Hi,
I’m trying to understand how Ansible’s “idempotency” is achieved for e.g. apt-get updates.
For example: suppose I have X servers, fully provisioned some time ago, and now want to scale up to X+Y servers. The playbook includes an appeal to apt-get to update the packages. I add the Y servers to my inventory, and run ansible. Will the original X servers, with potentially outdated packages, be updated? Or will they now be out of sync with the new Y servers?
My understanding would be the latter: that running the same playbook on the original servers would leave them unchanged. This would be consistent with the notion of idempotency, but might not be the desired ‘outcome’…
From https://docs.ansible.com/ansible/apt_module.html:
- apt: upgrade=dist update_cache=yes
upgrade:
If yes or safe, performs an aptitude safe-upgrade.
If full, performs an aptitude full-upgrade.
If dist, performs an apt-get dist-upgrade.
Note: This does not upgrade a specific package, use state=latest for that.
So I would say depending on what option you choose, all installed
packages on your servers would be upgrade to the latest version with
upgrade=full or maybe upgrade=safe. Keep in mind that this would not
install the same set of packages on your servers, as only the one
where e.g. apache is installed are receiving updates for apache.
Idempotency in this case means that you can run this command multiple
times and (if no updates are released in the meantime and you refresh
the cache) your systems should be up to date no matter even after the
first time.
Johannes