sys-ctl: make service file generation deterministic and simplify ignore logic

- Added '| sort' to all service group lists and backup routine lists to ensure deterministic ordering and stable checksums across Ansible runs. - Adjusted systemctl templates to use a single service variable ('SYS_SERVICE_BACKUP_RMT_2_LOC') instead of rejecting dynamic list entries, making the ignore logic simpler and more predictable. - Fixed minor whitespace inconsistencies in Jinja templates to avoid unnecessary changes. This change was made to prevent spurious 'changed' states in Ansible caused by non-deterministic list order and to reduce complexity in service definitions. See discussion: https://chatgpt.com/share/68a74c20-6300-800f-a44e-da43ae2f3dea
2025-08-26 21:45:20 +02:00 · 2025-08-21 18:43:17 +02:00 · 2025-08-21 18:43:17 +02:00 · efa68cc1e0
commit efa68cc1e0
parent 79e702a3ab
4 changed files with 19 additions and 17 deletions
--- a/group_vars/all/07_services.yml
+++ b/group_vars/all/07_services.yml
@ -18,32 +18,34 @@ SYS_SERVICE_ON_FAILURE_COMPOSE:       "{{ ('sys-ctl-alm-compose@') | get_service
 ## Groups
 SYS_SERVICE_GROUP_BACKUPS: >
  {{ (('sys-ctl-bkp-' | get_category_entries) + ('svc-bkp-' | get_category_entries))
-     | map('regex_replace', '$', SYS_SERVICE_SUFFIX) | list }}
+     | map('regex_replace', '$', SYS_SERVICE_SUFFIX) | list | sort }}

 SYS_SERVICE_GROUP_CLEANUP: >
  {{ ('sys-ctl-cln-' | get_category_entries)
-     | map('regex_replace', '$', SYS_SERVICE_SUFFIX) | list }}
+     | map('regex_replace', '$', SYS_SERVICE_SUFFIX) | list | sort }}

 SYS_SERVICE_GROUP_REPAIR: >
  {{ ('sys-ctl-rpr-' | get_category_entries)
-     | map('regex_replace', '$', SYS_SERVICE_SUFFIX) | list }}
+     | map('regex_replace', '$', SYS_SERVICE_SUFFIX) | list | sort }}

 SYS_SERVICE_GROUP_OPTIMIZATION: >
  {{ ('svc-opt-' | get_category_entries)
-     | map('regex_replace', '$', SYS_SERVICE_SUFFIX) | list }}
+     | map('regex_replace', '$', SYS_SERVICE_SUFFIX) | list | sort }}

 SYS_SERVICE_GROUP_MAINTANANCE: >
  {{ ('svc-mtn-' | get_category_entries)
-     | map('regex_replace', '$', SYS_SERVICE_SUFFIX) | list }}
+     | map('regex_replace', '$', SYS_SERVICE_SUFFIX) | list | sort }}
 
 ## Collection of services to manipulate the system
 SYS_SERVICE_GROUP_MANIPULATION: >
  {{ 
+    (
      SYS_SERVICE_GROUP_BACKUPS + 
      SYS_SERVICE_GROUP_CLEANUP + 
      SYS_SERVICE_GROUP_REPAIR + 
      SYS_SERVICE_GROUP_OPTIMIZATION + 
      SYS_SERVICE_GROUP_MAINTANANCE +
      [ SYS_SERVICE_UPDATE_DOCKER ] 
+    ) | sort
  }}

--- a/roles/sys-ctl-bkp-docker-2-loc/templates/systemctl.service.j2
+++ b/roles/sys-ctl-bkp-docker-2-loc/templates/systemctl.service.j2
@ -4,5 +4,5 @@ OnFailure={{ SYS_SERVICE_ON_FAILURE_COMPOSE }} {{ SYS_SERVICE_CLEANUP_BACKUPS_FA

 [Service]
 Type=oneshot
-ExecStartPre=/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(' ')  }} --ignore {{ SYS_SERVICE_GROUP_BACKUPS | reject('equalto', role_name ~ '-everything') | join(' ') }} --timeout "{{ SYS_TIMEOUT_BACKUP_SERVICES }}"
+ExecStartPre=/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(' ')  }} --ignore {{ SYS_SERVICE_BACKUP_RMT_2_LOC }} --timeout "{{ SYS_TIMEOUT_BACKUP_SERVICES }}"
 ExecStart=/bin/sh -c '{{ BKP_DOCKER_2_LOC_EXEC }}'
--- a/roles/sys-ctl-bkp-docker-2-loc/vars/main.yml
+++ b/roles/sys-ctl-bkp-docker-2-loc/vars/main.yml
@ -12,13 +12,13 @@ BKP_DOCKER_2_LOC_DB_ENABLED: "{{ database_type | default('') | bool }}"

 # Gather mapped values as lists
 BKP_DOCKER_2_LOC_DB_ROUTINE: >-
-  {{ applications | find_dock_val_by_bkp_entr('database_routine', 'name') | list }}
+  {{ applications | find_dock_val_by_bkp_entr('database_routine', 'name') | list | sort }}

 BKP_DOCKER_2_LOC_NO_STOP_REQUIRED: >-
-  {{ applications | find_dock_val_by_bkp_entr('no_stop_required', 'image') | list }}
+  {{ applications | find_dock_val_by_bkp_entr('no_stop_required', 'image') | list | sort }}

 BKP_DOCKER_2_LOC_DISABLED: >-
-  {{ applications | find_dock_val_by_bkp_entr('disabled', 'image') | list }}
+  {{ applications | find_dock_val_by_bkp_entr('disabled', 'image') | list | sort }}

 # CLI argument strings (only set if list not empty)
 BKP_DOCKER_2_LOC_DB_ROUTINE_CLI: >-
--- a/roles/sys-ctl-cln-disc-space/templates/systemctl.service.j2
+++ b/roles/sys-ctl-cln-disc-space/templates/systemctl.service.j2
@ -4,5 +4,5 @@ OnFailure={{ SYS_SERVICE_ON_FAILURE_COMPOSE }}

 [Service]
 Type=oneshot
-ExecStartPre=/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(' ')  }} --ignore {{ SYS_SERVICE_GROUP_CLEANUP| join(' ') }} --timeout "{{ SYS_TIMEOUT_BACKUP_SERVICES }}"
+ExecStartPre=/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(' ')  }} --ignore {{ SYS_SERVICE_GROUP_CLEANUP | join(' ') }} --timeout "{{ SYS_TIMEOUT_BACKUP_SERVICES }}"
 ExecStart={{ system_service_script_exec }} {{ SIZE_PERCENT_CLEANUP_DISC_SPACE }}