Skip to content

Ansible role that manages and configuration of apt and its various transports.

License

Notifications You must be signed in to change notification settings

umich-arc/ansible-role-apt

Repository files navigation

Ansible Role: Apt

Manages the configuration of Apt in addition to the various available apt-transports.

Build Status

Index


Requirements

None

Dependencies

None

Usage

The apt role has several components, and execution order can matter e.g. don't want to restrict sources to a transport that has not yet been installed.

Configuration Order:

  • Apt-Keys
  • Main sources.list (/etc/apt/sources.list)
  • Additional sources (/etc/apt/sources.list.d/*)
  • Install additional apt transports
  • Configure apt itself

Apt-Key Management

To enable apt-key management, apt_manage_keys should be set to true (default). The array apt_keys acts as a list of hashes with keys matching the available options in the Ansible apt_key module.

apt_manage_keys: true
apt_keys:
  - id: '0x8D81803C0EBFCD88'
    keyserver: 'sks-keyservers.net'
  - url: 'https://ftp-master.debian.org/keys/archive-key-6.0.as'
    validate_certs: true

Apt Sources List

Apt sources list management is enabled by setting apt_manage_sources_list to true (default). It will then Overwrite the original source file (/etc/apt/sources.list) with the array of entries in the apt_sources_list variable.

apt_manage_sources_list: true
apt_sources_list:
  - 'deb http://httpredir.debian.org/debian jessie main'
  - 'deb-src http://httpredir.debian.org/debian jessie main'
  - 'deb http://security.debian.org/ jessie/updates main'
  - 'deb-src http://security.debian.org/ jessie/updates main'
  - 'deb http://httpredir.debian.org/debian jessie-updates main'
  - 'deb-src http://httpredir.debian.org/debian jessie-updates main'

Apt Additional Sources

Additional sources can be controlled by via apt_manage_additional_sources and setting it to true (default). The apt_additional_sources variable can then be populated with an array of hashes consisting of { "name": <name>, "entries": [<array of entries>] } where name will become the name of the list file in /etc/apt/sources.list.d/<name>.list and the entries will be added to the file.

apt_manage_additional_sources: true
apt_additional_sources:
  - name: docker-ce
    entries:
      - 'deb [arch=amd64] https://download.docker.com/linux/ubuntu xenial stable'
  - name: oracle-ppa
    entries:
      - 'deb http://ppa.launchpad.net/webupd8team/java/ubuntu xenial main'
      - 'deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu xenial main'

Apt Transports

To enable apt transport management, the variable apt_manage_transports should be set to true (default), and the array apt_transports appended with the name of the transport(s) you wish to have installed.

apt_transports:
  - https
  - s3

Transport Availability

Debian 8 Ubuntu 14.04 Ubuntu 16.04
https x x x
s3 x
spacewalk x x x
tor x

Specific package versions may be installed by specifying the version via variables that adhere to the following schema: apt_transport_<transport name>_version. See the Example Playbook for an example.

Apt Configuration

The apt configuration can be enabled by setting the variable apt_manage_config to true (default), and populating the hash apt_config with the appropriate configuration information. Please note that supplying the config information via apt_config will OVERWRITE the original config file, it will not append.

The apt_config hash uses the below schema:

apt_config:
  <config filename>:
    "<quoted string of apt variable name>":
      - <value>
      - <value>

Example

apt_config:
  50unattended-upgrades:
    "Unattended-Upgrade::Allowed-Origins":
      - "${distro_id}:${distro_codename}-security"
    "Unattended-Upgrade::Remove-Unused-Dependencies":
      - true
  99timeout:
    "Acquire::ftp::Timeout":
      - 10
    "Acquire::http::Timeout":
      - 10
    "Acquire::https::Timeout":
      - 10

Generated Configs:

/etc/apt/apt.conf.d/50unattended-upgrades

Unattended-Upgrade::Remove-Unused-Dependencies {
"True";
};
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}-security";
};

/etc/apt/apt.conf.d/99timeout

Acquire::ftp::Timeout {
"10";
};
Acquire::http::Timeout {
"10";
};
Acquire::https::Timeout {
"10";
};

Role Variables

Variable Name Default Description
external_dependency_delay 20 The time in seconds between external dependency retries. (repos, keyservers, etc)
external_dependnecy_retries 6 The number of retries to attempt accessing an external dependency.
apt_manage_keys true
apt_manage_sources_list true
apt_manage_additional_sources true
apt_manage_transports true Enables or Disables the management of apt transports.
apt_manage_config true Enables or Disables the management of the apt config.
apt_keys Array of hashes containing key information to be added to apt. See apt-key management
apt_sources_list Array of entries to be added to the main sources.list file (/etc/apt/sources.list)
apt_additional_sources Array of hashes containing additional sources to be added to the sources list directory (/etc/apt/sources.list.d)
apt_config A hash containing the apt config. See the apt-configuration section for more information.
apt_transports [ https ] An array of names of apt transports to install. Options include: https, s3, spacewalk, and tor.
apt_transport_https_version The version of the apt-transport-https package to install.
apt_transport_s3_version The version of the apt-transport-s3 package to install.
apt_transport_spacewalk_version The version of the apt-transport-spacewalk package to install.
apt_transport_tor_version The version of the apt-transport-tor package to install.

Example Playbook

---
- name: apt
  hosts: all
  connection: local
  gather_facts: true
  roles:
    - apt
  vars:
    apt_manage_transports: true
    apt_manage_config: true
    apt_transports:
      - https
      - spacewalk
    apt_transport_spacewalk_version: '1.0.6'
    apt_config:
      50unattended-upgrades:
        "Unattended-Upgrade::Allowed-Origins":
          - "${distro_id}:${distro_codename}-security"
        "Unattended-Upgrade::Remove-Unused-Dependencies":
          - true
      99timeout:
        "Acquire::ftp::Timeout":
          - 10
        "Acquire::http::Timeout":
          - 10
        "Acquire::https::Timeout":
          - 10

Testing and Contributing

Please see the CONTRIBUTING.md document in the repo for information regarding testing and contributing.

NOTE Testing for apt-key management is ONLY done on the keyserver/ID scenario.

License

MIT

Author Information

Created by Bob Killen, maintained by the Department of Advanced Research Computing and Technical Services of the University of Michigan.

About

Ansible role that manages and configuration of apt and its various transports.

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published