package-source

cans.package-source

Build Status Ansible Galaxy License

Simple role to add and / or remove distribution package sources and their respective GPG keys.

Each package source to be added or removed must be described as follows:

- repo: "name of the repository"      # required
  codename: "<Distro codename>"       # optional, default: undefined
  key_id: "<GPG Key ID>"              # optional, default: undefined
  key_server: "<key server url>"      # optional, default: undefined
  key_url: "<public key file url>"    # optional, default: undefined
  keyring: "<path to keyring>"        # optional, default: undefined
  update_cache: <yes|no>              # optional, default: no

This role will add, then remove sources. And since the repositories are specified in lists, the order in which they are added or removed is deterministic and as specified in your playbook.

All values with an undefined default will simply be omitted if not specified.

The repo is the one and only mandatory value and should be a valid APT repository description line.

If you want to install a key alongside a given source, you must specify the key_id, to avoid inserting undesired key in APT's keyring. Then either of key_url or key_server become mandatory, so the key can be retrieve somehow.

Changing the default value of update_cache is generally not a good idea, as slows down your playbook terribly. And anyways, if you add package sources, it is most likely to use them a short while latter. It is recommanded to update the cache then and not when you add the source. Note that is has the drawback of not validating your new repositories. If you still want that validation to occur during the execution of this role, use update_cache has shown in the example playbook below.

Requirements

This package has the requirements of Ansible's distribution package sources management modules:

Role Variables

All the variables from this module are namespaced with the prefix pkgsources.

  • pkgsource_present: the list of sources you want to make sure are available (default: []);
  • pkgsource_absent: the list of sources you want to make sure are not available (default: []);

Deprecated variables

  • pkgsource_user: this variable has been deprecated, as you can define this as you import the role or at the play level. The variable was in fact not used (default: ansible_user_id).

Dependencies

This role has no external dependencies.

Example Playbook

In this playbook, we add two new sources to APT and remove one. With the second added source, we will also install the repository's GPG key. Finally, since this role adds then removes repositories, on the last (and only) removed repository removed, we force a cache update that ensure the configuration is valid indeed and APT can verify all repositories and packages signatures.

- hosts: servers
  roles:
     - role: "cans.package-source"
       pkgsource_present:
         # Simply ensure Debian current release backport packages repository
         # is available
         - repo: "deb http://ftp.fr.debian.org/debian/ stable-backports main"

         # Heroku's toolbelt repository (cli tool)
         - repo: "deb https://toolbelt.heroku.com/ubuntu/ ./"
           # These two lines will ensure Heroku's GPG key is intalled *before*
           # adding the repository to the source list.
           key_id: C927EBE00F1B0520
           key_url: "https://toolbelt.herokuapp.com/apt/release.key"

       # The deprecated sources you want removed.
       pkgsource_absent:
         - "deb http://ftp.fr.debian.org/debian/ wheezy main"
           # Force cache update on last repository added or removed so the new
           # configuration is validated
           update_cache: yes

License

The Ansible role package-source is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation.

package-sources is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with package-sources. If not, see http://www.gnu.org/licenses/.

Author Information

Copyright © 2017-2018, Nicolas CANIART.

About

Role to manage Distribution Package Sources and their Encryption Keys

Install
ansible-galaxy install cans/package-source
GitHub repository
License
gpl-2.0
Downloads
123