From d232403e79304e6f8acf278a162082f36053263a Mon Sep 17 00:00:00 2001 From: Ian Wienand Date: Wed, 31 Jul 2019 16:15:42 +1000 Subject: [PATCH] base-server: disable install of suggests and recommends packages The options to disable installing suggests and recommended packages has been in diskimage-builder based images for a long time [1]. However we have no setting for it in our base-server role, meaning that when launching nodes from cloud-provider images we can be out of sync on this option. I6d69ac0bd2ade95fede33c5f82e7df218da9458b is an example where packages pulled in by suggestions can fail (arguably a packaging issue, but anyway...) By enabling this here, we make our control plane servers homogenous with our diskimage-builder based testing nodes, which is better for general sanity. Overall it gives us more control over what's installed. [1] https://opendev.org/openstack/diskimage-builder/src/branch/master/diskimage_builder/elements/dpkg/pre-install.d/00-disable-apt-recommends As I6d69ac0bd2ade95fede33c5f82e7df218da9458b showed, installing suggested or recommended packages might result in Change-Id: Id6dcc158944a46fc0ae03b6f1ff372dacd67c2e6 --- playbooks/roles/base-server/files/95disable-recommends | 2 ++ playbooks/roles/base-server/tasks/Debian.yaml | 8 ++++++++ testinfra/test_base.py | 8 ++++++++ 3 files changed, 18 insertions(+) create mode 100644 playbooks/roles/base-server/files/95disable-recommends diff --git a/playbooks/roles/base-server/files/95disable-recommends b/playbooks/roles/base-server/files/95disable-recommends new file mode 100644 index 0000000000..c378775f89 --- /dev/null +++ b/playbooks/roles/base-server/files/95disable-recommends @@ -0,0 +1,2 @@ +APT::Install-Recommends "0"; +APT::Install-Suggests "0"; \ No newline at end of file diff --git a/playbooks/roles/base-server/tasks/Debian.yaml b/playbooks/roles/base-server/tasks/Debian.yaml index 7c0cf76ceb..5a708227bb 100644 --- a/playbooks/roles/base-server/tasks/Debian.yaml +++ b/playbooks/roles/base-server/tasks/Debian.yaml @@ -1,3 +1,11 @@ +- name: Disable install of additional recommends and suggests packages + copy: + mode: 0444 + src: 95disable-recommends + dest: /etc/apt/apt.conf.d/ + owner: root + group: root + # NOTE(ianw) There are ordering issues with this. Hopefully when # we're bionic only we can just remove ntp - name: Install NTP diff --git a/testinfra/test_base.py b/testinfra/test_base.py index 8560afcd41..1a99e6c345 100644 --- a/testinfra/test_base.py +++ b/testinfra/test_base.py @@ -162,3 +162,11 @@ def test_logrotate(host): assert cfg_file.exists assert cfg_file.contains('/var/log/ansible/run_all_cron.log') + +def test_no_recommends(host): + if host.system_info.distribution in ['ubuntu', 'debian']: + cfg_file = host.file("/etc/apt/apt.conf.d/95disable-recommends") + assert cfg_file.exists + + assert cfg_file.contains('^APT::Install-Recommends "0"') + assert cfg_file.contains('^APT::Install-Suggests "0"')