Try SpotterAdd or remove YUM repositories
| "added in version" 2.1 of ansible.builtin"
Authors: Jiri Tyr (@jtyr)
stableinterface | supported by core
pipInstall with pip install ansible==2.5.11
Add or remove YUM repositories in RPM-based Linux distributions.
- name: Add repository
yum_repository:
name: epel
description: EPEL YUM repo
baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
- name: Add multiple repositories into the same file (1/2)
yum_repository:
name: epel
description: EPEL YUM repo
file: external_repos
baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
gpgcheck: no
- name: Add multiple repositories into the same file (2/2)
yum_repository:
name: rpmforge
description: RPMforge YUM repo
file: external_repos
baseurl: http://apt.sw.be/redhat/el7/en/$basearch/rpmforge
mirrorlist: http://mirrorlist.repoforge.org/el7/mirrors-rpmforge
enabled: no
# Handler showing how to clean yum metadata cache
- name: yum-clean-metadata
command: yum clean metadata
args:
warn: no
# Example removing a repository and cleaning up metadata cache
- name: Remove repository (and clean up left-over metadata)
yum_repository:
name: epel
state: absent
notify: yum-clean-metadata
- name: Remove repository from a specific repo file
yum_repository:
name: epel
file: external_repos
state: absent
cost:
default: 1000
description:
- Relative cost of accessing this repository. Useful for weighing one repo's packages
as greater/less than any other.
required: false
file:
default: null
description:
- File name without the C(.repo) extension to save the repo in. Defaults to the value
of I(name).
required: false
mode:
description:
- The permissions the resulting filesystem object should have.
- For those used to I(/usr/bin/chmod) remember that modes are actually octal numbers.
You must give Ansible enough information to parse them correctly. For consistent
results, quote octal numbers (for example, V('644') or V('1777')) so Ansible receives
a string and can do its own conversion from string into number. Adding a leading
zero (for example, V(0755)) works sometimes, but can fail in loops and some other
circumstances.
- Giving Ansible a number without following either of these rules will end up with
a decimal number which will have unexpected results.
- As of Ansible 1.8, the mode may be specified as a symbolic mode (for example, V(u+rwx)
or V(u=rw,g=r,o=r)).
- If O(mode) is not specified and the destination filesystem object B(does not) exist,
the default C(umask) on the system will be used when setting the mode for the newly
created filesystem object.
- If O(mode) is not specified and the destination filesystem object B(does) exist,
the mode of the existing filesystem object will be used.
- Specifying O(mode) is the best way to ensure filesystem objects are created with
the correct permissions. See CVE-2020-1736 for further details.
type: raw
name:
description:
- Unique repository ID.
- This parameter is only required if I(state) is set to C(present) or C(absent).
required: true
async:
choices:
- 'yes'
- 'no'
default: 'yes'
description:
- If set to C(yes) Yum will download packages and metadata from this repo in parallel,
if possible.
required: false
group:
description:
- Name of the group that should own the filesystem object, as would be fed to I(chown).
- When left unspecified, it uses the current group of the current user unless you
are root, in which case it can preserve the previous ownership.
type: str
owner:
description:
- Name of the user that should own the filesystem object, as would be fed to I(chown).
- When left unspecified, it uses the current user unless you are root, in which case
it can preserve the previous ownership.
- Specifying a numeric username will be assumed to be a user ID and not a username.
Avoid numeric usernames to avoid this confusion.
type: str
proxy:
default: null
description:
- URL to the proxy server that yum should use. Set to C(_none_) to disable the global
proxy setting.
required: false
state:
choices:
- absent
- present
default: present
description:
- State of the repo file.
required: false
gpgkey:
default: null
description:
- A URL pointing to the ASCII-armored GPG key file for the repository.
- It can also be a list of multiple URLs.
required: false
serole:
description:
- The role part of the SELinux filesystem object context.
- When set to V(_default), it will use the C(role) portion of the policy if available.
type: str
setype:
description:
- The type part of the SELinux filesystem object context.
- When set to V(_default), it will use the C(type) portion of the policy if available.
type: str
seuser:
description:
- The user part of the SELinux filesystem object context.
- By default it uses the V(system) policy, where applicable.
- When set to V(_default), it will use the C(user) portion of the policy if available.
type: str
baseurl:
default: null
description:
- URL to the directory where the yum repository's 'repodata' directory lives.
- It can also be a list of multiple URLs.
- This, the I(metalink) or I(mirrorlist) parameters are required if I(state) is set
to C(present).
required: false
enabled:
choices:
- 'yes'
- 'no'
default: 'yes'
description:
- This tells yum whether or not use this repository.
required: false
exclude:
default: null
description:
- List of packages to exclude from updates or installs. This should be a space separated
list. Shell globs using wildcards (eg. C(*) and C(?)) are allowed.
- The list can also be a regular YAML array.
required: false
include:
default: null
description:
- Include external configuration file. Both, local path and URL is supported. Configuration
file will be inserted at the position of the I(include=) line. Included files may
contain further include lines. Yum will abort with an error if an inclusion loop
is detected.
required: false
protect:
choices:
- 'yes'
- 'no'
default: 'no'
description:
- Protect packages from updates from other repositories.
required: false
retries:
default: 10
description:
- Set the number of times any attempt to retrieve a file should retry before returning
an error. Setting this to C(0) makes yum try forever.
required: false
selevel:
description:
- The level part of the SELinux filesystem object context.
- This is the MLS/MCS attribute, sometimes known as the C(range).
- When set to V(_default), it will use the C(level) portion of the policy if available.
type: str
timeout:
default: 30
description:
- Number of seconds to wait for a connection before timing out.
required: false
gpgcakey:
default: null
description:
- A URL pointing to the ASCII-armored CA key file for the repository.
required: false
gpgcheck:
choices:
- 'yes'
- 'no'
default: 'no'
description:
- Tells yum whether or not it should perform a GPG signature check on packages.
required: false
metalink:
default: null
description:
- Specifies a URL to a metalink file for the repomd.xml, a list of mirrors for the
entire repository are generated by converting the mirrors for the repomd.xml file
to a I(baseurl).
- This, the I(baseurl) or I(mirrorlist) parameters are required if I(state) is set
to C(present).
required: false
password:
default: null
description:
- Password to use with the username for basic authentication.
required: false
priority:
default: 99
description:
- Enforce ordered protection of repositories. The value is an integer from 1 to 99.
- This option only works if the YUM Priorities plugin is installed.
required: false
reposdir:
default: /etc/yum.repos.d
description:
- Directory where the C(.repo) files will be stored.
required: false
throttle:
default: null
description:
- Enable bandwidth throttling for downloads.
- This option can be expressed as a absolute data rate in bytes/sec. An SI prefix
(k, M or G) may be appended to the bandwidth value.
required: false
username:
default: null
description:
- Username to use for basic authentication to a repo or really any url.
required: false
bandwidth:
default: 0
description:
- Maximum available network bandwidth in bytes/second. Used with the I(throttle) option.
- If I(throttle) is a percentage and bandwidth is C(0) then bandwidth throttling will
be disabled. If I(throttle) is expressed as a data rate (bytes/sec) then this option
is ignored. Default is C(0) (no bandwidth throttling).
required: false
keepalive:
choices:
- 'yes'
- 'no'
default: 'no'
description:
- This tells yum whether or not HTTP/1.1 keepalive should be used with this repository.
This can improve transfer speeds by using one connection when downloading multiple
files from a repository.
required: false
keepcache:
choices:
- '0'
- '1'
default: '1'
description:
- Either C(1) or C(0). Determines whether or not yum keeps the cache of headers and
packages after successful installation.
required: false
sslcacert:
default: null
description:
- Path to the directory containing the databases of the certificate authorities yum
should use to verify SSL certificates.
required: false
sslverify:
choices:
- 'yes'
- 'no'
default: 'yes'
description:
- Defines whether yum should verify SSL certificates/hosts at all.
required: false
attributes:
aliases:
- attr
description:
- The attributes the resulting filesystem object should have.
- To get supported flags look at the man page for I(chattr) on the target system.
- This string should contain the attributes in the same order as the one displayed
by I(lsattr).
- The C(=) operator is assumed as default, otherwise C(+) or C(-) operators need to
be included in the string.
type: str
version_added: '2.3'
version_added_collection: ansible.builtin
ip_resolve:
choices:
- 4
- 6
- IPv4
- IPv6
- whatever
default: whatever
description:
- Determines how yum resolves host names.
- C(4) or C(IPv4) - resolve to IPv4 addresses only.
- C(6) or C(IPv6) - resolve to IPv6 addresses only.
required: false
mirrorlist:
default: null
description:
- Specifies a URL to a file containing a list of baseurls.
- This, the I(baseurl) or I(metalink) parameters are required if I(state) is set to
C(present).
required: false
s3_enabled:
choices:
- 'yes'
- 'no'
default: 'no'
description:
- Enables support for S3 repositories.
- This option only works if the YUM S3 plugin is installed.
required: false
description:
default: null
description:
- A human readable string describing the repository.
- This parameter is only required if I(state) is set to C(present).
required: false
includepkgs:
default: null
description:
- List of packages you want to only use from a repository. This should be a space
separated list. Shell globs using wildcards (eg. C(*) and C(?)) are allowed. Substitution
variables (e.g. C($releasever)) are honored here.
- The list can also be a regular YAML array.
required: false
enablegroups:
choices:
- 'yes'
- 'no'
default: 'yes'
description:
- Determines whether yum will allow the use of package groups for this repository.
required: false
http_caching:
choices:
- all
- packages
- none
default: all
description:
- Determines how upstream HTTP caches are instructed to handle any HTTP downloads
that Yum does.
- C(all) means that all HTTP downloads should be cached.
- C(packages) means that only RPM package downloads should be cached (but not repository
metadata downloads).
- C(none) means that no HTTP downloads should be cached.
required: false
sslclientkey:
default: null
description:
- Path to the SSL client key yum should use to connect to repos/remote sites.
required: false
repo_gpgcheck:
choices:
- 'yes'
- 'no'
default: 'no'
description:
- This tells yum whether or not it should perform a GPG signature check on the repodata
from this repository.
required: false
sslclientcert:
default: null
description:
- Path to the SSL client certificate yum should use to connect to repos/remote sites.
required: false
unsafe_writes:
default: false
description:
- Influence when to use atomic operation to prevent data corruption or inconsistent
reads from the target filesystem object.
- By default this module uses atomic operations to prevent data corruption or inconsistent
reads from the target filesystem objects, but sometimes systems are configured or
just broken in ways that prevent this. One example is docker mounted filesystem
objects, which cannot be updated atomically from inside the container and can only
be written in an unsafe manner.
- This option allows Ansible to fall back to unsafe methods of updating filesystem
objects when atomic operations fail (however, it doesn't force Ansible to perform
unsafe writes).
- IMPORTANT! Unsafe writes are subject to race conditions and can lead to data corruption.
type: bool
version_added: '2.2'
version_added_collection: ansible.builtin
failovermethod:
choices:
- roundrobin
- priority
default: roundrobin
description:
- C(roundrobin) randomly selects a URL out of the list of URLs to start with and proceeds
through each of them as it encounters a failure contacting the host.
- C(priority) starts from the first I(baseurl) listed and reads through them sequentially.
required: false
proxy_password:
default: null
description:
- Username to use for proxy.
required: false
proxy_username:
default: null
description:
- Password for this proxy.
required: false
ui_repoid_vars:
default: releasever basearch
description:
- When a repository id is displayed, append these yum variables to the string if they
are used in the I(baseurl)/etc. Variables are appended in the order listed (and
found).
required: false
metadata_expire:
default: 21600
description:
- Time (in seconds) after which the metadata will expire.
- Default value is 6 hours.
required: false
mirrorlist_expire:
default: 21600
description:
- Time (in seconds) after which the mirrorlist locally cached will expire.
- Default value is 6 hours.
required: false
deltarpm_percentage:
default: 75
description:
- When the relative size of delta vs pkg is larger than this, delta is not used. Use
C(0) to turn off delta rpm processing. Local repositories (with file:// I(baseurl))
have delta rpms turned off by default.
required: false
skip_if_unavailable:
choices:
- 'yes'
- 'no'
default: 'no'
description:
- If set to C(yes) yum will continue running if this repository cannot be contacted
for any reason. This should be set carefully as all repos are consulted for any
given command.
required: false
metadata_expire_filter:
choices:
- never
- read-only:past
- read-only:present
- read-only:future
default: read-only:present
description:
- Filter the I(metadata_expire) time, allowing a trade of speed for accuracy if a
command doesn't require it. Each yum command can specify that it requires a certain
level of timeliness quality from the remote repos. from "I'm about to install/upgrade,
so this better be current" to "Anything that's available is good enough".
- C(never) - Nothing is filtered, always obey I(metadata_expire).
- C(read-only:past) - Commands that only care about past information are filtered
from metadata expiring. Eg. I(yum history) info (if history needs to lookup anything
about a previous transaction, then by definition the remote package was available
in the past).
- C(read-only:present) - Commands that are balanced between past and future. Eg. I(yum
list yum).
- C(read-only:future) - Commands that are likely to result in running other commands
which will require the latest metadata. Eg. I(yum check-update).
- Note that this option does not override "yum clean expire-cache".
required: false
ssl_check_cert_permissions:
choices:
- 'yes'
- 'no'
default: 'no'
description:
- Whether yum should check the permissions on the paths for the certificates on the
repository (both remote and local).
- If we can't read any of the files then yum will force I(skip_if_unavailable) to
be C(yes). This is most useful for non-root processes which use yum on repos that
have client cert files which are readable only by root.
required: false
deltarpm_metadata_percentage:
default: 100
description:
- When the relative size of deltarpm metadata vs pkgs is larger than this, deltarpm
metadata is not downloaded from the repo. Note that you can give values over C(100),
so C(200) means that the metadata is required to be half the size of the packages.
Use C(0) to turn off this check, and always download metadata.
required: false
repo: description: repository name returned: success sample: epel type: string state: description: state of the target, after execution returned: success sample: present type: string