Skip to content

Instantly share code, notes, and snippets.

@roib20
Last active October 4, 2024 19:05
Show Gist options
  • Save roib20/27fde10af195cee1c1f8ac5f68be7e9b to your computer and use it in GitHub Desktop.
Save roib20/27fde10af195cee1c1f8ac5f68be7e9b to your computer and use it in GitHub Desktop.
Example usages of the new `deb822_repository` Ansible module
---
- hosts: localhost
connection: local
gather_facts: true
tasks:
- name: Add APT repositories
when: ansible_os_family == 'Debian'
become: true
block:
- name: Add VSCode APT repository
ansible.builtin.deb822_repository:
name: vscode
types: [deb]
uris: "https://packages.microsoft.com/repos/code"
signed_by: "https://packages.microsoft.com/keys/microsoft.asc"
suites: [stable]
components: [main]
state: present
enabled: yes
- name: Add google APT repository
ansible.builtin.deb822_repository:
name: google
types: [deb]
uris:
- "http://dl.google.com/linux/chrome/deb"
- "http://dl.google.com/linux/earth/deb"
signed_by: "https://dl.google.com/linux/linux_signing_key.pub"
suites: [stable]
components: [main]
state: present
enabled: yes
- name: Add Kubernetes APT repository
ansible.builtin.deb822_repository:
name: kubernetes
types: [deb]
uris: "https://apt.kubernetes.io"
signed_by: "https://packages.cloud.google.com/apt/doc/apt-key.gpg"
suites: [kubernetes-xenial]
components: [main]
state: present
enabled: yes
- name: Add google-cloud-cli APT repository
ansible.builtin.deb822_repository:
name: google-cloud-cli
types: [deb]
uris: "https://packages.cloud.google.com/apt"
signed_by: "https://packages.cloud.google.com/apt/doc/apt-key.gpg"
suites: [cloud-sdk]
components: [main]
state: present
enabled: yes
- name: Add Microsoft prod APT repository (Debian)
when: ansible_distribution == 'Debian'
ansible.builtin.deb822_repository:
name: packages-microsoft-com-prod
types: [deb]
uris: "https://packages.microsoft.com/{{ ansible_distribution|lower }}/{{ ansible_distribution_major_version }}/prod"
signed_by: "https://packages.microsoft.com/keys/microsoft.asc"
suites: ["{{ ansible_distribution_release|lower }}"]
components: [main]
state: present
enabled: yes
- name: Add Microsoft prod APT repository (Ubuntu)
when: ansible_distribution == 'Ubuntu'
ansible.builtin.deb822_repository:
name: packages-microsoft-com-prod
types: [deb]
uris: "https://packages.microsoft.com/{{ ansible_distribution|lower }}/{{ ansible_distribution_version }}/prod"
signed_by: "https://packages.microsoft.com/keys/microsoft.asc"
suites: ["{{ ansible_distribution_release|lower }}"]
components: [main]
state: present
enabled: yes
- name: Add Tailscale stable APT repository
ansible.builtin.deb822_repository:
name: tailscale-stable
types: [deb]
uris: "https://pkgs.tailscale.com/stable/{{ ansible_distribution|lower }}"
signed_by: "https://pkgs.tailscale.com/stable/{{ ansible_distribution|lower }}/{{ ansible_distribution_release|lower }}.asc"
suites: ["{{ ansible_distribution_release|lower }}"]
components: [main]
state: present
enabled: yes
- name: Add Hashicorp Stable APT repository
ansible.builtin.deb822_repository:
name: hashicorp
types: [deb]
uris: "https://apt.releases.hashicorp.com"
signed_by: "https://apt.releases.hashicorp.com/gpg"
suites: ["{{ ansible_distribution_release|lower }}"]
components: [main]
state: present
enabled: yes
@roib20
Copy link
Author

roib20 commented May 22, 2023

NOTE: Requires Ansible-core 2.15+ (Ansible 8.0+)

@Sprout9
Copy link

Sprout9 commented Jan 18, 2024

    - name: Add Docker Module Repository
      ansible.builtin.deb822_repository:
        name: docker
        types: [deb]
        uris: "https://download.docker.com/linux/{{ ansible_distribution | lower }}"
        signed_by: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg"
        suites: ["{{ ansible_distribution_release | lower }}"]
        components: [stable]
        state: present
        enabled: yes

@Skaronator
Copy link

Skaronator commented Feb 7, 2024

- name: Add Proxmox Repository.
  ansible.builtin.deb822_repository:
    name: proxmox
    types: [deb]
    architectures: amd64
    uris: "http://download.proxmox.com/{{ ansible_distribution | lower }}/pve"
    signed_by: "https://enterprise.proxmox.com/{{ ansible_distribution | lower }}/proxmox-release-{{ ansible_distribution_release | lower }}.gpg"
    suites: ["{{ ansible_distribution_release | lower }}"]
    components: [pve-no-subscription]
    state: present
    enabled: true

- name: Add Gitlab Repository.
  ansible.builtin.deb822_repository:
    name: gitlab
    types: [deb]
    uris: "https://packages.gitlab.com/gitlab/gitlab-ee/{{ ansible_distribution | lower }}"
    signed_by: "https://packages.gitlab.com/gitlab/gitlab-ee/gpgkey"
    suites: ["{{ ansible_distribution_release | lower }}"]
    components: [main]
    state: present
    enabled: true

- name: Add Gitlab Runner Repository.
  ansible.builtin.deb822_repository:
    name: gitlab-runner
    types: [deb]
    uris: "https://packages.gitlab.com/runner/gitlab-runner/{{ ansible_distribution | lower }}"
    signed_by: "https://packages.gitlab.com/runner/gitlab-runner/gpgkey"
    suites: ["{{ ansible_distribution_release | lower }}"]
    components: [main]
    state: present
    enabled: true

@paldepind
Copy link

Here's how to translate installation instructions that only provide the old one-line-style source format into the new format. The old source format looks like this:

deb [signed-by=/usr/share/keyrings/example.gpg] https://example.com/dev foo bar

Here https://example.com/dev should go into uris, foo should go into suites, and bar should go into components. The path for signed-by should be ignored as the deb822_repository module figures out the path based on where it downloads the key to.

Hope this helps someone :)

@hegerdes
Copy link

hegerdes commented Mar 3, 2024

The example kubernetes repo is frozen and everything moved to a none google hosted location. Can it be updated?

@roib20
Copy link
Author

roib20 commented Mar 10, 2024

The example kubernetes repo is frozen and everything moved to a none google hosted location. Can it be updated?

I also had to solve this issue. This works:

      - name: Add Kubernetes APT repository
        ansible.builtin.deb822_repository:
          name: kubernetes
          types: [deb]
          uris: "https://pkgs.k8s.io/core:/stable:/v1.29/deb/"
          signed_by: "https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key"
          suites: [/]
          state: present
          enabled: yes

NOTE: Replace v1.29 with the Kubernetes version you need.

@chuyyy
Copy link

chuyyy commented Apr 25, 2024

Above docker example didn't work for me. Kept getting this error:
Malformed entry 1 in sources file /etc/apt/sources.list.d/docker.sources (Component), E:The list of sources could not be read

Had to change it to this:
- name: Add docker APT repository ansible.builtin.deb822_repository: name: docker types: [ deb ] uris: "https://download.docker.com/linux/ubuntu" signed_by: "https://download.docker.com/linux/ubuntu/gpg" suites: "{{ ansible_distribution_release }}" components: stable state: present enabled: yes

@roib20
Copy link
Author

roib20 commented Apr 25, 2024

Above docker example didn't work for me. Kept getting this error: Malformed entry 1 in sources file /etc/apt/sources.list.d/docker.sources (Component), E:The list of sources could not be read

I tested the Docker task by @Sprout9 above, it works on my test. I would need to see what the output is of /etc/apt/sources.list.d/ to know what issue you faced.

However, make sure you have set gather_facts: true. Your fix does not use facts and instead references "ubuntu" directly. This is valid, however there is an advantage in using facts: the same task can work on multiple different distributions.

For reference, this is the task I use to setup the Docker repository on my personal machines and in production servers (I personally tested it on Debian 11, Debian 12, Ubuntu 22.04 LTS and Ubuntu 24.04 LTS):

- name: Add Docker APT repository
  ansible.builtin.deb822_repository:
    name: docker
    state: present
    types: [deb]
    uris: "https://download.docker.com/linux/{{ ansible_distribution|lower }}"
    suites: ["{{ ansible_distribution_release|lower }}"]
    components: [stable]
    signed_by: "https://download.docker.com/linux/debian/gpg"
    enabled: yes

@hegerdes
Copy link

hegerdes commented May 1, 2024

Thank you @roib20

I now switched to the new style.

Just too add another example using google repos (gVisor in my example):

- name: gVisor repository
  ansible.builtin.deb822_repository:
    name: gvisor
    types: [deb]
    uris: https://storage.googleapis.com/gvisor/releases
    signed_by: "https://gvisor.dev/archive.key"
    components: [main]
    suites: [release]

@chemnic
Copy link

chemnic commented Jul 5, 2024

- name: Manage PHP PPA repository (deb822_repository)
  ansible.builtin.deb822_repository:
    state: present
    enabled: true
    name: php
    uris: [https://ppa.launchpadcontent.net/ondrej/php/ubuntu]
    signed_by: "{{ lookup('file', 'php_ppa.asc') }}"
    types: [deb]
    suites: ["{{ ansible_facts['distribution_release'] }}"]
    components: [main]

File php_ppa.asc:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: Hostname: 
Version: Hockeypuck 2.2

xo0ESX35nAEEALKDCUDVXvmW9n+T/+3G1DnTpoWh9/1xNaz/RrUH6fQKhHr568F8
hfnZP/2CGYVYkW9hxP9LVW9IDvzcmnhgIwK+ddeaPZqh3T/FM4OTA7Q78HSvR81m
Jpf2iMLm/Zvh89ZsmP2sIgZuARiaHo8lxoTSLtmKXsM3FsJVlusyewHfABEBAAHN
H0xhdW5jaHBhZCBQUEEgZm9yIE9uZMWZZWogU3Vyw73CtgQTAQIAIAUCSX35nAIb
AwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEE9OoKrlJnpsQjYD/jW1NlIFAlT6
EvF2xfVbkhERii9MapjaUsSso4XLCEmZdEGX54GQ01svXnrivwnd/kmhKvyxCqiN
LDY/dOaK8MK//bDI6mqdKmG8XbP2vsdsxhifNC+GH/OwaDPvn1TyYB653kwyruCG
FjEnCreZTcRUu2oBQyolORDl+BmF4DjLwsBzBBABCgAdFiEECvaBvTqO/UqmWMI/
thEcm0xImQEFAmXTV0AACgkQthEcm0xImQGTTggAhuMHGeBZlRUAsZE7jJM7Mf06
/WIhcgUfBfSFnJFlFH+xdEe/GFYyVk9kingDsPh90Ecnt4n8DJHTlsuUV1+SPBIO
JfbQTUjx1n/+Ck+TVKzRByvrpRXtiZQ214m3zbhZpme2eBBMItZByjG7g925NUIq
rL+R5ZoEcZvVlYscfsA0Sr8yJTsGJPefuLYI6eJkNDa1QkzBkSSW4XaCfNIxNBRs
zN/qGe3xy0bibOaC4T2TcbZPSAVP855ahNbLAdqkyfAutiEWcKZmQpR9qNh4482k
0pXVlQJ8UB860gVFHjwjFm/MsCeX8yfeAi38ZyInWL2OSG2pDx5ZzNESwnCPIg==
=3DzI
-----END PGP PUBLIC KEY BLOCK-----

@JohnRDOrazio
Copy link

Note that the deb822_repository module requires the python3-debian package to be installed. This can be installed in a virtual environment with pip install python-debian.

The deb822 format allows signing keys to be included in the same .source file rather than added to the /etc/apt/trusted.gpg.d folder. This is a better approach because the signing key will be associated only with it's own repository, and not with all repositories globally. This will give a result as close as possible to the native add-apt-repository:

- name: Manage PHP PPA repository (deb822_repository)
  become: true
  ansible.builtin.deb822_repository:
    state: present
    name: "ondrej-ubuntu-php-{{ansible_distribution_release}}"
    types: [deb]
    uris: [https://ppa.launchpadcontent.net/ondrej/php/ubuntu]
    suites: ["{{ ansible_facts['distribution_release'] }}"]
    components: [main]
    signed_by: |
      -----BEGIN PGP PUBLIC KEY BLOCK-----
      .
      mQINBGYo0vEBEAC0Semxy5I2b8exRUxJfTKkHR4f5uyS0dTd9vYgMI5T3gsa7ypH
      HtE+GiZC+T9m/F9h66+XJMxhuNsKRs7T2In5NSeso9H/ytlSTayUaBtCFfRp6y6b
      6ozuRBfqYJGxhjAnIzvNF/Wpp2BvfQm3OrQ7uJJrt5IvzLDC4jPxl/Xs3sTT+Hbk
      bkKKprZ3xmy2enuwBaNWR/CUtAz3hbkzL1kGbhX9m3QidFJagVVdDw3aNEwo8ush
      djWfF+BajNvpDFYJKBGQbCeagB753Baa5yIN62x+THLnLiKTMDS1e7U0ZDiV9671
      noTbtN5TeZeyfsEmeZ8X60x11JIP3yYHYZT70/DyTYX3WC9yQFyIgVOfRlGklMKI
      k3TLMmtq8w5Hz1vovwzV7PzaQnmY+uNP2ZbAP4fJ3iFAj0L+u0i1nOFgTy0Lq058
      O/FjRrQxuceDDCF+9ThspXMw3Puvz8giuBDCdEda84uC7XWMdqgz/maLfFQjAmyP
      Ixi1EMxMlHYyZajpR1cdCfrAIQlnQjHSWmyeCFgXPPfRA71aCcJ7oSrDjogW6Ahd
      HRkQRKf1FF9BFzycgSQotfR+7CKfPQh1kghufM9W/spARzA709nGZjXJzgEJLQd3
      CDB6dIIxT/0YI36h3Qgfmiiw4twO24MMEqEEPIELz2WJKeWGkdQdcekpxQARAQAB
      tB9MYXVuY2hwYWQgUFBBIGZvciBPbmTFmWVqIFN1csO9iQJOBBMBCgA4FiEEuNx+
      U5RmVu+85MHdcdrqq0rUyrYFAmYo0vECGwMFCwkIBwIGFQoJCAsCBBYCAwECHgEC
      F4AACgkQcdrqq0rUyrYOPQ/+IArA4s1J3op/w7cXek0ieFHWHFDrxPYS+78/LF/J
      LoYZw0nIU5Ovr+LzehFMIQU6esgPXwbeCVgwLwat57augAkAYWT0UzH5dE6RKAGr
      C2vsHWVfPhQn6UndfzwXc0mTLGQni25aQaZ6k60Dbm/vblejrTQrtAUWoMO3Z1cr
      NDGJ3Z9DCxtr2o9gRYUI6HwLHJtobTIeI5xsr5x+GvXiIAVCPa3ZEuRL6jMQfqfS
      C43mpuiS1kGgsnQLs2DbN7EFCfiJoNX1QzZu25zg+IS9PXbCJnheZWnH0rwUSb/N
      hZPcSefGlNlhr824OfT30v79hQnw59XbsfV270O9jPbD4kttN+OiszbU66zsuiOh
      BO46XCckQPqDkBMw56GPFuVrQgGb1thXvn67URJgPyJhwauBWKPNAJ9Ojuo+yVq/
      hdR1VNWThXQbZgaGSWrbjt6FdYtQb9VX88uu5gFDmr180HogHNUDUcqNLLdnjfFs
      4DyJlusQ5I/a7cQ7nlkNgxAmHszwO/mGLBuGljDUYkwZDW9nqP1Q5Q2jMtrhgXvR
      2SOtufvecUbB7+eoRSaOnu7CNMATG6LocFEMzhKUde1uZTfWSqnYEcdqoFJMi46y
      qaNxhiNLsQ5OBMbgSp2zCbQxRBdITMVvBR5YjCetUIGEs6T1yQ5wh5Xpoi34ShHn
      v38=
      =kFlZ
      -----END PGP PUBLIC KEY BLOCK-----

- name: Manage Python PPA repository (deb822_repository)
  become: true
  ansible.builtin.deb822_repository:
    state: present
    name: "deadsnakes-ubuntu-ppa-{{ansible_distribution_release}}"
    types: [deb]
    uris: [https://ppa.launchpadcontent.net/deadsnakes/ppa/ubuntu/]
    suites: ["{{ ansible_facts['distribution_release'] }}"]
    components: [main]
    signed_by: |
      -----BEGIN PGP PUBLIC KEY BLOCK-----
      .
      mQINBFl8fYEBEADQmGZ6pDrwY9iH9DVlwNwTOvOZ7q7lHXPl/TLfMs1tckMc/D9a
      hsdBN9VWtMmo+RySvhkIe8X15r65TFs2HE8ft6j2e/4K472pObM1hB+ajiU/wYX2
      Syq7DBlNm6YMP5/SyQzRxqis4Ja1uUjW4Q5/Csdf5In8uMzXj5D1P7qOiP2aNa0E
      r3w6PXWRTuTihWZOsHv8npyVYDBRR6gEZbd3r86snI/7o8Bfmad3KjbxL7aOdNMw
      AqQFaNKl7Y+UJpv1CNFIf+twcOoC0se1SrsVJlAH9HNHM7XGQsPUwpNvQlcmvr+t
      1vVS2m72lk3gyShDuJpi1TifGw+DoTqu54U0k+0sZm4pnQVeiizNkefU2UqOoGlt
      4oiG9nIhSX04xRlGes3Ya0OjNI5b1xbcYoR+r0c3odI+UCw3VSZtKDX/xlH1o/82
      b8ouXeE7LA1i4DvGNj4VSvoxv4ggIznxMf+PkWXWKwRGsbAAXF52rr4FUaeaKoIU
      DkJqHXAxrB3PQslZ+ZgBEukkQZF76NkqRqP1E7FXzZZMo2eEL7vtnhSzUlanOf42
      ECBoWHVoZQaRFMNbGpqlg9aWedHGyetMStS3nH1sqanr+i4I8VR/UH+ilarPTW3T
      E0apWlsH8+N3IKbRx2wgrRZNoQEuyVtvyewDFYShJB3Zxt7VCy67vKAl1QARAQAB
      tBxMYXVuY2hwYWQgUFBBIGZvciBkZWFkc25ha2VziQI4BBMBAgAiBQJZfH2BAhsD
      BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRC6aTI2anVXdvwhD/4oI3yckeKn
      9aJNNTJsyw4ydMkIAOdG+jbZsYv/rN73UVQF1RA8HC71SDmbd0Nu80koBOX+USuL
      vvhoMIsARlD5dLx5f/zaQcYWJm/BtsMF/eZ4s1xsenwW6PpXd8FpaTn1qtg/8+O9
      99R4uSetAhhyf1vSRb/8U0sgSQd38mpZZFq352UuVisXnmCThj621loQubYJ3lwU
      LSLs8wmgo4XIYH7UgdavV9dfplPh0M19RHQL3wTyQP2KRNRq1rG7/n1XzUwDyqY6
      eMVhdVhvnxAGztvdFCySVzBRr/rCw6quhcYQwBqdqaXhz63np+4mlUNfd8Eu+Vas
      b/tbteF/pDu0yeFMpK4X09Cwn2kYYCpq4XujijW+iRWb4MO3G8LLi8oBAHP/k0CM
      /QvSRbbG8JDQkQDH37Efm8iE/EttJTixjKAIfyugmvEHfcrnxaMoBioa6h6McQrM
      vI8bJirxorJzOVF4kY7xXvMYwjzaDC8G0fTA8SzQRaShksR3USXZjz8vS6tZ+YNa
      mRHPoZ3Ua0bz4t2aCcu/fknVGsXcNBazNIK9WF2665Ut/b7lDbojXsUZ3PpuqOoe
      GQL9LRj7nmCI6ugoKkNp8ZXcGJ8BGw37Wep2ztyzDohXp6f/4mGgy2KYV9R4S8D5
      yBDUU6BS7Su5nhQMStfdfr4FffLmnvFC9w==
      =7hFk
      -----END PGP PUBLIC KEY BLOCK-----

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment