ansible apt absent not working for dropbear

Question

I tried a simple install/uninstall ansible playbook with dropbear but not able to remove the module by setting apt state to absent.

---
# filename: install.yaml
- hosts: all
  become: yes

  tasks:
  - name: install dropbear
    tags: dropbear
    apt:
      name: dropbear

---
# filename: uninstall.yaml
- hosts: all
  become: yes

  tasks:
  - name: uninstall dropbear
    tags: dropbear
    apt:
      name: dropbear
      state: absent

When running the uninstall.yaml ansible playbook, it prints out that the task is OK and state has been changed. I ssh into the target server but the dropbear command still exist.

score 1 · Accepted Answer · answered Oct 19 '22 at 03:00

Finally get it work! Thanks to @zeitounator's hint.

Adding autoremove: yes still not work, but after manually uninstall dropbear with apt-get remove dropbear. I found there are dependencies. I tried using a wildcard with name: dropbear*, then the dropbear is removed.

---
# uninstall.yaml
- hosts: all
  become: yes

  tasks:
  - name: uninstall dropbear 
    tags: dropbear
    apt:
      name: dropbear*
      state: absent
      autoremove: yes
      purge: yes

I think this method might work for other packages with dependencies not able to be removed by ansible apt module using autoremove, too.

Still don't know why the autoremove not work. It should be used for the case to remove denepencies(weired).

`autoremove ` removes packages which were automatically installed and are not in use anymore (no other dependant package left). In your above case you either manually installed one of the dependencies or later installed a package dependant on one of those dependencies as well. Installing and uninstalling in a row on a fresh debian docker image with the example in my answer does the job reliably. But removing specifically the package providing the given command is indeed the way to go. — Zeitounator, Oct 19 '22 at 05:03

score 0 · Answer 2 · answered Oct 18 '22 at 16:43

I did not dig into why this happens, but you will get the exact same behavior if you simply install the package manually and run a simple removal with apt remove dropbear. The dropbear command will still be there until you apt autoremove the dependent packages that where installed as well.

So the correct way to uninstall this particular package is:

- hosts: all
  become: yes

  tasks:
  - name: uninstall dropbear
    tags: dropbear
    apt:
      name: dropbear
      state: absent
      purge: true
      autoremove: true

Note that the purge might not be necessary for your particular problem but ensures that any trace of the package and its dependencies (e.g. config files...) are gone.

See the apt module documentation for more information.

I don't have enough reputation to up-vote. I'll get back here once I got qualified. — Jeffrey Chen, Oct 20 '22 at 03:45

ansible apt absent not working for dropbear

2 Answers2