The apt_repository module in Ansible allows you to manage APT repositories on Debian-based systems. It lets you add, remove, or update software sources on remote servers. The apt_key module manages GPG keys, which verify that packages from these repositories are safe. You can use it to add or remove keys, ensuring your software is trustworthy. These modules make it easy to set up and secure software sources on your system.
In this guide, we will explore apt_repository and apt_key modules with practical examples.
Table of Contents
Basic Syntax
The apt_repository module manages APT repositories. Here’s the basic syntax.
- name: Manage APT repository
ansible.builtin.apt_repository:
repo: "repository string"
state: present/absent
update_cache: yes/noExplanation.
- repo: specifies the full URL of the repository.
- state: Used add (present) or remove (absent) the repository.
- update_cache: Used to update the package cache after adding or removing the repository.
The apt_key module manages GPG keys for APT repositories. Here’s the basic syntax.
- name: Manage APT key
ansible.builtin.apt_key:
id: "key ID or fingerprint"
keyserver: "key server URL"
url: "URL of the key"
state: present/absentExplanation.
- id: The GPG key ID or fingerprint.
- keyserver: Path of the key server to retrieve the key from.
- url: The URL of the key to add.
- state: Used to add (present) or remove (absent) the key.
Adding a GPG Key
Use the apt_key module with “state: present” to add a GPG key to verify package authenticity and integrity. This example playbook adds a GPG key for the NodeSource repository.
---
- name: Add GPG key for NodeSource repository
hosts: all
become: yes
tasks:
- name: Add NodeSource GPG key
ansible.builtin.apt_key:
url: 'https://deb.nodesource.com/gpgkey/nodesource.gpg.key'
state: presentAdding a Repository
The apt_repository module adds a repository to access new software sources. The following playbook adds the NodeSource repository for installing Node.js.
---
- name: Add NodeSource repository for Node.js
hosts: all
become: yes
tasks:
- name: Add NodeSource repository
ansible.builtin.apt_repository:
repo: 'deb https://deb.nodesource.com/node_18.x {{ ansible_distribution_release }} main'
state: present
update_cache: yesRemoving a GPG Key
You can use the apt_key with “state: absent” option to remove a GPG key when it’s no longer needed or trusted. Here’s an example playbook that removes a GPG key from all remote hosts.
---
- name: Remove GPG key for a repository
hosts: all
become: yes
tasks:
- name: Remove specific GPG key
ansible.builtin.apt_key:
id: '9FD3B784BC1C6FD31C347D7D37F7DAFD40499C7D'
state: absentRemoving a Repository
You can use the apt_repository with “state: absent” option to remove a repository from remote servers. The following playbook removes the NodeSource repository from all remote hosts.
---
- name: Remove NodeSource repository for Node.js
hosts: all
become: yes
tasks:
- name: Remove NodeSource repository
ansible.builtin.apt_repository:
repo: 'deb https://deb.nodesource.com/node_18.x {{ ansible_distribution_release }} main'
state: absentConclusion
In this guide, you learned how to manage a repository using the apt_repository module. In addition, you also learned to manage the GPG key using the apt_key module. You can now automate repository management across multiple servers.
FAQs
1. What is the Ansible apt_repository module used for?
The Ansible apt_repository module is used to add, remove, or manage APT repositories on Ubuntu and Debian systems.
