[WIP] Add security option in yum module
Fix adds option to specify security updates in yum module Fixes #11498 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
This commit is contained in:
parent
0aa7c06395
commit
d3fe598202
1 changed files with 14 additions and 2 deletions
|
@ -126,6 +126,13 @@ options:
|
|||
default: "/"
|
||||
aliases: []
|
||||
|
||||
security:
|
||||
description:
|
||||
- If set to C(yes), then installs all security updates.
|
||||
default: "no"
|
||||
choices: ["yes", "no"]
|
||||
version_added: "2.4"
|
||||
|
||||
notes:
|
||||
- When used with a loop of package names in a playbook, ansible optimizes
|
||||
the call to the yum module. Instead of calling the module with a single
|
||||
|
@ -155,6 +162,7 @@ author:
|
|||
- "Seth Vidal"
|
||||
- "Eduard Snesarev (github.com/verm666)"
|
||||
- "Berend De Schouwer (github.com/berenddeschouwer)"
|
||||
- "Abhijeet Kasurde (github.com/akasurde)"
|
||||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
|
@ -1060,7 +1068,7 @@ def latest(module, items, repoq, yum_basecmd, conf_file, en_repos, dis_repos, in
|
|||
return res
|
||||
|
||||
def ensure(module, state, pkgs, conf_file, enablerepo, disablerepo,
|
||||
disable_gpg_check, exclude, repoq, skip_broken, installroot='/'):
|
||||
disable_gpg_check, exclude, repoq, skip_broken, security, installroot='/'):
|
||||
|
||||
# fedora will redirect yum to dnf, which has incompatibilities
|
||||
# with how this module expects yum to operate. If yum-deprecated
|
||||
|
@ -1162,6 +1170,8 @@ def ensure(module, state, pkgs, conf_file, enablerepo, disablerepo,
|
|||
elif state == 'latest':
|
||||
if disable_gpg_check:
|
||||
yum_basecmd.append('--nogpgcheck')
|
||||
if security:
|
||||
yum_basecmd.append('--security')
|
||||
res = latest(module, pkgs, repoq, yum_basecmd, conf_file, en_repos, dis_repos, installroot=installroot)
|
||||
else:
|
||||
# should be caught by AnsibleModule argument_spec
|
||||
|
@ -1202,6 +1212,7 @@ def main():
|
|||
installroot=dict(required=False, default="/", type='str'),
|
||||
# this should not be needed, but exists as a failsafe
|
||||
install_repoquery=dict(required=False, default="yes", type='bool'),
|
||||
security=dict(default="no", type='bool'),
|
||||
),
|
||||
required_one_of=[['name', 'list']],
|
||||
mutually_exclusive=[['name', 'list']],
|
||||
|
@ -1256,9 +1267,10 @@ def main():
|
|||
disablerepo = params.get('disablerepo', '')
|
||||
disable_gpg_check = params['disable_gpg_check']
|
||||
skip_broken = params['skip_broken']
|
||||
security = params['security']
|
||||
results = ensure(module, state, pkg, params['conf_file'], enablerepo,
|
||||
disablerepo, disable_gpg_check, exclude, repoquery,
|
||||
skip_broken, params['installroot'])
|
||||
skip_broken, security, params['installroot'])
|
||||
if repoquery:
|
||||
results['msg'] = '%s %s' % (results.get('msg', ''),
|
||||
'Warning: Due to potential bad behaviour with rhnplugin and certificates, used slower repoquery calls instead of Yum API.')
|
||||
|
|
Loading…
Reference in a new issue