weareinteractive.apt
is an Ansible role which:
- updates apt
- cleans up apt
- configures apt
- ensures packages
- add repositories
- add keys
- apt pinning
- manages unattended upgrades
- optionally alters solution cost
- optionally allows filesystems to be remounted
Note:
Since Ansible Galaxy supports organization now, this role has moved from
franklinkim.apt
toweareinteractive.apt
!
Using ansible-galaxy
:
$ ansible-galaxy install weareinteractive.apt
Using requirements.yml
:
- src: weareinteractive.apt
Using git
:
$ git clone https://github.com/weareinteractive/ansible-apt.git weareinteractive.apt
- Ansible >= 2.4
Here is a list of all the default variables for this role, which are also available in defaults/main.yml
.
---
# apt_unattended_upgrades_blacklist:
# - vim
# - libc6
# apt_mails:
# - root
# - foo@dev.null
# apt_keys:
# - id: 473041FA
# file: /tmp/apt.gpg
# data: "{{ lookup('file', 'apt.asc') }}"
# keyring: /etc/apt/trusted.gpg.d/debian.gpg
# keyserver: keyserver.ubuntu.com
# url: https://ftp-master.debian.org/keys/archive-key-6.0.asc
# validate_certs: yes
# state: present
# apt_repositories:
# - codename: trusty
# filename: google-chrome
# mode: 0644
# repo: 'ppa:nginx/stable'
# state: present
# update_cache: yes
# depenencies packages
apt_dependencies:
- aptitude
- python3-apt
- python3-pycurl
# sets the amount of time the cache is valid
apt_cache_valid_time: 3600
# upgrade system: safe | full | dist
apt_upgrade: no
# packages to ensure
apt_packages: []
# purge configuration when removing packages
apt_remove_purge: no
# default package state
apt_package_state: 'present'
# remove packages that are no longer needed for dependencies
apt_autoremove: yes
# remove .deb files for packages no longer on your system
apt_autoclean: yes
# .deb packages to install.
apt_deb_packages: []
# https://people.debian.org/~hmh/invokerc.d-policyrc.d-specification.txt
apt_policy: 101
# whether or not suggested packages should be installed.
apt_install_suggests: no
# do not install Recommended packages by default
apt_install_recommends: no
# allow 'apt-get autoremove' to remove suggested packages
apt_remove_suggests: no
# allow 'apt-get autoremove' to remove recommended packages
apt_remove_recommends: no
# Enable the update/upgrade script
apt_periodic: yes
# Do “apt-get update” automatically every n-days (0=disable)
apt_update_package_lists: 1
# Do “apt-get upgrade –download-only” every n-days (0=disable)
apt_download_upgradeable_packages: 0
# Do “apt-get autoclean” every n-days (0=disable)
apt_auto_clean_interval: 0
# enable unattended-upgrades
apt_unattended_upgrades: yes
# list of origins patterns to control which packages are upgraded
# replaces allowed-origins, kept for compatibility
apt_unattended_upgrades_origins: []
# List of allowed-origins, default value kept for compatibility
# set to null to use origins-pattern
apt_unattended_upgrades_allowed:
- ${distro_id}:${distro_codename}-security
# list of packages to not update (regexp are supported)
apt_unattended_upgrades_blacklist: []
# Split the upgrade into the smallest possible chunks so that
# they can be interrupted with SIGUSR1. This makes the upgrade
# a bit slower but it has the benefit that shutdown while a upgrade
# is running is possible (with a small delay)
apt_unattended_upgrades_minimal_steps: no
# Send email to this address for problems or packages upgrades
# If empty or unset then no email is sent, make sure that you
# have a working mail setup on your system. A package that provides
# 'mailx' must be installed. E.g. "user@example.com"
apt_mails: []
# Set this value to "true" to get emails only on errors. Default
# is to always send a mail if Unattended-Upgrade::Mail is set
apt_unattended_upgrades_notify_error_only: yes
# Do automatic removal of new unused dependencies after the upgrade
# (equivalent to apt-get autoremove)
apt_unattended_upgrades_autoremove: yes
# Automatically reboot *WITHOUT CONFIRMATION*
# if the file /var/run/reboot-required is found after the upgrade
apt_unattended_upgrades_automatic_reboot: no
# Automatically reboot even if there are users currently logged in.
apt_unattended_upgrades_automatic_reboot_with_users: no
# If automatic reboot is enabled and needed, reboot at the specific
# time instead of immediately
# Values: now | 02:00 | ...
apt_unattended_upgrades_automatic_reboot_time: now
# Enable logging to syslog.
apt_unattended_upgrades_syslog_enable: no
# Specify syslog facility.
apt_unattended_upgrades_syslog_facility: daemon
# Override download timer ? Default no
apt_unattended_upgrades_download_timer_override: null
# In case of override :
# apt_unattended_upgrades_download_timer_override:
# on_calendar_replace: (true|false) If true, delete default system schedule. If not, default and new schedules will be merged
# on_calendar: new schedule, see man systemd.time.7, example : 'Mon..Fri *-*-* 6:00'
# randomized_delay_sec: random delay in sec
# persistent: (true|false)
# See systemd.time.5 for random delay and persistent
# Override upgrade timer the same way
apt_unattended_upgrades_upgrade_timer_override: null
# apt_unattended_upgrades_upgrade_timer_override:
# on_calendar_replace:
# on_calendar:
# randomized_delay_sec:
# persistent:
# remount file system: currently supported options are rootfs and tmpfs
# tmpfs: remount tmp before running if mounted noexec
# rootfs: remount root filesystem r/w before running if mounted r/o
apt_remount_filesystems: []
# repositories to register
apt_repositories: []
# gpg keys for external repositories
apt_keys: []
# HTTP proxy server (optional)
# apt_http_proxy_address:
# HTTP pipeline depth (optional)
# apt_http_pipeline_depth: 5
# Change Aptitudes solution costs, default is not to change anything
# Mirror https://lists.debian.org/543FF3BD.1020609@zen.co.uk
# apt_aptitude_solution_cost:
# - priority
# - removals
# - canceled-actions
apt_aptitude_solution_cost: []
# List of preferences options.
# apt_preferences:
# - file: perl
# package: perl
# pin: "version 5.20*"
# priority: 1001
apt_preferences: []
These are the handlers that are defined in handlers/main.yml
.
---
- name: reload systemd
systemd:
daemon_reload: true
This is an example playbook:
---
- hosts: all
become: yes
roles:
- weareinteractive.apt
vars:
apt_cache_valid_time: 7200
apt_packages:
- vim
- tree
- name: ca-certificates
state: latest
hold: true
- name: zsh
state: absent
purge: true
apt_deb_packages:
- "https://releases.hashicorp.com/vagrant/2.1.5/vagrant_2.1.5_x86_64.deb"
apt_mails:
- root
apt_preferences:
- file: perl
package: perl
pin: "version 5.20*"
priority: 1001
apt_unattended_upgrades_notify_error_only: no
apt_remove_recommends: yes
apt_remove_suggests: yes
apt_remove_purge: yes
$ git clone https://github.com/weareinteractive/ansible-apt.git
$ cd ansible-apt
$ make test
In lieu of a formal style guide, take care to maintain the existing coding style. Add unit tests and examples for any new or changed functionality.
- Fork it
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Add some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create new Pull Request
Note: To update the README.md
file please install and run ansible-role
:
$ gem install ansible-role
$ ansible-role docgen
Copyright (c) We Are Interactive under the MIT license.