Docker - completely delete /var/lib/apt/lists when creating image#309
Draft
liamjones wants to merge 1 commit intoansible-community:mainfrom
Draft
Docker - completely delete /var/lib/apt/lists when creating image#309liamjones wants to merge 1 commit intoansible-community:mainfrom
liamjones wants to merge 1 commit intoansible-community:mainfrom
Conversation
When `ansible.builtin.apt` is run with a `cache_valid_time` it will not do an `apt update` before attempting to install a package if the cache was recently updated. It does this by first checking to see if `/var/lib/apt/periodic/update-success-stamp` exists and, if so, uses its last modified time to compare against `now - cache_valid_time`. I believe this file is only created if `update-notifier-common` is installed and ran a periodic update check so isn't directly relevant here. However, if the above file doesn't exist, the ansible apt task then falls back to looking at the last modified time of `/var/lib/apt/lists` to work out if the cache has been updated recently. See https://github.com/ansible/ansible/blob/0aa8afbaf4739510a96c9727237792a95c8855c3/lib/ansible/modules/apt.py#L1174 If the docker driver builds a container and then molecule runs an apt task to install a package with a `cache_valid_time` set, it'll error out stating the package isn't available because it believes the cache is up to date, but it has been removed. By deleting the whole lists directory, the task will, the first time, realise it needs to run an update first (and subsequent tasks will be able to make use of the recently retrieved cache for speed). I've checked, and removing the whole directory seems fine; apt recreates it when you next run apt update.
|
Label error. Requires exactly 1 of: bug, enhancement, major, minor, patch, skip-changelog. Found: |
Author
|
Ugh, while this works fine for apt being run directly, ansible's apt task falls over when you entirely remove the lists directory. Seems to be an old issue, moving this PR to draft for now as a result: ansible/ansible#61176 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When
ansible.builtin.aptis run with acache_valid_timeit will not do anapt updatebefore attempting to install a package if the cache was recently updated.It does this by first checking to see if
/var/lib/apt/periodic/update-success-stampexists and, if so, uses its last modified time to compare againstnow - cache_valid_time. I believe this file is only created ifupdate-notifier-commonis installed and ran a periodic update check so isn't directly relevant here.However, if the above file doesn't exist, the ansible apt task then falls back to looking at the last modified time of
/var/lib/apt/liststo work out if the cache has been updated recently. See https://github.com/ansible/ansible/blob/0aa8afbaf4739510a96c9727237792a95c8855c3/lib/ansible/modules/apt.py#L1174If the docker driver builds a container and then molecule runs an apt task to install a package with a
cache_valid_timeset, it'll error out stating the package isn't available because it believes the cache is up to date, but it has been removed.By deleting the whole lists directory, the task will, the first time, realise it needs to run an update first (and subsequent tasks will be able to make use of the recently retrieved cache for speed).
I've checked, and removing the whole directory seems fine; apt recreates it when you next run apt update.