我在通过 Ansible 进行安全修补时遇到问题。我有两台机器
1) Ansible 主服务器(版本 2.8.4) 我想对使用 RHEL8 的服务器应用安全更新。但是打补丁失败,出现如下错误:
fatal: [lrhel8.exam.local]: FAILED! => {"changed": false, "failures": [], "msg": "Depsolve Error occured: \n Problem 1: cannot install both bind-license-32:9.11.4-26.P2.el8.noarch and bind-license-32:9.11.4-17.P2.el8_0.1.noarch\n - package bind-libs-32:9.11.4-17.P2.el8_0.1.x86_64 requires bind-license = 32:9.11.4-17.P2.el8_0.1, but none of the providers can be installed\n - cannot install the best update candidate for package bind-license-32:9.11.4-16.P2.el8.noarch\n - cannot install the best update candidate for package bind-libs-32:9.11.4-16.P2.el8.x86_64\n Problem 2: cannot install both gvfs-client-1.36.2-6.el8.x86_64 and gvfs-client-1.36.2-2.el8_0.1.x86_64\n - package gvfs-1.36.2-6.el8.x86_64 requires gvfs-client(x86-64) = 1.36.2-6.el8, but none of the providers can be installed\n - cannot install the best update candidate for package gvfs-client-1.36.2-1.el8.x86_64\n - cannot install the best update candidate for package gvfs-1.36.2-1.el8.x86_64\n Problem 3: cannot install both python3-libs-3.6.8-15.1.el8.x86_64 and python3-libs-3.6.8-2.el8_0.x86_64\n - package platform-python-3.6.8-2.el8_0.x86_64 requires python3-libs(x86-64) = 3.6.8-2.el8_0, but none of the providers can be installed\n - cannot install the best update candidate for package python3-libs-3.6.8-1.el8.x86_64\n - cannot install the best update candidate for package platform-python-3.6.8-1.el8.x86_64\n Problem 4: package systemd-container-239-18.el8.x86_64 requires systemd(x86-64) = 239-18.el8, but none of the providers can be installed\n - cannot install both systemd-239-18.el8.x86_64 and systemd-239-13.el8_0.3.x86_64\n - cannot install the best update candidate for package systemd-container-239-13.el8.x86_64\n - cannot install the best update candidate for package systemd-239-13.el8.x86_64\n Problem 5: package bind-libs-32:9.11.4-26.P2.el8.x86_64 requires bind-libs-lite(x86-64) = 32:9.11.4-26.P2.el8, but none of the providers can be installed\n - package bind-utils-32:9.11.4-26.P2.el8.x86_64 requires bind-libs(x86-64) = 32:9.11.4-26.P2.el8, but none of the providers can be installed\n - cannot install both bind-libs-lite-32:9.11.4-26.P2.el8.x86_64 and bind-libs-lite-32:9.11.4-17.P2.el8_0.1.x86_64\n - cannot install the best update candidate for package bind-utils-32:9.11.4-16.P2.el8.x86_64\n - cannot install the best update candidate for package bind-libs-lite-32:9.11.4-16.P2.el8.x86_64", "rc": 1, "results": []}
但如果我尝试更新整个服务器(yum update),那就没问题了。
2)RHEL8服务器
yum update --security没有问题就通过了。
有人可以帮忙解决这个问题吗?谢谢
角色(任务):
- name: Ensure all packages are updated
yum:
name: '*'
state: latest
conf_file: "{{ conf_file | default(omit) }}"
disable_gpg_check: "{{ disable_gpg_check }}"
disablerepo: "{{ disablerepo | default(omit, true) }}"
enablerepo: "{{ enablerepo | default(omit, true) }}"
exclude: "{{ exclude | default(omit, true) }}"
security: "{{ security_only }}"
update_cache: "{{ update_cache }}"
validate_certs: "{{ validate_certs }}"
skip_broken: "{{ skip_broken }}"
register: yum_result
角色(默认):
disable_gpg_check: false
update_cache: false
validate_certs: true
var_free_space: 524288 # 512 MB = 512 * 1024 KB
security_only: true
skip_broken: true
...
剧本:
- role: yum-update
when: ansible_os_family == "RedHat"
tags:
- yum-update