An ansible role that will add a third party apt repo to and Debian like distro. It can optionally install packages after adding the repo.
This role has only been tested on Ubuntu 20.04.
A string in apt source list format. This string will be passed to
ansible.builtin.apt_repository.repo
.
third_party_repo: deb [arch=amd64] https://apt.releases.hashicorp.com focal main
A URL to the key that signed packages from the 3rd party repo. This string will
be passed to ansible.builtin.apt_key.url
.
third_party_repo_key_url: https://apt.releases.hashicorp.com/gpg
The fingerprint of the key pointed to by third_party_repo_key_url
. This string
will be passed to ansible.builtin.apt_key.id
. See section below on how to find
this key.
third_party_repo_key_fingerprint: E8A032E094D8EB4EA189D270DA418C88A3219F7B
A list of packages to install after the third party repo has been added. These can be packages from the third party repo or from the default repos.
packages: [terraform]
Create a yaml file with the following content.
---
- src: git+https://github.com/shnee/third_party_apt_repo_ansible_role.git
name: third_party_apt_repo
version: master
Then run:
ansible-galaxy install -r <requirement yaml file>
- roles:
- role: third_party_apt_repo
third_party_repo: |
deb [arch=amd64] https://apt.releases.hashicorp.com focal main
third_party_repo_key_url: https://apt.releases.hashicorp.com/gpg
third_party_repo_key_fingerprint: E8A032E094D8EB4EA189D270DA418C88A3219F7B
packages: [terraform]
Here is a way to get a fingerprint for a key via gpg. This method will not
import the key. The command uses the -n
flag which tells gpg that this is a
dry run and to not import the key.
$ > gpg2 -n -q --import --import-options import-show <gpg key>
pub rsa4096 2020-05-07 [SC]
E8A032E094D8EB4EA189D270DA418C88A3219F7B
uid HashiCorp Security (HashiCorp Package Signing) <security+packaging@hashicorp.com>
sub rsa4096 2020-05-07 [E]
In this example the hex string E8A032E094D8EB4EA189D270DA418C88A3219F7B
is the
fingerprint.
MIT
This role was created by shnee.