ansible.builtin.debconf module – Configure a .deb package
Note
This module is part of ansible-core and included in all Ansible
installations. In most cases, you can use the short
module name
debconf even without specifying the collections keyword.
However, we recommend you use the Fully Qualified Collection Name (FQCN) ansible.builtin.debconf for easy linking to the
module documentation and to avoid conflicting with other collections that may have
the same module name.
Synopsis
Configure a .deb package using debconf-set-selections.
Or just query existing selections.
Requirements
The below requirements are needed on the host that executes this module.
debconf
debconf-utils
Parameters
Parameter |
Comments |
|---|---|
Name of package to configure. |
|
A debconf configuration setting. |
|
Do not set Choices:
|
|
Value to set the configuration to. After Ansible 2.17, |
|
The type of the value supplied. It is highly recommended to add
After Ansible 2.17, user can specify Choices:
|
Attributes
Attribute |
Support |
Description |
|---|---|---|
Support: full |
Can run in check_mode and return changed status prediction without modifying target, if not supported the action will be skipped. |
|
Support: full |
Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode |
|
Platform: debian |
Target OS/families that can be operated against |
Notes
Note
This module requires the command line debconf tools.
Several questions have to be answered (depending on the package). Use ‘debconf-show <package>’ on any Debian or derivative with the package installed to see questions/settings available.
Some distros will always record tasks involving the setting of passwords as changed. This is due to
debconf-get-selectionsmasking passwords.It is highly recommended to add
no_log=Trueto the task while handling sensitive information using this module.The ansible.builtin.debconf module does not reconfigure packages, it just updates the debconf database. An additional step is needed (typically with
notifyif debconf makes a change) to reconfigure the package and apply the changes.debconfis extensively used for pre-seeding configuration prior to installation rather than modifying configurations. So, whiledpkg-reconfiguredoes use debconf data, it is not always authoritative and you may need to check how your package is handled.Also note
dpkg-reconfigureis a 3-phase process. It invokes the control scripts from the/var/lib/dpkg/infodirectory with the<package>.prerm reconfigure <version>,<package>.config reconfigure <version>and<package>.postinst control <version>arguments.The main issue is that the
<package>.config reconfigurestep for many packages will first reset the debconf database (overriding changes made by this module) by checking the on-disk configuration. If this is the case for your package thendpkg-reconfigurewill effectively ignore changes made by debconf.However as
dpkg-reconfigureonly executes the<package>.configstep if the file exists, it is possible to rename it to/var/lib/dpkg/info/<package>.config.ignorebefore executingdpkg-reconfigure -f noninteractive <package>and then restore it. This seems to be compliant with Debian policy for the .config file.
Examples
- name: Set default locale to fr_FR.UTF-8
ansible.builtin.debconf:
name: locales
question: locales/default_environment_locale
value: fr_FR.UTF-8
vtype: select
- name: Set to generate locales
ansible.builtin.debconf:
name: locales
question: locales/locales_to_be_generated
value: en_US.UTF-8 UTF-8, fr_FR.UTF-8 UTF-8
vtype: multiselect
- name: Accept oracle license
ansible.builtin.debconf:
name: oracle-java7-installer
question: shared/accepted-oracle-license-v1-1
value: 'true'
vtype: select
- name: Specifying package you can register/return the list of questions and current values
ansible.builtin.debconf:
name: tzdata
- name: Pre-configure tripwire site passphrase
ansible.builtin.debconf:
name: tripwire
question: tripwire/site-passphrase
value: "{{ site_passphrase }}"
vtype: password
no_log: True