Last active
October 27, 2024 14:39
-
-
Save roib20/27fde10af195cee1c1f8ac5f68be7e9b to your computer and use it in GitHub Desktop.
Example usages of the new `deb822_repository` Ansible module
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - hosts: localhost | |
| connection: local | |
| gather_facts: true | |
| tasks: | |
| - name: Add APT repositories | |
| when: ansible_os_family == 'Debian' | |
| become: true | |
| block: | |
| - name: Add VSCode APT repository | |
| ansible.builtin.deb822_repository: | |
| name: vscode | |
| types: [deb] | |
| uris: "https://packages.microsoft.com/repos/code" | |
| signed_by: "https://packages.microsoft.com/keys/microsoft.asc" | |
| suites: [stable] | |
| components: [main] | |
| state: present | |
| enabled: yes | |
| - name: Add google APT repository | |
| ansible.builtin.deb822_repository: | |
| name: google | |
| types: [deb] | |
| uris: | |
| - "http://dl.google.com/linux/chrome/deb" | |
| - "http://dl.google.com/linux/earth/deb" | |
| signed_by: "https://dl.google.com/linux/linux_signing_key.pub" | |
| suites: [stable] | |
| components: [main] | |
| state: present | |
| enabled: yes | |
| - name: Add Kubernetes APT repository | |
| ansible.builtin.deb822_repository: | |
| name: kubernetes | |
| types: [deb] | |
| uris: "https://apt.kubernetes.io" | |
| signed_by: "https://packages.cloud.google.com/apt/doc/apt-key.gpg" | |
| suites: [kubernetes-xenial] | |
| components: [main] | |
| state: present | |
| enabled: yes | |
| - name: Add google-cloud-cli APT repository | |
| ansible.builtin.deb822_repository: | |
| name: google-cloud-cli | |
| types: [deb] | |
| uris: "https://packages.cloud.google.com/apt" | |
| signed_by: "https://packages.cloud.google.com/apt/doc/apt-key.gpg" | |
| suites: [cloud-sdk] | |
| components: [main] | |
| state: present | |
| enabled: yes | |
| - name: Add Microsoft prod APT repository (Debian) | |
| when: ansible_distribution == 'Debian' | |
| ansible.builtin.deb822_repository: | |
| name: packages-microsoft-com-prod | |
| types: [deb] | |
| uris: "https://packages.microsoft.com/{{ ansible_distribution|lower }}/{{ ansible_distribution_major_version }}/prod" | |
| signed_by: "https://packages.microsoft.com/keys/microsoft.asc" | |
| suites: ["{{ ansible_distribution_release|lower }}"] | |
| components: [main] | |
| state: present | |
| enabled: yes | |
| - name: Add Microsoft prod APT repository (Ubuntu) | |
| when: ansible_distribution == 'Ubuntu' | |
| ansible.builtin.deb822_repository: | |
| name: packages-microsoft-com-prod | |
| types: [deb] | |
| uris: "https://packages.microsoft.com/{{ ansible_distribution|lower }}/{{ ansible_distribution_version }}/prod" | |
| signed_by: "https://packages.microsoft.com/keys/microsoft.asc" | |
| suites: ["{{ ansible_distribution_release|lower }}"] | |
| components: [main] | |
| state: present | |
| enabled: yes | |
| - name: Add Tailscale stable APT repository | |
| ansible.builtin.deb822_repository: | |
| name: tailscale-stable | |
| types: [deb] | |
| uris: "https://pkgs.tailscale.com/stable/{{ ansible_distribution|lower }}" | |
| signed_by: "https://pkgs.tailscale.com/stable/{{ ansible_distribution|lower }}/{{ ansible_distribution_release|lower }}.asc" | |
| suites: ["{{ ansible_distribution_release|lower }}"] | |
| components: [main] | |
| state: present | |
| enabled: yes | |
| - name: Add Hashicorp Stable APT repository | |
| ansible.builtin.deb822_repository: | |
| name: hashicorp | |
| types: [deb] | |
| uris: "https://apt.releases.hashicorp.com" | |
| signed_by: "https://apt.releases.hashicorp.com/gpg" | |
| suites: ["{{ ansible_distribution_release|lower }}"] | |
| components: [main] | |
| state: present | |
| enabled: yes |
Thank you @roib20
I now switched to the new style.
Just too add another example using google repos (gVisor in my example):
- name: gVisor repository
ansible.builtin.deb822_repository:
name: gvisor
types: [deb]
uris: https://storage.googleapis.com/gvisor/releases
signed_by: "https://gvisor.dev/archive.key"
components: [main]
suites: [release]
- name: Manage PHP PPA repository (deb822_repository)
ansible.builtin.deb822_repository:
state: present
enabled: true
name: php
uris: [https://ppa.launchpadcontent.net/ondrej/php/ubuntu]
signed_by: "{{ lookup('file', 'php_ppa.asc') }}"
types: [deb]
suites: ["{{ ansible_facts['distribution_release'] }}"]
components: [main]File php_ppa.asc:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: Hostname:
Version: Hockeypuck 2.2
xo0ESX35nAEEALKDCUDVXvmW9n+T/+3G1DnTpoWh9/1xNaz/RrUH6fQKhHr568F8
hfnZP/2CGYVYkW9hxP9LVW9IDvzcmnhgIwK+ddeaPZqh3T/FM4OTA7Q78HSvR81m
Jpf2iMLm/Zvh89ZsmP2sIgZuARiaHo8lxoTSLtmKXsM3FsJVlusyewHfABEBAAHN
H0xhdW5jaHBhZCBQUEEgZm9yIE9uZMWZZWogU3Vyw73CtgQTAQIAIAUCSX35nAIb
AwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEE9OoKrlJnpsQjYD/jW1NlIFAlT6
EvF2xfVbkhERii9MapjaUsSso4XLCEmZdEGX54GQ01svXnrivwnd/kmhKvyxCqiN
LDY/dOaK8MK//bDI6mqdKmG8XbP2vsdsxhifNC+GH/OwaDPvn1TyYB653kwyruCG
FjEnCreZTcRUu2oBQyolORDl+BmF4DjLwsBzBBABCgAdFiEECvaBvTqO/UqmWMI/
thEcm0xImQEFAmXTV0AACgkQthEcm0xImQGTTggAhuMHGeBZlRUAsZE7jJM7Mf06
/WIhcgUfBfSFnJFlFH+xdEe/GFYyVk9kingDsPh90Ecnt4n8DJHTlsuUV1+SPBIO
JfbQTUjx1n/+Ck+TVKzRByvrpRXtiZQ214m3zbhZpme2eBBMItZByjG7g925NUIq
rL+R5ZoEcZvVlYscfsA0Sr8yJTsGJPefuLYI6eJkNDa1QkzBkSSW4XaCfNIxNBRs
zN/qGe3xy0bibOaC4T2TcbZPSAVP855ahNbLAdqkyfAutiEWcKZmQpR9qNh4482k
0pXVlQJ8UB860gVFHjwjFm/MsCeX8yfeAi38ZyInWL2OSG2pDx5ZzNESwnCPIg==
=3DzI
-----END PGP PUBLIC KEY BLOCK-----
Note that the deb822_repository module requires the python3-debian package to be installed. This can be installed in a virtual environment with pip install python-debian.
The deb822 format allows signing keys to be included in the same .source file rather than added to the /etc/apt/trusted.gpg.d folder. This is a better approach because the signing key will be associated only with it's own repository, and not with all repositories globally. This will give a result as close as possible to the native add-apt-repository:
- name: Manage PHP PPA repository (deb822_repository)
become: true
ansible.builtin.deb822_repository:
state: present
name: "ondrej-ubuntu-php-{{ansible_distribution_release}}"
types: [deb]
uris: [https://ppa.launchpadcontent.net/ondrej/php/ubuntu]
suites: ["{{ ansible_facts['distribution_release'] }}"]
components: [main]
signed_by: |
-----BEGIN PGP PUBLIC KEY BLOCK-----
.
mQINBGYo0vEBEAC0Semxy5I2b8exRUxJfTKkHR4f5uyS0dTd9vYgMI5T3gsa7ypH
HtE+GiZC+T9m/F9h66+XJMxhuNsKRs7T2In5NSeso9H/ytlSTayUaBtCFfRp6y6b
6ozuRBfqYJGxhjAnIzvNF/Wpp2BvfQm3OrQ7uJJrt5IvzLDC4jPxl/Xs3sTT+Hbk
bkKKprZ3xmy2enuwBaNWR/CUtAz3hbkzL1kGbhX9m3QidFJagVVdDw3aNEwo8ush
djWfF+BajNvpDFYJKBGQbCeagB753Baa5yIN62x+THLnLiKTMDS1e7U0ZDiV9671
noTbtN5TeZeyfsEmeZ8X60x11JIP3yYHYZT70/DyTYX3WC9yQFyIgVOfRlGklMKI
k3TLMmtq8w5Hz1vovwzV7PzaQnmY+uNP2ZbAP4fJ3iFAj0L+u0i1nOFgTy0Lq058
O/FjRrQxuceDDCF+9ThspXMw3Puvz8giuBDCdEda84uC7XWMdqgz/maLfFQjAmyP
Ixi1EMxMlHYyZajpR1cdCfrAIQlnQjHSWmyeCFgXPPfRA71aCcJ7oSrDjogW6Ahd
HRkQRKf1FF9BFzycgSQotfR+7CKfPQh1kghufM9W/spARzA709nGZjXJzgEJLQd3
CDB6dIIxT/0YI36h3Qgfmiiw4twO24MMEqEEPIELz2WJKeWGkdQdcekpxQARAQAB
tB9MYXVuY2hwYWQgUFBBIGZvciBPbmTFmWVqIFN1csO9iQJOBBMBCgA4FiEEuNx+
U5RmVu+85MHdcdrqq0rUyrYFAmYo0vECGwMFCwkIBwIGFQoJCAsCBBYCAwECHgEC
F4AACgkQcdrqq0rUyrYOPQ/+IArA4s1J3op/w7cXek0ieFHWHFDrxPYS+78/LF/J
LoYZw0nIU5Ovr+LzehFMIQU6esgPXwbeCVgwLwat57augAkAYWT0UzH5dE6RKAGr
C2vsHWVfPhQn6UndfzwXc0mTLGQni25aQaZ6k60Dbm/vblejrTQrtAUWoMO3Z1cr
NDGJ3Z9DCxtr2o9gRYUI6HwLHJtobTIeI5xsr5x+GvXiIAVCPa3ZEuRL6jMQfqfS
C43mpuiS1kGgsnQLs2DbN7EFCfiJoNX1QzZu25zg+IS9PXbCJnheZWnH0rwUSb/N
hZPcSefGlNlhr824OfT30v79hQnw59XbsfV270O9jPbD4kttN+OiszbU66zsuiOh
BO46XCckQPqDkBMw56GPFuVrQgGb1thXvn67URJgPyJhwauBWKPNAJ9Ojuo+yVq/
hdR1VNWThXQbZgaGSWrbjt6FdYtQb9VX88uu5gFDmr180HogHNUDUcqNLLdnjfFs
4DyJlusQ5I/a7cQ7nlkNgxAmHszwO/mGLBuGljDUYkwZDW9nqP1Q5Q2jMtrhgXvR
2SOtufvecUbB7+eoRSaOnu7CNMATG6LocFEMzhKUde1uZTfWSqnYEcdqoFJMi46y
qaNxhiNLsQ5OBMbgSp2zCbQxRBdITMVvBR5YjCetUIGEs6T1yQ5wh5Xpoi34ShHn
v38=
=kFlZ
-----END PGP PUBLIC KEY BLOCK-----
- name: Manage Python PPA repository (deb822_repository)
become: true
ansible.builtin.deb822_repository:
state: present
name: "deadsnakes-ubuntu-ppa-{{ansible_distribution_release}}"
types: [deb]
uris: [https://ppa.launchpadcontent.net/deadsnakes/ppa/ubuntu/]
suites: ["{{ ansible_facts['distribution_release'] }}"]
components: [main]
signed_by: |
-----BEGIN PGP PUBLIC KEY BLOCK-----
.
mQINBFl8fYEBEADQmGZ6pDrwY9iH9DVlwNwTOvOZ7q7lHXPl/TLfMs1tckMc/D9a
hsdBN9VWtMmo+RySvhkIe8X15r65TFs2HE8ft6j2e/4K472pObM1hB+ajiU/wYX2
Syq7DBlNm6YMP5/SyQzRxqis4Ja1uUjW4Q5/Csdf5In8uMzXj5D1P7qOiP2aNa0E
r3w6PXWRTuTihWZOsHv8npyVYDBRR6gEZbd3r86snI/7o8Bfmad3KjbxL7aOdNMw
AqQFaNKl7Y+UJpv1CNFIf+twcOoC0se1SrsVJlAH9HNHM7XGQsPUwpNvQlcmvr+t
1vVS2m72lk3gyShDuJpi1TifGw+DoTqu54U0k+0sZm4pnQVeiizNkefU2UqOoGlt
4oiG9nIhSX04xRlGes3Ya0OjNI5b1xbcYoR+r0c3odI+UCw3VSZtKDX/xlH1o/82
b8ouXeE7LA1i4DvGNj4VSvoxv4ggIznxMf+PkWXWKwRGsbAAXF52rr4FUaeaKoIU
DkJqHXAxrB3PQslZ+ZgBEukkQZF76NkqRqP1E7FXzZZMo2eEL7vtnhSzUlanOf42
ECBoWHVoZQaRFMNbGpqlg9aWedHGyetMStS3nH1sqanr+i4I8VR/UH+ilarPTW3T
E0apWlsH8+N3IKbRx2wgrRZNoQEuyVtvyewDFYShJB3Zxt7VCy67vKAl1QARAQAB
tBxMYXVuY2hwYWQgUFBBIGZvciBkZWFkc25ha2VziQI4BBMBAgAiBQJZfH2BAhsD
BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRC6aTI2anVXdvwhD/4oI3yckeKn
9aJNNTJsyw4ydMkIAOdG+jbZsYv/rN73UVQF1RA8HC71SDmbd0Nu80koBOX+USuL
vvhoMIsARlD5dLx5f/zaQcYWJm/BtsMF/eZ4s1xsenwW6PpXd8FpaTn1qtg/8+O9
99R4uSetAhhyf1vSRb/8U0sgSQd38mpZZFq352UuVisXnmCThj621loQubYJ3lwU
LSLs8wmgo4XIYH7UgdavV9dfplPh0M19RHQL3wTyQP2KRNRq1rG7/n1XzUwDyqY6
eMVhdVhvnxAGztvdFCySVzBRr/rCw6quhcYQwBqdqaXhz63np+4mlUNfd8Eu+Vas
b/tbteF/pDu0yeFMpK4X09Cwn2kYYCpq4XujijW+iRWb4MO3G8LLi8oBAHP/k0CM
/QvSRbbG8JDQkQDH37Efm8iE/EttJTixjKAIfyugmvEHfcrnxaMoBioa6h6McQrM
vI8bJirxorJzOVF4kY7xXvMYwjzaDC8G0fTA8SzQRaShksR3USXZjz8vS6tZ+YNa
mRHPoZ3Ua0bz4t2aCcu/fknVGsXcNBazNIK9WF2665Ut/b7lDbojXsUZ3PpuqOoe
GQL9LRj7nmCI6ugoKkNp8ZXcGJ8BGw37Wep2ztyzDohXp6f/4mGgy2KYV9R4S8D5
yBDUU6BS7Su5nhQMStfdfr4FffLmnvFC9w==
=7hFk
-----END PGP PUBLIC KEY BLOCK-----
A few more examples with mozilla, spotify, tableplus and mongoDB 8.0:
- name: Add Mozilla APT repository
ansible.builtin.deb822_repository:
name: mozilla
types: [deb]
uris: https://packages.mozilla.org/apt
signed_by: https://packages.mozilla.org/apt/repo-signing-key.gpg
suites: [mozilla]
components: [main]
enabled: true
- name: Add Spotify APT repository
ansible.builtin.deb822_repository:
name: spotify
types: [deb]
uris: http://repository.spotify.com
signed_by: https://download.spotify.com/debian/pubkey_6224F9941A8AA6D1.gpg
suites: [stable]
components: [non-free]
enabled: true
- name: Add TablePlus APT repository
ansible.builtin.deb822_repository:
name: tableplus
types: [deb]
uris: "https://deb.tableplus.com/debian/{{ ansible_distribution_major_version }}"
signed_by: https://deb.tableplus.com/apt.tableplus.com.gpg.key
suites: [tableplus]
components: [main]
enabled: true
- name: Add MongoDB 8.0 repository
ansible.builtin.deb822_repository:
name: mongodb-org-8.0
types: [deb]
uris: "https://repo.mongodb.org/apt/{{ ansible_distribution|lower }}"
signed_by: https://www.mongodb.org/static/pgp/server-8.0.asc
suites: ["{{ ansible_distribution_release|lower }}/mongodb-org/8.0"]
components: [multiverse]
enabled: true
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I tested the Docker task by @Sprout9 above, it works on my test. I would need to see what the output is of
/etc/apt/sources.list.d/to know what issue you faced.However, make sure you have set
gather_facts: true. Your fix does not use facts and instead references "ubuntu" directly. This is valid, however there is an advantage in using facts: the same task can work on multiple different distributions.For reference, this is the task I use to setup the Docker repository on my personal machines and in production servers (I personally tested it on Debian 11, Debian 12, Ubuntu 22.04 LTS and Ubuntu 24.04 LTS):