debops.apt default variables
Sections
General configuration
- apt__enabled
Enable or disable management of the APT configuration and sources using this role.
apt__enabled: '{{ True if (ansible_pkg_mgr == "apt") else False }}'
- apt__deploy_state
Enable (if present
) or disable (if absent
) management of the
/etc/apt/sources.list
configuration file by the role.
apt__deploy_state: '{{ "present"
if (ansible_facts.distribution in ["Debian", "Raspbian", "Ubuntu", "Devuan"])
else "absent" }}'
- apt__cache_valid_time
Update APT cache early in the playbook if it's older than 24h Set to False to disable update (useful when changing APT mirrors)
apt__cache_valid_time: '{{ ansible_local.core.cache_valid_time | d(60 * 60 * 24) }}'
Packages to install
- apt__base_packages
Default base packages to install for APT support. You can use the debops.apt_install role to install other packages not related to the package manager.
apt__base_packages:
- 'lsb-release'
- 'ca-certificates'
- '{{ "apt-transport-https"
if (ansible_distribution_release in
["stretch", "trusty", "xenial"])
else [] }}'
- 'gnupg'
- apt__packages
List of additional APT packages to install for APT support. You can use the debops.apt_install role to install other packages not related to the package manager.
apt__packages: []
The /etc/apt/sources.list
defaults
These variables are used in configuration options of the
/etc/apt/sources.list
configuration file. They are exposed here for
convenience.
- apt__archive_types
List of source types to configure for the default package sources. Supported
choices: deb
, deb-src
.
apt__archive_types: [ 'deb', 'deb-src' ]
- apt__archive_sources_disabled
If enabled, the 'deb-src' APT archive sources will be commented out by default to make APT updates faster.
apt__archive_sources_disabled: True
- apt__architecture
The default system architecture present on the host.
apt__architecture: '{{ apt__architecture_map[ansible_facts.architecture]
| d(ansible_facts.architecture) }}'
- apt__architecture_map
A YAML dictionary which defines a mapping between Ansible architectures and
Debian/Ubuntu ports. Only definitions that are different from the detected
ones are listed here, otherwise the value of ansible_architecture
is
used.
apt__architecture_map:
'x86_64': 'amd64'
'armv7l': 'armhf'
'aarch64': 'arm64'
- apt__distribution
The Linux distribution present on the host. Note: this deliberately does not default to ansible_local.core.distribution because this local fact is set by the 'core' role, which runs later in the common playbook. Ref: https://github.com/debops/debops/issues/2046#issuecomment-1086702657
apt__distribution: '{{ ansible_facts.lsb.id | d(ansible_facts.distribution) }}'
- apt__distribution_release
The Linux distribution release present on the host. Note: this deliberately does not default to ansible_local.core.distribution_release because this local fact is set by the 'core' role, which runs later in the common playbook. Ref: https://github.com/debops/debops/issues/2046#issuecomment-1086702657
apt__distribution_release: '{{ ansible_facts.lsb.codename
| d(ansible_facts.distribution_release) }}'
- apt__distribution_version
The OS distribution version, used for specific APT repositories.
apt__distribution_version: '{{ ansible_facts.distribution_version }}'
- apt__nonfree
Boolean. If enabled, non-free sections of a given distribution repository will be enabled, otherwise they won't be present.
By default non-free sections are enabled on hardware-based hosts due to
a possible requirement for non-free firmware packages. The fact script will
also check if non-free section was enabled in the original
sources.list
file and enable it accordingly.
apt__nonfree: '{{ ansible_facts.ansible_local.apt.nonfree
| d(True
if (ansible_facts.virtualization_role is undefined or
ansible_facts.virtualization_role != "guest")
else False) }}'
- apt__nonfree_firmware
Boolean. If enabled, sections of a given distribution repository which contain non-free firmware packages will be enabled, otherwise they won't be present.
By default non-free firmware sections are enabled on hardware-based hosts due to a possible requirement for non-free firmware packages.
apt__nonfree_firmware: '{{ True
if (ansible_facts.virtualization_role is undefined or
ansible_facts.virtualization_role != "guest")
else False }}'
- apt__distribution_repository_map
YAML dictionary which maps the distribution OS to its default APT repository.
Values from here are used in multiple entries in the
/etc/apt/sources.list
configuration and are exposed here for
convenience.
apt__distribution_repository_map:
'Debian': 'http://deb.debian.org/debian'
'Devuan': 'http://deb.devuan.org/merged'
'Ubuntu': '{{ "http://archive.ubuntu.com/ubuntu"
if (apt__architecture in ["amd64", "i386"])
else "http://ports.ubuntu.com/ubuntu-ports" }}'
- apt__debian_archived_releases
List of Debian releases which have been archived and are not available in the default APT repositories. This variable is used conditionally to detect if a given OS release is archived.
apt__debian_archived_releases: [ 'wheezy', 'jessie', 'stretch' ]
The /etc/apt/sources.list
configuration entries
These variables define the contents of the /etc/apt/sources.list
configuration file. See apt__sources for more details.
- apt__debian_sources
APT source entries for the Debian distribution.
apt__debian_sources:
- name: 'debian-release'
types: '{{ apt__archive_types }}'
uri: '{{ apt__distribution_repository_map.Debian | d() }}'
suites:
- '{{ apt__distribution_release }}'
components: [ 'main' ]
state: '{{ "present"
if (apt__distribution == "Debian")
else "ignore" }}'
- name: 'debian-release'
uri: 'http://archive.debian.org/debian'
state: '{{ "present"
if (apt__distribution == "Debian" and
apt__distribution_release in apt__debian_archived_releases)
else "ignore" }}'
- name: 'debian-release'
suites:
- '{{ apt__distribution_release + "-updates" }}'
state: '{{ "present"
if (apt__distribution == "Debian" and
apt__distribution_release not in apt__debian_archived_releases and
apt__distribution_version != "n/a")
else "ignore" }}'
- name: 'debian-release'
suites:
- '{{ apt__distribution_release + "-backports" }}'
state: '{{ "present"
if (apt__distribution == "Debian" and
apt__distribution_version != "n/a")
else "ignore" }}'
- name: 'debian-release'
components: [ 'non-free-firmware' ]
state: '{{ "ignore"
if (apt__distribution == "Debian" and
apt__distribution_release in ["wheezy", "jessie", "stretch",
"buster", "bullseye"])
else ("present"
if (apt__distribution == "Debian" and
apt__nonfree_firmware | bool)
else "ignore") }}'
- name: 'debian-release'
components: [ 'contrib', 'non-free' ]
state: '{{ "present"
if (apt__distribution == "Debian" and
apt__nonfree | bool)
else "ignore" }}'
- name: 'debian-release-security'
types: '{{ apt__archive_types }}'
uri: 'http://deb.debian.org/debian-security/'
suites:
- '{{ apt__distribution_release + "-security" }}'
components: [ 'main' ]
state: '{{ "present"
if (apt__distribution == "Debian" and
apt__distribution_release not in apt__debian_archived_releases and
apt__distribution_version != "n/a")
else "ignore" }}'
- name: 'debian-release-security'
uri: 'http://security.debian.org/'
suites:
# For some reason, filter doesn't accept '' string to reset the list of
# suites, so let's reset it "manually" for now.
- name: '{{ apt__distribution_release + "-security" }}'
state: 'absent'
- '{{ apt__distribution_release + "/updates" }}'
state: '{{ "present"
if (apt__distribution == "Debian" and
apt__distribution_release not in apt__debian_archived_releases and
apt__distribution_release in ["buster"] and
apt__distribution_version != "n/a")
else "ignore" }}'
- name: 'debian-release-security'
components: [ 'non-free-firmware' ]
state: '{{ "present"
if (apt__distribution == "Debian" and
apt__distribution_release not in apt__debian_archived_releases and
apt__distribution_release not in ["buster", "bullseye"] and
apt__distribution_version != "n/a" and
apt__nonfree_firmware | bool)
else "ignore" }}'
- name: 'debian-release-security'
components: [ 'contrib', 'non-free' ]
state: '{{ "present"
if (apt__distribution == "Debian" and
apt__distribution_release not in apt__debian_archived_releases and
apt__distribution_version != "n/a" and
apt__nonfree | bool)
else "ignore" }}'
- apt__devuan_sources
APT source entries for the Devuan distribution.
apt__devuan_sources:
- name: 'devuan-release'
types: '{{ apt__archive_types }}'
uri: '{{ apt__distribution_repository_map.Devuan | d() }}'
suites:
- '{{ apt__distribution_release }}'
components: [ 'main' ]
state: '{{ "present"
if (apt__distribution == "Devuan")
else "ignore" }}'
- name: 'devuan-release'
uri: 'http://archive.devuan.org/merged'
state: '{{ "present"
if (apt__distribution == "Devuan" and
apt__distribution_release in ["jessie", "ascii"])
else "ignore" }}'
- name: 'devuan-release'
suites:
- '{{ apt__distribution_release + "-updates" }}'
state: '{{ "present"
if (apt__distribution == "Devuan" and
apt__distribution_release not in ["jessie", "ascii"] and
apt__distribution_version != "n/a")
else "ignore" }}'
- name: 'devuan-release'
suites:
- '{{ apt__distribution_release + "-backports" }}'
state: '{{ "present"
if (apt__distribution == "Devuan" and
apt__distribution_release not in ["jessie"] and
apt__distribution_version != "n/a")
else "ignore" }}'
- name: 'devuan-release'
components: [ 'contrib', 'non-free' ]
state: '{{ "present"
if (apt__distribution == "Devuan" and
apt__nonfree | bool)
else "ignore" }}'
- name: 'devuan-release-security'
types: '{{ apt__archive_types }}'
uri: 'http://pkgmaster.devuan.org/merged'
suites:
- '{{ apt__distribution_release + "-security" }}'
components: [ 'main' ]
state: '{{ "present"
if (apt__distribution == "Devuan" and
apt__distribution_release not in ["jessie", "ascii"] and
apt__distribution_version != "n/a")
else "ignore" }}'
- name: 'devuan-release-security'
components: [ 'contrib', 'non-free' ]
state: '{{ "present"
if (apt__distribution == "Devuan" and
apt__distribution_release not in ["jessie", "ascii"] and
apt__distribution_version != "n/a" and
apt__nonfree | bool)
else "ignore" }}'
- apt__ubuntu_sources
APT source entries for the Ubuntu distribution.
apt__ubuntu_sources:
- name: 'ubuntu-release'
comment: |
See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
newer versions of the distribution.
types: '{{ apt__archive_types }}'
uri: '{{ apt__distribution_repository_map.Ubuntu | d() }}'
suites:
- '{{ apt__distribution_release }}'
components: [ 'main' ]
state: '{{ "present"
if (apt__distribution == "Ubuntu")
else "ignore" }}'
- name: 'ubuntu-release'
components: [ 'restricted' ]
state: '{{ "present"
if (apt__distribution == "Ubuntu" and
apt__nonfree | bool)
else "ignore" }}'
- name: 'ubuntu-release-updates'
comment: |
Major bug fix updates produced after the final release of the
distribution.
types: '{{ apt__archive_types }}'
uri: '{{ apt__distribution_repository_map.Ubuntu | d() }}'
suites:
- '{{ apt__distribution_release + "-updates" }}'
components: [ 'main' ]
state: '{{ "present"
if (apt__distribution == "Ubuntu" and
apt__distribution_version != "n/a")
else "ignore" }}'
- name: 'ubuntu-release-updates'
components: [ 'restricted' ]
state: '{{ "present"
if (apt__distribution == "Ubuntu" and
apt__distribution_version != "n/a" and
apt__nonfree | bool)
else "ignore" }}'
- name: 'ubuntu-release-universe'
comment: |
N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
team. Also, please note that software in universe WILL NOT receive any
review or updates from the Ubuntu security team.
types: '{{ apt__archive_types }}'
uri: '{{ apt__distribution_repository_map.Ubuntu | d() }}'
suites:
- '{{ apt__distribution_release }}'
- '{{ apt__distribution_release + "-updates" }}'
components: [ 'universe' ]
state: '{{ "present"
if (apt__distribution == "Ubuntu")
else "ignore" }}'
- name: 'ubuntu-release-multiverse'
comment: |
N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
team, and may not be under a free licence. Please satisfy yourself as to
your rights to use the software. Also, please note that software in
multiverse WILL NOT receive any review or updates from the Ubuntu
security team.
types: '{{ apt__archive_types }}'
uri: '{{ apt__distribution_repository_map.Ubuntu | d() }}'
suites:
- '{{ apt__distribution_release }}'
- '{{ apt__distribution_release + "-updates" }}'
components: [ 'multiverse' ]
state: '{{ "present"
if (apt__distribution == "Ubuntu" and
apt__nonfree | bool)
else "ignore" }}'
- name: 'ubuntu-release-backports'
comment: |
N.B. software from this repository may not have been tested as
extensively as that contained in the main release, although it includes
newer versions of some applications which may provide useful features.
Also, please note that software in backports WILL NOT receive any review
or updates from the Ubuntu security team.
types: '{{ apt__archive_types }}'
uri: '{{ apt__distribution_repository_map.Ubuntu | d() }}'
suites:
- '{{ apt__distribution_release + "-backports" }}'
components: [ 'main' ]
state: '{{ "present"
if (apt__distribution == "Ubuntu" and
apt__distribution_version != "n/a")
else "ignore" }}'
- name: 'ubuntu-release-backports'
components: [ 'restricted' ]
state: '{{ "present"
if (apt__distribution == "Ubuntu" and
apt__distribution_version != "n/a" and
apt__nonfree | bool)
else "ignore" }}'
- name: 'ubuntu-release-backports'
components: [ 'universe' ]
state: '{{ "present"
if (apt__distribution == "Ubuntu" and
apt__distribution_version != "n/a")
else "ignore" }}'
- name: 'ubuntu-release-backports'
components: [ 'multiverse' ]
state: '{{ "present"
if (apt__distribution == "Ubuntu" and
apt__distribution_version != "n/a" and
apt__nonfree | bool)
else "ignore" }}'
- name: 'ubuntu-release-partner'
comment: |
Uncomment the following two lines to add software from Canonical's
'partner' repository.
This software is not part of Ubuntu, but is offered by Canonical and the
respective vendors as a service to Ubuntu users.
types: '{{ apt__archive_types }}'
uri: 'http://archive.canonical.com/ubuntu'
suites:
- '{{ apt__distribution_release }}'
components: [ 'partner' ]
state: '{{ "present"
if (apt__distribution == "Ubuntu" and
apt__distribution_version != "n/a" and
apt__nonfree | bool)
else "ignore" }}'
- name: 'ubuntu-release-security'
types: '{{ apt__archive_types }}'
uri: '{{ apt__distribution_repository_map.Ubuntu | d() }}'
suites:
- '{{ apt__distribution_release + "-security" }}'
components: [ 'main' ]
separate: False
state: '{{ "present"
if (apt__distribution == "Ubuntu" and
apt__distribution_version != "n/a")
else "ignore" }}'
- name: 'ubuntu-release-security'
components: [ 'restricted' ]
separate: False
state: '{{ "present"
if (apt__distribution == "Ubuntu" and
apt__distribution_version != "n/a" and
apt__nonfree | bool)
else "ignore" }}'
- name: 'ubuntu-release-universe-security'
types: '{{ apt__archive_types }}'
uri: '{{ apt__distribution_repository_map.Ubuntu | d() }}'
suites:
- '{{ apt__distribution_release + "-security" }}'
components: [ 'universe' ]
separate: False
state: '{{ "present"
if (apt__distribution == "Ubuntu" and
apt__distribution_version != "n/a")
else "ignore" }}'
- name: 'ubuntu-release-multiverse-security'
types: '{{ apt__archive_types }}'
uri: '{{ apt__distribution_repository_map.Ubuntu | d() }}'
suites:
- '{{ apt__distribution_release + "-security" }}'
components: [ 'multiverse' ]
state: '{{ "present"
if (apt__distribution == "Ubuntu" and
apt__distribution_version != "n/a" and
apt__nonfree | bool)
else "ignore" }}'
- apt__sources
List of APT sources defined on all hosts in the Ansible inventory.
apt__sources: []
- apt__group_sources
List of APT sources defined on hosts in a specific Ansible inventory group.
apt__group_sources: []
- apt__host_sources
List of APT sources defined on specific hosts in the Ansible inventory.
apt__host_sources: []
- apt__combined_sources
This variable combines all of the /etc/apt/sources.list
configuration
lists and is used in role tasks and templates.
apt__combined_sources: '{{ apt__debian_sources
+ apt__devuan_sources
+ apt__ubuntu_sources
+ apt__sources
+ apt__group_sources
+ apt__host_sources }}'
Extra architectures
These lists define extra architectures to be enabled on the host. The main architecture does not need to be defined that way.
- apt__extra_architectures
List of extra architectures to configure on all hosts in Ansible inventory.
apt__extra_architectures: []
- apt__group_extra_architectures
List of extra architectures to configure on hosts in specific Ansible inventory group.
apt__group_extra_architectures: []
- apt__host_extra_architectures
List of extra architectures to configure on specific hosts in Ansible inventory.
apt__host_extra_architectures: []
APT packages to purge
These lists define what APT packages should be purged (removed along with their configuration, data files and unused dependencies) from the hosts after APT repositories have been configured. Since this role is applied in the bootstrap playbooks, the packages will be purged early on; this might be useful in certain provisioning setups.
Use only simple APT package names here. For conditional removal, refer to the debops.apt_install role.
- apt__purge_packages
List of APT packages to purge on all hosts in the Ansible inventory.
apt__purge_packages: []
- apt__purge_group_packages
List of APT packages to purge on hosts in a specific Ansible inventory group.
apt__purge_group_packages: []
- apt__purge_host_packages
List of APT packages to purge on specific hosts in the Ansible inventory.
apt__purge_host_packages: []
APT repository keys
These lists define APT GPG keys to configure on hosts to enable authenticated access to additional APT repositories. See apt__keys for more details.
- apt__keys
List of APT GPG keys to configure on all hosts in Ansible inventory.
apt__keys: []
- apt__group_keys
List of APT GPG keys to configure on hosts in specific Ansible inventory group.
apt__group_keys: []
- apt__host_keys
List of APT GPG keys to configure on specific hosts in Ansible inventory.
apt__host_keys: []
APT repositories
These lists define additional APT repositories in the
/etc/apt/sources.list.d/
directory. See apt__repositories for
more details.
- apt__repositories
List of additional APT repositories for all hosts in Ansible inventory.
apt__repositories: []
- apt__group_repositories
List of additional APT repositories for hosts in specific Ansible inventory group.
apt__group_repositories: []
- apt__host_repositories
List of additional APT repositories for specific hosts in Ansible inventory.
apt__host_repositories: []
- apt__combined_repositories
Variable which combines all of the repository lists and is used in role tasks and templates.
apt__combined_repositories: '{{ apt__repositories
+ apt__group_repositories
+ apt__host_repositories }}'
APT authentication files
These lists define APT authentication information for repositories which require HTTP Basic Authentication to access. See apt__auth_files for more details.
- apt__auth_files
Authentication configuration files which should be present on all hosts in the Ansible inventory.
apt__auth_files: []
- apt__group_auth_files
Authentication configuration files which should be present on hosts in a specific Ansible inventory group.
apt__group_auth_files: []
- apt__host_auth_files
Authentication configuration files which should be present on specific hosts in the Ansible inventory.
apt__host_auth_files: []
APT configuration files
These lists define additional APT configuration files in
/etc/apt/apt.conf.d/
directory.
See apt__configuration for more details.
- apt__default_configuration
List of default APT configuration entries defined by the role.
apt__default_configuration:
- name: 'non-free-firmware-note'
filename: 'non-free-firmware-note.conf'
comment: 'Disable note about Debian Bookworm moving firmware to a separate section'
raw: |
APT::Get::Update::SourceListWarnings::NonFreeFirmware "false";
state: '{{ "ignore"
if (apt__distribution == "Debian" and
apt__distribution_release in ["wheezy", "jessie", "stretch",
"buster", "bullseye"])
else "present" }}'
- name: 'no-recommends'
filename: '25no-recommends.conf'
comment: 'Should APT install recommended or suggested packages?'
raw: |
APT::Install-Recommends "false";
APT::Install-Suggests "false";
state: 'present'
- apt__configuration
List of additional APT configuration to add on all hosts in Ansible inventory.
apt__configuration: []
- apt__group_configuration
List of additional APT configuration to add on hosts in specific Ansible inventory group.
apt__group_configuration: []
- apt__host_configuration
List of additional APT configuration to add on specific hosts in Ansible inventory.
apt__host_configuration: []
- apt__combined_configuration
Variable which combines all of the APT configuration lists and is used in role tasks and templates.
apt__combined_configuration: '{{ apt__default_configuration
+ apt__configuration
+ apt__group_configuration
+ apt__host_configuration }}'