Error RC with ansible.builtin.shell: yum check-update

Get Help
1

I have some ansible that failes on one node just running ansible.builtin.shell yum commands the rc code 100
which doesnt seem to be an error at all?

  • yum check-update returns exit value of 100 if there are packages available for an update. Also returns a list of the packages to be updated in list format.

any idea what I am doing wrong?

    - name: yum list
      ignore_errors: yes
      ansible.builtin.shell: yum check-update --exclude=389-ds*  --disablerepo=* --enablerepo=rhui*  > /root/{{ inventory_hostname }}.txt

TASK [yum list] *****************************************************************************************************************************************************************************
fatal: [SISLIC]: FAILED! => {"changed": true, "cmd": "yum check-update --exclude=389-ds*  --disablerepo=* --enablerepo=rhui*  > /root/SISLIC.txt", "delta": "0:00:09.812078", "end": "2026-02-17 08:55:36.440690", "msg": "non-zero return code", "rc": 100, "start": "2026-02-17 08:55:26.628612", "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}
2

ansible assums that any return code that is not 0 (zero) indicates failure of the command. As you mentioned return code is 100, so ansible fail.

See in the log you provided ““msg”: “non-zero return code”, “rc”: 100,“

- name: yum list
  ansible.builtin.shell: yum check-update --exclude=389-ds*  --disablerepo=* --enablerepo=rhui*  > /root/{{ inventory_hostname }}.txt
  failed_when: false

adding directive ‘failed_when’ should help.
There is another more precise approach:

- name: yum list
  ansible.builtin.shell: yum check-update --exclude=389-ds*  --disablerepo=* --enablerepo=rhui*  > /root/{{ inventory_hostname }}.txt
  register: yum_check_update
  failed_when: yum_check_update.rc not in [0,100]

This will fail only if return code (see ‘.rc’) is not 0 or 100.

Generally you should not use ignore_errors, see https://medium.com/@sbarnea/why-ansible-ignore-errors-is-evil-500fb6e81229

3 Likes
3

Yup that did the trick , thanks!

1 Like
4

Right, that’s the case. According man yum

check-update
Non-interactively checks if updates of the specified
packages in the repository are available. DNF exit code
will be 100 when there are updates available and a list of
the updates will be printed.

The 100 means just, there are updates available and a list of them is provided. According the return code the case needs then to be addressed appropriate, in example as shown in the given answer.