apt_repository Resource
This page is generated from the Chef Infra Client source code.To suggest a change, edit the apt_repository.rb file and submit a pull request to the Chef Infra Client repository.
Use the apt_repository resource to specify additional APT repositories. Adding a new repository will update the APT package cache immediately.
New in Chef Infra Client 12.9.
Syntax
The full syntax for all of the properties that are available to the apt_repository resource is:
apt_repository 'name' do
arch String, false
cache_rebuild true, false # default value: true
components Array # default value: `main` if using a PPA repository.
cookbook String, false
deb_src true, false # default value: false
distribution String, false # default value: The LSB codename of the node such as 'focal'.
key String, Array, false # default value: []
key_proxy String, false
keyserver String, false # default value: "keyserver.ubuntu.com"
repo_name String # default value: 'name' unless specified
trusted true, false # default value: false
uri String
options String, Array # default value: []
action Symbol # defaults to :add if not specified
end
where:
apt_repository
is the resource.name
is the name given to the resource block.action
identifies which steps Chef Infra Client will take to bring the node into the desired state.arch
,cache_rebuild
,components
,cookbook
,deb_src
,distribution
,key
,key_proxy
,keyserver
,repo_name
,trusted
, anduri
are the properties available to this resource.
Actions
The apt_repository resource has the following actions:
:add
- Creates a repository file at
/etc/apt/sources.list.d/
and builds the repository listing. (default) :nothing
- This resource block doesn’t act unless notified by another resource to take action. Once notified, this resource block either runs immediately or is queued up to run at the end of a Chef Infra Client run.
:remove
- Removes the repository listing.
Properties
The apt_repository resource has the following properties:
arch
- Ruby Type: String, false
Constrain packages to a particular CPU architecture such as
i386
oramd64
.
cache_rebuild
- Ruby Type: true, false | Default Value:
true
Determines whether to rebuild the APT package cache.
components
- Ruby Type: Array | Default Value:
`main` if using a PPA repository.
Package groupings, such as ‘main’ and ‘stable’.
cookbook
- Ruby Type: String, false
If key should be a cookbook_file, specify a cookbook where the key is located for files/default. Default value is nil, so it will use the cookbook where the resource is used.
deb_src
- Ruby Type: true, false | Default Value:
false
Determines whether or not to add the repository as a source repo as well.
distribution
- Ruby Type: String, false | Default Value:
The LSB codename of the node such as 'focal'.
Usually a distribution’s codename, such as
xenial
,bionic
, orfocal
.
key
- Ruby Type: String, Array, false | Default Value:
[]
If a keyserver is provided, this is assumed to be the fingerprint; otherwise it can be either the URI of GPG key for the repo, or a cookbook_file.
key_proxy
- Ruby Type: String, false
If set, a specified proxy is passed to GPG via
http-proxy=
.
keyserver
- Ruby Type: String, false | Default Value:
keyserver.ubuntu.com
The GPG keyserver where the key for the repo should be retrieved.
repo_name
- Ruby Type: String | Default Value:
The resource block's name
An optional property to set the repository name if it differs from the resource block’s name. The value of this setting must not contain spaces.
New in Chef Client 14.1
trusted
- Ruby Type: true, false | Default Value:
false
Determines whether you should treat all packages from this repository as authenticated regardless of signature.
options
- Ruby Type: String, Array | Default Value:
[]
Additional options to set for the repository.
uri
- Ruby Type: String
The base of the Debian distribution.
Common Resource Functionality
Chef resources include common properties, notifications, and resource guards.
Common Properties
The following properties are common to every resource:
compile_time
Ruby Type: true, false | Default Value:
false
Control the phase during which the resource is run on the node. Set to true to run while the resource collection is being built (the
compile phase
). Set to false to run while Chef Infra Client is configuring the node (theconverge phase
).ignore_failure
Ruby Type: true, false, :quiet | Default Value:
false
Continue running a recipe if a resource fails for any reason.
:quiet
won’t display the full stack trace and the recipe will continue to run if a resource fails.retries
Ruby Type: Integer | Default Value:
0
The number of attempts to catch exceptions and retry the resource.
retry_delay
Ruby Type: Integer | Default Value:
2
The delay in seconds between retry attempts.
sensitive
Ruby Type: true, false | Default Value:
false
Ensure that sensitive resource data isn’t logged by Chef Infra Client.
Notifications
notifies
Ruby Type: Symbol, 'Chef::Resource[String]'
A resource may notify another resource to take action when its state changes. Specify a
'resource[name]'
, the:action
that resource should take, and then the:timer
for that action. A resource may notify more than one resource; use anotifies
statement for each resource to be notified.If the referenced resource doesn’t exist, an error is raised. In contrast,
subscribes
won’t fail if the source resource isn’t found.
A timer specifies the point during a Chef Infra Client run at which a notification is run. The following timers are available:
:before
Specifies that the action on a notified resource should be run before processing the resource block in which the notification is located.
:delayed
Default. Specifies that a notification should be queued up, and then executed at the end of a Chef Infra Client run.
:immediate
,:immediately
Specifies that a notification should be run immediately, for each resource notified.
The syntax for notifies
is:
notifies :action, 'resource[name]', :timer
subscribes
Ruby Type: Symbol, 'Chef::Resource[String]'
A resource may listen to another resource, and then take action if the
state of the resource being listened to changes. Specify a
'resource[name]'
, the :action
to be taken, and then the :timer
for
that action.
Note that subscribes
doesn’t apply the specified action to the
resource that it listens to - for example:
file '/etc/nginx/ssl/example.crt' do
mode '0600'
owner 'root'
end
service 'nginx' do
subscribes :reload, 'file[/etc/nginx/ssl/example.crt]', :immediately
end
In this case the subscribes
property reloads the nginx
service
whenever its certificate file, located under
/etc/nginx/ssl/example.crt
, is updated. subscribes
doesn’t make any
changes to the certificate file itself, it merely listens for a change
to the file, and executes the :reload
action for its resource (in this
example nginx
) when a change is detected.
If the other resource doesn’t exist, the subscription won’t raise an
error. Contrast this with the stricter semantics of notifies
, which
will raise an error if the other resource doesn’t exist.
A timer specifies the point during a Chef Infra Client run at which a notification is run. The following timers are available:
:before
Specifies that the action on a notified resource should be run before processing the resource block in which the notification is located.
:delayed
Default. Specifies that a notification should be queued up, and then executed at the end of a Chef Infra Client run.
:immediate
,:immediately
Specifies that a notification should be run immediately, for each resource notified.
The syntax for subscribes
is:
subscribes :action, 'resource[name]', :timer
Guards
A guard property can be used to evaluate the state of a node during the execution phase of a Chef Infra Client run. Based on the results of this evaluation, a guard property is then used to tell Chef Infra Client if it should continue executing a resource. A guard property accepts either a string value or a Ruby block value:
- A string is executed as a shell command. If the command returns
0
, the guard is applied. If the command returns any other value, then the guard property isn’t applied. String guards in a powershell_script run Windows PowerShell commands and may returntrue
in addition to0
. - A block is executed as Ruby code that must return either
true
orfalse
. If the block returnstrue
, the guard property is applied. If the block returnsfalse
, the guard property isn’t applied.
A guard property is useful for ensuring that a resource is idempotent by allowing that resource to test for the desired state as it’s being executed, and then if the desired state is present, for Chef Infra Client to don’thing.
PropertiesThe following properties can be used to define a guard that’s evaluated during the execution phase of a Chef Infra Client run:
not_if
Prevent a resource from executing when the condition returns
true
.only_if
Allow a resource to execute only if the condition returns
true
.
Examples
The following examples demonstrate various approaches for using the apt_repository resource in recipes:
Add repository with basic settings:
apt_repository 'nginx' do
uri 'http://nginx.org/packages/ubuntu/'
components ['nginx']
end
Enable Ubuntu multiverse repositories:
apt_repository 'security-ubuntu-multiverse' do
uri 'http://security.ubuntu.com/ubuntu'
distribution 'xenial-security'
components ['multiverse']
deb_src true
end
Add the Nginx PPA, autodetect the key and repository url:
apt_repository 'nginx-php' do
uri 'ppa:nginx/stable'
end
Add the JuJu PPA, grab the key from the Ubuntu keyserver, and add source repo:
apt_repository 'juju' do
uri 'ppa:juju/stable'
components ['main']
distribution 'xenial'
key 'C8068B11'
action :add
deb_src true
end
Add repository that requires multiple keys to authenticate packages:
apt_repository 'rundeck' do
uri 'https://dl.bintray.com/rundeck/rundeck-deb'
distribution '/'
key ['379CE192D401AB61', 'http://rundeck.org/keys/BUILD-GPG-KEY-Rundeck.org.key']
keyserver 'keyserver.ubuntu.com'
action :add
end
Add the Cloudera Repo of CDH4 packages for Ubuntu 16.04 on AMD64:
apt_repository 'cloudera' do
uri 'http://archive.cloudera.com/cdh4/ubuntu/xenial/amd64/cdh'
arch 'amd64'
distribution 'xenial-cdh4'
components ['contrib']
key 'http://archive.cloudera.com/debian/archive.key'
end
Add repository that needs custom options:
apt_repository 'corretto' do
uri 'https://apt.corretto.aws'
arch 'amd64'
distribution 'stable'
components ['main']
options ['target-=Contents-deb']
key 'https://apt.corretto.aws/corretto.key'
end
Remove a repository from the list:
apt_repository 'zenoss' do
action :remove
end