Getting started

Default configuration

Role tries to detect the original APT repositories configured on the system and use them in the generated /etc/apt/sources.list configuration file. They will be placed before the default repositories, with assumption that the original repositories pointed to the closest mirror. The original APT repositories can be completely disabled by setting apt__original_sources: [] in your inventory.

The non-free repositories will be enabled automatically on hardware-based hosts in case any non-free firmware is required. Otherwise, only the main and universe (on Ubuntu) repositories are enabled; you can control this using the apt__nonfree variable.

Example inventory

debops.apt is included by default in the common.yml DebOps playbook; you don't need to do anything to have it executed.

If you don’t want to let debops.apt manage APT, you can do this with the following setting in your inventory:

apt__enabled: False

If you have a local APT mirror that you want a group of hosts to use exclusively, you could compose your inventory like this:

# Don't use the default mirrors
apt__default_sources_state: 'absent'

# Don't use the default security mirrors
apt__security_sources_state: 'absent'

# Replace the original APT mirror
apt__original_sources: []

# Define local APT mirror
  - uri:          'http://mirrors.domain.fqdn/debian'
    comment:      '{{ "Local " + apt__distribution + " repositories" }}'
    distribution: 'Debian'

# Define local APT security mirrors
  - uri:          'http://mirrors.domain.fqdn/debian-security'
    comment:      '{{ "Local " + apt__distribution + " Security repository" }}'
    suite:        '{{ apt__distribution_release + "-security" }}'
    distribution: 'Debian'

Example playbook

If you are using this role without DebOps, here's an example Ansible playbook that uses the debops.apt role:


- name: Manage Advanced Package Manager
  collections: [ 'debops.debops', 'debops.roles01',
                 'debops.roles02', 'debops.roles03' ]
  hosts: [ 'debops_all_hosts', 'debops_service_apt' ]
  become: True

  environment: '{{ inventory__environment | d({})
                   | combine(inventory__group_environment | d({}))
                   | combine(inventory__host_environment  | d({})) }}'


    - role: apt
      tags: [ 'role::apt', 'skip::apt' ]

Ansible tags

You can use Ansible --tags or --skip-tags parameters to limit what tasks are performed during Ansible run. This can be used after a host was first configured to speed up playbook execution, when you are sure that most of the configuration is already in the desired state.

Available role tags:


Main role tag, should be used in the playbook to execute all of the role tasks as well as role dependencies.


Deploy only keys defined in inventory. Useful, if some keys are expired and the apt role refuses to work. Or start using debops on existing hosts with expired keys.