ansible.builtin.apt module – Manages apt-packages
Note
This module is part of ansible-core
and included in all Ansible
installations. In most cases, you can use the short
module name
apt
even without specifying the collections:
keyword.
However, we recommend you use the FQCN for easy linking to the
module documentation and to avoid conflicting with other collections that may have
the same module name.
New in version 0.0.2: of ansible.builtin
Requirements
The below requirements are needed on the host that executes this module.
python-apt (python 2)
python3-apt (python 3)
aptitude (before 2.4)
Parameters
Parameter |
Comments |
---|---|
Corresponds to the This option enables the named package and version to replace an already installed higher version of that package. Note that setting allow_downgrade=true can make this module behave in a non-idempotent way. (The task could end up with a set of packages that does not match the complete list of specified packages to install). Choices:
|
|
Ignore if packages cannot be authenticated. This is useful for bootstrapping environments that manage their own apt-key setup.
Choices:
|
|
If Choices:
|
|
If Previous to version 2.4, autoclean was also an alias for autoremove, now it is its own separate command. See documentation for further information. Choices:
|
|
Update the apt cache if it is older than the cache_valid_time. This option is set in seconds. As of Ansible 2.4, if explicitly set, this sets update_cache=yes. Default: 0 |
|
Path to a .deb package on the remote machine. If :// in the path, ansible will attempt to download deb before installing. (Version added 2.1) Requires the |
|
Corresponds to the |
|
Add dpkg options to apt command. Defaults to ‘-o “Dpkg::Options::=–force-confdef” -o “Dpkg::Options::=–force-confold”’ Options should be supplied as comma separated list Default: “force-confdef,force-confold” |
|
Corresponds to the If
Choices:
|
|
Corresponds to the This option will disable checking both the packages’ signatures and the certificates of the web servers they are downloaded from. This option is not the equivalent of passing the This is a destructive operation with the potential to destroy your system, and it should almost never be used. Please also see Choices:
|
|
Force usage of apt-get instead of aptitude Choices:
|
|
Corresponds to the Choices:
|
|
How many seconds will this action wait to acquire a lock on the apt db. Sometimes there is a transitory lock and this will retry at least until timeout is hit. Default: 60 |
|
A list of package names, like |
|
Only upgrade a package if it is already installed. Choices:
|
|
Force the exit code of /usr/sbin/policy-rc.d. For example, if policy_rc_d=101 the installed package will not trigger a service start. If /usr/sbin/policy-rc.d already exists, it is backed up and restored after the package installation. If |
|
Will force purging of configuration files if the module state is set to absent. Choices:
|
|
Indicates the desired package state. Choices:
|
|
Run the equivalent of Default is not to update the cache. Choices:
|
|
Amount of retries if the cache update fails. Also see update_cache_retry_max_delay. Default: 5 |
|
Use an exponential backoff delay for each retry (see update_cache_retries) up to this max delay in seconds. Default: 12 |
|
If yes or safe, performs an aptitude safe-upgrade. If full, performs an aptitude full-upgrade. If dist, performs an apt-get dist-upgrade. Note: This does not upgrade a specific package, use state=latest for that. Note: Since 2.4, apt-get is used as a fall-back if aptitude is not present. Choices:
|
Attributes
Attribute |
Support |
Description |
---|---|---|
Support: full |
Can run in check_mode and return changed status prediction withought modifying target |
|
Support: full |
Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode |
|
Platform: debian |
Target OS/families that can be operated against |
Notes
Note
Three of the upgrade modes (
full
,safe
and its aliasyes
) requiredaptitude
up to 2.3, since 2.4apt-get
is used as a fall-back.In most cases, packages installed with apt will start newly installed services by default. Most distributions have mechanisms to avoid this. For example when installing Postgresql-9.5 in Debian 9, creating an excutable shell script (/usr/sbin/policy-rc.d) that throws a return code of 101 will stop Postgresql 9.5 starting up after install. Remove the file or remove its execute permission afterwards.
The apt-get commandline supports implicit regex matches here but we do not because it can let typos through easier (If you typo
foo
asfo
apt-get would install packages that have “fo” in their name with a warning and a prompt for the user. Since we don’t have warnings and prompts before installing we disallow this.Use an explicit fnmatch pattern if you want wildcarding)When used with a
loop:
each package will be processed individually, it is much more efficient to pass the list directly to the name option.
Examples
- name: Install apache httpd (state=present is optional)
apt:
name: apache2
state: present
- name: Update repositories cache and install "foo" package
apt:
name: foo
update_cache: yes
- name: Remove "foo" package
apt:
name: foo
state: absent
- name: Install the package "foo"
apt:
name: foo
- name: Install a list of packages
apt:
pkg:
- foo
- foo-tools
- name: Install the version '1.00' of package "foo"
apt:
name: foo=1.00
- name: Update the repository cache and update package "nginx" to latest version using default release squeeze-backport
apt:
name: nginx
state: latest
default_release: squeeze-backports
update_cache: yes
- name: Install the version '1.18.0' of package "nginx" and allow potential downgrades
apt:
name: nginx=1.18.0
state: present
allow_downgrade: yes
- name: Install zfsutils-linux with ensuring conflicted packages (e.g. zfs-fuse) will not be removed.
apt:
name: zfsutils-linux
state: latest
fail_on_autoremove: yes
- name: Install latest version of "openjdk-6-jdk" ignoring "install-recommends"
apt:
name: openjdk-6-jdk
state: latest
install_recommends: no
- name: Update all packages to their latest version
apt:
name: "*"
state: latest
- name: Upgrade the OS (apt-get dist-upgrade)
apt:
upgrade: dist
- name: Run the equivalent of "apt-get update" as a separate step
apt:
update_cache: yes
- name: Only run "update_cache=yes" if the last one is more than 3600 seconds ago
apt:
update_cache: yes
cache_valid_time: 3600
- name: Pass options to dpkg on run
apt:
upgrade: dist
update_cache: yes
dpkg_options: 'force-confold,force-confdef'
- name: Install a .deb package
apt:
deb: /tmp/mypackage.deb
- name: Install the build dependencies for package "foo"
apt:
pkg: foo
state: build-dep
- name: Install a .deb package from the internet
apt:
deb: https://example.com/python-ppq_0.1-1_all.deb
- name: Remove useless packages from the cache
apt:
autoclean: yes
- name: Remove dependencies that are no longer required
apt:
autoremove: yes
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
time of the last cache update (0 if unknown) Returned: success, in some cases Sample: 1425828348000 |
|
if the cache was updated or not Returned: success, in some cases Sample: true |
|
error output from apt Returned: success, when needed Sample: “AH00558: apache2: Could not reliably determine the server\u0027s fully qualified domain name, using 127.0.1.1. Set the \u0027ServerName\u0027 directive globally to …” |
|
output from apt Returned: success, when needed Sample: “Reading package lists… Building dependency tree… Reading state information… The following extra packages will be installed: apache2-bin …” |
Authors
Matthew Williams (@mgwilliams)