From a5e5567369467dd859ad18411f81c6205590d2d6 Mon Sep 17 00:00:00 2001
From: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Date: Tue, 21 Jun 2016 15:48:12 +0100
Subject: [PATCH] Improve LXC cache preparation process

Without this patch, any errors that happen during the
'apt-get update' execution will cause the 'apt-get install'
execution to never happen.

This patch implements the following:

- It sets the cache prep script to exit on error to ensure
  that the task fails if there is an error.

- It splits the upgrade and install command on to different
  lines to ensure that each command's success can be
  determined individually.

- It removes the clearing of the archive metadata introduced
  in https://review.openstack.org/310091 as this also removes
  apt lock files and other things which should not be removed.
  Removing all this is unnecessary with the new cache prep
  process and the 'apt-get clean' execution later clears the
  cache before it is packaged.

- It removes the copy of /etc/apt/sources.list.d/ from the host
  to prevent a situation where a host apt source requires
  additional packages to be installed (for example curl) and
  those packages can't be installed due to the 'apt-get update'
  command failing because the package to update the index is
  missing.

Change-Id: I07a864e4125a7fc076cbf5bf7380a8e34e6d2d7c
---
 tasks/lxc_cache_preparation.yml | 2 +-
 vars/redhat-7.yml               | 4 +---
 vars/ubuntu-14.04.yml           | 8 +++-----
 vars/ubuntu-16.04.yml           | 8 +++-----
 4 files changed, 8 insertions(+), 14 deletions(-)

diff --git a/tasks/lxc_cache_preparation.yml b/tasks/lxc_cache_preparation.yml
index 3ca606f8..44c3add8 100644
--- a/tasks/lxc_cache_preparation.yml
+++ b/tasks/lxc_cache_preparation.yml
@@ -52,7 +52,7 @@
   copy:
     content: |
       #!/usr/bin/env bash
-      set -x
+      set -e -x
       {{ lxc_cache_map.cache_prep_commands }}
     dest: "/var/lib/lxc/LXC_NAME/rootfs/usr/local/bin/cache-prep-commands.sh"
     mode: "0755"
diff --git a/vars/redhat-7.yml b/vars/redhat-7.yml
index 30945613..00f8b967 100644
--- a/vars/redhat-7.yml
+++ b/vars/redhat-7.yml
@@ -47,15 +47,13 @@ lxc_cache_map:
     - /etc/pki/rpm-gpg/
     - /etc/resolv.conf
   cache_prep_commands: |
-    {{ lxc_cache_install_command }} {{ lxc_cache_packages | join(' ') }}
+    yum install -y {{ lxc_cache_packages | join(' ') }}
     rm -f /usr/bin/python
     ln -s /usr/bin/python2.7 /usr/bin/python
     /usr/bin/wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm -O /tmp/epel-release-latest-7.noarch.rpm
     /usr/bin/rpm -ivh /tmp/epel-release-latest-7.noarch.rpm || true
     yum clean all
 
-lxc_cache_install_command: "yum install -y"
-
 lxc_cache_packages:
   - ca-certificates
   - openssh-server
diff --git a/vars/ubuntu-14.04.yml b/vars/ubuntu-14.04.yml
index d6ad5924..3e25235b 100644
--- a/vars/ubuntu-14.04.yml
+++ b/vars/ubuntu-14.04.yml
@@ -42,17 +42,17 @@ lxc_cache_map:
   release: trusty
   copy_from_host:
     - /etc/apt/sources.list
-    - /etc/apt/sources.list.d/
     - /etc/apt/apt.conf.d/
     - /run/resolvconf/
     - /etc/resolvconf/
     - /etc/resolv.conf
     - /root/repo.keys
   cache_prep_commands: |
-    rm -rf /var/lib/apt/lists/*
     apt-key add /root/repo.keys
     rm /root/repo.keys
-    {{ lxc_cache_install_command }} {{ lxc_cache_packages | join(' ') }}
+    export DEBIAN_FRONTEND=noninteractive
+    apt-get update
+    apt-get install -y {{ lxc_cache_install_debconf }} {{ lxc_cache_packages | join(' ') }}
     apt-get upgrade -y {{ lxc_cache_install_debconf }}
     rm -f /usr/bin/python
     ln -s /usr/bin/python2.7 /usr/bin/python
@@ -61,8 +61,6 @@ lxc_cache_map:
     userdel --force --remove ubuntu || true
     apt-get clean
 
-lxc_cache_install_command: "export DEBIAN_FRONTEND=noninteractive && apt-get update && apt-get install -y {{ lxc_cache_install_debconf }}"
-
 # This forces any modified configurations to remain, and any unmodified configs to be replaced
 # ref: http://serverfault.com/questions/259226/automatically-keep-current-version-of-config-files-when-apt-get-install
 lxc_cache_install_debconf: '-o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes'
diff --git a/vars/ubuntu-16.04.yml b/vars/ubuntu-16.04.yml
index eb4ca9ea..529ac54d 100644
--- a/vars/ubuntu-16.04.yml
+++ b/vars/ubuntu-16.04.yml
@@ -46,17 +46,17 @@ lxc_cache_map:
     - openssh-server
   copy_from_host:
     - /etc/apt/sources.list
-    - /etc/apt/sources.list.d/
     - /etc/apt/apt.conf.d/
     - /run/resolvconf/
     - /etc/resolvconf/
     - /etc/resolv.conf
     - /root/repo.keys
   cache_prep_commands: |
-    rm -rf /var/lib/apt/lists/*
     apt-key add /root/repo.keys
     rm /root/repo.keys
-    {{ lxc_cache_install_command }} {{ lxc_cache_packages | join(' ') }}
+    export DEBIAN_FRONTEND=noninteractive
+    apt-get update
+    apt-get install -y {{ lxc_cache_install_debconf }} {{ lxc_cache_packages | join(' ') }}
     apt-get upgrade -y {{ lxc_cache_install_debconf }}
     rm -f /usr/bin/python
     ln -s /usr/bin/python2.7 /usr/bin/python
@@ -65,8 +65,6 @@ lxc_cache_map:
     userdel --force --remove ubuntu || true
     apt-get clean
 
-lxc_cache_install_command: "export DEBIAN_FRONTEND=noninteractive && apt-get update && apt-get install -y {{ lxc_cache_install_debconf }}"
-
 # This forces any modified configurations to remain, and any unmodified configs to be replaced
 # ref: http://serverfault.com/questions/259226/automatically-keep-current-version-of-config-files-when-apt-get-install
 lxc_cache_install_debconf: '-o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes'