community.general.dnf_versionlock module – Locks package versions in `dnf` based systems

Note

This module is part of the community.general collection (version 10.7.5).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: community.general.dnf_versionlock.

New in community.general 4.0.0

Synopsis 

Locks package versions using the versionlock plugin in dnf based systems. This plugin takes a set of name and versions for packages and excludes all other versions of those packages. This allows you to for example protect packages from being updated by newer versions. The state of the plugin that reflects locking of packages is the locklist.

Requirements 

The below requirements are needed on the host that executes this module.

dnf
dnf-plugin-versionlock

Parameters 

Parameter	Comments
name list / elements=string	Package name spec to add or exclude to or delete from the `locklist` using the format expected by the `dnf repoquery` command. This parameter is mutually exclusive with `state=clean`. Default: `[]`
raw boolean	Do not resolve package name specs to NEVRAs to find specific version to lock to. Instead the package name specs are used as they are. This enables locking to not yet available versions of the package. Choices: `false` ← (default) `true`
state string	Whether to add (`present` or `excluded`) to or remove (`absent` or `clean`) from the `locklist`. `present` adds a package name spec to the `locklist`. If there is a installed package that matches, then only that version is added. Otherwise, all available package versions are added. `excluded` adds a package name spec as excluded to the `locklist`. It means that packages represented by the package name spec are excluded from transaction operations. All available package versions are added. `absent` deletes entries in the `locklist` that match the package name spec. `clean` deletes all entries in the `locklist`. This option is mutually exclusive with `name`. Choices: `"absent"` `"clean"` `"excluded"` `"present"` ← (default)

Attributes 

Attribute	Support	Description
check_mode	Support: partial The logics of the `versionlock` plugin for corner cases could be confusing, so please take in account that this module does its best to give a `check_mode` prediction on what is going to happen. In case of doubt, check the documentation of the plugin. Sometimes the module could predict changes in `check_mode` that are not fulfilled because `versionlock` concludes that there is already a entry in `locklist` that already matches.	Can run in `check_mode` and return changed status prediction without modifying target.
diff_mode	Support: none	Will return details on what has changed (or possibly needs changing in `check_mode`), when in diff mode.

Notes 

Note

In an ideal world, the versionlock plugin would have a dry-run option to know for sure what is going to happen. So far we have to work with a best guess as close as possible to the behaviour inferred from its code.
For most of cases where you want to lock and unlock specific versions of a package, this works fairly well.
Does not work with dnf5.

Examples 

- name: Prevent installed nginx from being updated
  community.general.dnf_versionlock:
    name: nginx
    state: present

- name: Prevent multiple packages from being updated
  community.general.dnf_versionlock:
    name:
      - nginx
      - haproxy
    state: present

- name: Remove lock from nginx to be updated again
  community.general.dnf_versionlock:
    name: nginx
    state: absent

- name: Exclude bind 32:9.11 from installs or updates
  community.general.dnf_versionlock:
    name: bind-32:9.11*
    state: excluded

- name: Keep bash package in major version 4
  community.general.dnf_versionlock:
    name: bash-0:4.*
    raw: true
    state: present

- name: Delete all entries in the locklist of versionlock
  community.general.dnf_versionlock:
    state: clean

Return Values 

Common return values are documented here, the following are the fields unique to this module:

Key	Description
locklist_post list / elements=string	Locklist after module execution. Returned: success and (not check mode or state is clean) Sample: `["bash-0:4.4.20-1.el8_4.*"]`
locklist_pre list / elements=string	Locklist before module execution. Returned: success Sample: `["bash-0:4.4.20-1.el8_4.", "!bind-32:9.11.26-4.el8_4."]`
specs_toadd list / elements=string	Package name specs meant to be added by versionlock. Returned: success Sample: `["bash"]`
specs_todelete list / elements=string	Package name specs meant to be deleted by versionlock. Returned: success Sample: `["bind"]`

Authors

Roberto Moreda (@moreda)

community.general.dnf_versionlock module – Locks package versions in dnf based systems

Synopsis

Requirements

Parameters

Attributes

Notes

Examples

Return Values