Why does the apt module remove hold on packages!?

[Goran]

I have a playbook that starts out with a task that holds a number of packages on debian machines relating to postgres and java stuff, and that part works well... I know that for sure.

And then when I perform a general upgrade of the debian serrver in a later task, the apt module seem to remove my holds on the packages. Is there anyway to prevent this unwanted behaviour?

  - name: Install updates on Debian
    apt:
      update_cache: yes
      cache_valid_time: 10
      upgrade: safe
    when:
      - ansible_os_family == "Debian"

Kind regards,

Goran

[Goran]

I ran across this option "force_apt_get: yes" - and that actually seems to have solved my problem.

I still wonder - if this behaviour is due to ansible using aptitude in stead of apt-get, why would any upgrade commnand cancel holds unless you are doing an dist-upgrade?

And also what is the rationale for changing important behaviour like this - especially without big warning signs in bright neon colors?

It has worked well - with apt module upgrades respecting and retaining holds- until ansible 2.6 at least. As far as I know, at least.