1

I am trying to list the security related updates only, using Ansible's yum module, as follow:

- name: check for updates yum
  yum: 
    list: updates
    update_cache: true
    security: yes
    bugfix: no
  register: yumoutput

I am always receiving all the available updates, even when I change the security option to false security: no.

I am not sure maybe these options are only available for installing not listing.

Any recommendation?

Improve this question
2

1 Answer 1

Reset to default
1

I've setup a test on CentOS/RHEL 7.9, Ansible 2.9.25, Python version = 2.7.5.

---
- hosts: test
  become: no
  gather_facts: no

  tasks:

  - name: Gather available security updates
    yum:
      list: updates
      update_cache: yes
      security: yes
      bugfix: no
    register: result

  - name: Show result
    debug:
      msg: "{{ result }}"

  - name: Gather available security updates
    shell:
      cmd: yum updateinfo list security
      warn: false
    register: result
    changed_when: false
    failed_when: result.rc != 0

  - name: Show result
    debug:
      msg: "{{ result.stdout }}"

Resulting into an output of

TASK [Gather available security updates] ******
ok: [test.example.com]

TASK [Show result] ******
ok: [test.example.com] =>
  msg:
    changed: false
    failed: false
    results:
    - arch: x86_64
      envra: 0:golang-bin-1.16.13-2.el7.x86_64
      epoch: '0'
      name: golang-bin
      release: 2.el7
      repo: EPEL-7
      version: 1.16.13
      yumstate: available
    - arch: noarch
      envra: 0:golang-src-1.16.13-2.el7.noarch
      epoch: '0'
      name: golang-src
      release: 2.el7
      repo: EPEL-7
      version: 1.16.13
      yumstate: available
    - arch: x86_64
      envra: 0:golang-1.16.13-2.el7.x86_64
      epoch: '0'
      name: golang
      release: 2.el7
      repo: EPEL-7
      version: 1.16.13
      yumstate: available
    - arch: x86_64
      envra: 1:java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el7_9.x86_64
      epoch: '1'
      name: java-1.8.0-openjdk-headless
      release: 1.el7_9
      repo: RHEL-7
      version: 1.8.0.322.b06
      yumstate: available


TASK [Gather available security update] ******
ok: [test.example.com]

TASK [Show result] ******
ok: [test.example.com] =>
  msg: |-
    Loaded plugins: product-id, search-disabled-repos, subscription-manager
    FEDORA-EPEL-2022-246382d5dc Important/Sec. golang-1.16.13-2.el7.x86_64
    FEDORA-EPEL-2022-246382d5dc Important/Sec. golang-bin-1.16.13-2.el7.x86_64
    FEDORA-EPEL-2022-246382d5dc Important/Sec. golang-src-1.16.13-2.el7.noarch
    RHSA-2022:0306              Moderate/Sec.  java-1.8.0-openjdk-headless-1:1.8.0.322.b06-1.el7_9.x86_64
    updateinfo list done

So both approaches were just working and delivered the same expected result.

Please take note that it might be necessary to have the yum-security-plugin installed.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.