Forum: CFEngine Help
Subject: Fun fact about aptitude
Author: sauer
Link to topic: https://cfengine.com/forum/read.php?3,26392,26392#msg-26392
Well, this afternoon I had a bad experience with aptitude. I had an existing
Ubuntu machine which I had originally installed from the regular desktop media
- which included the ubuntu-desktop package. Later, it was converted to run
headless, and I didn't need that package - so I removed it. For those
unfamiliar, the "ubuntu-desktop" package basically is just a virtual package
which depends on a bunch of stuff (like, say, the ssh server).
Over the weekend, I Kerberized this network, and of course used CFEngine to
install the neccesary packages, generate and install keytabs for the machines,
etc. I got a working policy which included a promise like:
packages:
"$(package_list)"
package_policy => "add",
package_method => apt,
comment => "Ensure $(this.promiser) is installed";
Looks pretty innoccuous, eh? On this machine, package_list ended up containing
two packages - krb5-user and libpam-krb5. On the test machines, this just adds
the two packages and dependencies as expected. But this machine started having
all sorts of really weird problems, including the ssh server going away. What
happened?
Well, looking through the COPBL, I see that it really wants to use aptitude if
possible. Checking syslog, I saw about four runs of the package promise which
ended with an error code, and then things evened out. In the aptitude log, I
saw that 541 packages were removed (including "libssh", which is what led to
removing the openssh client and server). "WTF?", I thought. Well, ok, I
actually said it aloud, along with a few other terms expressing my disapproval.
Ultimately, I found this interesting config option for aptitude:
Option: Aptitude::Delete-Unused
Default: true
Description: If this option is true, automatically installed packages which are
no longer required will be automatically removed. For more information, see the
section called “Managing automatically installed packages”.
Yep. If you tell aptitude to install a package, by default it also looks for
packages that it might remove. This was a bit of a surprise, as I don't
normally use aptitude for anything but "aptitude search" from the command line.
I'll get a bug report up in a while suggesting that option be set to "false"
in COPBL (at least for the add action), but just FYI, the way it is now can
result in completely unrelated packages being deleted when an "add" is run.
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
