skip to Main Content

At work, we developed some Python software that runs on Raspbian (Debian Based), on a Raspberry Pi.

We have some Ansible scripts that can take a fresh Raspbian image, booted on a Raspberry Pi, and configure it to run our software. Ansible does a few things:

  • Installs some required packages with apt
  • Sets up a Python virtual environment, and uses pip, and a requirements file, to install the exact version of Python libraries we need to run our software

The fact that every time Ansible runs, it will install the exact version of the Python libraries (from PyPi) that we have tested our software with is great. Unfortunately, this does not apply to the packages installed through apt.

Doing apt-get install package, or the Ansible equivalent, installs the latest version of that package. What the version is today, may not be the same as what it is tomorrow. That means if I run my Ansible scripts to setup a Raspberry Pi today, my software might work perfectly, but running Ansible on a fresh Raspberry Pi tomorrow might install newer versions of software from apt, which may break our software.

Is there any way to do what pip does, but for apt? Freeze the currently-installed versions of packages, and later, when installing on a fresh system, install those exact versions of packages? Or something similar.

I know we can install whatever versions of packages we want, and clone the SD card to other PIs, but that kind of defeats the purpose of having Ansible scripts in the first place.

2

Answers


  1. With ansible you can specify which version of a packge to install this way.

    - name: Install the version '1.00' of package "foo"
      apt:
        name: foo=1.00
    

    and then to prevent the package to be uprgraded in case of a system upgrade mark the package as hold this way

    - dpkg_selections:
        name: python
        selection: hold
    
    Login or Signup to reply.
  2. There is this tool that’s worth mentioning. https://github.com/TrevorSundberg/apt-lock

    A wrapper around apt and apt-get that enforces package install determinism. Inspired by package-lock.json from npm.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search