pacman: return details on failure

[antoinep92]

Summary

When pacman fails, the error visible to the master or in the remote logs carry very little information. I understand it mainly depends on flags passed to pacman, like there is one message if upgrading the index failed, and another if upgrading a package failed, etc.

I understand that handling all pacman's return codes, parsing it's output, etc. is a lot of work. What I'm proposing instead, is to send (part of) stdout and/or stderr in the callback in case of a failure, or maybe depending on a new verbosity option ?

In my case, I had an issue on a node with packages signatures, and it just failed with "could no upgrade". Also, when upgrading a dozen of already up-to-date hosts I sometimes get random failures, which is harder to debug as I can't reproduce by calling pacman manually on the system (it works).

Issue Type

Feature Idea

Component Name

pacman

Additional Information

- name: ArchLinux up-to-date
  hosts: all
  tasks:
    - name: full system upgrade
      pacman:
        update_cache: yes
        upgrade: yes
      register: out
    - debug: msg="{{ out }}"

Code of Conduct

• [X] I agree to follow the Ansible Code of Conduct

[ansibullbot]

Files identified in the description:

• plugins/modules/packaging/os/pacman.py
• tests/integration/targets/aix_devices/tasks/main.yml

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

[ansibullbot]

cc @MorrisA @bcoca @d-little @flynn1973 @gforster @indrajitr @kairoaraujo @marvin-sinister @mator @molekuul @ramooncamacho @tchernomax @wtcross click here for bot help

[felixfontein]

!component =plugins/modules/packaging/os/pacman.py

[ansibullbot]

Files identified in the description:

• plugins/modules/packaging/os/pacman.py

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

[mator]

@antoinep92 could you please give a few samples where it failed? I mean, i could review the module, and if problem occurs, return more info (which would probably visible via --verbose command line). Thanks!

[antoinep92]

Hi, unfortunately I fixed it manually and can't reproduce, but I believe I got signature is unknown trust, I guess it's similar to this. It happens from time to time, when you haven't upgraded for some time.

An automated resolution is not trivial because there are a few reasons why signature verification may fail. When scripting the upgrade ourselves, usually, we start with a partial upgrade on archlinux-keyring, which helps. When it fails, sometimes a pacman-key --refresh-keys is enough, sometimes not. The "brute-force" approach which nearly always works for us is:

haveged -w 1024
pacman-key --init
pacman-key --populate archlinux
pacman-key --refresh-keys
pkill haveged

But that requires to (temporarily) install haveged, and I'm not sure it's acceptable for everyone to do that automatically.

Anyways, as I said, I don't think the best path forward is to handle every possible pacman failure, because that would require a lot of work (parse the logs and handle every cases), and be hard to maintain (keep parsing rules up to date, handle different pacman versions, etc. Rather, when a failure is detected (I guess based on the return code ?), the complete pacman stdout/stderr could be included somewhere so that it can be shown with --verbose.