Table of Contents


Public Classes

Private Classes

  • apt::params: Provides defaults for the Apt module parameters.
  • apt::update: Updates the list of available packages using apt-get update.

Defined types

  • apt::conf: Specifies a custom Apt configuration file.
  • apt::key: Manages the GPG keys that Apt uses to authenticate packages.
  • apt::pin: Manages Apt pins. Does not trigger an apt-get update run.
  • apt::ppa: Manages PPA repositories using add-apt-repository. Not supported on Debian.
  • apt::setting: Manages Apt configuration files.
  • apt::source: Manages the Apt sources in /etc/apt/sources.list.d/.

Resource types

Public Resource types

Private Resource types

  • apt_key: This type provides Puppet with the capabilities to manage GPG keys needed by apt to perform package validation. Apt has it's own GPG keyring that can be manipulated through the apt-key command.


  • init: Allows you to perform apt functions



Main class, includes all other classes.


The following parameters are available in the apt class.


Data type: String

Specifies the provider that should be used by apt::update.

Default value: $apt::params::provider


Data type: String

Specifies a keyserver to provide the GPG key. Valid options: a string containing a domain name or a full URL (http://, https://, or hkp://).

Default value: $apt::params::keyserver


Data type: Optional[String]

Supplies options to be passed to the add-apt-repository command.

Default value: $apt::params::ppa_options


Data type: Optional[String]

Names the package that provides the apt-add-repository command.

Default value: $apt::params::ppa_package


Data type: Optional[Hash]

Specifies some of the default parameters used by apt::backports. Valid options: a hash made up from the following keys:


  • :location String: See apt::backports for documentation.
  • :repos String: See apt::backports for documentation.
  • :key String: See apt::backports for documentation.

Default value: $apt::params::backports


Data type: Hash

Creates new apt::conf resources. Valid options: a hash to be passed to the create_resources function linked above.

Default value: $apt::params::confs


Data type: Hash

Configures various update settings. Valid options: a hash made up from the following keys:


  • :frequency String: Specifies how often to run apt-get update. If the exec resource apt_update is notified, apt-get update runs regardless of this value. Valid options: 'always' (at every Puppet run); 'daily' (if the value of apt_update_last_success is less than current epoch time minus 86400); 'weekly' (if the value of apt_update_last_success is less than current epoch time minus 604800); and 'reluctantly' (only if the exec resource apt_update is notified). Default: 'reluctantly'.
  • :loglevel Integer: Specifies the log level of logs outputted to the console. Default: undef.
  • :timeout Integer: Specifies how long to wait for the update to complete before canceling it. Valid options: an integer, in seconds. Default: undef.
  • :tries Integer: Specifies how many times to retry the update after receiving a DNS or HTTP error. Default: undef.

Default value: $apt::params::update


Data type: Hash

Specifies whether to purge any existing settings that aren't managed by Puppet. Valid options: a hash made up from the following keys:


  • :sources.list Boolean: Specifies whether to purge any unmanaged entries from sources.list. Default false.
  • :sources.list.d Boolean: Specifies whether to purge any unmanaged entries from sources.list.d. Default false.
  • :preferences Boolean: Specifies whether to purge any unmanaged entries from preferences. Default false.
  • :preferences.d. Boolean: Specifies whether to purge any unmanaged entries from preferences.d. Default false.

Default value: $apt::params::purge


Data type: Apt::Proxy

Configures Apt to connect to a proxy server. Valid options: a hash matching the locally defined type apt::proxy.

Default value: $apt::params::proxy


Data type: Hash

Creates new apt::source resources. Valid options: a hash to be passed to the create_resources function linked above.

Default value: $apt::params::sources


Data type: Hash

Creates new apt::key resources. Valid options: a hash to be passed to the create_resources function linked above.

Default value: $apt::params::keys


Data type: Hash

Creates new apt::ppa resources. Valid options: a hash to be passed to the create_resources function linked above.

Default value: $apt::params::ppas


Data type: Hash

Creates new apt::pin resources. Valid options: a hash to be passed to the create_resources function linked above.

Default value: $apt::params::pins


Data type: Hash

Creates new apt::setting resources. Valid options: a hash to be passed to the create_resources function linked above.

Default value: $apt::params::settings


Data type: Boolean

Specifies whether to manage the /etc/apt/auth.conf file. When true, the file will be overwritten with the entries specified in the auth_conf_entries parameter. When false, the file will be ignored (note that this does not set the file to absent.

Default value: $apt::params::manage_auth_conf


Data type: Array[Apt::Auth_conf_entry]

An optional array of login configuration settings (hashes) that are recorded in the file /etc/apt/auth.conf. This file has a netrc-like format (similar to what curl uses) and contains the login configuration for APT sources and proxies that require authentication. See for details. If specified each hash must contain the keys machine, login and password and no others. Specifying manage_auth_conf and not specifying this parameter will set /etc/apt/auth.conf to absent.

Default value: $apt::params::auth_conf_entries


Data type: String

The owner of the file /etc/apt/auth.conf. Default: '_apt' or 'root' on old releases.

Default value: $apt::params::auth_conf_owner


Data type: String

Specifies root directory of Apt executable.

Default value: $apt::params::root


Data type: String

Specifies the path of the sources_list file to use.

Default value: $apt::params::sources_list


Data type: String

Specifies the path of the sources_list.d file to use.

Default value: $apt::params::sources_list_d


Data type: String

Specifies the path of the conf.d file to use.

Default value: $apt::params::conf_d


Data type: String

Specifies the path of the preferences file to use.

Default value: $apt::params::preferences


Data type: String

Specifies the path of the preferences.d file to use.

Default value: $apt::params::preferences_d


Data type: Hash

A hash made up of the various configuration files used by Apt.

Default value: $apt::params::config_files


Data type: Hash

Default value: $apt::params::update_defaults


Data type: Hash

Default value: $apt::params::purge_defaults


Data type: Hash

Default value: $apt::params::proxy_defaults


Data type: Hash

Default value: $apt::params::include_defaults


Data type: Hash

Default value: $apt::params::source_key_defaults


Manages backports.


Set up a backport for linuxmint qiana
apt::backports { 'qiana':
  location => '',
  release  => 'trusty-backports',
  repos    => 'main universe multiverse restricted',
  key      => {
    id     => '630239CC130E1A7FD81A27B140976EAF437D05B5',
    server => '',


The following parameters are available in the apt::backports class.


Data type: Optional[String]

Specifies an Apt repository containing the backports to manage. Valid options: a string containing a URL. Default value for Debian and Ubuntu varies:

Default value: undef


Data type: Optional[String]

Specifies a distribution of the Apt repository containing the backports to manage. Used in populating the source.list configuration file. Default: on Debian and Ubuntu, '${lsbdistcodename}-backports'. We recommend keeping this default, except on other operating systems.

Default value: undef


Data type: Optional[String]

Specifies a component of the Apt repository containing the backports to manage. Used in populating the source.list configuration file. Default value for Debian and Ubuntu varies:

  • Debian: 'main contrib non-free'

  • Ubuntu: 'main universe multiverse restricted'

Default value: undef


Data type: Optional[Variant[String, Hash]]

Specifies a key to authenticate the backports. Valid options: a string to be passed to the id parameter of the apt::key defined type, or a hash of parameter => value pairs to be passed to apt::key's id, server, content, source, and/or options parameters. Default value for Debian and Ubuntu varies:

  • Debian: 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553'

  • Ubuntu: '630239CC130E1A7FD81A27B140976EAF437D05B5'

Default value: undef


Data type: Optional[Variant[Integer, String, Hash]]

Specifies a pin priority for the backports. Valid options: a number or string to be passed to the id parameter of the apt::pin defined type, or a hash of parameter => value pairs to be passed to apt::pin's corresponding parameters.

Default value: 200

Defined types


Specifies a custom Apt configuration file.


The following parameters are available in the apt::conf defined type.


Data type: Optional[String]

Required unless ensure is set to 'absent'. Directly supplies content for the configuration file.

Default value: undef


Data type: Enum['present', 'absent']

Specifies whether the configuration file should exist. Valid options: 'present' and 'absent'.

Default value: present


Data type: Variant[String, Integer]

Determines the order in which Apt processes the configuration file. Files with lower priority numbers are loaded first. Valid options: a string containing an integer or an integer.

Default value: 50


Data type: Optional[Boolean]

Specifies whether to trigger an apt-get update run.

Default value: undef


Manages the GPG keys that Apt uses to authenticate packages.

  • Note The apt::key defined type makes use of the apt_key type, but includes extra functionality to help prevent duplicate keys.


Declare Apt key for source
apt::key { 'puppetlabs':
  id      => '6F6B15509CF8E59E6E469F327F438280EF8D349F',
  server  => '',
  options => 'http-proxy="http://proxyuser:[email protected]:3128"',


The following parameters are available in the apt::key defined type.


Data type: Pattern[/\A(0x)?[0-9a-fA-F]{8}\Z/, /\A(0x)?[0-9a-fA-F]{16}\Z/, /\A(0x)?[0-9a-fA-F]{40}\Z/]

Specifies a GPG key to authenticate Apt package signatures. Valid options: a string containing a key ID (8 or 16 hexadecimal characters, optionally prefixed with "0x") or a full key fingerprint (40 hexadecimal characters).

Default value: $title


Data type: Enum['present', 'absent', 'refreshed']

Specifies whether the key should exist. Valid options: 'present', 'absent' or 'refreshed'. Using 'refreshed' will make keys auto update when they have expired (assuming a new key exists on the key server).

Default value: present


Data type: Optional[String]

Supplies the entire GPG key. Useful in case the key can't be fetched from a remote location and using a file resource is inconvenient.

Default value: undef


Data type: Optional[Pattern[/\Ahttps?:\/\//, /\Aftp:\/\//, /\A\/\w+/]]

Specifies the location of an existing GPG key file to copy. Valid options: a string containing a URL (ftp://, http://, or https://) or an absolute path.

Default value: undef


Data type: Pattern[/\A((hkp|hkps|http|https):\/\/)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?$/]

Specifies a keyserver to provide the GPG key. Valid options: a string containing a domain name or a full URL (http://, https://, hkp:// or hkps://). The hkps:// protocol is currently only supported on Ubuntu 18.04.

Default value: $::apt::keyserver


Data type: Boolean

Specifies whether strict SSL verification on a https URL should be disabled. Valid options: true or false.

Default value: false


Data type: Optional[String]

Passes additional options to apt-key adv --keyserver-options.

Default value: undef


Manages Apt pins. Does not trigger an apt-get update run.


The following parameters are available in the apt::pin defined type.


Data type: Optional[Enum['file', 'present', 'absent']]

Specifies whether the pin should exist. Valid options: 'file', 'present', and 'absent'.

Default value: present


Data type: Optional[String]

Supplies a comment to explain the pin. Default: "${caller_module_name}: ${name}".

Default value: undef


Data type: Variant[Integer]

Determines the order in which Apt processes the pin file. Files with lower order numbers are loaded first.

Default value: 50


Data type: Variant[String, Array]

Specifies which package(s) to pin.

Default value: '*'


Data type: Variant[Numeric, String]

Sets the priority of the package. If multiple versions of a given package are available, apt-get installs the one with the highest priority number (subject to dependency constraints). Valid options: an integer.

Default value: 0


Data type: Optional[String]

Tells APT to prefer packages that support the specified release. Typical values include 'stable', 'testing', and 'unstable'.

Default value: ''


Data type: Optional[String]

Tells APT to prefer packages that support the specified operating system release version (such as Debian release version 7).

Default value: ''


Data type: Optional[String]

Names the licensing component associated with the packages in the directory tree of the Release file.

Default value: ''


Data type: Optional[String]

Names the originator of the packages in the directory tree of the Release file.

Default value: ''


Data type: Optional[String]

Names the label of the packages in the directory tree of the Release file.

Default value: ''


Data type: Optional[String]

Default value: ''


Data type: Optional[String]

Default value: ''


Data type: Optional[String]

Default value: ''


Manages PPA repositories using add-apt-repository. Not supported on Debian.


Example declaration of an Apt PPA
apt::ppa{ 'ppa:openstack-ppa/bleeding-edge': }


The following parameters are available in the apt::ppa defined type.


Data type: String

Specifies whether the PPA should exist. Valid options: 'present' and 'absent'.

Default value: 'present'


Data type: Optional[String]

Supplies options to be passed to the add-apt-repository command. Default: '-y'.

Default value: $::apt::ppa_options


Data type: Optional[String]

Optional if lsb-release is installed (unless you're using a different release than indicated by lsb-release, e.g., Linux Mint). Specifies the operating system of your node. Valid options: a string containing a valid LSB distribution codename.

Default value: $facts['lsbdistcodename']


Data type: Optional[String]

Names the package that provides the apt-add-repository command. Default: 'software-properties-common'.

Default value: $::apt::ppa_package


Data type: Boolean

Specifies whether Puppet should manage the package that provides apt-add-repository.

Default value: false


Manages Apt configuration files.


The following parameters are available in the apt::setting defined type.


Data type: Variant[String, Integer, Array]

Determines the order in which Apt processes the configuration file. Files with higher priority numbers are loaded first.

Default value: 50


Data type: Optional[Enum['file', 'present', 'absent']]

Specifies whether the file should exist. Valid options: 'present', 'absent', and 'file'.

Default value: file


Data type: Optional[String]

Required, unless content is set. Specifies a source file to supply the content of the configuration file. Cannot be used in combination with content. Valid options: see link above for Puppet's native file type source attribute.

Default value: undef


Data type: Optional[String]

Required, unless source is set. Directly supplies content for the configuration file. Cannot be used in combination with source. Valid options: see link above for Puppet's native file type content attribute.

Default value: undef


Data type: Boolean

Specifies whether to trigger an apt-get update run.

Default value: true


Manages the Apt sources in /etc/apt/sources.list.d/.


Install the puppetlabs apt source
apt::source { 'puppetlabs':
  location => '',
  repos    => 'main',
  key      => {
    id     => '6F6B15509CF8E59E6E469F327F438280EF8D349F',
    server => '',


The following parameters are available in the apt::source defined type.


Data type: Optional[String]

Required, unless ensure is set to 'absent'. Specifies an Apt repository. Valid options: a string containing a repository URL.

Default value: undef


Data type: String

Supplies a comment for adding to the Apt source file.

Default value: $name


Data type: String

Specifies whether the Apt source file should exist. Valid options: 'present' and 'absent'.

Default value: present


Data type: Optional[String]

Specifies a distribution of the Apt repository.

Default value: undef


Data type: String

Specifies a component of the Apt repository.

Default value: 'main'


Data type: Optional[Variant[Hash]]

Configures include options. Valid options: a hash of available keys.


  • :deb Boolean: Specifies whether to request the distribution's compiled binaries. Default true.
  • :src Boolean: Specifies whether to request the distribution's uncompiled source code. Default false.

Default value: {}


Data type: Optional[Variant[String, Hash]]

Creates a declaration of the apt::key defined type. Valid options: a string to be passed to the id parameter of the apt::key defined type, or a hash of parameter => value pairs to be passed to apt::key's id, server, content, source, and/or options parameters.

Default value: undef


Data type: Optional[Variant[Hash, Numeric, String]]

Creates a declaration of the apt::pin defined type. Valid options: a number or string to be passed to the id parameter of the apt::pin defined type, or a hash of parameter => value pairs to be passed to apt::pin's corresponding parameters.

Default value: undef


Data type: Optional[String]

Tells Apt to only download information for specified architectures. Valid options: a string containing one or more architecture names, separated by commas (e.g., 'i386' or 'i386,alpha,powerpc'). Default: undef (if unspecified, Apt downloads information for all architectures defined in the Apt::Architectures option).

Default value: undef


Data type: Boolean

Specifies whether to authenticate packages from this release, even if the Release file is not signed or the signature can't be checked.

Default value: false


Data type: Boolean

Specifies whether to trigger an apt-get update run.

Default value: true

Resource types



Allows you to perform apt functions

Supports noop? false



Data type: Enum[update, upgrade, dist-upgrade, autoremove]

Action to perform