Manages the configuration of Apt in addition to the various available apt-transports.
- Requirements
- Dependencies
- Usage
- Role Variables
- Example Playbook
- Testing and Contributing
- License
- Author Information
None
None
The apt role has several components, and execution order can matter e.g. don't want to restrict sources to a transport that has not yet been installed.
Configuration Order:
- Apt-Keys
- Main sources.list (
/etc/apt/sources.list) - Additional sources (
/etc/apt/sources.list.d/*) - Install additional apt transports
- Configure apt itself
To enable apt-key management, apt_manage_keys should be set to true (default). The array apt_keys acts as a list of hashes with keys matching the available options in the Ansible apt_key module.
apt_manage_keys: true
apt_keys:
- id: '0x8D81803C0EBFCD88'
keyserver: 'sks-keyservers.net'
- url: 'https://ftp-master.debian.org/keys/archive-key-6.0.as'
validate_certs: true
Apt sources list management is enabled by setting apt_manage_sources_list to true (default). It will then Overwrite the original source file (/etc/apt/sources.list) with the array of entries in the apt_sources_list variable.
apt_manage_sources_list: true
apt_sources_list:
- 'deb http://httpredir.debian.org/debian jessie main'
- 'deb-src http://httpredir.debian.org/debian jessie main'
- 'deb http://security.debian.org/ jessie/updates main'
- 'deb-src http://security.debian.org/ jessie/updates main'
- 'deb http://httpredir.debian.org/debian jessie-updates main'
- 'deb-src http://httpredir.debian.org/debian jessie-updates main'
Additional sources can be controlled by via apt_manage_additional_sources and setting it to true (default). The apt_additional_sources variable can then be populated with an array of hashes consisting of { "name": <name>, "entries": [<array of entries>] } where name will become the name of the list file in /etc/apt/sources.list.d/<name>.list and the entries will be added to the file.
apt_manage_additional_sources: true
apt_additional_sources:
- name: docker-ce
entries:
- 'deb [arch=amd64] https://download.docker.com/linux/ubuntu xenial stable'
- name: oracle-ppa
entries:
- 'deb http://ppa.launchpad.net/webupd8team/java/ubuntu xenial main'
- 'deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu xenial main'
To enable apt transport management, the variable apt_manage_transports should be set to true (default), and the array apt_transports appended with the name of the transport(s) you wish to have installed.
apt_transports:
- https
- s3
Transport Availability
| Debian 8 | Ubuntu 14.04 | Ubuntu 16.04 | |
|---|---|---|---|
| https | x | x | x |
| s3 | x | ||
| spacewalk | x | x | x |
| tor | x |
Specific package versions may be installed by specifying the version via variables that adhere to the following schema: apt_transport_<transport name>_version.
See the Example Playbook for an example.
The apt configuration can be enabled by setting the variable apt_manage_config to true (default), and populating the hash apt_config with the appropriate configuration information. Please note that supplying the config information via apt_config will OVERWRITE the original config file, it will not append.
The apt_config hash uses the below schema:
apt_config:
<config filename>:
"<quoted string of apt variable name>":
- <value>
- <value>
apt_config:
50unattended-upgrades:
"Unattended-Upgrade::Allowed-Origins":
- "${distro_id}:${distro_codename}-security"
"Unattended-Upgrade::Remove-Unused-Dependencies":
- true
99timeout:
"Acquire::ftp::Timeout":
- 10
"Acquire::http::Timeout":
- 10
"Acquire::https::Timeout":
- 10
/etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Remove-Unused-Dependencies {
"True";
};
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}-security";
};
/etc/apt/apt.conf.d/99timeout
Acquire::ftp::Timeout {
"10";
};
Acquire::http::Timeout {
"10";
};
Acquire::https::Timeout {
"10";
};
| Variable Name | Default | Description |
|---|---|---|
external_dependency_delay |
20 |
The time in seconds between external dependency retries. (repos, keyservers, etc) |
external_dependnecy_retries |
6 |
The number of retries to attempt accessing an external dependency. |
apt_manage_keys |
true |
|
apt_manage_sources_list |
true |
|
apt_manage_additional_sources |
true |
|
apt_manage_transports |
true |
Enables or Disables the management of apt transports. |
apt_manage_config |
true |
Enables or Disables the management of the apt config. |
apt_keys |
Array of hashes containing key information to be added to apt. See apt-key management | |
apt_sources_list |
Array of entries to be added to the main sources.list file (/etc/apt/sources.list) |
|
apt_additional_sources |
Array of hashes containing additional sources to be added to the sources list directory (/etc/apt/sources.list.d) |
|
apt_config |
A hash containing the apt config. See the apt-configuration section for more information. | |
apt_transports |
[ https ] |
An array of names of apt transports to install. Options include: https, s3, spacewalk, and tor. |
apt_transport_https_version |
The version of the apt-transport-https package to install. |
|
apt_transport_s3_version |
The version of the apt-transport-s3 package to install. |
|
apt_transport_spacewalk_version |
The version of the apt-transport-spacewalk package to install. |
|
apt_transport_tor_version |
The version of the apt-transport-tor package to install. |
---
- name: apt
hosts: all
connection: local
gather_facts: true
roles:
- apt
vars:
apt_manage_transports: true
apt_manage_config: true
apt_transports:
- https
- spacewalk
apt_transport_spacewalk_version: '1.0.6'
apt_config:
50unattended-upgrades:
"Unattended-Upgrade::Allowed-Origins":
- "${distro_id}:${distro_codename}-security"
"Unattended-Upgrade::Remove-Unused-Dependencies":
- true
99timeout:
"Acquire::ftp::Timeout":
- 10
"Acquire::http::Timeout":
- 10
"Acquire::https::Timeout":
- 10
Please see the CONTRIBUTING.md document in the repo for information regarding testing and contributing.
NOTE Testing for apt-key management is ONLY done on the keyserver/ID scenario.
MIT
Created by Bob Killen, maintained by the Department of Advanced Research Computing and Technical Services of the University of Michigan.