From 3a0bffadd4436525af5f21d9e8a16071cbee768d Mon Sep 17 00:00:00 2001 From: Liam Jones Date: Tue, 29 Apr 2025 11:00:58 +0100 Subject: [PATCH] Docker - completely delete /var/lib/apt/lists when creating image When `ansible.builtin.apt` is run with a `cache_valid_time` it will not do an `apt update` before attempting to install a package if the cache was recently updated. It does this by first checking to see if `/var/lib/apt/periodic/update-success-stamp` exists and, if so, uses its last modified time to compare against `now - cache_valid_time`. I believe this file is only created if `update-notifier-common` is installed and ran a periodic update check so isn't directly relevant here. However, if the above file doesn't exist, the ansible apt task then falls back to looking at the last modified time of `/var/lib/apt/lists` to work out if the cache has been updated recently. See https://github.com/ansible/ansible/blob/0aa8afbaf4739510a96c9727237792a95c8855c3/lib/ansible/modules/apt.py#L1174 If the docker driver builds a container and then molecule runs an apt task to install a package with a `cache_valid_time` set, it'll error out stating the package isn't available because it believes the cache is up to date, but it has been removed. By deleting the whole lists directory, the task will, the first time, realise it needs to run an update first (and subsequent tasks will be able to make use of the recently retrieved cache for speed). I've checked, and removing the whole directory seems fine; apt recreates it when you next run apt update. --- src/molecule_plugins/docker/playbooks/Dockerfile.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/molecule_plugins/docker/playbooks/Dockerfile.j2 b/src/molecule_plugins/docker/playbooks/Dockerfile.j2 index 77cc15bf..2092b136 100644 --- a/src/molecule_plugins/docker/playbooks/Dockerfile.j2 +++ b/src/molecule_plugins/docker/playbooks/Dockerfile.j2 @@ -14,7 +14,7 @@ ENV {{ var }} {{ value }} {% endfor %} {% endif %} -RUN if [ $(command -v apt-get) ]; then export DEBIAN_FRONTEND=noninteractive && apt-get update && apt-get install -y python3 sudo bash ca-certificates iproute2 python3-apt aptitude rsync && apt-get clean && rm -rf /var/lib/apt/lists/*; \ +RUN if [ $(command -v apt-get) ]; then export DEBIAN_FRONTEND=noninteractive && apt-get update && apt-get install -y python3 sudo bash ca-certificates iproute2 python3-apt aptitude rsync && apt-get clean && rm -rf /var/lib/apt/lists; \ elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install /usr/bin/python3 /usr/bin/python3-config /usr/bin/dnf-3 sudo bash iproute rsync && dnf clean all; \ elif [ $(command -v yum) ]; then yum makecache fast && yum install -y /usr/bin/python /usr/bin/python2-config sudo yum-plugin-ovl bash iproute rsync && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python3 sudo bash iproute2 rsync && zypper clean -a; \