Fix occasional update_cache idempotence failure (#31)

nginxinc · Sep 22, 2020 · 3e5fad6 · 3e5fad6
1 parent ba0aacc
commit 3e5fad6
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 9 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,6 +11,7 @@ BUG FIXES:
 *   Rename handlers to use more specific role related naming and prevent namespace collision issues.
 *   Add a `nginx_app_protect_service_modify` variable to revert a breaking change introduced in 0.3.0 where timeouts would not be set by default.
 *   Set NGINX handler to `state: restarted` to prevent some compatibility issues when NGINX App Protect is installed on an instance already running NGINX beforehand.
+*   Using `update_cache: true` by itself in the `apt` module is not always idempotent. Moved the NGINX App Protect installation task to a corresponding `apt` or `yum` module to avoid this scenario.
 
 ## 0.3.0 (September 21, 2020)
 

diff --git a/tasks/install/install-app-protect.yml b/tasks/install/install-app-protect.yml
@@ -14,15 +14,8 @@
     quiet: true
   when: nginx_plus_version is defined
 
-- name: Set up NGINX App Protect repositories
-  include_tasks: "{{ role_path }}/tasks/install/setup-{{ ansible_facts['os_family'] | lower }}.yml"
-  when: nginx_app_protect_state != "absent"
-
 - name: Install NGINX App Protect
-  package:
-    name: "app-protect{{ nginx_app_protect_version | default('') }}"
-    state: "{{ nginx_app_protect_state }}"
-  notify: (Handler - NGINX App Protect) Run NGINX
+  include_tasks: "{{ role_path }}/tasks/install/install-{{ ansible_facts['os_family'] | lower }}.yml"
 
 - name: Install latest NGINX App Protect signatures
   package:

diff --git a/tasks/install/setup-debian.yml → tasks/install/install-debian.yml b/tasks/install/setup-debian.yml → tasks/install/install-debian.yml
@@ -40,6 +40,9 @@
     update_cache: false
     state: "{{ nginx_app_protect_license_status | default ('present') }}"
 
-- name: (Debian/Ubuntu) Update the apt cache
+- name: (Debian/Ubuntu) Install NGINX App Protect
   apt:
+    name: "app-protect{{ nginx_app_protect_version | default('') }}"
+    state: "{{ nginx_app_protect_state }}"
     update_cache: true
+  notify: (Handler - NGINX App Protect) Run NGINX
diff --git a/tasks/install/setup-redhat.yml → tasks/install/install-redhat.yml b/tasks/install/setup-redhat.yml → tasks/install/install-redhat.yml
@@ -20,3 +20,10 @@
     enabled: true
     gpgcheck: true
     state: "{{ nginx_app_protect_license_status | default ('present') }}"
+
+- name: (CentOS/RHEL) Install NGINX App Protect
+  yum:
+    name: "app-protect{{ nginx_app_protect_version | default('') }}"
+    state: "{{ nginx_app_protect_state }}"
+    update_cache: true
+  notify: (Handler - NGINX App Protect) Run NGINX