debops.apt_cacher_ng default variables
Sections
Packages and installation
- apt_cacher_ng__base_packages
List of base packages to install.
apt_cacher_ng__base_packages:
- 'apt-cacher-ng'
- apt_cacher_ng__enabled
Should the Apt-Cacher NG service be enabled?
apt_cacher_ng__enabled: True
- apt_cacher_ng__deploy_state
What is the desired state which this role should achieve? Possible options:
present
Default. Ensure that Apt-Cacher NG is installed and configured as requested.
absent
Ensure that Apt-Cacher NG is uninstalled and it's configuration is removed.
purge
Same as
absent
but additionally also ensures that the cache directories is removed.
apt_cacher_ng__deploy_state: 'present'
- apt_cacher_ng__configuration_files
This variable allows you to change which configuration files this role is going to create and which permissions to use for them.
path
String, required, defines the path to the configuration file on the host.
src
String, optional, defines the path to the template file. Defaults to
path
with any leading/
removed.owner
String, optional, defaults to
root
. Unix user which owns the configuration file.group
String, optional, defaults to
root
. Unix group of the configuration file.mode
String, optional, defaults to
0640
. Unix permissions of the configuration file.divert
Boolean, optional, defaults to
True
. Should the original configuration file be diverted away before creating our version of the file?
apt_cacher_ng__configuration_files:
- path: '/etc/apt-cacher-ng/backends_debian'
mode: '0644'
- path: '/etc/apt-cacher-ng/backends_ubuntu'
mode: '0644'
- path: '/etc/apt-cacher-ng/backends_gentoo'
mode: '0644'
divert: False
- path: '/etc/apt-cacher-ng/acng.conf'
mode: '0644'
- path: '/etc/apt-cacher-ng/security.conf'
group: 'apt-cacher-ng'
mode: '0640'
- path: '/etc/apt-cacher-ng/userinfo.html'
mode: '0644'
divert: False
Upstream mirrors
- apt_cacher_ng__upstream_mirror_debian
Which upstream mirror(s) should be used for Debian repositories? One mirror per line. Set to an empty string to let the package scripts from Apt-Cacher NG decide which upstream mirror to use.
apt_cacher_ng__upstream_mirror_debian: '{{ ansible_local.apt.default_sources_map.Debian[0]
| d("http://deb.debian.org/debian") }}'
- apt_cacher_ng__upstream_mirror_ubuntu
Which upstream mirror(s) should be used for Ubuntu repositories? One mirror per line. Set to an empty string to let the package scripts from Apt-Cacher NG decide which upstream mirror to use.
apt_cacher_ng__upstream_mirror_ubuntu: '{{ ansible_local.apt.default_sources_map.Ubuntu[0]
| d("http://archive.ubuntu.com/ubuntu") }}'
- apt_cacher_ng__upstream_mirror_gentoo
Which upstream mirror(s) should be used for Gentoo repositories? One mirror per line. Set to an empty string to let the package scripts from Apt-Cacher NG decide which upstream mirror to use.
apt_cacher_ng__upstream_mirror_gentoo: '{{ ansible_local.apt.default_sources_map.Gentoo[0] | d("") }}'
Cache directory
- apt_cacher_ng__cache_dir
Storage directory for downloaded data and related maintenance activity.
apt_cacher_ng__cache_dir: '/var/cache/apt-cacher-ng'
- apt_cacher_ng__cache_dir_owner
Unix user which owns the cache directory and it's contents.
apt_cacher_ng__cache_dir_owner: 'apt-cacher-ng'
- apt_cacher_ng__cache_dir_group
Unix group of the cache directory and it's contents..
apt_cacher_ng__cache_dir_group: 'apt-cacher-ng'
- apt_cacher_ng__dir_perms
Default permission set of freshly created files and directories, as octal numbers (see chmod(1) for details). Can by limited by the umask value (see umask(2) for details) if it's set in the environment of the starting shell, e. g. in apt-cacher-ng init script or in its configuration file.
apt_cacher_ng__dir_perms: '02755'
- apt_cacher_ng__file_perms
Default permission set of freshly created files and directories, as octal numbers (see chmod(1) for details). Can by limited by the umask value (see umask(2) for details) if it's set in the environment of the starting shell, e. g. in apt-cacher-ng init script or in its configuration file.
apt_cacher_ng__file_perms: '00644'
- apt_cacher_ng__cache_dir_enforce_permissions
Should the permissions of the cache directory and it's content be enforced (changed to the specified owner, group and mode)?
Options:
strict
Go thought all files and directories and enforce the permissions on each Ansible run.
Warning
This can slow down the role execution time even when the changes have already been applied. The main factor is the number of files/directories in your cache directory.
lazy
Check the
_expending_damaged
file in the root ofapt_cacher_ng__cache_dir
and only enforce permissions on all other files if this one file needed to be changed.disabled
Don't enforce permissions.
apt_cacher_ng__cache_dir_enforce_permissions: 'lazy'
Management credentials
- apt_cacher_ng__user
Username for basic authentication required to visit pages with administrative functionality.
apt_cacher_ng__user: 'admin'
- apt_cacher_ng__password
Password for basic authentication required to visit pages with administrative functionality.
apt_cacher_ng__password: '{{ lookup("password", secret + "/credentials/" +
inventory_hostname + "/apt_cacher_ng/" +
apt_cacher_ng__user + "/password length=24") }}'
Tuning, debugging and further options
- apt_cacher_ng__log_dir
Log file directory, can be set empty to disable logging.
apt_cacher_ng__log_dir: '/var/log/apt-cacher-ng'
- apt_cacher_ng__support_dir
A place to look for additional configuration and resource files if they are not found in the configuration directory.
apt_cacher_ng__support_dir: '/usr/lib/apt-cacher-ng'
- apt_cacher_ng__debug
A bitmask type value declaring the logging verbosity and behavior of the error log writing. Non-zero value triggers at least faster log file flushing.
Some higher bits only working with a special debug build of apt-cacher-ng,
see the manual for details. The setting has an alias named UnbufferLogs
.
Setting apt_cacher_ng__debug: 1
will result in unbuffer log writes.
Warning
This can write significant amount of data into the
apt-cacher.err
logfile.
No debug printing.
Log file buffers are flushed faster.
Some additional information appears within usual transfer/error logs.
Extra debug information is written to apt-cacher.err (also enables lots of additional trace points when apt-cacher-ng binary is built with debug configuration, see section 9.6 for details).
apt_cacher_ng__debug: 0
- apt_cacher_ng__verbose_log
Enables extended client information in log entries. When set to True
,
only activity type, time and transfer sizes are logged.
apt_cacher_ng__verbose_log: True
- apt_cacher_ng__force_managed
Forbid downloads from locations that are directly specified in the user
request, i.e. all downloads must be processed by the preconfigured remapping
backends.
Set to False
by default to allow to download other repositories via the proxy like
download.owncloud.org.
apt_cacher_ng__force_managed: False
- apt_cacher_ng__expiration_threshold
Days before considering an unreferenced file expired (to be deleted).
Warning
If the value is set too low and particular index files are not available for some days (mirror downtime) then there is a risk of removal of still useful package files.
apt_cacher_ng__expiration_threshold: 4
- apt_cacher_ng__expiration_abort_on_problems
Stop expiration when a critical problem appears, issue like a failed update of an index file in the preparation step.
Warning
Don't set this option to zero or empty without considering possible consequences like a sudden and complete cache data loss.
apt_cacher_ng__expiration_abort_on_problems: 'default'
- apt_cacher_ng__dns_cache_seconds
There is a small in-memory cache for DNS resolution data, expired by this timeout (in seconds). Internal caching is disabled if set to a value less than zero.
apt_cacher_ng__dns_cache_seconds: 1800
- apt_cacher_ng__log_submitted_origin
Trust the downstream HTTP proxy and log the X-Forwarded-For header as the client IP address.
apt_cacher_ng__log_submitted_origin: True
- apt_cacher_ng__user_agent
The version string reported to the peer, to be displayed as HTTP client (and version) in the logs of the mirror.
Warning
Expect side effects! Some archives use this header to guess capabilities of the client (i.e. allow redirection and/or https links) and change their behaviour accordingly but ACNG might not support the expected features.
Default is the compiled in UserAgent: Yet Another HTTP Client/1.2.3p4
apt_cacher_ng__user_agent: 'default'
- apt_cacher_ng__recompress_bz2
In some cases the Import and Expiration tasks might create fresh volatile
data for internal use by reconstructing them using patch files. This
by-product might be recompressed with bzip2 and with some luck the resulting
file becomes identical to the *.bz2
file on the server which can be used by
APT when requesting a complete version of this file.
The downside of this feature is higher CPU load on the server during
the maintenance tasks, and the outcome might have not much value in a LAN
where all clients update their data often and regularly and therefore usually
don't need the full version of the index file.
apt_cacher_ng__recompress_bz2: False
- apt_cacher_ng__custom
Configuration block for Apt-Cacher NG for additional configuration for example custom remap settings.
apt_cacher_ng__custom: ''
Network accessibility
- apt_cacher_ng__allow
Allow access to Apt-Cacher NG from specified IP addresses or CIDR networks. If not specified, allows access from all networks.
apt_cacher_ng__allow: []
- apt_cacher_ng__group_allow
Allow access to Apt-Cacher NG from specified IP addresses or CIDR networks. If not specified, allows access from all networks.
apt_cacher_ng__group_allow: []
- apt_cacher_ng__host_allow
Allow access to Apt-Cacher NG from specified IP addresses or CIDR networks. If not specified, allows access from all networks.
apt_cacher_ng__host_allow: []
- apt_cacher_ng__interfaces
List of network interfaces from which to allow access to Apt-Cacher NG. If not specified, allows access from all interfaces.
apt_cacher_ng__interfaces: []
Role-dependent configuration
- apt_cacher_ng__etc_services__dependent_list
Configuration for the debops.etc_services role which registers port numbers for Apt-Cacher NG.
apt_cacher_ng__etc_services__dependent_list:
- name: 'acng'
port: '{{ apt_cacher_ng__port }}'
comment: 'Apt-Cacher NG caching proxy server'
delete: '{{ apt_cacher_ng__deploy_state != "present" }}'
- apt_cacher_ng__apt_preferences__dependent_list
Configuration for the debops.apt_preferences role.
apt_cacher_ng__apt_preferences__dependent_list: []
- apt_cacher_ng__ferm__dependent_rules
Configuration for ferm firewall. It should be added when debops.ferm role is used to configure Apt-Cacher NG firewall rules.
apt_cacher_ng__ferm__dependent_rules:
- type: 'accept'
dport: [ 'acng' ]
saddr: '{{ (apt_cacher_ng__allow | d([]) | list) +
(apt_cacher_ng__group_allow | d([]) | list) +
(apt_cacher_ng__host_allow | d([]) | list) }}'
accept_any: True
interface: '{{ apt_cacher_ng__interfaces }}'
weight: '40'
by_role: 'debops.apt_cacher_ng'
name: 'http_proxy'
rule_state: '{{ apt_cacher_ng__deploy_state }}'
- apt_cacher_ng__apparmor__dependent_config
Configuration for the debops-contrib.apparmor
role.
apt_cacher_ng__apparmor__dependent_config:
'usr.sbin.apt-cacher-ng':
## Seems this change is not possible thought the ``@{APT_CACHE_DIR}``
## variable without changing the profile file directly?
- comment: 'Allow Apt-Cacher-Ng access to the cache directory'
by_role: 'debops.apt_cacher_ng'
delete: '{{ apt_cacher_ng__deploy_state != "present" }}'
rules:
- '{{ apt_cacher_ng__cache_dir }}/ r'
- '{{ apt_cacher_ng__cache_dir }}/** rw'
- apt_cacher_ng__upstream_servers
List of upstream nginx proxy servers.
apt_cacher_ng__upstream_servers:
- 'localhost:{{ apt_cacher_ng__port }}'
- apt_cacher_ng__nginx__upstream
The nginx upstream configuration, managed by debops.nginx role.
apt_cacher_ng__nginx__upstream:
enabled: True
name: 'apt-cacher-ng'
server: '{{ apt_cacher_ng__upstream_servers }}'
- apt_cacher_ng__nginx__servers
List of nginx server configurations managed by the debops.nginx role. There is a separate configuration for HTTP and HTTPS connections to allow access for hosts without SSL support installed.
apt_cacher_ng__nginx__servers:
- by_role: 'debops.apt_cacher_ng'
name: [ '{{ apt_cacher_ng__fqdn }}' ]
filename: 'debops.apt_cacher_ng_http'
enabled: True
allow: '{{ apt_cacher_ng__allow + apt_cacher_ng__group_allow + apt_cacher_ng__host_allow }}'
ssl: False
webroot_create: False
type: 'proxy'
proxy_pass: 'http://apt-cacher-ng'
proxy_options: |
if ($request_uri !~ "^/.*(\.js|\.css|\.html|\.ico)(.*)?$") {
rewrite ^/(.*)$ /$host/$1 break;
}
proxy_redirect off;
proxy_buffering off;
options: |
location ~ /acng-report.html {
return 307 https://$host$request_uri;
}
- by_role: 'debops.apt_cacher_ng'
name: [ '{{ apt_cacher_ng__fqdn }}' ]
filename: 'debops.apt_cacher_ng_https'
enabled: True
allow: '{{ apt_cacher_ng__allow + apt_cacher_ng__group_allow + apt_cacher_ng__host_allow }}'
state: '{{ "present" if (ansible_local.pki | d()) else "absent" }}'
listen: False
webroot_create: False
type: 'proxy'
proxy_pass: 'http://apt-cacher-ng'
proxy_options: |
if ($request_uri !~ "^/.*(\.js|\.css|\.html|\.ico)(.*)?$") {
rewrite ^/(.*)$ /$host/$1 break;
}
proxy_redirect off;
proxy_buffering off;