使用 Ansible yum 模块列出安全更新

使用 Ansible yum 模块列出安全更新

我试图使用 Ansible 的 yum 模块仅列出与安全相关的更新,如下所示:

- name: check for updates yum
  yum: 
    list: updates
    update_cache: true
    security: yes
    bugfix: no
  register: yumoutput

即使我将安全选项更改为 false security: no,我始终会收到所有可用的更新。

我不确定这些选项是否仅适用于安装而不是列出。

有什么推荐吗?

答案1

我已经在 CentOS/RHEL 7.9、Ansible 2.9.25、Python 版本 = 2.7.5 上设置了测试。

---
- hosts: test
  become: no
  gather_facts: no

  tasks:

  - name: Gather available security updates
    yum:
      list: updates
      update_cache: yes
      security: yes
      bugfix: no
    register: result

  - name: Show result
    debug:
      msg: "{{ result }}"

  - name: Gather available security updates
    shell:
      cmd: yum updateinfo list security
      warn: false
    register: result
    changed_when: false
    failed_when: result.rc != 0

  - name: Show result
    debug:
      msg: "{{ result.stdout }}"

导致输出为

TASK [Gather available security updates] ******
ok: [test.example.com]

TASK [Show result] ******
ok: [test.example.com] =>
  msg:
    changed: false
    failed: false
    results:
    - arch: x86_64
      envra: 0:golang-bin-1.16.13-2.el7.x86_64
      epoch: '0'
      name: golang-bin
      release: 2.el7
      repo: EPEL-7
      version: 1.16.13
      yumstate: available
    - arch: noarch
      envra: 0:golang-src-1.16.13-2.el7.noarch
      epoch: '0'
      name: golang-src
      release: 2.el7
      repo: EPEL-7
      version: 1.16.13
      yumstate: available
    - arch: x86_64
      envra: 0:golang-1.16.13-2.el7.x86_64
      epoch: '0'
      name: golang
      release: 2.el7
      repo: EPEL-7
      version: 1.16.13
      yumstate: available
    - arch: x86_64
      envra: 1:java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el7_9.x86_64
      epoch: '1'
      name: java-1.8.0-openjdk-headless
      release: 1.el7_9
      repo: RHEL-7
      version: 1.8.0.322.b06
      yumstate: available


TASK [Gather available security update] ******
ok: [test.example.com]

TASK [Show result] ******
ok: [test.example.com] =>
  msg: |-
    Loaded plugins: product-id, search-disabled-repos, subscription-manager
    FEDORA-EPEL-2022-246382d5dc Important/Sec. golang-1.16.13-2.el7.x86_64
    FEDORA-EPEL-2022-246382d5dc Important/Sec. golang-bin-1.16.13-2.el7.x86_64
    FEDORA-EPEL-2022-246382d5dc Important/Sec. golang-src-1.16.13-2.el7.noarch
    RHSA-2022:0306              Moderate/Sec.  java-1.8.0-openjdk-headless-1:1.8.0.322.b06-1.el7_9.x86_64
    updateinfo list done

因此,这两种方法都有效并且达到了相同的预期结果。

请注意,可能需要有yum-security-plugin安装。

相关内容