Ansible.builtin.dnf module - capturing output of package upgrades

Hi all,

First time posting on here, and I love Ansible with a passion!

I have a question regarding the builtin DNF (RHEL package manager) module.

I have a playbook which pushes DNF to install security updates on all of my RHEL-like servers. It does a great job, but I never get any return information. I’ve checked the module documentation and it doesn’t appear to support any return values/text.

Playbook snippet:

    - name: run security updates
      dnf:
        update_cache: true
        name: '*'
        state: latest
        update_only: yes
        security: yes
      ignore_errors: True

If I add a register to the above task, nothing is ever captured.

Am I going to need to use ansible.builtin.command: “dnf update […]” and capture std_out or am I missing something?

Info:
ansible [core 2.11.12]

Hey,

If I add a register to the above task, nothing is ever captured.

Weird. It should AFAIK

Here is an excerpt from a role I’m using to update our EL machines:

- name: "[RHEL] Update packages"
  ansible.builtin.dnf:
    update_cache: yes
    name: "*"
    state: latest
    exclude: "{{ gbt_packages_versionlock|d() }}"
    use_backend: dnf4
  register: _gbt_packages_update_output

- name: "[RHEL] [INFO] Print installed/updated packages"
  when: _gbt_packages_update_output.skipped is not defined
  ansible.builtin.debug:
    var: _gbt_packages_update_output.results|d()

And the output:

TASK [gbt_packages : [RHEL] Update packages] ***********************************************************************************************************************************************************************************************
Wednesday 13 September 2023  14:41:33 +0200 (0:00:00.108)       0:00:09.035 ***
changed: [<redacted>]


TASK [gbt_packages : [RHEL] [INFO] Print installed/updated packages] ***********************************************************************************************************************************************************************
Wednesday 13 September 2023  14:50:15 +0200 (0:08:41.311)       0:08:50.347 ***
ok: [<redacted>] => {
    "_gbt_packages_update_output.results|d()": [
        "Installed: selinux-policy-targeted-3.14.3-117.el8_8.2.noarch",
        "Installed: krb5-libs-1.18.2-25.el8_8.x86_64",
        "Installed: bind-libs-32:9.11.36-8.el8_8.1.x86_64",
        "Installed: krb5-workstation-1.18.2-25.el8_8.x86_64",
        "Installed: bind-libs-lite-32:9.11.36-8.el8_8.1.x86_64",
        "Installed: bind-license-32:9.11.36-8.el8_8.1.noarch",
        "Installed: sos-4.5.6-1.el8.alma.noarch",
        "Installed: microcode_ctl-4:20220809-2.20230808.2.el8_8.x86_64",
...

Perhaps there is nothing to upgrade on your target machines ? What does dnf check-update --security gives on one of theses machines ? (since you specifically ask for security updates).
It could also be a bad interaction with ’ ignore_errors’, but I fail to see why it would be.
You could also have ‘no_log: true’ set somewhere else ?

Could you share the output you get when registering your upgrade task ?

Another option would be to get last upgrade result from a command like: dnf history info $(dnf history | tail -n+3 | head -n1 | awk '{print $1}') (I’m not sure if there is an Ansible module for that.), or query package cache for recently modified packages.

Thanks ptn!

I was querying .stdout_lines rather than .results. I will test the output using the latter and report back. It could be as simple as that.

Hi @LoZ! Did you get a chance to try that solution?

If so, it would be super helpful if you could click the on their post to accept the solution - it helps users find solutions (solved topics have a higher search priority), recognises the input of the people who help you, helps our volunteers find new issues to answer, and keeps the forum nice and tidy. It’s just a nice way to give back, and only takes a moment

Thanks!
(this is template reply, do feel free to reply if I’ve misunderstood the situation!)