summaryrefslogtreecommitdiffstats
path: root/lib/ansible/modules/yum.py
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ansible/modules/yum.py')
-rw-r--r--lib/ansible/modules/yum.py1821
1 files changed, 0 insertions, 1821 deletions
diff --git a/lib/ansible/modules/yum.py b/lib/ansible/modules/yum.py
deleted file mode 100644
index 3b6a457..0000000
--- a/lib/ansible/modules/yum.py
+++ /dev/null
@@ -1,1821 +0,0 @@
-# -*- coding: utf-8 -*-
-
-# Copyright: (c) 2012, Red Hat, Inc
-# Written by Seth Vidal <skvidal at fedoraproject.org>
-# Copyright: (c) 2014, Epic Games, Inc.
-
-# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
-
-from __future__ import absolute_import, division, print_function
-__metaclass__ = type
-
-
-DOCUMENTATION = '''
----
-module: yum
-version_added: historical
-short_description: Manages packages with the I(yum) package manager
-description:
- - Installs, upgrade, downgrades, removes, and lists packages and groups with the I(yum) package manager.
- - This module only works on Python 2. If you require Python 3 support see the M(ansible.builtin.dnf) module.
-options:
- use_backend:
- description:
- - This module supports V(yum) (as it always has), this is known as C(yum3)/C(YUM3)/C(yum-deprecated) by
- upstream yum developers. As of Ansible 2.7+, this module also supports C(YUM4), which is the
- "new yum" and it has an V(dnf) backend. As of ansible-core 2.15+, this module will auto select the backend
- based on the C(ansible_pkg_mgr) fact.
- - By default, this module will select the backend based on the C(ansible_pkg_mgr) fact.
- default: "auto"
- choices: [ auto, yum, yum4, dnf, dnf4, dnf5 ]
- type: str
- version_added: "2.7"
- name:
- description:
- - A package name or package specifier with version, like V(name-1.0).
- - Comparison operators for package version are valid here C(>), C(<), C(>=), C(<=). Example - V(name>=1.0)
- - If a previous version is specified, the task also needs to turn O(allow_downgrade) on.
- See the O(allow_downgrade) documentation for caveats with downgrading packages.
- - When using O(state=latest), this can be V('*') which means run C(yum -y update).
- - You can also pass a url or a local path to an rpm file (using O(state=present)).
- To operate on several packages this can accept a comma separated string of packages or (as of 2.0) a list of packages.
- aliases: [ pkg ]
- type: list
- elements: str
- default: []
- exclude:
- description:
- - Package name(s) to exclude when state=present, or latest
- type: list
- elements: str
- default: []
- version_added: "2.0"
- list:
- description:
- - "Package name to run the equivalent of C(yum list --show-duplicates <package>) against. In addition to listing packages,
- use can also list the following: V(installed), V(updates), V(available) and V(repos)."
- - This parameter is mutually exclusive with O(name).
- type: str
- state:
- description:
- - Whether to install (V(present) or V(installed), V(latest)), or remove (V(absent) or V(removed)) a package.
- - V(present) and V(installed) will simply ensure that a desired package is installed.
- - V(latest) will update the specified package if it's not of the latest available version.
- - V(absent) and V(removed) will remove the specified package.
- - Default is V(None), however in effect the default action is V(present) unless the O(autoremove) option is
- enabled for this module, then V(absent) is inferred.
- type: str
- choices: [ absent, installed, latest, present, removed ]
- enablerepo:
- description:
- - I(Repoid) of repositories to enable for the install/update operation.
- These repos will not persist beyond the transaction.
- When specifying multiple repos, separate them with a C(",").
- - As of Ansible 2.7, this can alternatively be a list instead of C(",")
- separated string
- type: list
- elements: str
- default: []
- version_added: "0.9"
- disablerepo:
- description:
- - I(Repoid) of repositories to disable for the install/update operation.
- These repos will not persist beyond the transaction.
- When specifying multiple repos, separate them with a C(",").
- - As of Ansible 2.7, this can alternatively be a list instead of C(",")
- separated string
- type: list
- elements: str
- default: []
- version_added: "0.9"
- conf_file:
- description:
- - The remote yum configuration file to use for the transaction.
- type: str
- version_added: "0.6"
- disable_gpg_check:
- description:
- - Whether to disable the GPG checking of signatures of packages being
- installed. Has an effect only if O(state) is V(present) or V(latest).
- type: bool
- default: "no"
- version_added: "1.2"
- skip_broken:
- description:
- - Skip all unavailable packages or packages with broken dependencies
- without raising an error. Equivalent to passing the --skip-broken option.
- type: bool
- default: "no"
- version_added: "2.3"
- update_cache:
- description:
- - Force yum to check if cache is out of date and redownload if needed.
- Has an effect only if O(state) is V(present) or V(latest).
- type: bool
- default: "no"
- aliases: [ expire-cache ]
- version_added: "1.9"
- validate_certs:
- description:
- - This only applies if using a https url as the source of the rpm. e.g. for localinstall. If set to V(false), the SSL certificates will not be validated.
- - This should only set to V(false) used on personally controlled sites using self-signed certificates as it avoids verifying the source site.
- - Prior to 2.1 the code worked as if this was set to V(true).
- type: bool
- default: "yes"
- version_added: "2.1"
- sslverify:
- description:
- - Disables SSL validation of the repository server for this transaction.
- - This should be set to V(false) if one of the configured repositories is using an untrusted or self-signed certificate.
- type: bool
- default: "yes"
- version_added: "2.13"
- update_only:
- description:
- - When using latest, only update installed packages. Do not install packages.
- - Has an effect only if O(state) is V(latest)
- default: "no"
- type: bool
- version_added: "2.5"
-
- installroot:
- description:
- - Specifies an alternative installroot, relative to which all packages
- will be installed.
- default: "/"
- type: str
- version_added: "2.3"
- security:
- description:
- - If set to V(true), and O(state=latest) then only installs updates that have been marked security related.
- type: bool
- default: "no"
- version_added: "2.4"
- bugfix:
- description:
- - If set to V(true), and O(state=latest) then only installs updates that have been marked bugfix related.
- default: "no"
- type: bool
- version_added: "2.6"
- allow_downgrade:
- description:
- - Specify if the named package and version is allowed to downgrade
- a maybe already installed higher version of that package.
- Note that setting allow_downgrade=True can make this module
- behave in a non-idempotent way. The task could end up with a set
- of packages that does not match the complete list of specified
- packages to install (because dependencies between the downgraded
- package and others can cause changes to the packages which were
- in the earlier transaction).
- type: bool
- default: "no"
- version_added: "2.4"
- enable_plugin:
- description:
- - I(Plugin) name to enable for the install/update operation.
- The enabled plugin will not persist beyond the transaction.
- type: list
- elements: str
- default: []
- version_added: "2.5"
- disable_plugin:
- description:
- - I(Plugin) name to disable for the install/update operation.
- The disabled plugins will not persist beyond the transaction.
- type: list
- elements: str
- default: []
- version_added: "2.5"
- releasever:
- description:
- - Specifies an alternative release from which all packages will be
- installed.
- type: str
- version_added: "2.7"
- autoremove:
- description:
- - If V(true), removes all "leaf" packages from the system that were originally
- installed as dependencies of user-installed packages but which are no longer
- required by any such package. Should be used alone or when O(state) is V(absent)
- - "NOTE: This feature requires yum >= 3.4.3 (RHEL/CentOS 7+)"
- type: bool
- default: "no"
- version_added: "2.7"
- disable_excludes:
- description:
- - Disable the excludes defined in YUM config files.
- - If set to V(all), disables all excludes.
- - If set to V(main), disable excludes defined in [main] in yum.conf.
- - If set to V(repoid), disable excludes defined for given repo id.
- type: str
- version_added: "2.7"
- download_only:
- description:
- - Only download the packages, do not install them.
- default: "no"
- type: bool
- version_added: "2.7"
- lock_timeout:
- description:
- - Amount of time to wait for the yum lockfile to be freed.
- required: false
- default: 30
- type: int
- version_added: "2.8"
- install_weak_deps:
- description:
- - Will also install all packages linked by a weak dependency relation.
- - "NOTE: This feature requires yum >= 4 (RHEL/CentOS 8+)"
- type: bool
- default: "yes"
- version_added: "2.8"
- download_dir:
- description:
- - Specifies an alternate directory to store packages.
- - Has an effect only if O(download_only) is specified.
- type: str
- version_added: "2.8"
- install_repoquery:
- description:
- - If repoquery is not available, install yum-utils. If the system is
- registered to RHN or an RHN Satellite, repoquery allows for querying
- all channels assigned to the system. It is also required to use the
- 'list' parameter.
- - "NOTE: This will run and be logged as a separate yum transation which
- takes place before any other installation or removal."
- - "NOTE: This will use the system's default enabled repositories without
- regard for disablerepo/enablerepo given to the module."
- required: false
- version_added: "1.5"
- default: "yes"
- type: bool
- cacheonly:
- description:
- - Tells yum to run entirely from system cache; does not download or update metadata.
- default: "no"
- type: bool
- version_added: "2.12"
-extends_documentation_fragment:
-- action_common_attributes
-- action_common_attributes.flow
-attributes:
- action:
- details: In the case of yum, it has 2 action plugins that use it under the hood, M(ansible.builtin.yum) and M(ansible.builtin.package).
- support: partial
- async:
- support: none
- bypass_host_loop:
- support: none
- check_mode:
- support: full
- diff_mode:
- support: full
- platform:
- platforms: rhel
-notes:
- - When used with a C(loop:) each package will be processed individually,
- it is much more efficient to pass the list directly to the O(name) option.
- - In versions prior to 1.9.2 this module installed and removed each package
- given to the yum module separately. This caused problems when packages
- specified by filename or url had to be installed or removed together. In
- 1.9.2 this was fixed so that packages are installed in one yum
- transaction. However, if one of the packages adds a new yum repository
- that the other packages come from (such as epel-release) then that package
- needs to be installed in a separate task. This mimics yum's command line
- behaviour.
- - 'Yum itself has two types of groups. "Package groups" are specified in the
- rpm itself while "environment groups" are specified in a separate file
- (usually by the distribution). Unfortunately, this division becomes
- apparent to ansible users because ansible needs to operate on the group
- of packages in a single transaction and yum requires groups to be specified
- in different ways when used in that way. Package groups are specified as
- "@development-tools" and environment groups are "@^gnome-desktop-environment".
- Use the "yum group list hidden ids" command to see which category of group the group
- you want to install falls into.'
- - 'The yum module does not support clearing yum cache in an idempotent way, so it
- was decided not to implement it, the only method is to use command and call the yum
- command directly, namely "command: yum clean all"
- https://github.com/ansible/ansible/pull/31450#issuecomment-352889579'
-# informational: requirements for nodes
-requirements:
-- yum
-author:
- - Ansible Core Team
- - Seth Vidal (@skvidal)
- - Eduard Snesarev (@verm666)
- - Berend De Schouwer (@berenddeschouwer)
- - Abhijeet Kasurde (@Akasurde)
- - Adam Miller (@maxamillion)
-'''
-
-EXAMPLES = '''
-- name: Install the latest version of Apache
- ansible.builtin.yum:
- name: httpd
- state: latest
-
-- name: Install Apache >= 2.4
- ansible.builtin.yum:
- name: httpd>=2.4
- state: present
-
-- name: Install a list of packages (suitable replacement for 2.11 loop deprecation warning)
- ansible.builtin.yum:
- name:
- - nginx
- - postgresql
- - postgresql-server
- state: present
-
-- name: Install a list of packages with a list variable
- ansible.builtin.yum:
- name: "{{ packages }}"
- vars:
- packages:
- - httpd
- - httpd-tools
-
-- name: Remove the Apache package
- ansible.builtin.yum:
- name: httpd
- state: absent
-
-- name: Install the latest version of Apache from the testing repo
- ansible.builtin.yum:
- name: httpd
- enablerepo: testing
- state: present
-
-- name: Install one specific version of Apache
- ansible.builtin.yum:
- name: httpd-2.2.29-1.4.amzn1
- state: present
-
-- name: Upgrade all packages
- ansible.builtin.yum:
- name: '*'
- state: latest
-
-- name: Upgrade all packages, excluding kernel & foo related packages
- ansible.builtin.yum:
- name: '*'
- state: latest
- exclude: kernel*,foo*
-
-- name: Install the nginx rpm from a remote repo
- ansible.builtin.yum:
- name: http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm
- state: present
-
-- name: Install nginx rpm from a local file
- ansible.builtin.yum:
- name: /usr/local/src/nginx-release-centos-6-0.el6.ngx.noarch.rpm
- state: present
-
-- name: Install the 'Development tools' package group
- ansible.builtin.yum:
- name: "@Development tools"
- state: present
-
-- name: Install the 'Gnome desktop' environment group
- ansible.builtin.yum:
- name: "@^gnome-desktop-environment"
- state: present
-
-- name: List ansible packages and register result to print with debug later
- ansible.builtin.yum:
- list: ansible
- register: result
-
-- name: Install package with multiple repos enabled
- ansible.builtin.yum:
- name: sos
- enablerepo: "epel,ol7_latest"
-
-- name: Install package with multiple repos disabled
- ansible.builtin.yum:
- name: sos
- disablerepo: "epel,ol7_latest"
-
-- name: Download the nginx package but do not install it
- ansible.builtin.yum:
- name:
- - nginx
- state: latest
- download_only: true
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.common.locale import get_best_parsable_locale
-from ansible.module_utils.common.respawn import has_respawned, respawn_module
-from ansible.module_utils.common.text.converters import to_native, to_text
-from ansible.module_utils.yumdnf import YumDnf, yumdnf_argument_spec
-
-import errno
-import os
-import re
-import sys
-import tempfile
-
-try:
- import rpm
- HAS_RPM_PYTHON = True
-except ImportError:
- HAS_RPM_PYTHON = False
-
-try:
- import yum
- HAS_YUM_PYTHON = True
-except ImportError:
- HAS_YUM_PYTHON = False
-
-try:
- from yum.misc import find_unfinished_transactions, find_ts_remaining
- from rpmUtils.miscutils import splitFilename, compareEVR
- transaction_helpers = True
-except ImportError:
- transaction_helpers = False
-
-from contextlib import contextmanager
-from ansible.module_utils.urls import fetch_file
-
-def_qf = "%{epoch}:%{name}-%{version}-%{release}.%{arch}"
-rpmbin = None
-
-
-class YumModule(YumDnf):
- """
- Yum Ansible module back-end implementation
- """
-
- def __init__(self, module):
-
- # state=installed name=pkgspec
- # state=removed name=pkgspec
- # state=latest name=pkgspec
- #
- # informational commands:
- # list=installed
- # list=updates
- # list=available
- # list=repos
- # list=pkgspec
-
- # This populates instance vars for all argument spec params
- super(YumModule, self).__init__(module)
-
- self.pkg_mgr_name = "yum"
- self.lockfile = '/var/run/yum.pid'
- self._yum_base = None
-
- def _enablerepos_with_error_checking(self):
- # NOTE: This seems unintuitive, but it mirrors yum's CLI behavior
- if len(self.enablerepo) == 1:
- try:
- self.yum_base.repos.enableRepo(self.enablerepo[0])
- except yum.Errors.YumBaseError as e:
- if u'repository not found' in to_text(e):
- self.module.fail_json(msg="Repository %s not found." % self.enablerepo[0])
- else:
- raise e
- else:
- for rid in self.enablerepo:
- try:
- self.yum_base.repos.enableRepo(rid)
- except yum.Errors.YumBaseError as e:
- if u'repository not found' in to_text(e):
- self.module.warn("Repository %s not found." % rid)
- else:
- raise e
-
- def is_lockfile_pid_valid(self):
- try:
- try:
- with open(self.lockfile, 'r') as f:
- oldpid = int(f.readline())
- except ValueError:
- # invalid data
- os.unlink(self.lockfile)
- return False
-
- if oldpid == os.getpid():
- # that's us?
- os.unlink(self.lockfile)
- return False
-
- try:
- with open("/proc/%d/stat" % oldpid, 'r') as f:
- stat = f.readline()
-
- if stat.split()[2] == 'Z':
- # Zombie
- os.unlink(self.lockfile)
- return False
- except IOError:
- # either /proc is not mounted or the process is already dead
- try:
- # check the state of the process
- os.kill(oldpid, 0)
- except OSError as e:
- if e.errno == errno.ESRCH:
- # No such process
- os.unlink(self.lockfile)
- return False
-
- self.module.fail_json(msg="Unable to check PID %s in %s: %s" % (oldpid, self.lockfile, to_native(e)))
- except (IOError, OSError) as e:
- # lockfile disappeared?
- return False
-
- # another copy seems to be running
- return True
-
- @property
- def yum_base(self):
- if self._yum_base:
- return self._yum_base
- else:
- # Only init once
- self._yum_base = yum.YumBase()
- self._yum_base.preconf.debuglevel = 0
- self._yum_base.preconf.errorlevel = 0
- self._yum_base.preconf.plugins = True
- self._yum_base.preconf.enabled_plugins = self.enable_plugin
- self._yum_base.preconf.disabled_plugins = self.disable_plugin
- if self.releasever:
- self._yum_base.preconf.releasever = self.releasever
- if self.installroot != '/':
- # do not setup installroot by default, because of error
- # CRITICAL:yum.cli:Config Error: Error accessing file for config file:////etc/yum.conf
- # in old yum version (like in CentOS 6.6)
- self._yum_base.preconf.root = self.installroot
- self._yum_base.conf.installroot = self.installroot
- if self.conf_file and os.path.exists(self.conf_file):
- self._yum_base.preconf.fn = self.conf_file
- if os.geteuid() != 0:
- if hasattr(self._yum_base, 'setCacheDir'):
- self._yum_base.setCacheDir()
- else:
- cachedir = yum.misc.getCacheDir()
- self._yum_base.repos.setCacheDir(cachedir)
- self._yum_base.conf.cache = 0
- if self.disable_excludes:
- self._yum_base.conf.disable_excludes = self.disable_excludes
-
- # setting conf.sslverify allows retrieving the repo's metadata
- # without validating the certificate, but that does not allow
- # package installation from a bad-ssl repo.
- self._yum_base.conf.sslverify = self.sslverify
-
- # A sideeffect of accessing conf is that the configuration is
- # loaded and plugins are discovered
- self.yum_base.conf # pylint: disable=pointless-statement
-
- try:
- for rid in self.disablerepo:
- self.yum_base.repos.disableRepo(rid)
-
- self._enablerepos_with_error_checking()
-
- except Exception as e:
- self.module.fail_json(msg="Failure talking to yum: %s" % to_native(e))
-
- return self._yum_base
-
- def po_to_envra(self, po):
- if hasattr(po, 'ui_envra'):
- return po.ui_envra
-
- return '%s:%s-%s-%s.%s' % (po.epoch, po.name, po.version, po.release, po.arch)
-
- def is_group_env_installed(self, name):
- name_lower = name.lower()
-
- if yum.__version_info__ >= (3, 4):
- groups_list = self.yum_base.doGroupLists(return_evgrps=True)
- else:
- groups_list = self.yum_base.doGroupLists()
-
- # list of the installed groups on the first index
- groups = groups_list[0]
- for group in groups:
- if name_lower.endswith(group.name.lower()) or name_lower.endswith(group.groupid.lower()):
- return True
-
- if yum.__version_info__ >= (3, 4):
- # list of the installed env_groups on the third index
- envs = groups_list[2]
- for env in envs:
- if name_lower.endswith(env.name.lower()) or name_lower.endswith(env.environmentid.lower()):
- return True
-
- return False
-
- def is_installed(self, repoq, pkgspec, qf=None, is_pkg=False):
- if qf is None:
- qf = "%{epoch}:%{name}-%{version}-%{release}.%{arch}\n"
-
- if not repoq:
- pkgs = []
- try:
- e, m, dummy = self.yum_base.rpmdb.matchPackageNames([pkgspec])
- pkgs = e + m
- if not pkgs and not is_pkg:
- pkgs.extend(self.yum_base.returnInstalledPackagesByDep(pkgspec))
- except Exception as e:
- self.module.fail_json(msg="Failure talking to yum: %s" % to_native(e))
-
- return [self.po_to_envra(p) for p in pkgs]
-
- else:
- global rpmbin
- if not rpmbin:
- rpmbin = self.module.get_bin_path('rpm', required=True)
-
- cmd = [rpmbin, '-q', '--qf', qf, pkgspec]
- if '*' in pkgspec:
- cmd.append('-a')
- if self.installroot != '/':
- cmd.extend(['--root', self.installroot])
- # rpm localizes messages and we're screen scraping so make sure we use
- # an appropriate locale
- locale = get_best_parsable_locale(self.module)
- lang_env = dict(LANG=locale, LC_ALL=locale, LC_MESSAGES=locale)
- rc, out, err = self.module.run_command(cmd, environ_update=lang_env)
- if rc != 0 and 'is not installed' not in out:
- self.module.fail_json(msg='Error from rpm: %s: %s' % (cmd, err))
- if 'is not installed' in out:
- out = ''
-
- pkgs = [p for p in out.replace('(none)', '0').split('\n') if p.strip()]
- if not pkgs and not is_pkg:
- cmd = [rpmbin, '-q', '--qf', qf, '--whatprovides', pkgspec]
- if self.installroot != '/':
- cmd.extend(['--root', self.installroot])
- rc2, out2, err2 = self.module.run_command(cmd, environ_update=lang_env)
- else:
- rc2, out2, err2 = (0, '', '')
-
- if rc2 != 0 and 'no package provides' not in out2:
- self.module.fail_json(msg='Error from rpm: %s: %s' % (cmd, err + err2))
- if 'no package provides' in out2:
- out2 = ''
- pkgs += [p for p in out2.replace('(none)', '0').split('\n') if p.strip()]
- return pkgs
-
- return []
-
- def is_available(self, repoq, pkgspec, qf=def_qf):
- if not repoq:
-
- pkgs = []
- try:
- e, m, dummy = self.yum_base.pkgSack.matchPackageNames([pkgspec])
- pkgs = e + m
- if not pkgs:
- pkgs.extend(self.yum_base.returnPackagesByDep(pkgspec))
- except Exception as e:
- self.module.fail_json(msg="Failure talking to yum: %s" % to_native(e))
-
- return [self.po_to_envra(p) for p in pkgs]
-
- else:
- myrepoq = list(repoq)
-
- r_cmd = ['--disablerepo', ','.join(self.disablerepo)]
- myrepoq.extend(r_cmd)
-
- r_cmd = ['--enablerepo', ','.join(self.enablerepo)]
- myrepoq.extend(r_cmd)
-
- if self.releasever:
- myrepoq.extend('--releasever=%s' % self.releasever)
-
- cmd = myrepoq + ["--qf", qf, pkgspec]
- rc, out, err = self.module.run_command(cmd)
- if rc == 0:
- return [p for p in out.split('\n') if p.strip()]
- else:
- self.module.fail_json(msg='Error from repoquery: %s: %s' % (cmd, err))
-
- return []
-
- def is_update(self, repoq, pkgspec, qf=def_qf):
- if not repoq:
-
- pkgs = []
- updates = []
-
- try:
- pkgs = self.yum_base.returnPackagesByDep(pkgspec) + \
- self.yum_base.returnInstalledPackagesByDep(pkgspec)
- if not pkgs:
- e, m, dummy = self.yum_base.pkgSack.matchPackageNames([pkgspec])
- pkgs = e + m
- updates = self.yum_base.doPackageLists(pkgnarrow='updates').updates
- except Exception as e:
- self.module.fail_json(msg="Failure talking to yum: %s" % to_native(e))
-
- retpkgs = (pkg for pkg in pkgs if pkg in updates)
-
- return set(self.po_to_envra(p) for p in retpkgs)
-
- else:
- myrepoq = list(repoq)
- r_cmd = ['--disablerepo', ','.join(self.disablerepo)]
- myrepoq.extend(r_cmd)
-
- r_cmd = ['--enablerepo', ','.join(self.enablerepo)]
- myrepoq.extend(r_cmd)
-
- if self.releasever:
- myrepoq.extend('--releasever=%s' % self.releasever)
-
- cmd = myrepoq + ["--pkgnarrow=updates", "--qf", qf, pkgspec]
- rc, out, err = self.module.run_command(cmd)
-
- if rc == 0:
- return set(p for p in out.split('\n') if p.strip())
- else:
- self.module.fail_json(msg='Error from repoquery: %s: %s' % (cmd, err))
-
- return set()
-
- def what_provides(self, repoq, req_spec, qf=def_qf):
- if not repoq:
-
- pkgs = []
- try:
- try:
- pkgs = self.yum_base.returnPackagesByDep(req_spec) + \
- self.yum_base.returnInstalledPackagesByDep(req_spec)
- except Exception as e:
- # If a repo with `repo_gpgcheck=1` is added and the repo GPG
- # key was never accepted, querying this repo will throw an
- # error: 'repomd.xml signature could not be verified'. In that
- # situation we need to run `yum -y makecache fast` which will accept
- # the key and try again.
- if 'repomd.xml signature could not be verified' in to_native(e):
- if self.releasever:
- self.module.run_command(self.yum_basecmd + ['makecache', 'fast', '--releasever=%s' % self.releasever])
- else:
- self.module.run_command(self.yum_basecmd + ['makecache', 'fast'])
- pkgs = self.yum_base.returnPackagesByDep(req_spec) + \
- self.yum_base.returnInstalledPackagesByDep(req_spec)
- else:
- raise
- if not pkgs:
- exact_matches, glob_matches = self.yum_base.pkgSack.matchPackageNames([req_spec])[0:2]
- pkgs.extend(exact_matches)
- pkgs.extend(glob_matches)
- exact_matches, glob_matches = self.yum_base.rpmdb.matchPackageNames([req_spec])[0:2]
- pkgs.extend(exact_matches)
- pkgs.extend(glob_matches)
- except Exception as e:
- self.module.fail_json(msg="Failure talking to yum: %s" % to_native(e))
-
- return set(self.po_to_envra(p) for p in pkgs)
-
- else:
- myrepoq = list(repoq)
- r_cmd = ['--disablerepo', ','.join(self.disablerepo)]
- myrepoq.extend(r_cmd)
-
- r_cmd = ['--enablerepo', ','.join(self.enablerepo)]
- myrepoq.extend(r_cmd)
-
- if self.releasever:
- myrepoq.extend('--releasever=%s' % self.releasever)
-
- cmd = myrepoq + ["--qf", qf, "--whatprovides", req_spec]
- rc, out, err = self.module.run_command(cmd)
- cmd = myrepoq + ["--qf", qf, req_spec]
- rc2, out2, err2 = self.module.run_command(cmd)
- if rc == 0 and rc2 == 0:
- out += out2
- pkgs = {p for p in out.split('\n') if p.strip()}
- if not pkgs:
- pkgs = self.is_installed(repoq, req_spec, qf=qf)
- return pkgs
- else:
- self.module.fail_json(msg='Error from repoquery: %s: %s' % (cmd, err + err2))
-
- return set()
-
- def transaction_exists(self, pkglist):
- """
- checks the package list to see if any packages are
- involved in an incomplete transaction
- """
-
- conflicts = []
- if not transaction_helpers:
- return conflicts
-
- # first, we create a list of the package 'nvreas'
- # so we can compare the pieces later more easily
- pkglist_nvreas = (splitFilename(pkg) for pkg in pkglist)
-
- # next, we build the list of packages that are
- # contained within an unfinished transaction
- unfinished_transactions = find_unfinished_transactions()
- for trans in unfinished_transactions:
- steps = find_ts_remaining(trans)
- for step in steps:
- # the action is install/erase/etc., but we only
- # care about the package spec contained in the step
- (action, step_spec) = step
- (n, v, r, e, a) = splitFilename(step_spec)
- # and see if that spec is in the list of packages
- # requested for installation/updating
- for pkg in pkglist_nvreas:
- # if the name and arch match, we're going to assume
- # this package is part of a pending transaction
- # the label is just for display purposes
- label = "%s-%s" % (n, a)
- if n == pkg[0] and a == pkg[4]:
- if label not in conflicts:
- conflicts.append("%s-%s" % (n, a))
- break
- return conflicts
-
- def local_envra(self, path):
- """return envra of a local rpm passed in"""
-
- ts = rpm.TransactionSet()
- ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
- fd = os.open(path, os.O_RDONLY)
- try:
- header = ts.hdrFromFdno(fd)
- except rpm.error as e:
- return None
- finally:
- os.close(fd)
-
- return '%s:%s-%s-%s.%s' % (
- header[rpm.RPMTAG_EPOCH] or '0',
- header[rpm.RPMTAG_NAME],
- header[rpm.RPMTAG_VERSION],
- header[rpm.RPMTAG_RELEASE],
- header[rpm.RPMTAG_ARCH]
- )
-
- @contextmanager
- def set_env_proxy(self):
- # setting system proxy environment and saving old, if exists
- namepass = ""
- scheme = ["http", "https"]
- old_proxy_env = [os.getenv("http_proxy"), os.getenv("https_proxy")]
- try:
- # "_none_" is a special value to disable proxy in yum.conf/*.repo
- if self.yum_base.conf.proxy and self.yum_base.conf.proxy not in ("_none_",):
- if self.yum_base.conf.proxy_username:
- namepass = namepass + self.yum_base.conf.proxy_username
- proxy_url = self.yum_base.conf.proxy
- if self.yum_base.conf.proxy_password:
- namepass = namepass + ":" + self.yum_base.conf.proxy_password
- elif '@' in self.yum_base.conf.proxy:
- namepass = self.yum_base.conf.proxy.split('@')[0].split('//')[-1]
- proxy_url = self.yum_base.conf.proxy.replace("{0}@".format(namepass), "")
-
- if namepass:
- namepass = namepass + '@'
- for item in scheme:
- os.environ[item + "_proxy"] = re.sub(
- r"(http://)",
- r"\g<1>" + namepass, proxy_url
- )
- else:
- for item in scheme:
- os.environ[item + "_proxy"] = self.yum_base.conf.proxy
- yield
- except yum.Errors.YumBaseError:
- raise
- finally:
- # revert back to previously system configuration
- for item in scheme:
- if os.getenv("{0}_proxy".format(item)):
- del os.environ["{0}_proxy".format(item)]
- if old_proxy_env[0]:
- os.environ["http_proxy"] = old_proxy_env[0]
- if old_proxy_env[1]:
- os.environ["https_proxy"] = old_proxy_env[1]
-
- def pkg_to_dict(self, pkgstr):
- if pkgstr.strip() and pkgstr.count('|') == 5:
- n, e, v, r, a, repo = pkgstr.split('|')
- else:
- return {'error_parsing': pkgstr}
-
- d = {
- 'name': n,
- 'arch': a,
- 'epoch': e,
- 'release': r,
- 'version': v,
- 'repo': repo,
- 'envra': '%s:%s-%s-%s.%s' % (e, n, v, r, a)
- }
-
- if repo == 'installed':
- d['yumstate'] = 'installed'
- else:
- d['yumstate'] = 'available'
-
- return d
-
- def repolist(self, repoq, qf="%{repoid}"):
- cmd = repoq + ["--qf", qf, "-a"]
- if self.releasever:
- cmd.extend(['--releasever=%s' % self.releasever])
- rc, out, err = self.module.run_command(cmd)
- if rc == 0:
- return set(p for p in out.split('\n') if p.strip())
- else:
- return []
-
- def list_stuff(self, repoquerybin, stuff):
-
- qf = "%{name}|%{epoch}|%{version}|%{release}|%{arch}|%{repoid}"
- # is_installed goes through rpm instead of repoquery so it needs a slightly different format
- is_installed_qf = "%{name}|%{epoch}|%{version}|%{release}|%{arch}|installed\n"
- repoq = [repoquerybin, '--show-duplicates', '--plugins', '--quiet']
- if self.disablerepo:
- repoq.extend(['--disablerepo', ','.join(self.disablerepo)])
- if self.enablerepo:
- repoq.extend(['--enablerepo', ','.join(self.enablerepo)])
- if self.installroot != '/':
- repoq.extend(['--installroot', self.installroot])
- if self.conf_file and os.path.exists(self.conf_file):
- repoq += ['-c', self.conf_file]
-
- if stuff == 'installed':
- return [self.pkg_to_dict(p) for p in sorted(self.is_installed(repoq, '-a', qf=is_installed_qf)) if p.strip()]
-
- if stuff == 'updates':
- return [self.pkg_to_dict(p) for p in sorted(self.is_update(repoq, '-a', qf=qf)) if p.strip()]
-
- if stuff == 'available':
- return [self.pkg_to_dict(p) for p in sorted(self.is_available(repoq, '-a', qf=qf)) if p.strip()]
-
- if stuff == 'repos':
- return [dict(repoid=name, state='enabled') for name in sorted(self.repolist(repoq)) if name.strip()]
-
- return [
- self.pkg_to_dict(p) for p in
- sorted(self.is_installed(repoq, stuff, qf=is_installed_qf) + self.is_available(repoq, stuff, qf=qf))
- if p.strip()
- ]
-
- def exec_install(self, items, action, pkgs, res):
- cmd = self.yum_basecmd + [action] + pkgs
- if self.releasever:
- cmd.extend(['--releasever=%s' % self.releasever])
-
- # setting sslverify using --setopt is required as conf.sslverify only
- # affects the metadata retrieval.
- if not self.sslverify:
- cmd.extend(['--setopt', 'sslverify=0'])
-
- if self.module.check_mode:
- self.module.exit_json(changed=True, results=res['results'], changes=dict(installed=pkgs))
- else:
- res['changes'] = dict(installed=pkgs)
-
- locale = get_best_parsable_locale(self.module)
- lang_env = dict(LANG=locale, LC_ALL=locale, LC_MESSAGES=locale)
- rc, out, err = self.module.run_command(cmd, environ_update=lang_env)
-
- if rc == 1:
- for spec in items:
- # Fail on invalid urls:
- if ('://' in spec and ('No package %s available.' % spec in out or 'Cannot open: %s. Skipping.' % spec in err)):
- err = 'Package at %s could not be installed' % spec
- self.module.fail_json(changed=False, msg=err, rc=rc)
-
- res['rc'] = rc
- res['results'].append(out)
- res['msg'] += err
- res['changed'] = True
-
- if ('Nothing to do' in out and rc == 0) or ('does not have any packages' in err):
- res['changed'] = False
-
- if rc != 0:
- res['changed'] = False
- self.module.fail_json(**res)
-
- # Fail if yum prints 'No space left on device' because that means some
- # packages failed executing their post install scripts because of lack of
- # free space (e.g. kernel package couldn't generate initramfs). Note that
- # yum can still exit with rc=0 even if some post scripts didn't execute
- # correctly.
- if 'No space left on device' in (out or err):
- res['changed'] = False
- res['msg'] = 'No space left on device'
- self.module.fail_json(**res)
-
- # FIXME - if we did an install - go and check the rpmdb to see if it actually installed
- # look for each pkg in rpmdb
- # look for each pkg via obsoletes
-
- return res
-
- def install(self, items, repoq):
-
- pkgs = []
- downgrade_pkgs = []
- res = {}
- res['results'] = []
- res['msg'] = ''
- res['rc'] = 0
- res['changed'] = False
-
- for spec in items:
- pkg = None
- downgrade_candidate = False
-
- # check if pkgspec is installed (if possible for idempotence)
- if spec.endswith('.rpm') or '://' in spec:
- if '://' not in spec and not os.path.exists(spec):
- res['msg'] += "No RPM file matching '%s' found on system" % spec
- res['results'].append("No RPM file matching '%s' found on system" % spec)
- res['rc'] = 127 # Ensure the task fails in with-loop
- self.module.fail_json(**res)
-
- if '://' in spec:
- with self.set_env_proxy():
- package = fetch_file(self.module, spec)
- if not package.endswith('.rpm'):
- # yum requires a local file to have the extension of .rpm and we
- # can not guarantee that from an URL (redirects, proxies, etc)
- new_package_path = '%s.rpm' % package
- os.rename(package, new_package_path)
- package = new_package_path
- else:
- package = spec
-
- # most common case is the pkg is already installed
- envra = self.local_envra(package)
- if envra is None:
- self.module.fail_json(msg="Failed to get envra information from RPM package: %s" % spec)
- installed_pkgs = self.is_installed(repoq, envra)
- if installed_pkgs:
- res['results'].append('%s providing %s is already installed' % (installed_pkgs[0], package))
- continue
-
- (name, ver, rel, epoch, arch) = splitFilename(envra)
- installed_pkgs = self.is_installed(repoq, name)
-
- # case for two same envr but different archs like x86_64 and i686
- if len(installed_pkgs) == 2:
- (cur_name0, cur_ver0, cur_rel0, cur_epoch0, cur_arch0) = splitFilename(installed_pkgs[0])
- (cur_name1, cur_ver1, cur_rel1, cur_epoch1, cur_arch1) = splitFilename(installed_pkgs[1])
- cur_epoch0 = cur_epoch0 or '0'
- cur_epoch1 = cur_epoch1 or '0'
- compare = compareEVR((cur_epoch0, cur_ver0, cur_rel0), (cur_epoch1, cur_ver1, cur_rel1))
- if compare == 0 and cur_arch0 != cur_arch1:
- for installed_pkg in installed_pkgs:
- if installed_pkg.endswith(arch):
- installed_pkgs = [installed_pkg]
-
- if len(installed_pkgs) == 1:
- installed_pkg = installed_pkgs[0]
- (cur_name, cur_ver, cur_rel, cur_epoch, cur_arch) = splitFilename(installed_pkg)
- cur_epoch = cur_epoch or '0'
- compare = compareEVR((cur_epoch, cur_ver, cur_rel), (epoch, ver, rel))
-
- # compare > 0 -> higher version is installed
- # compare == 0 -> exact version is installed
- # compare < 0 -> lower version is installed
- if compare > 0 and self.allow_downgrade:
- downgrade_candidate = True
- elif compare >= 0:
- continue
-
- # else: if there are more installed packages with the same name, that would mean
- # kernel, gpg-pubkey or like, so just let yum deal with it and try to install it
-
- pkg = package
-
- # groups
- elif spec.startswith('@'):
- if self.is_group_env_installed(spec):
- continue
-
- pkg = spec
-
- # range requires or file-requires or pkgname :(
- else:
- # most common case is the pkg is already installed and done
- # short circuit all the bs - and search for it as a pkg in is_installed
- # if you find it then we're done
- if not set(['*', '?']).intersection(set(spec)):
- installed_pkgs = self.is_installed(repoq, spec, is_pkg=True)
- if installed_pkgs:
- res['results'].append('%s providing %s is already installed' % (installed_pkgs[0], spec))
- continue
-
- # look up what pkgs provide this
- pkglist = self.what_provides(repoq, spec)
- if not pkglist:
- res['msg'] += "No package matching '%s' found available, installed or updated" % spec
- res['results'].append("No package matching '%s' found available, installed or updated" % spec)
- res['rc'] = 126 # Ensure the task fails in with-loop
- self.module.fail_json(**res)
-
- # if any of the packages are involved in a transaction, fail now
- # so that we don't hang on the yum operation later
- conflicts = self.transaction_exists(pkglist)
- if conflicts:
- res['msg'] += "The following packages have pending transactions: %s" % ", ".join(conflicts)
- res['rc'] = 125 # Ensure the task fails in with-loop
- self.module.fail_json(**res)
-
- # if any of them are installed
- # then nothing to do
-
- found = False
- for this in pkglist:
- if self.is_installed(repoq, this, is_pkg=True):
- found = True
- res['results'].append('%s providing %s is already installed' % (this, spec))
- break
-
- # if the version of the pkg you have installed is not in ANY repo, but there are
- # other versions in the repos (both higher and lower) then the previous checks won't work.
- # so we check one more time. This really only works for pkgname - not for file provides or virt provides
- # but virt provides should be all caught in what_provides on its own.
- # highly irritating
- if not found:
- if self.is_installed(repoq, spec):
- found = True
- res['results'].append('package providing %s is already installed' % (spec))
-
- if found:
- continue
-
- # Downgrade - The yum install command will only install or upgrade to a spec version, it will
- # not install an older version of an RPM even if specified by the install spec. So we need to
- # determine if this is a downgrade, and then use the yum downgrade command to install the RPM.
- if self.allow_downgrade:
- for package in pkglist:
- # Get the NEVRA of the requested package using pkglist instead of spec because pkglist
- # contains consistently-formatted package names returned by yum, rather than user input
- # that is often not parsed correctly by splitFilename().
- (name, ver, rel, epoch, arch) = splitFilename(package)
-
- # Check if any version of the requested package is installed
- inst_pkgs = self.is_installed(repoq, name, is_pkg=True)
- if inst_pkgs:
- (cur_name, cur_ver, cur_rel, cur_epoch, cur_arch) = splitFilename(inst_pkgs[0])
- compare = compareEVR((cur_epoch, cur_ver, cur_rel), (epoch, ver, rel))
- if compare > 0:
- downgrade_candidate = True
- else:
- downgrade_candidate = False
- break
-
- # If package needs to be installed/upgraded/downgraded, then pass in the spec
- # we could get here if nothing provides it but that's not
- # the error we're catching here
- pkg = spec
-
- if downgrade_candidate and self.allow_downgrade:
- downgrade_pkgs.append(pkg)
- else:
- pkgs.append(pkg)
-
- if downgrade_pkgs:
- res = self.exec_install(items, 'downgrade', downgrade_pkgs, res)
-
- if pkgs:
- res = self.exec_install(items, 'install', pkgs, res)
-
- return res
-
- def remove(self, items, repoq):
-
- pkgs = []
- res = {}
- res['results'] = []
- res['msg'] = ''
- res['changed'] = False
- res['rc'] = 0
-
- for pkg in items:
- if pkg.startswith('@'):
- installed = self.is_group_env_installed(pkg)
- else:
- installed = self.is_installed(repoq, pkg)
-
- if installed:
- pkgs.append(pkg)
- else:
- res['results'].append('%s is not installed' % pkg)
-
- if pkgs:
- if self.module.check_mode:
- self.module.exit_json(changed=True, results=res['results'], changes=dict(removed=pkgs))
- else:
- res['changes'] = dict(removed=pkgs)
-
- # run an actual yum transaction
- if self.autoremove:
- cmd = self.yum_basecmd + ["autoremove"] + pkgs
- else:
- cmd = self.yum_basecmd + ["remove"] + pkgs
- rc, out, err = self.module.run_command(cmd)
-
- res['rc'] = rc
- res['results'].append(out)
- res['msg'] = err
-
- if rc != 0:
- if self.autoremove and 'No such command' in out:
- self.module.fail_json(msg='Version of YUM too old for autoremove: Requires yum 3.4.3 (RHEL/CentOS 7+)')
- else:
- self.module.fail_json(**res)
-
- # compile the results into one batch. If anything is changed
- # then mark changed
- # at the end - if we've end up failed then fail out of the rest
- # of the process
-
- # at this point we check to see if the pkg is no longer present
- self._yum_base = None # previous YumBase package index is now invalid
- for pkg in pkgs:
- if pkg.startswith('@'):
- installed = self.is_group_env_installed(pkg)
- else:
- installed = self.is_installed(repoq, pkg, is_pkg=True)
-
- if installed:
- # Return a message so it's obvious to the user why yum failed
- # and which package couldn't be removed. More details:
- # https://github.com/ansible/ansible/issues/35672
- res['msg'] = "Package '%s' couldn't be removed!" % pkg
- self.module.fail_json(**res)
-
- res['changed'] = True
-
- return res
-
- def run_check_update(self):
- # run check-update to see if we have packages pending
- if self.releasever:
- rc, out, err = self.module.run_command(self.yum_basecmd + ['check-update'] + ['--releasever=%s' % self.releasever])
- else:
- rc, out, err = self.module.run_command(self.yum_basecmd + ['check-update'])
- return rc, out, err
-
- @staticmethod
- def parse_check_update(check_update_output):
- # preprocess string and filter out empty lines so the regex below works
- out = '\n'.join((l for l in check_update_output.splitlines() if l))
-
- # Remove incorrect new lines in longer columns in output from yum check-update
- # yum line wrapping can move the repo to the next line:
- # some_looooooooooooooooooooooooooooooooooooong_package_name 1:1.2.3-1.el7
- # some-repo-label
- out = re.sub(r'\n\W+(.*)', r' \1', out)
-
- updates = {}
- obsoletes = {}
- for line in out.split('\n'):
- line = line.split()
- # Ignore irrelevant lines:
- # - '*' in line matches lines like mirror lists: "* base: mirror.corbina.net"
- # - len(line) != 3 or 6 could be strings like:
- # "This system is not registered with an entitlement server..."
- # - len(line) = 6 is package obsoletes
- # - checking for '.' in line[0] (package name) likely ensures that it is of format:
- # "package_name.arch" (coreutils.x86_64)
- if '*' in line or len(line) not in [3, 6] or '.' not in line[0]:
- continue
-
- pkg, version, repo = line[0], line[1], line[2]
- name, dist = pkg.rsplit('.', 1)
-
- if name not in updates:
- updates[name] = []
-
- updates[name].append({'version': version, 'dist': dist, 'repo': repo})
-
- if len(line) == 6:
- obsolete_pkg, obsolete_version, obsolete_repo = line[3], line[4], line[5]
- obsolete_name, obsolete_dist = obsolete_pkg.rsplit('.', 1)
-
- if obsolete_name not in obsoletes:
- obsoletes[obsolete_name] = []
-
- obsoletes[obsolete_name].append({'version': obsolete_version, 'dist': obsolete_dist, 'repo': obsolete_repo})
-
- return updates, obsoletes
-
- def latest(self, items, repoq):
-
- res = {}
- res['results'] = []
- res['msg'] = ''
- res['changed'] = False
- res['rc'] = 0
- pkgs = {}
- pkgs['update'] = []
- pkgs['install'] = []
- updates = {}
- obsoletes = {}
- update_all = False
- cmd = self.yum_basecmd[:]
-
- # determine if we're doing an update all
- if '*' in items:
- update_all = True
-
- rc, out, err = self.run_check_update()
-
- if rc == 0 and update_all:
- res['results'].append('Nothing to do here, all packages are up to date')
- return res
- elif rc == 100:
- updates, obsoletes = self.parse_check_update(out)
- elif rc == 1:
- res['msg'] = err
- res['rc'] = rc
- self.module.fail_json(**res)
-
- if update_all:
- cmd.append('update')
- will_update = set(updates.keys())
- will_update_from_other_package = dict()
- else:
- will_update = set()
- will_update_from_other_package = dict()
- for spec in items:
- # some guess work involved with groups. update @<group> will install the group if missing
- if spec.startswith('@'):
- pkgs['update'].append(spec)
- will_update.add(spec)
- continue
-
- # check if pkgspec is installed (if possible for idempotence)
- # localpkg
- if spec.endswith('.rpm') and '://' not in spec:
- if not os.path.exists(spec):
- res['msg'] += "No RPM file matching '%s' found on system" % spec
- res['results'].append("No RPM file matching '%s' found on system" % spec)
- res['rc'] = 127 # Ensure the task fails in with-loop
- self.module.fail_json(**res)
-
- # get the pkg e:name-v-r.arch
- envra = self.local_envra(spec)
-
- if envra is None:
- self.module.fail_json(msg="Failed to get envra information from RPM package: %s" % spec)
-
- # local rpm files can't be updated
- if self.is_installed(repoq, envra):
- pkgs['update'].append(spec)
- else:
- pkgs['install'].append(spec)
- continue
-
- # URL
- if '://' in spec:
- # download package so that we can check if it's already installed
- with self.set_env_proxy():
- package = fetch_file(self.module, spec)
- envra = self.local_envra(package)
-
- if envra is None:
- self.module.fail_json(msg="Failed to get envra information from RPM package: %s" % spec)
-
- # local rpm files can't be updated
- if self.is_installed(repoq, envra):
- pkgs['update'].append(spec)
- else:
- pkgs['install'].append(spec)
- continue
-
- # dep/pkgname - find it
- if self.is_installed(repoq, spec):
- pkgs['update'].append(spec)
- else:
- pkgs['install'].append(spec)
- pkglist = self.what_provides(repoq, spec)
- # FIXME..? may not be desirable to throw an exception here if a single package is missing
- if not pkglist:
- res['msg'] += "No package matching '%s' found available, installed or updated" % spec
- res['results'].append("No package matching '%s' found available, installed or updated" % spec)
- res['rc'] = 126 # Ensure the task fails in with-loop
- self.module.fail_json(**res)
-
- nothing_to_do = True
- for pkg in pkglist:
- if spec in pkgs['install'] and self.is_available(repoq, pkg):
- nothing_to_do = False
- break
-
- # this contains the full NVR and spec could contain wildcards
- # or virtual provides (like "python-*" or "smtp-daemon") while
- # updates contains name only.
- (pkgname, ver, rel, epoch, arch) = splitFilename(pkg)
- if spec in pkgs['update'] and pkgname in updates:
- nothing_to_do = False
- will_update.add(spec)
- # Massage the updates list
- if spec != pkgname:
- # For reporting what packages would be updated more
- # succinctly
- will_update_from_other_package[spec] = pkgname
- break
-
- if not self.is_installed(repoq, spec) and self.update_only:
- res['results'].append("Packages providing %s not installed due to update_only specified" % spec)
- continue
- if nothing_to_do:
- res['results'].append("All packages providing %s are up to date" % spec)
- continue
-
- # if any of the packages are involved in a transaction, fail now
- # so that we don't hang on the yum operation later
- conflicts = self.transaction_exists(pkglist)
- if conflicts:
- res['msg'] += "The following packages have pending transactions: %s" % ", ".join(conflicts)
- res['results'].append("The following packages have pending transactions: %s" % ", ".join(conflicts))
- res['rc'] = 128 # Ensure the task fails in with-loop
- self.module.fail_json(**res)
-
- # check_mode output
- to_update = []
- for w in will_update:
- if w.startswith('@'):
- # yum groups
- to_update.append((w, None))
- elif w not in updates:
- # There are (at least, probably more) 2 ways we can get here:
- #
- # * A virtual provides (our user specifies "webserver", but
- # "httpd" is the key in 'updates').
- #
- # * A wildcard. emac* will get us here if there's a package
- # called 'emacs' in the pending updates list. 'updates' will
- # of course key on 'emacs' in that case.
-
- other_pkg = will_update_from_other_package[w]
-
- # We are guaranteed that: other_pkg in updates
- # ...based on the logic above. But we only want to show one
- # update in this case (given the wording of "at least") below.
- # As an example, consider a package installed twice:
- # foobar.x86_64, foobar.i686
- # We want to avoid having both:
- # ('foo*', 'because of (at least) foobar-1.x86_64 from repo')
- # ('foo*', 'because of (at least) foobar-1.i686 from repo')
- # We just pick the first one.
- #
- # TODO: This is something that might be nice to change, but it
- # would be a module UI change. But without it, we're
- # dropping potentially important information about what
- # was updated. Instead of (given_spec, random_matching_package)
- # it'd be nice if we appended (given_spec, [all_matching_packages])
- #
- # ... But then, we also drop information if multiple
- # different (distinct) packages match the given spec and
- # we should probably fix that too.
- pkg = updates[other_pkg][0]
- to_update.append(
- (
- w,
- 'because of (at least) %s-%s.%s from %s' % (
- other_pkg,
- pkg['version'],
- pkg['dist'],
- pkg['repo']
- )
- )
- )
- else:
- # Otherwise the spec is an exact match
- for pkg in updates[w]:
- to_update.append(
- (
- w,
- '%s.%s from %s' % (
- pkg['version'],
- pkg['dist'],
- pkg['repo']
- )
- )
- )
-
- if self.update_only:
- res['changes'] = dict(installed=[], updated=to_update)
- else:
- res['changes'] = dict(installed=pkgs['install'], updated=to_update)
-
- if obsoletes:
- res['obsoletes'] = obsoletes
-
- # return results before we actually execute stuff
- if self.module.check_mode:
- if will_update or pkgs['install']:
- res['changed'] = True
- return res
-
- if self.releasever:
- cmd.extend(['--releasever=%s' % self.releasever])
-
- # run commands
- if update_all:
- rc, out, err = self.module.run_command(cmd)
- res['changed'] = True
- elif self.update_only:
- if pkgs['update']:
- cmd += ['update'] + pkgs['update']
- locale = get_best_parsable_locale(self.module)
- lang_env = dict(LANG=locale, LC_ALL=locale, LC_MESSAGES=locale)
- rc, out, err = self.module.run_command(cmd, environ_update=lang_env)
- out_lower = out.strip().lower()
- if not out_lower.endswith("no packages marked for update") and \
- not out_lower.endswith("nothing to do"):
- res['changed'] = True
- else:
- rc, out, err = [0, '', '']
- elif pkgs['install'] or will_update and not self.update_only:
- cmd += ['install'] + pkgs['install'] + pkgs['update']
- locale = get_best_parsable_locale(self.module)
- lang_env = dict(LANG=locale, LC_ALL=locale, LC_MESSAGES=locale)
- rc, out, err = self.module.run_command(cmd, environ_update=lang_env)
- out_lower = out.strip().lower()
- if not out_lower.endswith("no packages marked for update") and \
- not out_lower.endswith("nothing to do"):
- res['changed'] = True
- else:
- rc, out, err = [0, '', '']
-
- res['rc'] = rc
- res['msg'] += err
- res['results'].append(out)
-
- if rc:
- res['failed'] = True
-
- return res
-
- def ensure(self, repoq):
- pkgs = self.names
-
- # autoremove was provided without `name`
- if not self.names and self.autoremove:
- pkgs = []
- self.state = 'absent'
-
- if self.conf_file and os.path.exists(self.conf_file):
- self.yum_basecmd += ['-c', self.conf_file]
-
- if repoq:
- repoq += ['-c', self.conf_file]
-
- if self.skip_broken:
- self.yum_basecmd.extend(['--skip-broken'])
-
- if self.disablerepo:
- self.yum_basecmd.extend(['--disablerepo=%s' % ','.join(self.disablerepo)])
-
- if self.enablerepo:
- self.yum_basecmd.extend(['--enablerepo=%s' % ','.join(self.enablerepo)])
-
- if self.enable_plugin:
- self.yum_basecmd.extend(['--enableplugin', ','.join(self.enable_plugin)])
-
- if self.disable_plugin:
- self.yum_basecmd.extend(['--disableplugin', ','.join(self.disable_plugin)])
-
- if self.exclude:
- e_cmd = ['--exclude=%s' % ','.join(self.exclude)]
- self.yum_basecmd.extend(e_cmd)
-
- if self.disable_excludes:
- self.yum_basecmd.extend(['--disableexcludes=%s' % self.disable_excludes])
-
- if self.cacheonly:
- self.yum_basecmd.extend(['--cacheonly'])
-
- if self.download_only:
- self.yum_basecmd.extend(['--downloadonly'])
-
- if self.download_dir:
- self.yum_basecmd.extend(['--downloaddir=%s' % self.download_dir])
-
- if self.releasever:
- self.yum_basecmd.extend(['--releasever=%s' % self.releasever])
-
- if self.installroot != '/':
- # do not setup installroot by default, because of error
- # CRITICAL:yum.cli:Config Error: Error accessing file for config file:////etc/yum.conf
- # in old yum version (like in CentOS 6.6)
- e_cmd = ['--installroot=%s' % self.installroot]
- self.yum_basecmd.extend(e_cmd)
-
- if self.state in ('installed', 'present', 'latest'):
- # The need of this entire if conditional has to be changed
- # this function is the ensure function that is called
- # in the main section.
- #
- # This conditional tends to disable/enable repo for
- # install present latest action, same actually
- # can be done for remove and absent action
- #
- # As solution I would advice to cal
- # try: self.yum_base.repos.disableRepo(disablerepo)
- # and
- # try: self.yum_base.repos.enableRepo(enablerepo)
- # right before any yum_cmd is actually called regardless
- # of yum action.
- #
- # Please note that enable/disablerepo options are general
- # options, this means that we can call those with any action
- # option. https://linux.die.net/man/8/yum
- #
- # This docstring will be removed together when issue: #21619
- # will be solved.
- #
- # This has been triggered by: #19587
-
- if self.update_cache:
- self.module.run_command(self.yum_basecmd + ['clean', 'expire-cache'])
-
- try:
- current_repos = self.yum_base.repos.repos.keys()
- if self.enablerepo:
- try:
- new_repos = self.yum_base.repos.repos.keys()
- for i in new_repos:
- if i not in current_repos:
- rid = self.yum_base.repos.getRepo(i)
- a = rid.repoXML.repoid # nopep8 - https://github.com/ansible/ansible/pull/21475#pullrequestreview-22404868
- current_repos = new_repos
- except yum.Errors.YumBaseError as e:
- self.module.fail_json(msg="Error setting/accessing repos: %s" % to_native(e))
- except yum.Errors.YumBaseError as e:
- self.module.fail_json(msg="Error accessing repos: %s" % to_native(e))
- if self.state == 'latest' or self.update_only:
- if self.disable_gpg_check:
- self.yum_basecmd.append('--nogpgcheck')
- if self.security:
- self.yum_basecmd.append('--security')
- if self.bugfix:
- self.yum_basecmd.append('--bugfix')
- res = self.latest(pkgs, repoq)
- elif self.state in ('installed', 'present'):
- if self.disable_gpg_check:
- self.yum_basecmd.append('--nogpgcheck')
- res = self.install(pkgs, repoq)
- elif self.state in ('removed', 'absent'):
- res = self.remove(pkgs, repoq)
- else:
- # should be caught by AnsibleModule argument_spec
- self.module.fail_json(
- msg="we should never get here unless this all failed",
- changed=False,
- results='',
- errors='unexpected state'
- )
- return res
-
- @staticmethod
- def has_yum():
- return HAS_YUM_PYTHON
-
- def run(self):
- """
- actually execute the module code backend
- """
-
- if (not HAS_RPM_PYTHON or not HAS_YUM_PYTHON) and sys.executable != '/usr/bin/python' and not has_respawned():
- respawn_module('/usr/bin/python')
- # end of the line for this process; we'll exit here once the respawned module has completed
-
- error_msgs = []
- if not HAS_RPM_PYTHON:
- error_msgs.append('The Python 2 bindings for rpm are needed for this module. If you require Python 3 support use the `dnf` Ansible module instead.')
- if not HAS_YUM_PYTHON:
- error_msgs.append('The Python 2 yum module is needed for this module. If you require Python 3 support use the `dnf` Ansible module instead.')
-
- self.wait_for_lock()
-
- if error_msgs:
- self.module.fail_json(msg='. '.join(error_msgs))
-
- # fedora will redirect yum to dnf, which has incompatibilities
- # with how this module expects yum to operate. If yum-deprecated
- # is available, use that instead to emulate the old behaviors.
- if self.module.get_bin_path('yum-deprecated'):
- yumbin = self.module.get_bin_path('yum-deprecated')
- else:
- yumbin = self.module.get_bin_path('yum')
-
- # need debug level 2 to get 'Nothing to do' for groupinstall.
- self.yum_basecmd = [yumbin, '-d', '2', '-y']
-
- if self.update_cache and not self.names and not self.list:
- rc, stdout, stderr = self.module.run_command(self.yum_basecmd + ['clean', 'expire-cache'])
- if rc == 0:
- self.module.exit_json(
- changed=False,
- msg="Cache updated",
- rc=rc,
- results=[]
- )
- else:
- self.module.exit_json(
- changed=False,
- msg="Failed to update cache",
- rc=rc,
- results=[stderr],
- )
-
- repoquerybin = self.module.get_bin_path('repoquery', required=False)
-
- if self.install_repoquery and not repoquerybin and not self.module.check_mode:
- yum_path = self.module.get_bin_path('yum')
- if yum_path:
- if self.releasever:
- self.module.run_command('%s -y install yum-utils --releasever %s' % (yum_path, self.releasever))
- else:
- self.module.run_command('%s -y install yum-utils' % yum_path)
- repoquerybin = self.module.get_bin_path('repoquery', required=False)
-
- if self.list:
- if not repoquerybin:
- self.module.fail_json(msg="repoquery is required to use list= with this module. Please install the yum-utils package.")
- results = {'results': self.list_stuff(repoquerybin, self.list)}
- else:
- # If rhn-plugin is installed and no rhn-certificate is available on
- # the system then users will see an error message using the yum API.
- # Use repoquery in those cases.
-
- repoquery = None
- try:
- yum_plugins = self.yum_base.plugins._plugins
- except AttributeError:
- pass
- else:
- if 'rhnplugin' in yum_plugins:
- if repoquerybin:
- repoquery = [repoquerybin, '--show-duplicates', '--plugins', '--quiet']
- if self.installroot != '/':
- repoquery.extend(['--installroot', self.installroot])
-
- if self.disable_excludes:
- # repoquery does not support --disableexcludes,
- # so make a temp copy of yum.conf and get rid of the 'exclude=' line there
- try:
- with open('/etc/yum.conf', 'r') as f:
- content = f.readlines()
-
- tmp_conf_file = tempfile.NamedTemporaryFile(dir=self.module.tmpdir, delete=False)
- self.module.add_cleanup_file(tmp_conf_file.name)
-
- tmp_conf_file.writelines([c for c in content if not c.startswith("exclude=")])
- tmp_conf_file.close()
- except Exception as e:
- self.module.fail_json(msg="Failure setting up repoquery: %s" % to_native(e))
-
- repoquery.extend(['-c', tmp_conf_file.name])
-
- results = self.ensure(repoquery)
- if repoquery:
- results['msg'] = '%s %s' % (
- results.get('msg', ''),
- 'Warning: Due to potential bad behaviour with rhnplugin and certificates, used slower repoquery calls instead of Yum API.'
- )
-
- self.module.exit_json(**results)
-
-
-def main():
- # state=installed name=pkgspec
- # state=removed name=pkgspec
- # state=latest name=pkgspec
- #
- # informational commands:
- # list=installed
- # list=updates
- # list=available
- # list=repos
- # list=pkgspec
-
- yumdnf_argument_spec['argument_spec']['use_backend'] = dict(default='auto', choices=['auto', 'yum', 'yum4', 'dnf', 'dnf4', 'dnf5'])
-
- module = AnsibleModule(
- **yumdnf_argument_spec
- )
-
- module_implementation = YumModule(module)
- module_implementation.run()
-
-
-if __name__ == '__main__':
- main()