ansible/test/integration/targets/yum/tasks/yum.yml
Rick Elrod 4aff87770e
[yum] Make package removal confirmation strict (#69592)
* [yum] Make package removal confirmation strict

Change:
After removing packages, the yum module does a final check to ensure the
packages are really installed. The check would include packages that
were RPM `Provides:` values of another package.

This means that, for example, if a third-party kernel RPM spec had
`Provides: kernel` in it, removing the stock kernel would be successful
but the check to see if it was really removed would fail and cause
Ansible to report a failure.

Test Plan:
Tested on local CentOS 7 VM with kernel from elrepo which is known to
`Provides: kernel`.

Tickets:
Fixes #69237
Refs #35672
Refs #40723

Signed-off-by: Rick Elrod <rick@elrod.me>
2020-05-26 14:47:39 -04:00

868 lines
20 KiB
YAML

# UNINSTALL
- name: uninstall sos
yum: name=sos state=removed
register: yum_result
- name: check sos with rpm
shell: rpm -q sos
ignore_errors: True
register: rpm_result
- name: verify uninstallation of sos
assert:
that:
- "yum_result is success"
- "rpm_result is failed"
# UNINSTALL AGAIN
- name: uninstall sos again in check mode
yum: name=sos state=removed
check_mode: true
register: yum_result
- name: verify no change on re-uninstall in check mode
assert:
that:
- "not yum_result is changed"
- name: uninstall sos again
yum: name=sos state=removed
register: yum_result
- name: verify no change on re-uninstall
assert:
that:
- "not yum_result is changed"
# INSTALL
- name: install sos in check mode
yum: name=sos state=present
check_mode: true
register: yum_result
- name: verify installation of sos in check mode
assert:
that:
- "yum_result is changed"
- name: install sos
yum: name=sos state=present
register: yum_result
- name: verify installation of sos
assert:
that:
- "yum_result is success"
- "yum_result is changed"
- name: verify yum module outputs
assert:
that:
- "'changed' in yum_result"
- "'msg' in yum_result"
- "'results' in yum_result"
- name: check sos with rpm
shell: rpm -q sos
# INSTALL AGAIN
- name: install sos again in check mode
yum: name=sos state=present
check_mode: true
register: yum_result
- name: verify no change on second install in check mode
assert:
that:
- "not yum_result is changed"
- name: install sos again
yum: name=sos state=present
register: yum_result
- name: verify no change on second install
assert:
that:
- "not yum_result is changed"
- name: install sos again with empty string enablerepo
yum: name=sos state=present enablerepo=""
register: yum_result
- name: verify no change on third install with empty string enablerepo
assert:
that:
- "yum_result is success"
- "not yum_result is changed"
# This test case is unfortunately distro specific because we have to specify
# repo names which are not the same across Fedora/RHEL/CentOS for base/updates
- name: install sos again with missing repo enablerepo
yum:
name: sos
state: present
enablerepo:
- "thisrepodoesnotexist"
- "base"
- "updates"
disablerepo: "*"
register: yum_result
when: ansible_distribution == 'CentOS'
- name: verify no change on fourth install with missing repo enablerepo (yum)
assert:
that:
- "yum_result is success"
- "yum_result is not changed"
when: ansible_distribution == 'CentOS'
# This test case is unfortunately distro specific because we have to specify
# repo names which are not the same across Fedora/RHEL/CentOS for base/updates
- name: install sos again with disable all and enable select repo(s)
yum:
name: sos
state: present
enablerepo:
- "base"
- "updates"
disablerepo: "*"
register: yum_result
when: ansible_distribution == 'CentOS'
- name: verify no change on fourth install with missing repo enablerepo (yum)
assert:
that:
- "yum_result is success"
- "yum_result is not changed"
when: ansible_distribution == 'CentOS'
- name: install sos again with only missing repo enablerepo
yum:
name: sos
state: present
enablerepo: "thisrepodoesnotexist"
ignore_errors: true
register: yum_result
- name: verify no change on fifth install with only missing repo enablerepo (yum)
assert:
that:
- "yum_result is not success"
when: ansible_pkg_mgr == 'yum'
- name: verify no change on fifth install with only missing repo enablerepo (dnf)
assert:
that:
- "yum_result is success"
when: ansible_pkg_mgr == 'dnf'
# INSTALL AGAIN WITH LATEST
- name: install sos again with state latest in check mode
yum: name=sos state=latest
check_mode: true
register: yum_result
- name: verify install sos again with state latest in check mode
assert:
that:
- "not yum_result is changed"
- name: install sos again with state latest idempotence
yum: name=sos state=latest
register: yum_result
- name: verify install sos again with state latest idempotence
assert:
that:
- "not yum_result is changed"
# INSTALL WITH LATEST
- name: uninstall sos
yum: name=sos state=removed
register: yum_result
- name: verify uninstall sos
assert:
that:
- "yum_result is successful"
- name: copy yum.conf file in case it is missing
copy:
src: yum.conf
dest: /etc/yum.conf
force: False
register: yum_conf_copy
- block:
- name: install sos with state latest in check mode with config file param
yum: name=sos state=latest conf_file=/etc/yum.conf
check_mode: true
register: yum_result
- name: verify install sos with state latest in check mode with config file param
assert:
that:
- "yum_result is changed"
always:
- name: remove tmp yum.conf file if we created it
file:
path: /etc/yum.conf
state: absent
when: yum_conf_copy is changed
- name: install sos with state latest in check mode
yum: name=sos state=latest
check_mode: true
register: yum_result
- name: verify install sos with state latest in check mode
assert:
that:
- "yum_result is changed"
- name: install sos with state latest
yum: name=sos state=latest
register: yum_result
- name: verify install sos with state latest
assert:
that:
- "yum_result is changed"
- name: install sos with state latest idempotence
yum: name=sos state=latest
register: yum_result
- name: verify install sos with state latest idempotence
assert:
that:
- "not yum_result is changed"
- name: install sos with state latest idempotence with config file param
yum: name=sos state=latest
register: yum_result
- name: verify install sos with state latest idempotence with config file param
assert:
that:
- "not yum_result is changed"
# Multiple packages
- name: uninstall sos and bc
yum: name=sos,bc state=removed
- name: check sos with rpm
shell: rpm -q sos
ignore_errors: True
register: rpm_sos_result
- name: check bc with rpm
shell: rpm -q bc
ignore_errors: True
register: rpm_bc_result
- name: verify packages installed
assert:
that:
- "rpm_sos_result is failed"
- "rpm_bc_result is failed"
- name: install sos and bc as comma separated
yum: name=sos,bc state=present
register: yum_result
- name: verify packages installed
assert:
that:
- "yum_result is success"
- "yum_result is changed"
- name: check sos with rpm
shell: rpm -q sos
- name: check bc with rpm
shell: rpm -q bc
- name: uninstall sos and bc
yum: name=sos,bc state=removed
register: yum_result
- name: install sos and bc as list
yum:
name:
- sos
- bc
state: present
register: yum_result
- name: verify packages installed
assert:
that:
- "yum_result is success"
- "yum_result is changed"
- name: check sos with rpm
shell: rpm -q sos
- name: check bc with rpm
shell: rpm -q bc
- name: uninstall sos and bc
yum: name=sos,bc state=removed
register: yum_result
- name: install sos and bc as comma separated with spaces
yum:
name: "sos, bc"
state: present
register: yum_result
- name: verify packages installed
assert:
that:
- "yum_result is success"
- "yum_result is changed"
- name: check sos with rpm
shell: rpm -q sos
- name: check bc with rpm
shell: rpm -q bc
- name: uninstall sos and bc
yum: name=sos,bc state=removed
- name: install non-existent rpm
yum:
name: does-not-exist
register: non_existent_rpm
ignore_errors: True
- name: check non-existent rpm install failed
assert:
that:
- non_existent_rpm is failed
# Install in installroot='/'
- name: install sos
yum: name=sos state=present installroot='/'
register: yum_result
- name: verify installation of sos
assert:
that:
- "yum_result is success"
- "yum_result is changed"
- name: verify yum module outputs
assert:
that:
- "'changed' in yum_result"
- "'msg' in yum_result"
- "'results' in yum_result"
- name: check sos with rpm
shell: rpm -q sos --root=/
- name: uninstall sos
yum:
name: sos
installroot: '/'
state: removed
register: yum_result
- name: Test download_only
yum:
name: sos
state: latest
download_only: true
register: yum_result
- name: verify download of sos (part 1 -- yum "install" succeeded)
assert:
that:
- "yum_result is success"
- "yum_result is changed"
- name: uninstall sos (noop)
yum:
name: sos
state: removed
register: yum_result
- name: verify download of sos (part 2 -- nothing removed during uninstall)
assert:
that:
- "yum_result is success"
- "not yum_result is changed"
- name: uninstall sos for downloadonly/downloaddir test
yum:
name: sos
state: absent
- name: Test download_only/download_dir
yum:
name: sos
state: latest
download_only: true
download_dir: "/var/tmp/packages"
register: yum_result
- name: verify yum output
assert:
that:
- "yum_result is success"
- "yum_result is changed"
- command: "ls /var/tmp/packages"
register: ls_out
- name: Verify specified download_dir was used
assert:
that:
- "'sos' in ls_out.stdout"
- name: install group
yum:
name: "@Custom Group"
state: present
register: yum_result
- name: verify installation of the group
assert:
that:
- "yum_result is success"
- "yum_result is changed"
- name: verify yum module outputs
assert:
that:
- "'changed' in yum_result"
- "'msg' in yum_result"
- "'results' in yum_result"
- name: install the group again
yum:
name: "@Custom Group"
state: present
register: yum_result
- name: verify nothing changed
assert:
that:
- "yum_result is success"
- "not yum_result is changed"
- name: verify yum module outputs
assert:
that:
- "'changed' in yum_result"
- "'msg' in yum_result"
- "'results' in yum_result"
- name: install the group again but also with a package that is not yet installed
yum:
name:
- "@Custom Group"
- sos
state: present
register: yum_result
- name: verify sos is installed
assert:
that:
- "yum_result is success"
- "yum_result is changed"
- name: verify yum module outputs
assert:
that:
- "'changed' in yum_result"
- "'msg' in yum_result"
- "'results' in yum_result"
- name: try to install the group again, with --check to check 'changed'
yum:
name: "@Custom Group"
state: present
check_mode: yes
register: yum_result
- name: verify nothing changed
assert:
that:
- "not yum_result is changed"
- name: verify yum module outputs
assert:
that:
- "'changed' in yum_result"
- "'msg' in yum_result"
- "'results' in yum_result"
- name: try to install non existing group
yum:
name: "@non-existing-group"
state: present
register: yum_result
ignore_errors: True
- name: verify installation of the non existing group failed
assert:
that:
- "yum_result is failed"
- "not yum_result is changed"
- "yum_result is failed"
- name: verify yum module outputs
assert:
that:
- "'changed' in yum_result"
- "'msg' in yum_result"
- "'results' in yum_result"
- name: try to install non existing file
yum:
name: /tmp/non-existing-1.0.0.fc26.noarch.rpm
state: present
register: yum_result
ignore_errors: yes
- name: verify installation failed
assert:
that:
- "yum_result is failed"
- "not yum_result is changed"
- name: verify yum module outputs
assert:
that:
- "'changed' in yum_result"
- "'msg' in yum_result"
- name: try to install from non existing url
yum:
name: https://s3.amazonaws.com/ansible-ci-files/test/integration/targets/yum/non-existing-1.0.0.fc26.noarch.rpm
state: present
register: yum_result
ignore_errors: yes
- name: verify installation failed
assert:
that:
- "yum_result is failed"
- "not yum_result is changed"
- name: verify yum module outputs
assert:
that:
- "'changed' in yum_result"
- "'msg' in yum_result"
- name: use latest to install httpd
yum:
name: httpd
state: latest
register: yum_result
- name: verify httpd was installed
assert:
that:
- "'changed' in yum_result"
- name: uninstall httpd
yum:
name: httpd
state: removed
- name: update httpd only if it exists
yum:
name: httpd
state: latest
update_only: yes
register: yum_result
- name: verify httpd not installed
assert:
that:
- "not yum_result is changed"
- "'Packages providing httpd not installed due to update_only specified' in yum_result.results"
- name: try to install uncompatible arch rpm on non-ppc64le, should fail
yum:
name: https://s3.amazonaws.com/ansible-ci-files/test/integration/targets/yum/banner-1.3.4-3.el7.ppc64le.rpm
state: present
register: yum_result
ignore_errors: True
when:
- ansible_architecture not in ['ppc64le']
- name: verify that yum failed on non-ppc64le
assert:
that:
- "not yum_result is changed"
- "yum_result is failed"
when:
- ansible_architecture not in ['ppc64le']
- name: try to install uncompatible arch rpm on ppc64le, should fail
yum:
name: https://s3.amazonaws.com/ansible-ci-files/test/integration/targets/yum/tinyproxy-1.10.0-3.el7.x86_64.rpm
state: present
register: yum_result
ignore_errors: True
when:
- ansible_architecture in ['ppc64le']
- name: verify that yum failed on ppc64le
assert:
that:
- "not yum_result is changed"
- "yum_result is failed"
when:
- ansible_architecture in ['ppc64le']
# setup for testing installing an RPM from url
- set_fact:
pkg_name: fpaste
- name: cleanup
yum:
name: "{{ pkg_name }}"
state: absent
- set_fact:
pkg_url: https://s3.amazonaws.com/ansible-ci-files/test/integration/targets/yum/fpaste-0.3.7.4.1-2.el7.noarch.rpm
when: ansible_python.version.major == 2
- set_fact:
pkg_url: https://s3.amazonaws.com/ansible-ci-files/test/integration/targets/yum/fpaste-0.3.9.2-1.fc28.noarch.rpm
when: ansible_python.version.major == 3
# setup end
- name: download an rpm
get_url:
url: "{{ pkg_url }}"
dest: "/tmp/{{ pkg_name }}.rpm"
- name: install the downloaded rpm
yum:
name: "/tmp/{{ pkg_name }}.rpm"
state: present
register: yum_result
- name: verify installation
assert:
that:
- "yum_result is success"
- "yum_result is changed"
- "yum_result is not failed"
- name: verify yum module outputs
assert:
that:
- "'changed' in yum_result"
- "'msg' in yum_result"
- "'results' in yum_result"
- name: install the downloaded rpm again
yum:
name: "/tmp/{{ pkg_name }}.rpm"
state: present
register: yum_result
- name: verify installation
assert:
that:
- "yum_result is success"
- "not yum_result is changed"
- "yum_result is not failed"
- name: verify yum module outputs
assert:
that:
- "'changed' in yum_result"
- "'msg' in yum_result"
- "'results' in yum_result"
- name: clean up
yum:
name: "{{ pkg_name }}"
state: absent
- name: install from url
yum:
name: "{{ pkg_url }}"
state: present
register: yum_result
- name: verify installation
assert:
that:
- "yum_result is success"
- "yum_result is changed"
- "yum_result is not failed"
- name: verify yum module outputs
assert:
that:
- "'changed' in yum_result"
- "'msg' in yum_result"
- "'results' in yum_result"
- name: Create a temp RPM file which does not contain nevra information
file:
name: "/tmp/non_existent_pkg.rpm"
state: touch
- name: Try installing RPM file which does not contain nevra information
yum:
name: "/tmp/non_existent_pkg.rpm"
state: present
register: no_nevra_info_result
ignore_errors: yes
- name: Verify RPM failed to install
assert:
that:
- "'changed' in no_nevra_info_result"
- "'msg' in no_nevra_info_result"
- name: Delete a temp RPM file
file:
name: "/tmp/non_existent_pkg.rpm"
state: absent
- name: get yum version
yum:
list: yum
register: yum_version
- name: set yum_version of installed version
set_fact:
yum_version: "{%- if item.yumstate == 'installed' -%}{{ item.version }}{%- else -%}{{ yum_version }}{%- endif -%}"
with_items: "{{ yum_version.results }}"
- name: Ensure double uninstall of wildcard globs works
block:
- name: "Install lohit-*-fonts"
yum:
name: "lohit-*-fonts"
state: present
- name: "Remove lohit-*-fonts (1st time)"
yum:
name: "lohit-*-fonts"
state: absent
register: remove_lohit_fonts_1
- name: "Verify lohit-*-fonts (1st time)"
assert:
that:
- "remove_lohit_fonts_1 is changed"
- "'msg' in remove_lohit_fonts_1"
- "'results' in remove_lohit_fonts_1"
- name: "Remove lohit-*-fonts (2nd time)"
yum:
name: "lohit-*-fonts"
state: absent
register: remove_lohit_fonts_2
- name: "Verify lohit-*-fonts (2nd time)"
assert:
that:
- "remove_lohit_fonts_2 is not changed"
- "'msg' in remove_lohit_fonts_2"
- "'results' in remove_lohit_fonts_2"
- "'lohit-*-fonts is not installed' in remove_lohit_fonts_2['results']"
- block:
- name: uninstall bc
yum: name=bc state=removed
- name: check bc with rpm
shell: rpm -q bc
ignore_errors: True
register: rpm_bc_result
- name: verify bc is uninstalled
assert:
that:
- "rpm_bc_result is failed"
- name: exclude bc (yum backend)
lineinfile:
dest: /etc/yum.conf
regexp: (^exclude=)(.)*
line: "exclude=bc*"
state: present
when: ansible_pkg_mgr == 'yum'
- name: exclude bc (dnf backend)
lineinfile:
dest: /etc/dnf/dnf.conf
regexp: (^excludepkgs=)(.)*
line: "excludepkgs=bc*"
state: present
when: ansible_pkg_mgr == 'dnf'
# begin test case where disable_excludes is supported
- name: Try install bc without disable_excludes
yum: name=bc state=latest
register: yum_bc_result
ignore_errors: True
- name: verify bc did not install because it is in exclude list
assert:
that:
- "yum_bc_result is failed"
- name: install bc with disable_excludes
yum: name=bc state=latest disable_excludes=all
register: yum_bc_result_using_excludes
- name: verify bc did install using disable_excludes=all
assert:
that:
- "yum_bc_result_using_excludes is success"
- "yum_bc_result_using_excludes is changed"
- "yum_bc_result_using_excludes is not failed"
- name: remove exclude bc (cleanup yum.conf)
lineinfile:
dest: /etc/yum.conf
regexp: (^exclude=bc*)
line: "exclude="
state: present
when: ansible_pkg_mgr == 'yum'
- name: remove exclude bc (cleanup dnf.conf)
lineinfile:
dest: /etc/dnf/dnf.conf
regexp: (^excludepkgs=bc*)
line: "excludepkgs="
state: present
when: ansible_pkg_mgr == 'dnf'
# Fedora < 26 has a bug in dnf where package excludes in dnf.conf aren't
# actually honored and those releases are EOL'd so we have no expectation they
# will ever be fixed
when: not ((ansible_distribution == "Fedora") and (ansible_distribution_major_version|int < 26))
- name: Check that packages with Provides are handled correctly in state=absent
block:
- name: Install test packages
yum:
name:
- https://ansible-ci-files.s3.amazonaws.com/test/integration/targets/yum/test-package-that-provides-toaster-1.3.3.7-1.el7.noarch.rpm
- https://ansible-ci-files.s3.amazonaws.com/test/integration/targets/yum/toaster-1.2.3.4-1.el7.noarch.rpm
register: install
- name: Remove toaster
yum:
name: toaster
state: absent
register: remove
- name: rpm -qa
command: rpm -qa
register: rpmqa
- assert:
that:
- install is successful
- install is changed
- remove is successful
- remove is changed
- "'toaster-1.2.3.4' not in rpmqa.stdout"
- "'test-package-that-provides-toaster' in rpmqa.stdout"