rpm does not update to latest on SLES machine

Hi,

this is about ansible 1.6.1 on and with SLES machines.

I build newer versions of openldap in the SuSE Build Service.
2.4.39 is installed on the SLES 11 SP 3 machine.

# rpm -qa | grep openldap
openldap2-2.4.39-0
openldap2-client-2.4.39-0

I build 2.4.40 and copied the files to my http repo.

Unfortunatly my ansible script does not update.
Code:

   tasks:
   - name: install LDAP RPMs
     zypper: name={{ item }} state=latest disable_gpg_check=yes
     with_items:
       - libdb-4_8
       - openldap2-client
       - libldap-2_4-2
       - libldap-2_4-2-32bit
       - openldap2

I checked with zypper on the machine:

# zypper up openldap2
Loading repository data...
Reading installed packages...
Resolving package dependencies...

The following packages are going to be upgraded:
   libldap-2_4-2 openldap2 openldap2-client

The following packages are not supported by their vendor:
   libldap-2_4-2 openldap2 openldap2-client

3 packages to upgrade.
Overall download size: 1.5 MiB. After the operation, 1.6 MiB will be freed.
Continue? [y/n/? shows all options] (y): n

The new rpms are found. But zypper warns with "are not supported by their vendor".
I think this prevends ansible from automatically update the rpms.

I have a vendors file for obs created before

# cat "/etc/zypp/vendors.d/obs"
vendors = obs://build.opensuse.org

# zypper if openldap2
Loading repository data...
Reading installed packages...

Information for package openldap2:

Repository: Netzdienste Repo
Name: openldap2
Version: 2.4.40-0
Arch: x86_64
Vendor: obs://build.opensuse.org/home:MoserHans
Support Level: unknown
Installed: Yes
Status: out-of-date (version 2.4.39-0 installed)
Installed Size: 3.1 MiB
Summary: The OpenLDAP Server
Description:
The Lightweight Directory Access Protocol (LDAP) is used to access
online directory services. It runs directly over TCP and can be used to
access a stand-alone LDAP directory service or to access a directory
service that has an X.500 back-end.
:~ # rpm -qi openldap2
Name : openldap2 Relocations: (not relocatable)
Version : 2.4.39 Vendor: obs://build.opensuse.org/home:MoserHans
Release : 0 Build Date: Tue 10 Jun 2014 03:44:28 PM CEST
Install Date: Mon 17 Nov 2014 03:27:19 PM CET Build Host: buildhost-sp3
Group : Productivity/Networking/LDAP/Clients Source RPM: openldap2-2.4.39-0.src.rpm
Size : 4936865 License: OLDAP-2.8
Signature : (none)
URL : http://www.openldap.org
Summary : The OpenLDAP Server
Description :
The Lightweight Directory Access Protocol (LDAP) is used to access
online directory services. It runs directly over TCP and can be used to
access a stand-alone LDAP directory service or to access a directory
service that has an X.500 back-end.
Distribution: home:MoserHans:branches:network:ldap / SLE_11_SP3

What am I missing, why doesn't ansible update?

[I tried to update to 1.8.2. But this seems to require python 2.7, and on my ansible machine I only have 2.6.8.]

Marc

Marc Patermann schrieb (16.02.2015 14:07 Uhr):

What am I missing, why doesn't ansible update?

now it get even weirder.

I ran the playbook again and it tells the openldap2-client rpm "changed", so it does update:

TASK: [install LDAP RPMs]

The zypper module already runs zypper with '--non-interactive' and other
options to avoid prompts (quite puzzling there is no --yes option, from
a yum user's perspective).

Could you run `ansible-playbook -vvv your_playbook.xml` and share the
results for that specific task?

Giovanni

Giovanni,

Giovanni Tirloni schrieb (16.02.2015 14:27 Uhr):

Could you run `ansible-playbook -vvv your_playbook.xml` and share the
results for that specific task?

sure:

TASK: [install LDAP RPMs]

Sorry if I'm being a bit too dense but I'm confused about the current
state of the servers when you run ansible. Can you downgrade the
packages and attempt it again?

In your output, ansible seems to think all 4 packages are already at
their latest versions on server2. Can you confirm with rpm -qa that it's
indeed true for that server?

<server2> REMOTE_MODULE zypper name=openldap2-client state=latest
disable_gpg_check=yes
ok: [server2] => (item=openldap2-client) => {"changed": false, "item":
"openldap2-client", "name": "openldap2-client", "state": "latest"}

<server2> REMOTE_MODULE zypper name=libldap-2_4-2 state=latest
disable_gpg_check=yes
ok: [server2] => (item=libldap-2_4-2) => {"changed": false, "item":
"libldap-2_4-2", "name": "libldap-2_4-2", "state": "latest"}

<server2> REMOTE_MODULE zypper name=libldap-2_4-2-32bit state=latest
disable_gpg_check=yes
ok: [server2] => (item=libldap-2_4-2-32bit) => {"changed": false,
"item": "libldap-2_4-2-32bit", "name": "libldap-2_4-2-32bit", "state":
"latest"}

<server2> REMOTE_MODULE zypper name=openldap2 state=latest
disable_gpg_check=yes
ok: [server2] => (item=openldap2) => {"changed": false, "item":
"openldap2", "name": "openldap2", "state": "latest"}

Giovanni

Giovanni,

Giovanni Tirloni schrieb (16.02.2015 16:08 Uhr):

Giovanni Tirloni schrieb (16.02.2015 14:27 Uhr):

Could you run `ansible-playbook -vvv your_playbook.xml` and share the
results for that specific task?

sure:

Sorry if I'm being a bit too dense but I'm confused about the current
state of the servers when you run ansible. Can you downgrade the
packages and attempt it again?

At the moment I have two servers.
The first one ("server") is now on the latest packages (2.4.40), but ansible only told it updated the client package, but updated indeed three packages.

The second one ("server2") ist still on the older packages from the initial ansible installation (2.4.39).
Have a look at the second half of may mal from 14:22 today.

In your output, ansible seems to think all 4 packages are already at
their latest versions on server2. Can you confirm with rpm -qa that it's
indeed true for that server?

No, they are still on 2.4.39 and that is not "latest".

# zypper --no-gpg-checks if openldap2
Loading repository data...
Reading installed packages...

Information for package openldap2:

Repository: myown Repo
Name: openldap2
Version: 2.4.40-0
Arch: x86_64
Vendor: obs://build.opensuse.org/home:MoserHans
Support Level: unknown
Installed: Yes
Status: out-of-date (version 2.4.39-0 installed)
Installed Size: 3.1 MiB
Summary: The OpenLDAP Server
Description:
The Lightweight Directory Access Protocol (LDAP) is used to access
online directory services. It runs directly over TCP and can be used to
access a stand-alone LDAP directory service or to access a directory
service that has an X.500 back-end.

Marc

I'm not a zypper user but I noticed this in your information:

  # cat "/etc/zypp/vendors.d/obs"
  vendors = obs://build.opensuse.org

  # zypper if openldap2
  [..]
  Vendor: obs://build.opensuse.org/home:MoserHans

Perhaps the vendors = line needs to specify
obs://build.opensuse.org/home:MoserHans ?

-Toshio

Hi Marc,

it is a Bug. Please have a look on this PR https://github.com/ansible/ansible/pull/8598

I recommend you to use the latest ansible version.

Regards,
Alex

Alex,

alxgu schrieb (17.02.2015 10:37 Uhr):

it is a Bug. Please have a look on this PR https://github.com/ansible/ansible/pull/8598

I recommend you to use the latest ansible version.

for first try I patched the zipper module manually.
Thank you!

Marc

Marc Patermann schrieb (16.02.2015 14:22 Uhr):

Marc Patermann schrieb (16.02.2015 14:07 Uhr):
I ran the playbook again and it tells the openldap2-client rpm "changed", so it does update:

TASK: [install LDAP RPMs] *****************************************************
ok: [server] => (item=libdb-4_8)
changed: [server] => (item=openldap2-client)
ok: [server] => (item=libldap-2_4-2)
ok: [server] => (item=libldap-2_4-2-32bit)
ok: [server] => (item=openldap2)

When I checked, this is not the whole truth:

openldap2-client-2.4.40-0 Mon 16 Feb 2015 02:08:35 PM CET
openldap2-2.4.40-0 Mon 16 Feb 2015 02:08:30 PM CET
libldap-2_4-2-2.4.40-0 Mon 16 Feb 2015 02:08:29 PM CET

Not only the client rpm did update, two other did too, but ansible did not tell!

well, openldap2-client depends on libldap-2_4-2 and on this depends openldap2. So all three package update together.
But ansible does not tell.

I suspect, that when ansible comes to the next item - libldap-2_4-2 - this is already updated from the previous item, so it is "OK".

Is this the way it is intended to be?

Marc

Hi Marc,

in the latest ansible version are all packages installed in one module run.
So you would only see one “changed” message/line and all of your packages are on the latest state.

changed: [$server] => (item=openldap2-client,libldap-2_4-2,xxx, etc.)

Regards,
Alex