apt: make clean idempotent by checking for cached files#86362
apt: make clean idempotent by checking for cached files#86362Jkhall81 wants to merge 1 commit intoansible:develfrom
Conversation
ad46bde to
c4236a4
Compare
Akasurde
left a comment
There was a problem hiding this comment.
LGTM, will wait for others to comment.
|
-1. The new code still runs the command even when it claims there's no change, so it's neither acting on information returned from the command to report whether a change actually occurred, nor avoiding the possibility that any change occurred by skipping the command. I think the previous behaviour is the best that can be achieved: it is already idempotent (running it twice has the same result as running it once), the return value just accurately reflects that the command it runs does not provide a way to tell whether a change was made. |
|
I appreciate the feedback, but I respectfully disagree that the previous behavior is the best that can be achieved. The concern regarding 'acting on information' applies equally, if not more so, to the previous behavior. The previous logic is guaranteed to report a false-positive Also, I find the suggestion to revert to the original behavior contradictory: if the current patch is considered inadequate because the command still runs, the original behavior is even more so, as it executes the same command without any state-checking at all. |
|
With your proposed change, it is possible for the module to change something and report that it made no changes. This is much worse than claiming it made changes when it didn't. |
| if f.endswith('.deb'): | ||
| changed = True | ||
| break | ||
|
|
There was a problem hiding this comment.
I feel like this could be problematic, as it assumes there is no change to the cache contents between this check and when apt-get clean is actually run. This is a bit of a race condition.
There was a problem hiding this comment.
This is the same logic that applies to almost every check in Ansible. Unless I'm missing something. Modules like file and copy all check the state first and then act on it.
apt-get clean doesn't give us a way to check its status while it's running. Is there a specific risk or error this causes that I'm missing? If not, this is the most practical way to fix the current bug. If this even is a bug. There seems to be disagreement about that.
SUMMARY
This PR makes the
aptmodule'scleanparameter idempotent by ensuring it only reports achangedstate when files are actually removed from the cache.Previously,
apt: clean: yesalways returendchanged: true. This change implements a filesystem check on/var/cache/apt/archives/and itspartial/subdirectory to detect the presence of.debfiles or incomplete downloads before executing the clean command.Fixes #84880
Signed-off-by: Jason Hall [email protected]
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
lib/ansible/modules/apt.py
test/integration/targets/apt/tasks/clean.yml
changelogs/fragments/84880-apt-clean-idempotency.yml