Default variable details
Some of debops.apt
default variables have more extensive configuration than
simple strings or lists, here you can find documentation and examples for them.
apt__conf
This list, along with apt__group_conf
and apt__host_conf
can be used
to manage APT configuration files through Ansible inventory. Each entry is a
YAML dictionary with keys and values the same as the ones used by the
Ansible ansible.builtin.copy module. See its documentation for parameter
advanced usage and syntax.
Here are some more important parameters:
item.dest
oritem.name
oritem.path
Required. Filename on the remote host. The role will automatically prefix it with
item.priority
and put it in the right directory.item.priority
Optional. Priority that prefix the filename to order the instruction with the different configuration files. If not specified, priority
60
is used by default.item.src
Path to the source file on the Ansible Controller. Alternatively you can use
item.content
to provide the file contents directly in the inventory.item.content
String or YAML text block with the file contents to put in the destination file. Alternatively you can use
item.src
to provide the path to the source file on Ansible Controller.item.state
Optional. If not specified, or if specified and
present
, the file(s) will be created. If specified andabsent
, file will be removed.
Examples
Copy file from the Ansible Controller to all remote hosts:
apt__conf:
- name: personal
src: 'path/to/apt.conf.d/02personnal.conf'
priority: '99'
Create a configuration file that calls script before/after DPKG in order to set/unset extras options on some mount points :
apt__host_conf:
- name: filesystem
priority: '02'
content: |
# This file is managed remotely, all changes will be lost
{% if (ansible_virtualization_type != 'lxc') %}
Dpkg
{
Pre-Invoke { "/usr/local/bin/remountrw" };
Post-Invoke { "/usr/local/bin/remountdefault" };
};
apt__keys
This list, along with apt__group_keys
and apt__host_keys
and can be used to manage APT repository keys through Ansible inventory. Each
entry is a YAML dictionary with parameters that correspond to the apt_key
module parameters:
data
Optional. GPG key contents provided directly.
file
Optional. Path to the GPG key file on the remote host.
id
Optional. GPG key identifier.
keyring
Optional. Path to the keyring file in
/etc/apt/trusted.gpg.d/
directory.keyserver
Optional. IP address or FQDN of the GPG keyserver to download the keys from.
state
Optional. Either
present
for the key to be present (default), orabsent
for the key to be removed. Theabsent
state might be ignored due to the issues with not enough information provided about the key to remove it. See alsoarchitecture
,distribution
anddistribution_release
parameters.url
Optional. The URL of the GPG key to download and install on the host.
If you don't specify the state
parameter directly, you can use additional
parameters that control how the specified key is managed:
architecture
Optional. Name of the system architecture, for example
amd64
ori386
. If the current host has the specified architecture, the key will be installed. Only one architecture can be specified at a time, use thestate
parameter for more complex conditions.distribution
Optional. Name of the OS distribution. If the current host has the specified distribution, the key will be installed. Only one distribution can be specified at a time, use the
state
parameter for more complex conditions.distribution_release
Optional. Name of the OS release. If the current host has the specified distribution, the key will be installed. Only one release can be specified at a time, use the
state
parameter for more complex conditions.
You need to specify either an URL, path to the file or key contents for the role to install a given GPG key.
Examples
Add an APT GPG key on all hosts without any conditions:
apt__keys:
- url: 'http://example.com/apt-key.asc'
Add an APT GPG key only on hosts with Debian OS:
apt__keys:
- url: 'http://example.com/apt-key.asc'
distribution: 'Debian'
Add an APT GPG key only on Ubuntu hosts that have been already configured once (delayed key configuration):
apt__keys:
- url: 'http://example.com/apt-key.asc'
state: '{{ "present"
if (ansible_local|d() and ansible_local.apt|d() and
ansible_local.apt.configured|bool and
ansible_distribution == "Ubuntu")
else "absent" }}'
apt__repositories
This list, along with apt__group_repositories
and
apt__host_repositories
can be used to manage APT repositories through
Ansible inventory. Each entry is a YAML dictionary with parameters that
correspond to the apt_repository
module parameters:
repo
Required. The APT repository to configure, in the sources.list(5) format.
filename
Optional. Name of the source file in
/etc/apt/sources.list.d/
directory. Ansible automatically adds.list
suffix, therefore it's not needed..mode
Optional. The file mode in octal. Needs to be quoted to be interpreted correctly by Ansible.
state
Optional. Either
present
for the repository to be present (default), orabsent
for the repository to be removed. See alsoarchitecture
,distribution
anddistribution_release
parameters.
If you don't specify the state
parameter directly, you can use additional
parameters that control how the specified repository is managed:
architecture
Optional. Name of the system architecture, for example
amd64
ori386
. If the current host has the specified architecture, the repository will be configured. Only one architecture can be specified at a time, use thestate
parameter for more complex conditions.distribution
Optional. Name of the OS distribution. If the current host has the specified distribution, the repository will be configured. Only one distribution can be specified at a time, use the
state
parameter for more complex conditions.distribution_release
Optional. Name of the OS release. If the current host has the specified distribution, the repository will be configured. Only one release can be specified at a time, use the
state
parameter for more complex conditions.
Examples
Add an APT repository on all hosts without any conditions:
apt__repositories:
- repo: 'deb http://example.com/debian jessie main'
Add an APT repository only on hosts with Debian OS:
apt__repositories:
- repo: 'deb http://example.com/debian jessie main'
distribution: 'Debian'
Add an APT repository only on Ubuntu hosts that have been already configured once (delayed repository configuration):
apt__repositories:
- repo: 'deb http://example.com/ubuntu xenial main'
state: '{{ "present"
if (ansible_local|d() and ansible_local.apt|d() and
ansible_local.apt.configured|bool and
ansible_distribution == "Ubuntu")
else "absent" }}'
Configure an Ubuntu PPA on Ubuntu hosts:
apt__repositories:
- repo: 'ppa:nginx/stable'
distribution: 'Ubuntu'
apt__deb822_repositories
This list, along with apt__deb822_group_repositories
and
apt__deb822_host_repositories
can be used to manage APT repositories through
Ansible inventory. Each entry is a YAML dictionary with parameters that
correspond to the Ansible ansible.builtin.deb822_repository module. See its
documentation for parameter advanced usage and syntax.
name
Required. Name of the repo. Specifically used for
X-Repolib-Name
and in naming the repository and signing key files.uris
Required. Must specify the base of the Debian distribution archive, from which APT finds the information it needs. Multiple URIs can be specified in a list.
state
Optional. Either
present
for the repository to be present (default), orabsent
for the repository to be removed.architectures
Optional. Architectures to search within repository, for example
amd64
(default) ori386
.components
Optional. Specify different sections of one distribution version present in Suite, such as
main
(default),contrib
,non-free-firmware
…mode
Optional. The octal mode for newly created files in
/etc/apt/sources.list.d/
directory.suites
Optional. Can take the form of a distribution release name (default).
signed_by
Optional. Either a URL to a GPG key, absolute path to a keyring file, one or more fingerprints of keys. Keys will be store in
/etc/apt/keyrings/
directory (automatically created if absent).types
Optional. Which types of packages to look for from a given source; either binary
deb
(default) or source codedeb-src
.
Examples
Add an APT repository with several components on all hosts without any conditions:
apt__deb822_repositories:
- name: 'debian'
types: 'deb'
uris: 'http://deb.debian.org/debian'
suites: 'bookworm'
components:
- 'main'
- 'non-free-firmware'
- 'contrib'
- 'non-free'
Add third-party APT repository with GPG key URL:
apt__deb822_repositories:
- name: 'my-repo'
uris: 'http://example.com/debian'
signed_by: 'http://example.com/debian/example.com.asc'
apt__auth_files
The apt__*_auth_files
lists can be used to create and manage
/etc/apt/auth.conf.d/
configuration files which caontain authentication
credentials required by specific APT repositories. The format and more details
about these files can be found in apt_auth.conf(5) manual page. The
debops.reprepro role can be used to create APT repositories that require
authentication.
Note
Private APT repositories accessible over HTTPS might result in issues during host bootstrapping due to lack of trusted Root CA certificates on the host. You can avoid that by applying the debops.pki role before the actual bootstrap playbook, for example:
$ debops run service/python_raw service/pki -l <host> -u root
This command will prepare the host for use via Ansible and set up PKI environment, including custom Root CA certificates.
This functionality is also available in the debops.keyring role for use by other Ansible roles via dependent role variables. See keyring__dependent_apt_auth_files for more details.
Examples
Provide credentials for a private APT repository, with password stored in the
secret/
directory managed by the debops.secret role. The APT
repository is managed by the debops.reprepro role which uses the
debops.nginx role to manage the authentication credentials.
apt__auth_files:
- name: 'private_repo'
machine: 'https://repo.example.org/debian'
login: 'username'
password: '{{ lookup("password", secret + "/credentials/repo"
+ "/nginx/htpasswd"
+ "/apt_access/username") }}'
Syntax
The variables are defined as a list of YAML dictionaries .Each configuration
entry defines a separate file in the /etc/apt/auth.conf.d/
directory.
The state and contents of the file are specified using specific parameters:
name
Required. Name of the configuration file with authentication credentials, can contain
.conf
suffix which will be stripped. Entries with the samename
parameter are merged together using Universal Configuration and can affect each other in order of appearance.machine
Required. The URL of the APT repository that requires the following credentials.
login
Required. The username expected by the APT repository during HTTP Basic Authentication.
password
Required. The password expected by the APT repository during HTTP Basic Authentication. It can be stored in the
secret/
directory and retrieved from there if needed.state
Optional. If not defined or
present
, a given configuration file will created on the host. Ifabsent
, a given configuration file will be removed from the host. Ifignore
, a given entry will not be evaluated during role execution.comment
Optional. String or YAML text block with additional comments included in the generated configuration file.
apt__sources
This list as well as other apt__*_sources
lists are used to configure what
APT package sources are configure in the /etc/apt/sources.list
file.
This file defines the primary OS package sources and indirectly defines the OS
release that's present on the host. The configuration template will track what
sources are present and will comment out the duplicates if they show up in more
than one list.
Apart from the usual inventory lists for all hosts, group of hosts and specific hosts, there are additional lists that are included in the finished config file:
apt__original_sources
This list defines the APT sources that are present in the original, diverted
/etc/apt/sources.list
file. The security sources are automatically filtered out based on the contents of theapt__security_sources
list.apt__default_sources
The role provides a set of default package sources for each known OS distribution. These sources are usually URLs to mirror redirectors, which will try to point to the closest available mirror. They are provided as a backup in case the host does not have any recognized package sources available.
apt__security_sources
This is a list of APT sources that provide security updates. This list has a more specific entries than the normal lists since security repositories tend to have different naming scheme than the regular mirrored repositories.
apt__combined_sources
This list combines all of the above list and is used in the configuration template. It defines the order in which the APT sources are specified in the configuration file.
Each list entry that defines an APT source can have different forms.
The simplest entry is a string. It does not have any conditions and it will be
added to the /etc/apt/sources.list
file unless it is a duplicate. The
string should only contain the URL of the APT mirror, the rest will be added
automatically according to detected OS distribution and release. Example:
apt__sources:
- 'http://ftp.debian.org/debian'
A more advanced alternative is a YAML dictionary, which uses OS distribution names as keys and mirror URLs as values. You can specify multiple distributions in one entry, they will be filtered according to the current OS. Example:
apt__sources:
- Debian: 'http://ftp.debian.org/debian'
The third version of an APT sources entry is similar to the Ansible
ansible.builtin.apt_repository module, and should be defined as a YAML
dictionary with repo
as the key and complete APT source specification as the
value. These entries are not filtered by the role, and they are not checked for
duplicates. Example:
apt__sources:
- repo: 'deb http://ftp.debian.org/debian jessie main contrib non-free'
The last version is a YAML dictionary with multiple keys as parameters. These parameters allow for fine control over when a particular APT source is present, what source types are used, which components are enabled, etc. Known parameters:
uri
oruris
Required. The URI or other method known by APT (see sources.list(5)) for a given APT source. It is possible to specify multiple entries as a list, they will be treated as one.
type
ortypes
Optional. What type of the packages are used for this source. It can be either a string of 1 type, or a list of types. Known source types:
deb
,deb-src
. If not set, role will use theapt__source_types
value.option
oroptions
Optional. String or list of strings of APT options. Settings are expected in the form
setting=value
. See sources.list(5) for details.suite
orsuites
Optional. Name of the "suite" to use for this source. The suite is usually a release name like
jessie
,xenal
, or a "release class" likestable
,oldstable
,testing
, or a directory path in case of simple repositories (which needs to end with a slash). It can also be a list of releases. If not specified, role will use theapt__distribution_suffixes
value to generate a list of default suites for a given OS release.component
orcomponents
Optional. Name of a repository component or section to enable, for example
main
,contrib
,non-free
,universe
,restricted
,multiverse
. It can also be a list of components. If not specified, role will use theapt__distribution_components
value.comment
orcomments
Optional. A string or a YAML text block with comments about the given APT source.
state
Optional. Either
present
if a given APT source should be present in the generated config file, orabsent
if not.architecture
Optional. If
state
is not specified, you can specify a system architecture name on which a given APT source is active. Only one architecture can be specified, use thestate
parameter for more complex conditions.distribution
Optional. If
state
is not specified, you can specify an OS distribution name on which a given APT source is active. Only one distribution can be specified, use thestate
parameter for more complex conditions.distribution_release
Optional. If
state
is not specified, you can specify an OS release on which a given APT source is active. Only one release can be specified, use thestate
parameter for more complex conditions.
Examples
Add an archive repository in /etc/apt/sources.list
configuration file:
apt__sources:
- uri: 'http://archive.debian.org/debian'
suite: 'sarge'
components: [ 'main', 'contrib' ]
Enable repository with source packages:
apt__sources:
- uri: 'http://ftp.debian.org/debian'
types: [ 'deb', 'deb-src' ]
Enable Canonical Partner repositories, only on Ubuntu hosts:
apt__sources:
- uri: 'http://archive.canonical.com/ubuntu'
component: 'partner'
distribution: 'Ubuntu'