34

I am trying to update the CentOS systems with ansible. Unfortunately I am not able to do that.

I already tried:

- name: install updates
  yum: update_cache=yes
  when: ansible_os_family == "RedHat

Isn't working.

- name: install updates
  yum: name=* state=latest
  when: ansible_os_family == "RedHat

The last task works but is it true, that the task updates the system?

Paulo Oliveira
  • 2,243
  • 27
  • 43
tuCsen
  • 349
  • 1
  • 3
  • 6

1 Answers1

56

The first task you're telling the system to only update the yum cache.

On the second you are effectively upgrading all packages to the latest version by using state=latest but you should also use update_cache=yes on the same task to be sure you're refreshing the cache with its latest package information.

The yum module documentation provides exactly this example:

- name: upgrade all packages
  yum: name=* state=latest

After the execution of the task, the terminal should display a message in yellow meaning the status of the task is changed.

Pedro Salgado
  • 756
  • 4
  • 6
  • 5
    How do I just install security updates and do not update all packaes? – lony Sep 12 '16 at 11:49
  • Unfortunately this way you have extremely bad troubleshooting feedback in case something goes wrong (basically whole yum log, together with error on 1 line). Also, you can't really watch the progress of upgrade, nor get any progress log. I wish there was some special module for this. – Petr Oct 25 '17 at 12:28
  • In 2.8 Ansible it can also be defined as `yum: name: "*" state: latest` see [apt_module](https://docs.ansible.com/ansible/latest/modules/apt_module.html). – Thanos Sep 18 '19 at 14:16
  • If you will check this task via ansible-lint you'll get `[403] Package installs should not use latest`. So, I can assume there should be a better way. – Aleksandr Savvopulo Sep 24 '20 at 21:34