https://github.com/cans/package-source
Ansible role to manage distribution package sources and encryption keys
https://github.com/cans/package-source
Last synced: 4 months ago
JSON representation
Ansible role to manage distribution package sources and encryption keys
- Host: GitHub
- URL: https://github.com/cans/package-source
- Owner: cans
- License: gpl-2.0
- Created: 2017-04-17T08:24:33.000Z (about 9 years ago)
- Default Branch: master
- Last Pushed: 2019-08-24T09:28:32.000Z (almost 7 years ago)
- Last Synced: 2025-03-04T12:29:02.998Z (over 1 year ago)
- Size: 24.4 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
cans.package-source
===================
[](https://travis-ci.org/cans/package-sources)
[](https://galaxy.ansible.com/cans/package-source)
[](LICENSE)
Simple role to add and / or remove distribution package sources and
their respective GPG keys.
Each package source to be added or removed must be described as
follows:
- repo: "name of the repository" # required
codename: "" # optional, default: undefined
key_id: "" # optional, default: undefined
key_server: "" # optional, default: undefined
key_url: "" # optional, default: undefined
keyring: "" # optional, default: undefined
update_cache: # optional, default: no
This role will add, then remove sources. And since the repositories
are specified in lists, the order in which they are added or removed is
deterministic and as specified in your playbook.
All values with an _undefined_ default will simply be omitted if not
specified.
The `repo` is the one and only mandatory value and should be a valid
APT repository description line.
If you want to install a key alongside a given source, you *must*
specify the `key_id`, to avoid inserting undesired key in APT's
keyring. Then either of `key_url` or `key_server` become mandatory, so
the key can be retrieve somehow.
Changing the default value of `update_cache` is generally not a good
idea, as slows down your playbook terribly. And anyways, if you add
package sources, it is most likely to use them a short while latter. It
is recommanded to update the cache then and not when you add the source.
Note that is has the drawback of not validating your new repositories.
If you still want that validation to occur during the execution of this
role, use `update_cache` has shown in the
[example playbook](#example-playbook) below.
Requirements
------------
This package has the requirements of Ansible's distribution package
sources management modules:
- For Debian based distributions see [apt\_repository](http://docs.ansible.com/ansible/apt_repository_module.html)
and [apt\_key](http://doc.ansible.com/ansible/apt_key_module.html) modules;
Role Variables
--------------
All the variables from this module are namespaced with the prefix
`pkgsources`.
- `pkgsource_present`: the list of sources you want to make sure are
available (default: `[]`);
- `pkgsource_absent`: the list of sources you want to make sure are
*not* available (default: `[]`);
### Deprecated variables
- `pkgsource_user`: this variable has been deprecated, as you can define
this as you import the role or at the play level. The variable was in fact
not used (default: `ansible_user_id`).
Dependencies
------------
This role has no external dependencies.
Example Playbook
----------------
In this playbook, we add two new sources to APT and remove one.
With the second added source, we will also install the repository's GPG
key. Finally, since this role adds then removes repositories, on the
last (and only) removed repository removed, we force a cache update
that ensure the configuration is valid indeed and APT can verify all
repositories and packages signatures.
- hosts: servers
roles:
- role: "cans.package-source"
pkgsource_present:
# Simply ensure Debian current release backport packages repository
# is available
- repo: "deb http://ftp.fr.debian.org/debian/ stable-backports main"
# Heroku's toolbelt repository (cli tool)
- repo: "deb https://toolbelt.heroku.com/ubuntu/ ./"
# These two lines will ensure Heroku's GPG key is intalled *before*
# adding the repository to the source list.
key_id: C927EBE00F1B0520
key_url: "https://toolbelt.herokuapp.com/apt/release.key"
# The deprecated sources you want removed.
pkgsource_absent:
- "deb http://ftp.fr.debian.org/debian/ wheezy main"
# Force cache update on last repository added or removed so the new
# configuration is validated
update_cache: yes
License
-------
The Ansible role package-source is free software: you can
redistribute it and/or modify it under the terms of the GNU General
Public License version 2 as published by the Free Software Foundation.
package-sources is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with package-sources. If not, see .
Author Information
------------------
Copyright © 2017-2018, Nicolas CANIART.