-
-
Save roib20/27fde10af195cee1c1f8ac5f68be7e9b to your computer and use it in GitHub Desktop.
--- | |
- hosts: localhost | |
connection: local | |
gather_facts: true | |
tasks: | |
- name: Add APT repositories | |
when: ansible_os_family == 'Debian' | |
become: true | |
block: | |
- name: Add VSCode APT repository | |
ansible.builtin.deb822_repository: | |
name: vscode | |
types: [deb] | |
uris: "https://packages.microsoft.com/repos/code" | |
signed_by: "https://packages.microsoft.com/keys/microsoft.asc" | |
suites: [stable] | |
components: [main] | |
state: present | |
enabled: yes | |
- name: Add google APT repository | |
ansible.builtin.deb822_repository: | |
name: google | |
types: [deb] | |
uris: | |
- "http://dl.google.com/linux/chrome/deb" | |
- "http://dl.google.com/linux/earth/deb" | |
signed_by: "https://dl.google.com/linux/linux_signing_key.pub" | |
suites: [stable] | |
components: [main] | |
state: present | |
enabled: yes | |
- name: Add Kubernetes APT repository | |
ansible.builtin.deb822_repository: | |
name: kubernetes | |
types: [deb] | |
uris: "https://apt.kubernetes.io" | |
signed_by: "https://packages.cloud.google.com/apt/doc/apt-key.gpg" | |
suites: [kubernetes-xenial] | |
components: [main] | |
state: present | |
enabled: yes | |
- name: Add google-cloud-cli APT repository | |
ansible.builtin.deb822_repository: | |
name: google-cloud-cli | |
types: [deb] | |
uris: "https://packages.cloud.google.com/apt" | |
signed_by: "https://packages.cloud.google.com/apt/doc/apt-key.gpg" | |
suites: [cloud-sdk] | |
components: [main] | |
state: present | |
enabled: yes | |
- name: Add Microsoft prod APT repository (Debian) | |
when: ansible_distribution == 'Debian' | |
ansible.builtin.deb822_repository: | |
name: packages-microsoft-com-prod | |
types: [deb] | |
uris: "https://packages.microsoft.com/{{ ansible_distribution|lower }}/{{ ansible_distribution_major_version }}/prod" | |
signed_by: "https://packages.microsoft.com/keys/microsoft.asc" | |
suites: ["{{ ansible_distribution_release|lower }}"] | |
components: [main] | |
state: present | |
enabled: yes | |
- name: Add Microsoft prod APT repository (Ubuntu) | |
when: ansible_distribution == 'Ubuntu' | |
ansible.builtin.deb822_repository: | |
name: packages-microsoft-com-prod | |
types: [deb] | |
uris: "https://packages.microsoft.com/{{ ansible_distribution|lower }}/{{ ansible_distribution_version }}/prod" | |
signed_by: "https://packages.microsoft.com/keys/microsoft.asc" | |
suites: ["{{ ansible_distribution_release|lower }}"] | |
components: [main] | |
state: present | |
enabled: yes | |
- name: Add Tailscale stable APT repository | |
ansible.builtin.deb822_repository: | |
name: tailscale-stable | |
types: [deb] | |
uris: "https://pkgs.tailscale.com/stable/{{ ansible_distribution|lower }}" | |
signed_by: "https://pkgs.tailscale.com/stable/{{ ansible_distribution|lower }}/{{ ansible_distribution_release|lower }}.asc" | |
suites: ["{{ ansible_distribution_release|lower }}"] | |
components: [main] | |
state: present | |
enabled: yes | |
- name: Add Hashicorp Stable APT repository | |
ansible.builtin.deb822_repository: | |
name: hashicorp | |
types: [deb] | |
uris: "https://apt.releases.hashicorp.com" | |
signed_by: "https://apt.releases.hashicorp.com/gpg" | |
suites: ["{{ ansible_distribution_release|lower }}"] | |
components: [main] | |
state: present | |
enabled: yes |
- name: Add Docker Module Repository
ansible.builtin.deb822_repository:
name: docker
types: [deb]
uris: "https://download.docker.com/linux/{{ ansible_distribution | lower }}"
signed_by: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg"
suites: ["{{ ansible_distribution_release | lower }}"]
components: [stable]
state: present
enabled: yes
- name: Add Proxmox Repository.
ansible.builtin.deb822_repository:
name: proxmox
types: [deb]
architectures: amd64
uris: "http://download.proxmox.com/{{ ansible_distribution | lower }}/pve"
signed_by: "https://enterprise.proxmox.com/{{ ansible_distribution | lower }}/proxmox-release-{{ ansible_distribution_release | lower }}.gpg"
suites: ["{{ ansible_distribution_release | lower }}"]
components: [pve-no-subscription]
state: present
enabled: true
- name: Add Gitlab Repository.
ansible.builtin.deb822_repository:
name: gitlab
types: [deb]
uris: "https://packages.gitlab.com/gitlab/gitlab-ee/{{ ansible_distribution | lower }}"
signed_by: "https://packages.gitlab.com/gitlab/gitlab-ee/gpgkey"
suites: ["{{ ansible_distribution_release | lower }}"]
components: [main]
state: present
enabled: true
- name: Add Gitlab Runner Repository.
ansible.builtin.deb822_repository:
name: gitlab-runner
types: [deb]
uris: "https://packages.gitlab.com/runner/gitlab-runner/{{ ansible_distribution | lower }}"
signed_by: "https://packages.gitlab.com/runner/gitlab-runner/gpgkey"
suites: ["{{ ansible_distribution_release | lower }}"]
components: [main]
state: present
enabled: true
Here's how to translate installation instructions that only provide the old one-line-style source format into the new format. The old source format looks like this:
deb [signed-by=/usr/share/keyrings/example.gpg] https://example.com/dev foo bar
Here https://example.com/dev
should go into uris
, foo
should go into suites
, and bar
should go into components
. The path for signed-by
should be ignored as the deb822_repository module figures out the path based on where it downloads the key to.
Hope this helps someone :)
The example kubernetes repo is frozen and everything moved to a none google hosted location. Can it be updated?
The example kubernetes repo is frozen and everything moved to a none google hosted location. Can it be updated?
I also had to solve this issue. This works:
- name: Add Kubernetes APT repository
ansible.builtin.deb822_repository:
name: kubernetes
types: [deb]
uris: "https://pkgs.k8s.io/core:/stable:/v1.29/deb/"
signed_by: "https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key"
suites: [/]
state: present
enabled: yes
NOTE: Replace v1.29
with the Kubernetes version you need.
Above docker example didn't work for me. Kept getting this error:
Malformed entry 1 in sources file /etc/apt/sources.list.d/docker.sources (Component), E:The list of sources could not be read
Had to change it to this:
- name: Add docker APT repository ansible.builtin.deb822_repository: name: docker types: [ deb ] uris: "https://download.docker.com/linux/ubuntu" signed_by: "https://download.docker.com/linux/ubuntu/gpg" suites: "{{ ansible_distribution_release }}" components: stable state: present enabled: yes
Above docker example didn't work for me. Kept getting this error:
Malformed entry 1 in sources file /etc/apt/sources.list.d/docker.sources (Component), E:The list of sources could not be read
I tested the Docker task by @Sprout9 above, it works on my test. I would need to see what the output is of /etc/apt/sources.list.d/
to know what issue you faced.
However, make sure you have set gather_facts: true
. Your fix does not use facts and instead references "ubuntu" directly. This is valid, however there is an advantage in using facts: the same task can work on multiple different distributions.
For reference, this is the task I use to setup the Docker repository on my personal machines and in production servers (I personally tested it on Debian 11, Debian 12, Ubuntu 22.04 LTS and Ubuntu 24.04 LTS):
- name: Add Docker APT repository
ansible.builtin.deb822_repository:
name: docker
state: present
types: [deb]
uris: "https://download.docker.com/linux/{{ ansible_distribution|lower }}"
suites: ["{{ ansible_distribution_release|lower }}"]
components: [stable]
signed_by: "https://download.docker.com/linux/debian/gpg"
enabled: yes
Thank you @roib20
I now switched to the new style.
Just too add another example using google repos (gVisor in my example):
- name: gVisor repository
ansible.builtin.deb822_repository:
name: gvisor
types: [deb]
uris: https://storage.googleapis.com/gvisor/releases
signed_by: "https://gvisor.dev/archive.key"
components: [main]
suites: [release]
- name: Manage PHP PPA repository (deb822_repository)
ansible.builtin.deb822_repository:
state: present
enabled: true
name: php
uris: [https://ppa.launchpadcontent.net/ondrej/php/ubuntu]
signed_by: "{{ lookup('file', 'php_ppa.asc') }}"
types: [deb]
suites: ["{{ ansible_facts['distribution_release'] }}"]
components: [main]
File php_ppa.asc
:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: Hostname:
Version: Hockeypuck 2.2
xo0ESX35nAEEALKDCUDVXvmW9n+T/+3G1DnTpoWh9/1xNaz/RrUH6fQKhHr568F8
hfnZP/2CGYVYkW9hxP9LVW9IDvzcmnhgIwK+ddeaPZqh3T/FM4OTA7Q78HSvR81m
Jpf2iMLm/Zvh89ZsmP2sIgZuARiaHo8lxoTSLtmKXsM3FsJVlusyewHfABEBAAHN
H0xhdW5jaHBhZCBQUEEgZm9yIE9uZMWZZWogU3Vyw73CtgQTAQIAIAUCSX35nAIb
AwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEE9OoKrlJnpsQjYD/jW1NlIFAlT6
EvF2xfVbkhERii9MapjaUsSso4XLCEmZdEGX54GQ01svXnrivwnd/kmhKvyxCqiN
LDY/dOaK8MK//bDI6mqdKmG8XbP2vsdsxhifNC+GH/OwaDPvn1TyYB653kwyruCG
FjEnCreZTcRUu2oBQyolORDl+BmF4DjLwsBzBBABCgAdFiEECvaBvTqO/UqmWMI/
thEcm0xImQEFAmXTV0AACgkQthEcm0xImQGTTggAhuMHGeBZlRUAsZE7jJM7Mf06
/WIhcgUfBfSFnJFlFH+xdEe/GFYyVk9kingDsPh90Ecnt4n8DJHTlsuUV1+SPBIO
JfbQTUjx1n/+Ck+TVKzRByvrpRXtiZQ214m3zbhZpme2eBBMItZByjG7g925NUIq
rL+R5ZoEcZvVlYscfsA0Sr8yJTsGJPefuLYI6eJkNDa1QkzBkSSW4XaCfNIxNBRs
zN/qGe3xy0bibOaC4T2TcbZPSAVP855ahNbLAdqkyfAutiEWcKZmQpR9qNh4482k
0pXVlQJ8UB860gVFHjwjFm/MsCeX8yfeAi38ZyInWL2OSG2pDx5ZzNESwnCPIg==
=3DzI
-----END PGP PUBLIC KEY BLOCK-----
Note that the deb822_repository
module requires the python3-debian
package to be installed. This can be installed in a virtual environment with pip install python-debian
.
The deb822
format allows signing keys to be included in the same .source
file rather than added to the /etc/apt/trusted.gpg.d
folder. This is a better approach because the signing key will be associated only with it's own repository, and not with all repositories globally. This will give a result as close as possible to the native add-apt-repository
:
- name: Manage PHP PPA repository (deb822_repository)
become: true
ansible.builtin.deb822_repository:
state: present
name: "ondrej-ubuntu-php-{{ansible_distribution_release}}"
types: [deb]
uris: [https://ppa.launchpadcontent.net/ondrej/php/ubuntu]
suites: ["{{ ansible_facts['distribution_release'] }}"]
components: [main]
signed_by: |
-----BEGIN PGP PUBLIC KEY BLOCK-----
.
mQINBGYo0vEBEAC0Semxy5I2b8exRUxJfTKkHR4f5uyS0dTd9vYgMI5T3gsa7ypH
HtE+GiZC+T9m/F9h66+XJMxhuNsKRs7T2In5NSeso9H/ytlSTayUaBtCFfRp6y6b
6ozuRBfqYJGxhjAnIzvNF/Wpp2BvfQm3OrQ7uJJrt5IvzLDC4jPxl/Xs3sTT+Hbk
bkKKprZ3xmy2enuwBaNWR/CUtAz3hbkzL1kGbhX9m3QidFJagVVdDw3aNEwo8ush
djWfF+BajNvpDFYJKBGQbCeagB753Baa5yIN62x+THLnLiKTMDS1e7U0ZDiV9671
noTbtN5TeZeyfsEmeZ8X60x11JIP3yYHYZT70/DyTYX3WC9yQFyIgVOfRlGklMKI
k3TLMmtq8w5Hz1vovwzV7PzaQnmY+uNP2ZbAP4fJ3iFAj0L+u0i1nOFgTy0Lq058
O/FjRrQxuceDDCF+9ThspXMw3Puvz8giuBDCdEda84uC7XWMdqgz/maLfFQjAmyP
Ixi1EMxMlHYyZajpR1cdCfrAIQlnQjHSWmyeCFgXPPfRA71aCcJ7oSrDjogW6Ahd
HRkQRKf1FF9BFzycgSQotfR+7CKfPQh1kghufM9W/spARzA709nGZjXJzgEJLQd3
CDB6dIIxT/0YI36h3Qgfmiiw4twO24MMEqEEPIELz2WJKeWGkdQdcekpxQARAQAB
tB9MYXVuY2hwYWQgUFBBIGZvciBPbmTFmWVqIFN1csO9iQJOBBMBCgA4FiEEuNx+
U5RmVu+85MHdcdrqq0rUyrYFAmYo0vECGwMFCwkIBwIGFQoJCAsCBBYCAwECHgEC
F4AACgkQcdrqq0rUyrYOPQ/+IArA4s1J3op/w7cXek0ieFHWHFDrxPYS+78/LF/J
LoYZw0nIU5Ovr+LzehFMIQU6esgPXwbeCVgwLwat57augAkAYWT0UzH5dE6RKAGr
C2vsHWVfPhQn6UndfzwXc0mTLGQni25aQaZ6k60Dbm/vblejrTQrtAUWoMO3Z1cr
NDGJ3Z9DCxtr2o9gRYUI6HwLHJtobTIeI5xsr5x+GvXiIAVCPa3ZEuRL6jMQfqfS
C43mpuiS1kGgsnQLs2DbN7EFCfiJoNX1QzZu25zg+IS9PXbCJnheZWnH0rwUSb/N
hZPcSefGlNlhr824OfT30v79hQnw59XbsfV270O9jPbD4kttN+OiszbU66zsuiOh
BO46XCckQPqDkBMw56GPFuVrQgGb1thXvn67URJgPyJhwauBWKPNAJ9Ojuo+yVq/
hdR1VNWThXQbZgaGSWrbjt6FdYtQb9VX88uu5gFDmr180HogHNUDUcqNLLdnjfFs
4DyJlusQ5I/a7cQ7nlkNgxAmHszwO/mGLBuGljDUYkwZDW9nqP1Q5Q2jMtrhgXvR
2SOtufvecUbB7+eoRSaOnu7CNMATG6LocFEMzhKUde1uZTfWSqnYEcdqoFJMi46y
qaNxhiNLsQ5OBMbgSp2zCbQxRBdITMVvBR5YjCetUIGEs6T1yQ5wh5Xpoi34ShHn
v38=
=kFlZ
-----END PGP PUBLIC KEY BLOCK-----
- name: Manage Python PPA repository (deb822_repository)
become: true
ansible.builtin.deb822_repository:
state: present
name: "deadsnakes-ubuntu-ppa-{{ansible_distribution_release}}"
types: [deb]
uris: [https://ppa.launchpadcontent.net/deadsnakes/ppa/ubuntu/]
suites: ["{{ ansible_facts['distribution_release'] }}"]
components: [main]
signed_by: |
-----BEGIN PGP PUBLIC KEY BLOCK-----
.
mQINBFl8fYEBEADQmGZ6pDrwY9iH9DVlwNwTOvOZ7q7lHXPl/TLfMs1tckMc/D9a
hsdBN9VWtMmo+RySvhkIe8X15r65TFs2HE8ft6j2e/4K472pObM1hB+ajiU/wYX2
Syq7DBlNm6YMP5/SyQzRxqis4Ja1uUjW4Q5/Csdf5In8uMzXj5D1P7qOiP2aNa0E
r3w6PXWRTuTihWZOsHv8npyVYDBRR6gEZbd3r86snI/7o8Bfmad3KjbxL7aOdNMw
AqQFaNKl7Y+UJpv1CNFIf+twcOoC0se1SrsVJlAH9HNHM7XGQsPUwpNvQlcmvr+t
1vVS2m72lk3gyShDuJpi1TifGw+DoTqu54U0k+0sZm4pnQVeiizNkefU2UqOoGlt
4oiG9nIhSX04xRlGes3Ya0OjNI5b1xbcYoR+r0c3odI+UCw3VSZtKDX/xlH1o/82
b8ouXeE7LA1i4DvGNj4VSvoxv4ggIznxMf+PkWXWKwRGsbAAXF52rr4FUaeaKoIU
DkJqHXAxrB3PQslZ+ZgBEukkQZF76NkqRqP1E7FXzZZMo2eEL7vtnhSzUlanOf42
ECBoWHVoZQaRFMNbGpqlg9aWedHGyetMStS3nH1sqanr+i4I8VR/UH+ilarPTW3T
E0apWlsH8+N3IKbRx2wgrRZNoQEuyVtvyewDFYShJB3Zxt7VCy67vKAl1QARAQAB
tBxMYXVuY2hwYWQgUFBBIGZvciBkZWFkc25ha2VziQI4BBMBAgAiBQJZfH2BAhsD
BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRC6aTI2anVXdvwhD/4oI3yckeKn
9aJNNTJsyw4ydMkIAOdG+jbZsYv/rN73UVQF1RA8HC71SDmbd0Nu80koBOX+USuL
vvhoMIsARlD5dLx5f/zaQcYWJm/BtsMF/eZ4s1xsenwW6PpXd8FpaTn1qtg/8+O9
99R4uSetAhhyf1vSRb/8U0sgSQd38mpZZFq352UuVisXnmCThj621loQubYJ3lwU
LSLs8wmgo4XIYH7UgdavV9dfplPh0M19RHQL3wTyQP2KRNRq1rG7/n1XzUwDyqY6
eMVhdVhvnxAGztvdFCySVzBRr/rCw6quhcYQwBqdqaXhz63np+4mlUNfd8Eu+Vas
b/tbteF/pDu0yeFMpK4X09Cwn2kYYCpq4XujijW+iRWb4MO3G8LLi8oBAHP/k0CM
/QvSRbbG8JDQkQDH37Efm8iE/EttJTixjKAIfyugmvEHfcrnxaMoBioa6h6McQrM
vI8bJirxorJzOVF4kY7xXvMYwjzaDC8G0fTA8SzQRaShksR3USXZjz8vS6tZ+YNa
mRHPoZ3Ua0bz4t2aCcu/fknVGsXcNBazNIK9WF2665Ut/b7lDbojXsUZ3PpuqOoe
GQL9LRj7nmCI6ugoKkNp8ZXcGJ8BGw37Wep2ztyzDohXp6f/4mGgy2KYV9R4S8D5
yBDUU6BS7Su5nhQMStfdfr4FffLmnvFC9w==
=7hFk
-----END PGP PUBLIC KEY BLOCK-----
NOTE: Requires Ansible-core 2.15+ (Ansible 8.0+)