Open antoinep92 opened 3 years ago
Files identified in the description:
If these files are inaccurate, please update the component name
section of the description or use the !component
bot command.
cc @MorrisA @bcoca @d-little @flynn1973 @gforster @indrajitr @kairoaraujo @marvin-sinister @mator @molekuul @ramooncamacho @tchernomax @wtcross click here for bot help
!component =plugins/modules/packaging/os/pacman.py
Files identified in the description:
If these files are inaccurate, please update the component name
section of the description or use the !component
bot command.
@antoinep92 could you please give a few samples where it failed? I mean, i could review the module, and if problem occurs, return more info (which would probably visible via --verbose
command line).
Thanks!
Hi, unfortunately I fixed it manually and can't reproduce, but I believe I got signature is unknown trust
, I guess it's similar to this. It happens from time to time, when you haven't upgraded for some time.
An automated resolution is not trivial because there are a few reasons why signature verification may fail. When scripting the upgrade ourselves, usually, we start with a partial upgrade on archlinux-keyring
, which helps. When it fails, sometimes a pacman-key --refresh-keys
is enough, sometimes not. The "brute-force" approach which nearly always works for us is:
haveged -w 1024
pacman-key --init
pacman-key --populate archlinux
pacman-key --refresh-keys
pkill haveged
But that requires to (temporarily) install haveged
, and I'm not sure it's acceptable for everyone to do that automatically.
Anyways, as I said, I don't think the best path forward is to handle every possible pacman failure, because that would require a lot of work (parse the logs and handle every cases), and be hard to maintain (keep parsing rules up to date, handle different pacman versions, etc.
Rather, when a failure is detected (I guess based on the return code ?), the complete pacman stdout/stderr could be included somewhere so that it can be shown with --verbose
.
Summary
When
pacman
fails, the error visible to the master or in the remote logs carry very little information. I understand it mainly depends on flags passed to pacman, like there is one message if upgrading the index failed, and another if upgrading a package failed, etc.I understand that handling all pacman's return codes, parsing it's output, etc. is a lot of work. What I'm proposing instead, is to send (part of) stdout and/or stderr in the callback in case of a failure, or maybe depending on a new verbosity option ?
In my case, I had an issue on a node with packages signatures, and it just failed with "could no upgrade". Also, when upgrading a dozen of already up-to-date hosts I sometimes get random failures, which is harder to debug as I can't reproduce by calling
pacman
manually on the system (it works).Issue Type
Feature Idea
Component Name
pacman
Additional Information
Code of Conduct