map
YAML dictionary which maps current Debian releases to their respective suites (this is currently not used in Ubuntu). This map is used to select what repository suffixes should be configured on the current host in case the role is used on a Debian Testing system.
apt__distribution_suite_map:
'Debian_stretch': 'archive'
'Debian_buster': 'oldoldstable'
'Debian_bullseye': 'oldstable'
'Debian_bookworm': 'stable'
'Debian_trixie': 'testing'
'Debian_sid': 'unstable'
'Raspbian_wheezy': 'archive'
'Raspbian_jessie': 'lts'
'Raspbian_stretch': 'oldstable'
'Raspbian_buster': 'stable'
'Raspbian_bullseye': 'testing'
'Raspbian_sid': 'unstable'
'Devuan_jessie': 'oldstable'
'Devuan_ascii': 'stable'
'Devuan_beowulf': 'testing'
'Devuan_ceres': 'unstable'
- apt__distribution_suite
The variable that specifies the "suite" or an alias of the current distribution release.
apt__distribution_suite: '{{ apt__distribution_suite_map[apt__distribution + "_" +
apt__distribution_release]|d() }}'
- apt__distribution_suffix_map
YAML dictionary which maps the installed OS distribution and release to a set of repository "suffixes". Each suffix will be added to the release name to create repository name; empty suffixes are permitted.
If the combination of OS distribution and release is not found, the default list of suffixes will be used automatically.
apt__distribution_suffix_map:
'Debian_archive': [ '', '-backports' ]
'Debian_oldoldstable': [ '', '-updates', '-backports' ]
'Debian_oldstable': [ '', '-updates', '-backports' ]
'Debian_stable': [ '', '-updates', '-backports' ]
'Debian_testing': [ '', '-updates' ]
'Debian_unstable': [ '' ]
'Raspbian': [ '' ]
'Devuan_stable': [ '', '-updates', '-backports' ]
'Devuan_testing': [ '', '-updates' ]
'Devuan_unstable': [ '' ]
'default': [ '', '-updates', '-backports' ]
- apt__distribution_suffixes
List of repository suffixes to use in the generated APT sources.
apt__distribution_suffixes: '{{ apt__distribution_suffix_map[apt__distribution + "_" +
apt__distribution_suite_map[apt__distribution + "_" +
apt__distribution_release]|d()] |
d(apt__distribution_suffix_map[apt__distribution] |
d(apt__distribution_suffix_map["default"])) }}'
- apt__distribution_components_free
YAML dictionary which contains information about repository components with only Free/Open Source software packages. These components will be enabled by default.
apt__distribution_components_free:
'Debian': [ 'main' ]
'Raspbian': [ 'main', 'rpi' ]
'Ubuntu': [ 'main', 'universe' ]
'Devuan': [ 'main' ]
- apt__distribution_components_nonfree
YAML dictionary which contains information about repository components with
non-free software packages, or packages which depend on non-free software.
These components are enabled or disabled by the apt__nonfree
boolean variable.
apt__distribution_components_nonfree:
'Debian': '{{ ["contrib", "non-free"] +
(["non-free-firmware"]
if ansible_distribution_major_version | int > 11 else []) }}'
'Raspbian': [ 'contrib', 'non-free' ]
'Ubuntu': [ 'restricted', 'multiverse' ]
'Devuan': [ 'contrib', 'non-free' ]
- apt__distribution_components
List of APT repository components which should be enabled in the distribution package sources.
apt__distribution_components: '{{ apt__distribution_components_free[apt__distribution]|d([]) +
(apt__distribution_components_nonfree[apt__distribution]|d([])
if apt__nonfree|bool else []) }}'
Archived distribution releases
- apt__archive_source_map
The YAML dictionary that contains the map of the archive repositories for different OS distributions. The archive repositories are usually not part of the repository mirrors, but are mirrored separately. See the documentation pages for alternative mirrors.
apt__archive_source_map:
# Debian archive repositories: https://www.debian.org/distrib/archive
'Debian': 'http://archive.debian.org/debian/'
- apt__archive_source
The URL of the archive APT repository configured by default when the current OS release is migrated to the archive.
apt__archive_source: '{{ apt__archive_source_map[apt__distribution]|d() }}'
Default APT package sources
These lists define contents of /etc/apt/sources.list configuration file.
See apt__sources for more details.
- apt__sources
List of APT source repositories for all hosts in Ansible inventory.
apt__sources: []
- apt__group_sources
List of APT source repositories for hosts in specific Ansible inventory group.
apt__group_sources: []
- apt__host_sources
List of APT source repositories for specific hosts in Ansible inventory.
apt__host_sources: []
- apt__original_sources
List of APT sources from the original /etc/apt/sources.list file detected
using Ansible local facts.
apt__original_sources:
- comment: 'Original APT package sources gathered by Ansible'
uris: '{{ ansible_local.apt.original_mirrors_deb|d([]) }}'
state: '{{ "present" if (ansible_local.apt.original_mirrors_deb|d() and
apt__distribution_suite != "archive")
else "absent" }}'
- apt__default_sources_state
Enable (if present) or disable (if absent) the default APT
package sources for specific distributions.
If package sources are defined in specific group, host or on all hosts in
Ansible inventory, it may be desirable not to include the default sources.
apt__default_sources_state: '{{ "absent"
if (apt__distribution_suite == "archive")
else "present" }}'
- apt__default_sources
List of the default APT package sources for specific distributions. These are usually mirror redirectors provided by the distributions.
This variable is used by Ansible local fact script to expose the default APT source for use through the Ansible inventory. It's structure shouldn't be changed.
apt__default_sources:
- uri: 'http://deb.debian.org/debian'
comment: '{{ "Official " + apt__distribution + " repositories" }}'
distribution: 'Debian'
state: '{{ apt__default_sources_state }}'
- uri: 'http://mirrordirector.raspbian.org/raspbian/'
comment: '{{ "Official " + apt__distribution + " repositories" }}'
distribution: 'Raspbian'
state: '{{ apt__default_sources_state }}'
- uri: 'http://repos.rcn-ee.com/debian/'
comment: 'rcn-ee.net repository as used on BeagleBoards for additional hardware support'
type: '{{ apt__source_types }}'
option: '{{ "arch=" + apt__architecture }}'
suite: '{{ apt__distribution_release }}'
components: [ "main" ]
distribution: 'Debian'
state: '{{ apt__default_sources_state
if (apt__architecture in ["armhf"] and
("cape_universal" in ansible_cmdline) or
("bone_capemgr.uboot_capemgr_enabled" in ansible_cmdline) or
("bone_capemgr" in ansible_cmdline))
else "absent" }}'
- uri: 'http://archive.ubuntu.com/ubuntu'
comment: '{{ "Official " + apt__distribution + " repositories" }}'
distribution: 'Ubuntu'
state: '{{ apt__default_sources_state
if (apt__architecture in ["amd64", "i386"])
else "absent" }}'
- uri: 'http://ports.ubuntu.com/ubuntu-ports'
comment: '{{ "Official " + apt__distribution + " Port repositories" }}'
distribution: 'Ubuntu'
state: '{{ apt__default_sources_state
if (apt__architecture not in ["amd64", "i386"])
else "absent" }}'
- uri: 'http://deb.devuan.org/merged'
comment: '{{ "Official " + apt__distribution + " repositories" }}'
distribution: 'Devuan'
state: '{{ apt__default_sources_state }}'
- uri: '{{ apt__archive_source }}'
comment: '{{ "Official " + apt__distribution + " archive repository" }}'
distribution: 'Debian'
state: '{{ "present"
if (apt__distribution_suite == "archive")
else "absent" }}'
- apt__security_sources_state
Enable (if present) or disable (if absent) the default APT
repositories proving security updates.
If a local security mirror is defined in Ansible inventory group or host,
it may be desirable not to include the default security sources.
apt__security_sources_state: '{{ "absent"
if (apt__distribution_suite == "archive")
else "present" }}'
- apt__group_security_sources
List of APT repositories that provide security updates for hosts in specific Ansible inventory group.
apt__group_security_sources: []
- apt__host_security_sources
List of APT repositories that provide security updates for hosts in specific Ansible inventory host.
apt__host_security_sources: []
- apt__security_sources
List of APT package sources that provide security updates. This list is used in the Ansible local facts script to filter out the security repositories from normal repositories.
apt__security_sources:
- uri: '{{ "http://security.debian.org/"
if apt__distribution_release in ["stretch"]
else "http://deb.debian.org/debian-security/" }}'
comment: 'Debian Security repository'
type: '{{ apt__source_types }}'
suite: '{{ apt__distribution_release
+ ("/updates"
if apt__distribution_release in
[ "jessie", "stretch", "buster" ]
else "-security") }}'
components: '{{ apt__distribution_components }}'
distribution: 'Debian'
state: '{{ apt__security_sources_state
if (apt__distribution_release|d("unknown")
in apt__distribution_release_map[apt__distribution]|d([]))
else "absent" }}'
# This version may be present on some installations. It's here so that the
# fact script knows that a given URL is a secuirity source and doesn't
# create normal entries. This version is not added to the final file.
- uri: 'http://security.debian.org'
comment: 'Debian Security repository'
type: '{{ apt__source_types }}'
suite: '{{ apt__distribution_release + "/updates" }}'
components: '{{ apt__distribution_components }}'
distribution: 'Debian'
state: 'absent'
# This version shows up in LXC templates built by distrobuilder. It causes
# the role to generate incorrect entries for APT sources and is present
# here only to prevent that.
- uri: 'http://deb.debian.org/debian-security'
comment: 'Debian Security repository'
type: '{{ apt__source_types }}'
suite: '{{ apt__distribution_release + "-security" }}'
components: '{{ apt__distribution_components }}'
distribution: 'Debian'
state: 'absent'
# This version shows up in Debian Stretch APT configuration.
# It's disabled by default to not create duplicate entries.
- uri: 'http://security.debian.org/debian-security'
comment: 'Debian Security repository'
type: '{{ apt__source_types }}'
suite: '{{ apt__distribution_release + "/updates" }}'
components: '{{ apt__distribution_components }}'
distribution: 'Debian'
state: 'absent'
- uri: 'http://security.ubuntu.com/ubuntu'
comment: 'Ubuntu Security repository'
type: '{{ apt__source_types }}'
suite: '{{ apt__distribution_release + "-security" }}'
components: '{{ apt__distribution_components }}'
distribution: 'Ubuntu'
state: '{{ apt__security_sources_state
if (apt__architecture in ["amd64", "i386"])
else "absent" }}'
- uri: 'http://ports.ubuntu.com/ubuntu-ports'
comment: 'Ubuntu Ports Security repository'
type: '{{ apt__source_types }}'
suite: '{{ apt__distribution_release + "-security" }}'
components: '{{ apt__distribution_components }}'
distribution: 'Ubuntu'
state: '{{ apt__security_sources_state
if (apt__architecture not in ["amd64", "i386"])
else "absent" }}'
- uri: 'http://deb.devuan.org/merged'
comment: 'Devuan Security repository'
type: '{{ apt__source_types }}'
suite: '{{ apt__distribution_release + "-security" }}'
components: '{{ apt__distribution_components }}'
distribution: 'Devuan'
state: '{{ apt__security_sources_state
if (apt__distribution_release|d("unknown")
in apt__distribution_release_map[apt__distribution]|d([]))
else "absent" }}'
- apt__combined_sources
Final list of APT sources to configure. This variable defines an order in
which various package sources are written in the /etc/apt/sources.list as
well as what sources will be present there.
apt__combined_sources: '{{ ([]
if (apt__distribution_suite == "archive")
else (apt__sources + apt__group_sources + apt__host_sources)) +
apt__original_sources +
apt__default_sources +
([]
if (apt__distribution_suite == "archive")
else (apt__host_security_sources + apt__group_security_sources)) +
apt__security_sources }}'