Dre4m Shell
Server IP : 85.214.239.14  /  Your IP : 18.117.91.170
Web Server : Apache/2.4.62 (Debian)
System : Linux h2886529.stratoserver.net 4.9.0 #1 SMP Tue Jan 9 19:45:01 MSK 2024 x86_64
User : www-data ( 33)
PHP Version : 7.4.18
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
MySQL : OFF  |  cURL : OFF  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : OFF
Directory :  /proc/self/root/proc/2/cwd/proc/self/root/usr/lib/python3/dist-packages/ansible/modules/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ HOME SHELL ]     

Current File : /proc/self/root/proc/2/cwd/proc/self/root/usr/lib/python3/dist-packages/ansible/modules/yum.py
# -*- coding: utf-8 -*-

# Copyright: (c) 2012, Red Hat, Inc
# Written by Seth Vidal <skvidal at fedoraproject.org>
# Copyright: (c) 2014, Epic Games, Inc.

# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

from __future__ import absolute_import, division, print_function
__metaclass__ = type


DOCUMENTATION = '''
---
module: yum
version_added: historical
short_description: Manages packages with the I(yum) package manager
description:
     - Installs, upgrade, downgrades, removes, and lists packages and groups with the I(yum) package manager.
     - This module only works on Python 2. If you require Python 3 support see the M(ansible.builtin.dnf) module.
options:
  use_backend:
    description:
      - This module supports C(yum) (as it always has), this is known as C(yum3)/C(YUM3)/C(yum-deprecated) by
        upstream yum developers. As of Ansible 2.7+, this module also supports C(YUM4), which is the
        "new yum" and it has an C(dnf) backend.
      - By default, this module will select the backend based on the C(ansible_pkg_mgr) fact.
    default: "auto"
    choices: [ auto, yum, yum4, dnf ]
    type: str
    version_added: "2.7"
  name:
    description:
      - A package name or package specifier with version, like C(name-1.0).
      - Comparison operators for package version are valid here C(>), C(<), C(>=), C(<=). Example - C(name>=1.0)
      - If a previous version is specified, the task also needs to turn C(allow_downgrade) on.
        See the C(allow_downgrade) documentation for caveats with downgrading packages.
      - When using state=latest, this can be C('*') which means run C(yum -y update).
      - You can also pass a url or a local path to a rpm file (using state=present).
        To operate on several packages this can accept a comma separated string of packages or (as of 2.0) a list of packages.
    aliases: [ pkg ]
    type: list
    elements: str
  exclude:
    description:
      - Package name(s) to exclude when state=present, or latest
    type: list
    elements: str
    version_added: "2.0"
  list:
    description:
      - "Package name to run the equivalent of C(yum list --show-duplicates <package>) against. In addition to listing packages,
        use can also list the following: C(installed), C(updates), C(available) and C(repos)."
      - This parameter is mutually exclusive with I(name).
    type: str
  state:
    description:
      - Whether to install (C(present) or C(installed), C(latest)), or remove (C(absent) or C(removed)) a package.
      - C(present) and C(installed) will simply ensure that a desired package is installed.
      - C(latest) will update the specified package if it's not of the latest available version.
      - C(absent) and C(removed) will remove the specified package.
      - Default is C(None), however in effect the default action is C(present) unless the C(autoremove) option is
        enabled for this module, then C(absent) is inferred.
    type: str
    choices: [ absent, installed, latest, present, removed ]
  enablerepo:
    description:
      - I(Repoid) of repositories to enable for the install/update operation.
        These repos will not persist beyond the transaction.
        When specifying multiple repos, separate them with a C(",").
      - As of Ansible 2.7, this can alternatively be a list instead of C(",")
        separated string
    type: list
    elements: str
    version_added: "0.9"
  disablerepo:
    description:
      - I(Repoid) of repositories to disable for the install/update operation.
        These repos will not persist beyond the transaction.
        When specifying multiple repos, separate them with a C(",").
      - As of Ansible 2.7, this can alternatively be a list instead of C(",")
        separated string
    type: list
    elements: str
    version_added: "0.9"
  conf_file:
    description:
      - The remote yum configuration file to use for the transaction.
    type: str
    version_added: "0.6"
  disable_gpg_check:
    description:
      - Whether to disable the GPG checking of signatures of packages being
        installed. Has an effect only if state is I(present) or I(latest).
    type: bool
    default: "no"
    version_added: "1.2"
  skip_broken:
    description:
      - Skip all unavailable packages or packages with broken dependencies
        without raising an error. Equivalent to passing the --skip-broken option.
    type: bool
    default: "no"
    version_added: "2.3"
  update_cache:
    description:
      - Force yum to check if cache is out of date and redownload if needed.
        Has an effect only if state is I(present) or I(latest).
    type: bool
    default: "no"
    aliases: [ expire-cache ]
    version_added: "1.9"
  validate_certs:
    description:
      - This only applies if using a https url as the source of the rpm. e.g. for localinstall. If set to C(false), the SSL certificates will not be validated.
      - This should only set to C(false) used on personally controlled sites using self-signed certificates as it avoids verifying the source site.
      - Prior to 2.1 the code worked as if this was set to C(true).
    type: bool
    default: "yes"
    version_added: "2.1"
  sslverify:
    description:
      - Disables SSL validation of the repository server for this transaction.
      - This should be set to C(false) if one of the configured repositories is using an untrusted or self-signed certificate.
    type: bool
    default: "yes"
    version_added: "2.13"
  update_only:
    description:
      - When using latest, only update installed packages. Do not install packages.
      - Has an effect only if state is I(latest)
    default: "no"
    type: bool
    version_added: "2.5"

  installroot:
    description:
      - Specifies an alternative installroot, relative to which all packages
        will be installed.
    default: "/"
    type: str
    version_added: "2.3"
  security:
    description:
      - If set to C(true), and C(state=latest) then only installs updates that have been marked security related.
    type: bool
    default: "no"
    version_added: "2.4"
  bugfix:
    description:
      - If set to C(true), and C(state=latest) then only installs updates that have been marked bugfix related.
    default: "no"
    type: bool
    version_added: "2.6"
  allow_downgrade:
    description:
      - Specify if the named package and version is allowed to downgrade
        a maybe already installed higher version of that package.
        Note that setting allow_downgrade=True can make this module
        behave in a non-idempotent way. The task could end up with a set
        of packages that does not match the complete list of specified
        packages to install (because dependencies between the downgraded
        package and others can cause changes to the packages which were
        in the earlier transaction).
    type: bool
    default: "no"
    version_added: "2.4"
  enable_plugin:
    description:
      - I(Plugin) name to enable for the install/update operation.
        The enabled plugin will not persist beyond the transaction.
    type: list
    elements: str
    version_added: "2.5"
  disable_plugin:
    description:
      - I(Plugin) name to disable for the install/update operation.
        The disabled plugins will not persist beyond the transaction.
    type: list
    elements: str
    version_added: "2.5"
  releasever:
    description:
      - Specifies an alternative release from which all packages will be
        installed.
    type: str
    version_added: "2.7"
  autoremove:
    description:
      - If C(true), removes all "leaf" packages from the system that were originally
        installed as dependencies of user-installed packages but which are no longer
        required by any such package. Should be used alone or when state is I(absent)
      - "NOTE: This feature requires yum >= 3.4.3 (RHEL/CentOS 7+)"
    type: bool
    default: "no"
    version_added: "2.7"
  disable_excludes:
    description:
      - Disable the excludes defined in YUM config files.
      - If set to C(all), disables all excludes.
      - If set to C(main), disable excludes defined in [main] in yum.conf.
      - If set to C(repoid), disable excludes defined for given repo id.
    type: str
    version_added: "2.7"
  download_only:
    description:
      - Only download the packages, do not install them.
    default: "no"
    type: bool
    version_added: "2.7"
  lock_timeout:
    description:
      - Amount of time to wait for the yum lockfile to be freed.
    required: false
    default: 30
    type: int
    version_added: "2.8"
  install_weak_deps:
    description:
      - Will also install all packages linked by a weak dependency relation.
      - "NOTE: This feature requires yum >= 4 (RHEL/CentOS 8+)"
    type: bool
    default: "yes"
    version_added: "2.8"
  download_dir:
    description:
      - Specifies an alternate directory to store packages.
      - Has an effect only if I(download_only) is specified.
    type: str
    version_added: "2.8"
  install_repoquery:
    description:
      - If repoquery is not available, install yum-utils. If the system is
        registered to RHN or an RHN Satellite, repoquery allows for querying
        all channels assigned to the system. It is also required to use the
        'list' parameter.
      - "NOTE: This will run and be logged as a separate yum transation which
        takes place before any other installation or removal."
      - "NOTE: This will use the system's default enabled repositories without
        regard for disablerepo/enablerepo given to the module."
    required: false
    version_added: "1.5"
    default: "yes"
    type: bool
  cacheonly:
    description:
      - Tells yum to run entirely from system cache; does not download or update metadata.
    default: "no"
    type: bool
    version_added: "2.12"
extends_documentation_fragment:
- action_common_attributes
- action_common_attributes.flow
attributes:
    action:
        details: In the case of yum, it has 2 action plugins that use it under the hood, M(ansible.builtin.yum) and M(ansible.builtin.package).
        support: partial
    async:
        support: none
    bypass_host_loop:
        support: none
    check_mode:
        support: full
    diff_mode:
        support: full
    platform:
        platforms: rhel
notes:
  - When used with a C(loop:) each package will be processed individually,
    it is much more efficient to pass the list directly to the I(name) option.
  - In versions prior to 1.9.2 this module installed and removed each package
    given to the yum module separately. This caused problems when packages
    specified by filename or url had to be installed or removed together. In
    1.9.2 this was fixed so that packages are installed in one yum
    transaction. However, if one of the packages adds a new yum repository
    that the other packages come from (such as epel-release) then that package
    needs to be installed in a separate task. This mimics yum's command line
    behaviour.
  - 'Yum itself has two types of groups.  "Package groups" are specified in the
    rpm itself while "environment groups" are specified in a separate file
    (usually by the distribution).  Unfortunately, this division becomes
    apparent to ansible users because ansible needs to operate on the group
    of packages in a single transaction and yum requires groups to be specified
    in different ways when used in that way.  Package groups are specified as
    "@development-tools" and environment groups are "@^gnome-desktop-environment".
    Use the "yum group list hidden ids" command to see which category of group the group
    you want to install falls into.'
  - 'The yum module does not support clearing yum cache in an idempotent way, so it
    was decided not to implement it, the only method is to use command and call the yum
    command directly, namely "command: yum clean all"
    https://github.com/ansible/ansible/pull/31450#issuecomment-352889579'
# informational: requirements for nodes
requirements:
- yum
author:
    - Ansible Core Team
    - Seth Vidal (@skvidal)
    - Eduard Snesarev (@verm666)
    - Berend De Schouwer (@berenddeschouwer)
    - Abhijeet Kasurde (@Akasurde)
    - Adam Miller (@maxamillion)
'''

EXAMPLES = '''
- name: Install the latest version of Apache
  ansible.builtin.yum:
    name: httpd
    state: latest

- name: Install Apache >= 2.4
  ansible.builtin.yum:
    name: httpd>=2.4
    state: present

- name: Install a list of packages (suitable replacement for 2.11 loop deprecation warning)
  ansible.builtin.yum:
    name:
      - nginx
      - postgresql
      - postgresql-server
    state: present

- name: Install a list of packages with a list variable
  ansible.builtin.yum:
    name: "{{ packages }}"
  vars:
    packages:
    - httpd
    - httpd-tools

- name: Remove the Apache package
  ansible.builtin.yum:
    name: httpd
    state: absent

- name: Install the latest version of Apache from the testing repo
  ansible.builtin.yum:
    name: httpd
    enablerepo: testing
    state: present

- name: Install one specific version of Apache
  ansible.builtin.yum:
    name: httpd-2.2.29-1.4.amzn1
    state: present

- name: Upgrade all packages
  ansible.builtin.yum:
    name: '*'
    state: latest

- name: Upgrade all packages, excluding kernel & foo related packages
  ansible.builtin.yum:
    name: '*'
    state: latest
    exclude: kernel*,foo*

- name: Install the nginx rpm from a remote repo
  ansible.builtin.yum:
    name: http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm
    state: present

- name: Install nginx rpm from a local file
  ansible.builtin.yum:
    name: /usr/local/src/nginx-release-centos-6-0.el6.ngx.noarch.rpm
    state: present

- name: Install the 'Development tools' package group
  ansible.builtin.yum:
    name: "@Development tools"
    state: present

- name: Install the 'Gnome desktop' environment group
  ansible.builtin.yum:
    name: "@^gnome-desktop-environment"
    state: present

- name: List ansible packages and register result to print with debug later
  ansible.builtin.yum:
    list: ansible
  register: result

- name: Install package with multiple repos enabled
  ansible.builtin.yum:
    name: sos
    enablerepo: "epel,ol7_latest"

- name: Install package with multiple repos disabled
  ansible.builtin.yum:
    name: sos
    disablerepo: "epel,ol7_latest"

- name: Download the nginx package but do not install it
  ansible.builtin.yum:
    name:
      - nginx
    state: latest
    download_only: true
'''

from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.common.locale import get_best_parsable_locale
from ansible.module_utils.common.respawn import has_respawned, respawn_module
from ansible.module_utils._text import to_native, to_text
from ansible.module_utils.urls import fetch_url
from ansible.module_utils.yumdnf import YumDnf, yumdnf_argument_spec

import errno
import os
import re
import sys
import tempfile

try:
    import rpm
    HAS_RPM_PYTHON = True
except ImportError:
    HAS_RPM_PYTHON = False

try:
    import yum
    HAS_YUM_PYTHON = True
except ImportError:
    HAS_YUM_PYTHON = False

try:
    from yum.misc import find_unfinished_transactions, find_ts_remaining
    from rpmUtils.miscutils import splitFilename, compareEVR
    transaction_helpers = True
except ImportError:
    transaction_helpers = False

from contextlib import contextmanager
from ansible.module_utils.urls import fetch_file

def_qf = "%{epoch}:%{name}-%{version}-%{release}.%{arch}"
rpmbin = None


class YumModule(YumDnf):
    """
    Yum Ansible module back-end implementation
    """

    def __init__(self, module):

        # state=installed name=pkgspec
        # state=removed name=pkgspec
        # state=latest name=pkgspec
        #
        # informational commands:
        #   list=installed
        #   list=updates
        #   list=available
        #   list=repos
        #   list=pkgspec

        # This populates instance vars for all argument spec params
        super(YumModule, self).__init__(module)

        self.pkg_mgr_name = "yum"
        self.lockfile = '/var/run/yum.pid'
        self._yum_base = None

    def _enablerepos_with_error_checking(self):
        # NOTE: This seems unintuitive, but it mirrors yum's CLI behavior
        if len(self.enablerepo) == 1:
            try:
                self.yum_base.repos.enableRepo(self.enablerepo[0])
            except yum.Errors.YumBaseError as e:
                if u'repository not found' in to_text(e):
                    self.module.fail_json(msg="Repository %s not found." % self.enablerepo[0])
                else:
                    raise e
        else:
            for rid in self.enablerepo:
                try:
                    self.yum_base.repos.enableRepo(rid)
                except yum.Errors.YumBaseError as e:
                    if u'repository not found' in to_text(e):
                        self.module.warn("Repository %s not found." % rid)
                    else:
                        raise e

    def is_lockfile_pid_valid(self):
        try:
            try:
                with open(self.lockfile, 'r') as f:
                    oldpid = int(f.readline())
            except ValueError:
                # invalid data
                os.unlink(self.lockfile)
                return False

            if oldpid == os.getpid():
                # that's us?
                os.unlink(self.lockfile)
                return False

            try:
                with open("/proc/%d/stat" % oldpid, 'r') as f:
                    stat = f.readline()

                if stat.split()[2] == 'Z':
                    # Zombie
                    os.unlink(self.lockfile)
                    return False
            except IOError:
                # either /proc is not mounted or the process is already dead
                try:
                    # check the state of the process
                    os.kill(oldpid, 0)
                except OSError as e:
                    if e.errno == errno.ESRCH:
                        # No such process
                        os.unlink(self.lockfile)
                        return False

                    self.module.fail_json(msg="Unable to check PID %s in  %s: %s" % (oldpid, self.lockfile, to_native(e)))
        except (IOError, OSError) as e:
            # lockfile disappeared?
            return False

        # another copy seems to be running
        return True

    @property
    def yum_base(self):
        if self._yum_base:
            return self._yum_base
        else:
            # Only init once
            self._yum_base = yum.YumBase()
            self._yum_base.preconf.debuglevel = 0
            self._yum_base.preconf.errorlevel = 0
            self._yum_base.preconf.plugins = True
            self._yum_base.preconf.enabled_plugins = self.enable_plugin
            self._yum_base.preconf.disabled_plugins = self.disable_plugin
            if self.releasever:
                self._yum_base.preconf.releasever = self.releasever
            if self.installroot != '/':
                # do not setup installroot by default, because of error
                # CRITICAL:yum.cli:Config Error: Error accessing file for config file:////etc/yum.conf
                # in old yum version (like in CentOS 6.6)
                self._yum_base.preconf.root = self.installroot
                self._yum_base.conf.installroot = self.installroot
            if self.conf_file and os.path.exists(self.conf_file):
                self._yum_base.preconf.fn = self.conf_file
            if os.geteuid() != 0:
                if hasattr(self._yum_base, 'setCacheDir'):
                    self._yum_base.setCacheDir()
                else:
                    cachedir = yum.misc.getCacheDir()
                    self._yum_base.repos.setCacheDir(cachedir)
                    self._yum_base.conf.cache = 0
            if self.disable_excludes:
                self._yum_base.conf.disable_excludes = self.disable_excludes

            # setting conf.sslverify allows retrieving the repo's metadata
            # without validating the certificate, but that does not allow
            # package installation from a bad-ssl repo.
            self._yum_base.conf.sslverify = self.sslverify

            # A sideeffect of accessing conf is that the configuration is
            # loaded and plugins are discovered
            self.yum_base.conf

            try:
                for rid in self.disablerepo:
                    self.yum_base.repos.disableRepo(rid)

                self._enablerepos_with_error_checking()

            except Exception as e:
                self.module.fail_json(msg="Failure talking to yum: %s" % to_native(e))

        return self._yum_base

    def po_to_envra(self, po):
        if hasattr(po, 'ui_envra'):
            return po.ui_envra

        return '%s:%s-%s-%s.%s' % (po.epoch, po.name, po.version, po.release, po.arch)

    def is_group_env_installed(self, name):
        name_lower = name.lower()

        if yum.__version_info__ >= (3, 4):
            groups_list = self.yum_base.doGroupLists(return_evgrps=True)
        else:
            groups_list = self.yum_base.doGroupLists()

        # list of the installed groups on the first index
        groups = groups_list[0]
        for group in groups:
            if name_lower.endswith(group.name.lower()) or name_lower.endswith(group.groupid.lower()):
                return True

        if yum.__version_info__ >= (3, 4):
            # list of the installed env_groups on the third index
            envs = groups_list[2]
            for env in envs:
                if name_lower.endswith(env.name.lower()) or name_lower.endswith(env.environmentid.lower()):
                    return True

        return False

    def is_installed(self, repoq, pkgspec, qf=None, is_pkg=False):
        if qf is None:
            qf = "%{epoch}:%{name}-%{version}-%{release}.%{arch}\n"

        if not repoq:
            pkgs = []
            try:
                e, m, _ = self.yum_base.rpmdb.matchPackageNames([pkgspec])
                pkgs = e + m
                if not pkgs and not is_pkg:
                    pkgs.extend(self.yum_base.returnInstalledPackagesByDep(pkgspec))
            except Exception as e:
                self.module.fail_json(msg="Failure talking to yum: %s" % to_native(e))

            return [self.po_to_envra(p) for p in pkgs]

        else:
            global rpmbin
            if not rpmbin:
                rpmbin = self.module.get_bin_path('rpm', required=True)

            cmd = [rpmbin, '-q', '--qf', qf, pkgspec]
            if '*' in pkgspec:
                cmd.append('-a')
            if self.installroot != '/':
                cmd.extend(['--root', self.installroot])
            # rpm localizes messages and we're screen scraping so make sure we use
            # an appropriate locale
            locale = get_best_parsable_locale(self.module)
            lang_env = dict(LANG=locale, LC_ALL=locale, LC_MESSAGES=locale)
            rc, out, err = self.module.run_command(cmd, environ_update=lang_env)
            if rc != 0 and 'is not installed' not in out:
                self.module.fail_json(msg='Error from rpm: %s: %s' % (cmd, err))
            if 'is not installed' in out:
                out = ''

            pkgs = [p for p in out.replace('(none)', '0').split('\n') if p.strip()]
            if not pkgs and not is_pkg:
                cmd = [rpmbin, '-q', '--qf', qf, '--whatprovides', pkgspec]
                if self.installroot != '/':
                    cmd.extend(['--root', self.installroot])
                rc2, out2, err2 = self.module.run_command(cmd, environ_update=lang_env)
            else:
                rc2, out2, err2 = (0, '', '')

            if rc2 != 0 and 'no package provides' not in out2:
                self.module.fail_json(msg='Error from rpm: %s: %s' % (cmd, err + err2))
            if 'no package provides' in out2:
                out2 = ''
            pkgs += [p for p in out2.replace('(none)', '0').split('\n') if p.strip()]
            return pkgs

        return []

    def is_available(self, repoq, pkgspec, qf=def_qf):
        if not repoq:

            pkgs = []
            try:
                e, m, _ = self.yum_base.pkgSack.matchPackageNames([pkgspec])
                pkgs = e + m
                if not pkgs:
                    pkgs.extend(self.yum_base.returnPackagesByDep(pkgspec))
            except Exception as e:
                self.module.fail_json(msg="Failure talking to yum: %s" % to_native(e))

            return [self.po_to_envra(p) for p in pkgs]

        else:
            myrepoq = list(repoq)

            r_cmd = ['--disablerepo', ','.join(self.disablerepo)]
            myrepoq.extend(r_cmd)

            r_cmd = ['--enablerepo', ','.join(self.enablerepo)]
            myrepoq.extend(r_cmd)

            if self.releasever:
                myrepoq.extend('--releasever=%s' % self.releasever)

            cmd = myrepoq + ["--qf", qf, pkgspec]
            rc, out, err = self.module.run_command(cmd)
            if rc == 0:
                return [p for p in out.split('\n') if p.strip()]
            else:
                self.module.fail_json(msg='Error from repoquery: %s: %s' % (cmd, err))

        return []

    def is_update(self, repoq, pkgspec, qf=def_qf):
        if not repoq:

            pkgs = []
            updates = []

            try:
                pkgs = self.yum_base.returnPackagesByDep(pkgspec) + \
                    self.yum_base.returnInstalledPackagesByDep(pkgspec)
                if not pkgs:
                    e, m, _ = self.yum_base.pkgSack.matchPackageNames([pkgspec])
                    pkgs = e + m
                updates = self.yum_base.doPackageLists(pkgnarrow='updates').updates
            except Exception as e:
                self.module.fail_json(msg="Failure talking to yum: %s" % to_native(e))

            retpkgs = (pkg for pkg in pkgs if pkg in updates)

            return set(self.po_to_envra(p) for p in retpkgs)

        else:
            myrepoq = list(repoq)
            r_cmd = ['--disablerepo', ','.join(self.disablerepo)]
            myrepoq.extend(r_cmd)

            r_cmd = ['--enablerepo', ','.join(self.enablerepo)]
            myrepoq.extend(r_cmd)

            if self.releasever:
                myrepoq.extend('--releasever=%s' % self.releasever)

            cmd = myrepoq + ["--pkgnarrow=updates", "--qf", qf, pkgspec]
            rc, out, err = self.module.run_command(cmd)

            if rc == 0:
                return set(p for p in out.split('\n') if p.strip())
            else:
                self.module.fail_json(msg='Error from repoquery: %s: %s' % (cmd, err))

        return set()

    def what_provides(self, repoq, req_spec, qf=def_qf):
        if not repoq:

            pkgs = []
            try:
                try:
                    pkgs = self.yum_base.returnPackagesByDep(req_spec) + \
                        self.yum_base.returnInstalledPackagesByDep(req_spec)
                except Exception as e:
                    # If a repo with `repo_gpgcheck=1` is added and the repo GPG
                    # key was never accepted, querying this repo will throw an
                    # error: 'repomd.xml signature could not be verified'. In that
                    # situation we need to run `yum -y makecache fast` which will accept
                    # the key and try again.
                    if 'repomd.xml signature could not be verified' in to_native(e):
                        if self.releasever:
                            self.module.run_command(self.yum_basecmd + ['makecache', 'fast', '--releasever=%s' % self.releasever])
                        else:
                            self.module.run_command(self.yum_basecmd + ['makecache', 'fast'])
                        pkgs = self.yum_base.returnPackagesByDep(req_spec) + \
                            self.yum_base.returnInstalledPackagesByDep(req_spec)
                    else:
                        raise
                if not pkgs:
                    exact_matches, glob_matches = self.yum_base.pkgSack.matchPackageNames([req_spec])[0:2]
                    pkgs.extend(exact_matches)
                    pkgs.extend(glob_matches)
                    exact_matches, glob_matches = self.yum_base.rpmdb.matchPackageNames([req_spec])[0:2]
                    pkgs.extend(exact_matches)
                    pkgs.extend(glob_matches)
            except Exception as e:
                self.module.fail_json(msg="Failure talking to yum: %s" % to_native(e))

            return set(self.po_to_envra(p) for p in pkgs)

        else:
            myrepoq = list(repoq)
            r_cmd = ['--disablerepo', ','.join(self.disablerepo)]
            myrepoq.extend(r_cmd)

            r_cmd = ['--enablerepo', ','.join(self.enablerepo)]
            myrepoq.extend(r_cmd)

            if self.releasever:
                myrepoq.extend('--releasever=%s' % self.releasever)

            cmd = myrepoq + ["--qf", qf, "--whatprovides", req_spec]
            rc, out, err = self.module.run_command(cmd)
            cmd = myrepoq + ["--qf", qf, req_spec]
            rc2, out2, err2 = self.module.run_command(cmd)
            if rc == 0 and rc2 == 0:
                out += out2
                pkgs = {p for p in out.split('\n') if p.strip()}
                if not pkgs:
                    pkgs = self.is_installed(repoq, req_spec, qf=qf)
                return pkgs
            else:
                self.module.fail_json(msg='Error from repoquery: %s: %s' % (cmd, err + err2))

        return set()

    def transaction_exists(self, pkglist):
        """
        checks the package list to see if any packages are
        involved in an incomplete transaction
        """

        conflicts = []
        if not transaction_helpers:
            return conflicts

        # first, we create a list of the package 'nvreas'
        # so we can compare the pieces later more easily
        pkglist_nvreas = (splitFilename(pkg) for pkg in pkglist)

        # next, we build the list of packages that are
        # contained within an unfinished transaction
        unfinished_transactions = find_unfinished_transactions()
        for trans in unfinished_transactions:
            steps = find_ts_remaining(trans)
            for step in steps:
                # the action is install/erase/etc., but we only
                # care about the package spec contained in the step
                (action, step_spec) = step
                (n, v, r, e, a) = splitFilename(step_spec)
                # and see if that spec is in the list of packages
                # requested for installation/updating
                for pkg in pkglist_nvreas:
                    # if the name and arch match, we're going to assume
                    # this package is part of a pending transaction
                    # the label is just for display purposes
                    label = "%s-%s" % (n, a)
                    if n == pkg[0] and a == pkg[4]:
                        if label not in conflicts:
                            conflicts.append("%s-%s" % (n, a))
                        break
        return conflicts

    def local_envra(self, path):
        """return envra of a local rpm passed in"""

        ts = rpm.TransactionSet()
        ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
        fd = os.open(path, os.O_RDONLY)
        try:
            header = ts.hdrFromFdno(fd)
        except rpm.error as e:
            return None
        finally:
            os.close(fd)

        return '%s:%s-%s-%s.%s' % (
            header[rpm.RPMTAG_EPOCH] or '0',
            header[rpm.RPMTAG_NAME],
            header[rpm.RPMTAG_VERSION],
            header[rpm.RPMTAG_RELEASE],
            header[rpm.RPMTAG_ARCH]
        )

    @contextmanager
    def set_env_proxy(self):
        # setting system proxy environment and saving old, if exists
        namepass = ""
        scheme = ["http", "https"]
        old_proxy_env = [os.getenv("http_proxy"), os.getenv("https_proxy")]
        try:
            # "_none_" is a special value to disable proxy in yum.conf/*.repo
            if self.yum_base.conf.proxy and self.yum_base.conf.proxy not in ("_none_",):
                if self.yum_base.conf.proxy_username:
                    namepass = namepass + self.yum_base.conf.proxy_username
                    proxy_url = self.yum_base.conf.proxy
                    if self.yum_base.conf.proxy_password:
                        namepass = namepass + ":" + self.yum_base.conf.proxy_password
                elif '@' in self.yum_base.conf.proxy:
                    namepass = self.yum_base.conf.proxy.split('@')[0].split('//')[-1]
                    proxy_url = self.yum_base.conf.proxy.replace("{0}@".format(namepass), "")

                if namepass:
                    namepass = namepass + '@'
                    for item in scheme:
                        os.environ[item + "_proxy"] = re.sub(
                            r"(http://)",
                            r"\g<1>" + namepass, proxy_url
                        )
                else:
                    for item in scheme:
                        os.environ[item + "_proxy"] = self.yum_base.conf.proxy
            yield
        except yum.Errors.YumBaseError:
            raise
        finally:
            # revert back to previously system configuration
            for item in scheme:
                if os.getenv("{0}_proxy".format(item)):
                    del os.environ["{0}_proxy".format(item)]
            if old_proxy_env[0]:
                os.environ["http_proxy"] = old_proxy_env[0]
            if old_proxy_env[1]:
                os.environ["https_proxy"] = old_proxy_env[1]

    def pkg_to_dict(self, pkgstr):
        if pkgstr.strip() and pkgstr.count('|') == 5:
            n, e, v, r, a, repo = pkgstr.split('|')
        else:
            return {'error_parsing': pkgstr}

        d = {
            'name': n,
            'arch': a,
            'epoch': e,
            'release': r,
            'version': v,
            'repo': repo,
            'envra': '%s:%s-%s-%s.%s' % (e, n, v, r, a)
        }

        if repo == 'installed':
            d['yumstate'] = 'installed'
        else:
            d['yumstate'] = 'available'

        return d

    def repolist(self, repoq, qf="%{repoid}"):
        cmd = repoq + ["--qf", qf, "-a"]
        if self.releasever:
            cmd.extend(['--releasever=%s' % self.releasever])
        rc, out, _ = self.module.run_command(cmd)
        if rc == 0:
            return set(p for p in out.split('\n') if p.strip())
        else:
            return []

    def list_stuff(self, repoquerybin, stuff):

        qf = "%{name}|%{epoch}|%{version}|%{release}|%{arch}|%{repoid}"
        # is_installed goes through rpm instead of repoquery so it needs a slightly different format
        is_installed_qf = "%{name}|%{epoch}|%{version}|%{release}|%{arch}|installed\n"
        repoq = [repoquerybin, '--show-duplicates', '--plugins', '--quiet']
        if self.disablerepo:
            repoq.extend(['--disablerepo', ','.join(self.disablerepo)])
        if self.enablerepo:
            repoq.extend(['--enablerepo', ','.join(self.enablerepo)])
        if self.installroot != '/':
            repoq.extend(['--installroot', self.installroot])
        if self.conf_file and os.path.exists(self.conf_file):
            repoq += ['-c', self.conf_file]

        if stuff == 'installed':
            return [self.pkg_to_dict(p) for p in sorted(self.is_installed(repoq, '-a', qf=is_installed_qf)) if p.strip()]

        if stuff == 'updates':
            return [self.pkg_to_dict(p) for p in sorted(self.is_update(repoq, '-a', qf=qf)) if p.strip()]

        if stuff == 'available':
            return [self.pkg_to_dict(p) for p in sorted(self.is_available(repoq, '-a', qf=qf)) if p.strip()]

        if stuff == 'repos':
            return [dict(repoid=name, state='enabled') for name in sorted(self.repolist(repoq)) if name.strip()]

        return [
            self.pkg_to_dict(p) for p in
            sorted(self.is_installed(repoq, stuff, qf=is_installed_qf) + self.is_available(repoq, stuff, qf=qf))
            if p.strip()
        ]

    def exec_install(self, items, action, pkgs, res):
        cmd = self.yum_basecmd + [action] + pkgs
        if self.releasever:
            cmd.extend(['--releasever=%s' % self.releasever])

        # setting sslverify using --setopt is required as conf.sslverify only
        # affects the metadata retrieval.
        if not self.sslverify:
            cmd.extend(['--setopt', 'sslverify=0'])

        if self.module.check_mode:
            self.module.exit_json(changed=True, results=res['results'], changes=dict(installed=pkgs))
        else:
            res['changes'] = dict(installed=pkgs)

        locale = get_best_parsable_locale(self.module)
        lang_env = dict(LANG=locale, LC_ALL=locale, LC_MESSAGES=locale)
        rc, out, err = self.module.run_command(cmd, environ_update=lang_env)

        if rc == 1:
            for spec in items:
                # Fail on invalid urls:
                if ('://' in spec and ('No package %s available.' % spec in out or 'Cannot open: %s. Skipping.' % spec in err)):
                    err = 'Package at %s could not be installed' % spec
                    self.module.fail_json(changed=False, msg=err, rc=rc)

        res['rc'] = rc
        res['results'].append(out)
        res['msg'] += err
        res['changed'] = True

        if ('Nothing to do' in out and rc == 0) or ('does not have any packages' in err):
            res['changed'] = False

        if rc != 0:
            res['changed'] = False
            self.module.fail_json(**res)

        # Fail if yum prints 'No space left on device' because that means some
        # packages failed executing their post install scripts because of lack of
        # free space (e.g. kernel package couldn't generate initramfs). Note that
        # yum can still exit with rc=0 even if some post scripts didn't execute
        # correctly.
        if 'No space left on device' in (out or err):
            res['changed'] = False
            res['msg'] = 'No space left on device'
            self.module.fail_json(**res)

        # FIXME - if we did an install - go and check the rpmdb to see if it actually installed
        # look for each pkg in rpmdb
        # look for each pkg via obsoletes

        return res

    def install(self, items, repoq):

        pkgs = []
        downgrade_pkgs = []
        res = {}
        res['results'] = []
        res['msg'] = ''
        res['rc'] = 0
        res['changed'] = False

        for spec in items:
            pkg = None
            downgrade_candidate = False

            # check if pkgspec is installed (if possible for idempotence)
            if spec.endswith('.rpm') or '://' in spec:
                if '://' not in spec and not os.path.exists(spec):
                    res['msg'] += "No RPM file matching '%s' found on system" % spec
                    res['results'].append("No RPM file matching '%s' found on system" % spec)
                    res['rc'] = 127  # Ensure the task fails in with-loop
                    self.module.fail_json(**res)

                if '://' in spec:
                    with self.set_env_proxy():
                        package = fetch_file(self.module, spec)
                        if not package.endswith('.rpm'):
                            # yum requires a local file to have the extension of .rpm and we
                            # can not guarantee that from an URL (redirects, proxies, etc)
                            new_package_path = '%s.rpm' % package
                            os.rename(package, new_package_path)
                            package = new_package_path
                else:
                    package = spec

                # most common case is the pkg is already installed
                envra = self.local_envra(package)
                if envra is None:
                    self.module.fail_json(msg="Failed to get envra information from RPM package: %s" % spec)
                installed_pkgs = self.is_installed(repoq, envra)
                if installed_pkgs:
                    res['results'].append('%s providing %s is already installed' % (installed_pkgs[0], package))
                    continue

                (name, ver, rel, epoch, arch) = splitFilename(envra)
                installed_pkgs = self.is_installed(repoq, name)

                # case for two same envr but different archs like x86_64 and i686
                if len(installed_pkgs) == 2:
                    (cur_name0, cur_ver0, cur_rel0, cur_epoch0, cur_arch0) = splitFilename(installed_pkgs[0])
                    (cur_name1, cur_ver1, cur_rel1, cur_epoch1, cur_arch1) = splitFilename(installed_pkgs[1])
                    cur_epoch0 = cur_epoch0 or '0'
                    cur_epoch1 = cur_epoch1 or '0'
                    compare = compareEVR((cur_epoch0, cur_ver0, cur_rel0), (cur_epoch1, cur_ver1, cur_rel1))
                    if compare == 0 and cur_arch0 != cur_arch1:
                        for installed_pkg in installed_pkgs:
                            if installed_pkg.endswith(arch):
                                installed_pkgs = [installed_pkg]

                if len(installed_pkgs) == 1:
                    installed_pkg = installed_pkgs[0]
                    (cur_name, cur_ver, cur_rel, cur_epoch, cur_arch) = splitFilename(installed_pkg)
                    cur_epoch = cur_epoch or '0'
                    compare = compareEVR((cur_epoch, cur_ver, cur_rel), (epoch, ver, rel))

                    # compare > 0 -> higher version is installed
                    # compare == 0 -> exact version is installed
                    # compare < 0 -> lower version is installed
                    if compare > 0 and self.allow_downgrade:
                        downgrade_candidate = True
                    elif compare >= 0:
                        continue

                # else: if there are more installed packages with the same name, that would mean
                # kernel, gpg-pubkey or like, so just let yum deal with it and try to install it

                pkg = package

            # groups
            elif spec.startswith('@'):
                if self.is_group_env_installed(spec):
                    continue

                pkg = spec

            # range requires or file-requires or pkgname :(
            else:
                # most common case is the pkg is already installed and done
                # short circuit all the bs - and search for it as a pkg in is_installed
                # if you find it then we're done
                if not set(['*', '?']).intersection(set(spec)):
                    installed_pkgs = self.is_installed(repoq, spec, is_pkg=True)
                    if installed_pkgs:
                        res['results'].append('%s providing %s is already installed' % (installed_pkgs[0], spec))
                        continue

                # look up what pkgs provide this
                pkglist = self.what_provides(repoq, spec)
                if not pkglist:
                    res['msg'] += "No package matching '%s' found available, installed or updated" % spec
                    res['results'].append("No package matching '%s' found available, installed or updated" % spec)
                    res['rc'] = 126  # Ensure the task fails in with-loop
                    self.module.fail_json(**res)

                # if any of the packages are involved in a transaction, fail now
                # so that we don't hang on the yum operation later
                conflicts = self.transaction_exists(pkglist)
                if conflicts:
                    res['msg'] += "The following packages have pending transactions: %s" % ", ".join(conflicts)
                    res['rc'] = 125  # Ensure the task fails in with-loop
                    self.module.fail_json(**res)

                # if any of them are installed
                # then nothing to do

                found = False
                for this in pkglist:
                    if self.is_installed(repoq, this, is_pkg=True):
                        found = True
                        res['results'].append('%s providing %s is already installed' % (this, spec))
                        break

                # if the version of the pkg you have installed is not in ANY repo, but there are
                # other versions in the repos (both higher and lower) then the previous checks won't work.
                # so we check one more time. This really only works for pkgname - not for file provides or virt provides
                # but virt provides should be all caught in what_provides on its own.
                # highly irritating
                if not found:
                    if self.is_installed(repoq, spec):
                        found = True
                        res['results'].append('package providing %s is already installed' % (spec))

                if found:
                    continue

                # Downgrade - The yum install command will only install or upgrade to a spec version, it will
                # not install an older version of an RPM even if specified by the install spec. So we need to
                # determine if this is a downgrade, and then use the yum downgrade command to install the RPM.
                if self.allow_downgrade:
                    for package in pkglist:
                        # Get the NEVRA of the requested package using pkglist instead of spec because pkglist
                        #  contains consistently-formatted package names returned by yum, rather than user input
                        #  that is often not parsed correctly by splitFilename().
                        (name, ver, rel, epoch, arch) = splitFilename(package)

                        # Check if any version of the requested package is installed
                        inst_pkgs = self.is_installed(repoq, name, is_pkg=True)
                        if inst_pkgs:
                            (cur_name, cur_ver, cur_rel, cur_epoch, cur_arch) = splitFilename(inst_pkgs[0])
                            compare = compareEVR((cur_epoch, cur_ver, cur_rel), (epoch, ver, rel))
                            if compare > 0:
                                downgrade_candidate = True
                            else:
                                downgrade_candidate = False
                                break

                # If package needs to be installed/upgraded/downgraded, then pass in the spec
                # we could get here if nothing provides it but that's not
                # the error we're catching here
                pkg = spec

            if downgrade_candidate and self.allow_downgrade:
                downgrade_pkgs.append(pkg)
            else:
                pkgs.append(pkg)

        if downgrade_pkgs:
            res = self.exec_install(items, 'downgrade', downgrade_pkgs, res)

        if pkgs:
            res = self.exec_install(items, 'install', pkgs, res)

        return res

    def remove(self, items, repoq):

        pkgs = []
        res = {}
        res['results'] = []
        res['msg'] = ''
        res['changed'] = False
        res['rc'] = 0

        for pkg in items:
            if pkg.startswith('@'):
                installed = self.is_group_env_installed(pkg)
            else:
                installed = self.is_installed(repoq, pkg)

            if installed:
                pkgs.append(pkg)
            else:
                res['results'].append('%s is not installed' % pkg)

        if pkgs:
            if self.module.check_mode:
                self.module.exit_json(changed=True, results=res['results'], changes=dict(removed=pkgs))
            else:
                res['changes'] = dict(removed=pkgs)

            # run an actual yum transaction
            if self.autoremove:
                cmd = self.yum_basecmd + ["autoremove"] + pkgs
            else:
                cmd = self.yum_basecmd + ["remove"] + pkgs
            rc, out, err = self.module.run_command(cmd)

            res['rc'] = rc
            res['results'].append(out)
            res['msg'] = err

            if rc != 0:
                if self.autoremove and 'No such command' in out:
                    self.module.fail_json(msg='Version of YUM too old for autoremove: Requires yum 3.4.3 (RHEL/CentOS 7+)')
                else:
                    self.module.fail_json(**res)

            # compile the results into one batch. If anything is changed
            # then mark changed
            # at the end - if we've end up failed then fail out of the rest
            # of the process

            # at this point we check to see if the pkg is no longer present
            self._yum_base = None  # previous YumBase package index is now invalid
            for pkg in pkgs:
                if pkg.startswith('@'):
                    installed = self.is_group_env_installed(pkg)
                else:
                    installed = self.is_installed(repoq, pkg, is_pkg=True)

                if installed:
                    # Return a message so it's obvious to the user why yum failed
                    # and which package couldn't be removed. More details:
                    # https://github.com/ansible/ansible/issues/35672
                    res['msg'] = "Package '%s' couldn't be removed!" % pkg
                    self.module.fail_json(**res)

            res['changed'] = True

        return res

    def run_check_update(self):
        # run check-update to see if we have packages pending
        if self.releasever:
            rc, out, err = self.module.run_command(self.yum_basecmd + ['check-update'] + ['--releasever=%s' % self.releasever])
        else:
            rc, out, err = self.module.run_command(self.yum_basecmd + ['check-update'])
        return rc, out, err

    @staticmethod
    def parse_check_update(check_update_output):
        # preprocess string and filter out empty lines so the regex below works
        out = '\n'.join((l for l in check_update_output.splitlines() if l))

        # Remove incorrect new lines in longer columns in output from yum check-update
        # yum line wrapping can move the repo to the next line:
        #  some_looooooooooooooooooooooooooooooooooooong_package_name   1:1.2.3-1.el7
        #                                                                    some-repo-label
        out = re.sub(r'\n\W+(.*)', r' \1', out)

        updates = {}
        obsoletes = {}
        for line in out.split('\n'):
            line = line.split()
            """
            Ignore irrelevant lines:
              - '*' in line matches lines like mirror lists: "* base: mirror.corbina.net"
              - len(line) != 3 or 6 could be strings like:
                  "This system is not registered with an entitlement server..."
              - len(line) = 6 is package obsoletes
              - checking for '.' in line[0] (package name) likely ensures that it is of format:
                  "package_name.arch" (coreutils.x86_64)
            """
            if '*' in line or len(line) not in [3, 6] or '.' not in line[0]:
                continue

            pkg, version, repo = line[0], line[1], line[2]
            name, dist = pkg.rsplit('.', 1)

            if name not in updates:
                updates[name] = []

            updates[name].append({'version': version, 'dist': dist, 'repo': repo})

            if len(line) == 6:
                obsolete_pkg, obsolete_version, obsolete_repo = line[3], line[4], line[5]
                obsolete_name, obsolete_dist = obsolete_pkg.rsplit('.', 1)

                if obsolete_name not in obsoletes:
                    obsoletes[obsolete_name] = []

                obsoletes[obsolete_name].append({'version': obsolete_version, 'dist': obsolete_dist, 'repo': obsolete_repo})

        return updates, obsoletes

    def latest(self, items, repoq):

        res = {}
        res['results'] = []
        res['msg'] = ''
        res['changed'] = False
        res['rc'] = 0
        pkgs = {}
        pkgs['update'] = []
        pkgs['install'] = []
        updates = {}
        obsoletes = {}
        update_all = False
        cmd = self.yum_basecmd[:]

        # determine if we're doing an update all
        if '*' in items:
            update_all = True

        rc, out, err = self.run_check_update()

        if rc == 0 and update_all:
            res['results'].append('Nothing to do here, all packages are up to date')
            return res
        elif rc == 100:
            updates, obsoletes = self.parse_check_update(out)
        elif rc == 1:
            res['msg'] = err
            res['rc'] = rc
            self.module.fail_json(**res)

        if update_all:
            cmd.append('update')
            will_update = set(updates.keys())
            will_update_from_other_package = dict()
        else:
            will_update = set()
            will_update_from_other_package = dict()
            for spec in items:
                # some guess work involved with groups. update @<group> will install the group if missing
                if spec.startswith('@'):
                    pkgs['update'].append(spec)
                    will_update.add(spec)
                    continue

                # check if pkgspec is installed (if possible for idempotence)
                # localpkg
                if spec.endswith('.rpm') and '://' not in spec:
                    if not os.path.exists(spec):
                        res['msg'] += "No RPM file matching '%s' found on system" % spec
                        res['results'].append("No RPM file matching '%s' found on system" % spec)
                        res['rc'] = 127  # Ensure the task fails in with-loop
                        self.module.fail_json(**res)

                    # get the pkg e:name-v-r.arch
                    envra = self.local_envra(spec)

                    if envra is None:
                        self.module.fail_json(msg="Failed to get envra information from RPM package: %s" % spec)

                    # local rpm files can't be updated
                    if self.is_installed(repoq, envra):
                        pkgs['update'].append(spec)
                    else:
                        pkgs['install'].append(spec)
                    continue

                # URL
                if '://' in spec:
                    # download package so that we can check if it's already installed
                    with self.set_env_proxy():
                        package = fetch_file(self.module, spec)
                    envra = self.local_envra(package)

                    if envra is None:
                        self.module.fail_json(msg="Failed to get envra information from RPM package: %s" % spec)

                    # local rpm files can't be updated
                    if self.is_installed(repoq, envra):
                        pkgs['update'].append(spec)
                    else:
                        pkgs['install'].append(spec)
                    continue

                # dep/pkgname  - find it
                if self.is_installed(repoq, spec):
                    pkgs['update'].append(spec)
                else:
                    pkgs['install'].append(spec)
                pkglist = self.what_provides(repoq, spec)
                # FIXME..? may not be desirable to throw an exception here if a single package is missing
                if not pkglist:
                    res['msg'] += "No package matching '%s' found available, installed or updated" % spec
                    res['results'].append("No package matching '%s' found available, installed or updated" % spec)
                    res['rc'] = 126  # Ensure the task fails in with-loop
                    self.module.fail_json(**res)

                nothing_to_do = True
                for pkg in pkglist:
                    if spec in pkgs['install'] and self.is_available(repoq, pkg):
                        nothing_to_do = False
                        break

                    # this contains the full NVR and spec could contain wildcards
                    # or virtual provides (like "python-*" or "smtp-daemon") while
                    # updates contains name only.
                    pkgname, _, _, _, _ = splitFilename(pkg)
                    if spec in pkgs['update'] and pkgname in updates:
                        nothing_to_do = False
                        will_update.add(spec)
                        # Massage the updates list
                        if spec != pkgname:
                            # For reporting what packages would be updated more
                            # succinctly
                            will_update_from_other_package[spec] = pkgname
                        break

                if not self.is_installed(repoq, spec) and self.update_only:
                    res['results'].append("Packages providing %s not installed due to update_only specified" % spec)
                    continue
                if nothing_to_do:
                    res['results'].append("All packages providing %s are up to date" % spec)
                    continue

                # if any of the packages are involved in a transaction, fail now
                # so that we don't hang on the yum operation later
                conflicts = self.transaction_exists(pkglist)
                if conflicts:
                    res['msg'] += "The following packages have pending transactions: %s" % ", ".join(conflicts)
                    res['results'].append("The following packages have pending transactions: %s" % ", ".join(conflicts))
                    res['rc'] = 128  # Ensure the task fails in with-loop
                    self.module.fail_json(**res)

        # check_mode output
        to_update = []
        for w in will_update:
            if w.startswith('@'):
                # yum groups
                to_update.append((w, None))
            elif w not in updates:
                # There are (at least, probably more) 2 ways we can get here:
                #
                # * A virtual provides (our user specifies "webserver", but
                #   "httpd" is the key in 'updates').
                #
                # * A wildcard. emac* will get us here if there's a package
                #   called 'emacs' in the pending updates list. 'updates' will
                #   of course key on 'emacs' in that case.

                other_pkg = will_update_from_other_package[w]

                # We are guaranteed that: other_pkg in updates
                # ...based on the logic above. But we only want to show one
                # update in this case (given the wording of "at least") below.
                # As an example, consider a package installed twice:
                # foobar.x86_64, foobar.i686
                # We want to avoid having both:
                #   ('foo*', 'because of (at least) foobar-1.x86_64 from repo')
                #   ('foo*', 'because of (at least) foobar-1.i686 from repo')
                # We just pick the first one.
                #
                # TODO: This is something that might be nice to change, but it
                #       would be a module UI change. But without it, we're
                #       dropping potentially important information about what
                #       was updated. Instead of (given_spec, random_matching_package)
                #       it'd be nice if we appended (given_spec, [all_matching_packages])
                #
                #       ... But then, we also drop information if multiple
                #       different (distinct) packages match the given spec and
                #       we should probably fix that too.
                pkg = updates[other_pkg][0]
                to_update.append(
                    (
                        w,
                        'because of (at least) %s-%s.%s from %s' % (
                            other_pkg,
                            pkg['version'],
                            pkg['dist'],
                            pkg['repo']
                        )
                    )
                )
            else:
                # Otherwise the spec is an exact match
                for pkg in updates[w]:
                    to_update.append(
                        (
                            w,
                            '%s.%s from %s' % (
                                pkg['version'],
                                pkg['dist'],
                                pkg['repo']
                            )
                        )
                    )

        if self.update_only:
            res['changes'] = dict(installed=[], updated=to_update)
        else:
            res['changes'] = dict(installed=pkgs['install'], updated=to_update)

        if obsoletes:
            res['obsoletes'] = obsoletes

        # return results before we actually execute stuff
        if self.module.check_mode:
            if will_update or pkgs['install']:
                res['changed'] = True
            return res

        if self.releasever:
            cmd.extend(['--releasever=%s' % self.releasever])

        # run commands
        if update_all:
            rc, out, err = self.module.run_command(cmd)
            res['changed'] = True
        elif self.update_only:
            if pkgs['update']:
                cmd += ['update'] + pkgs['update']
                locale = get_best_parsable_locale(self.module)
                lang_env = dict(LANG=locale, LC_ALL=locale, LC_MESSAGES=locale)
                rc, out, err = self.module.run_command(cmd, environ_update=lang_env)
                out_lower = out.strip().lower()
                if not out_lower.endswith("no packages marked for update") and \
                        not out_lower.endswith("nothing to do"):
                    res['changed'] = True
            else:
                rc, out, err = [0, '', '']
        elif pkgs['install'] or will_update and not self.update_only:
            cmd += ['install'] + pkgs['install'] + pkgs['update']
            locale = get_best_parsable_locale(self.module)
            lang_env = dict(LANG=locale, LC_ALL=locale, LC_MESSAGES=locale)
            rc, out, err = self.module.run_command(cmd, environ_update=lang_env)
            out_lower = out.strip().lower()
            if not out_lower.endswith("no packages marked for update") and \
                    not out_lower.endswith("nothing to do"):
                res['changed'] = True
        else:
            rc, out, err = [0, '', '']

        res['rc'] = rc
        res['msg'] += err
        res['results'].append(out)

        if rc:
            res['failed'] = True

        return res

    def ensure(self, repoq):
        pkgs = self.names

        # autoremove was provided without `name`
        if not self.names and self.autoremove:
            pkgs = []
            self.state = 'absent'

        if self.conf_file and os.path.exists(self.conf_file):
            self.yum_basecmd += ['-c', self.conf_file]

            if repoq:
                repoq += ['-c', self.conf_file]

        if self.skip_broken:
            self.yum_basecmd.extend(['--skip-broken'])

        if self.disablerepo:
            self.yum_basecmd.extend(['--disablerepo=%s' % ','.join(self.disablerepo)])

        if self.enablerepo:
            self.yum_basecmd.extend(['--enablerepo=%s' % ','.join(self.enablerepo)])

        if self.enable_plugin:
            self.yum_basecmd.extend(['--enableplugin', ','.join(self.enable_plugin)])

        if self.disable_plugin:
            self.yum_basecmd.extend(['--disableplugin', ','.join(self.disable_plugin)])

        if self.exclude:
            e_cmd = ['--exclude=%s' % ','.join(self.exclude)]
            self.yum_basecmd.extend(e_cmd)

        if self.disable_excludes:
            self.yum_basecmd.extend(['--disableexcludes=%s' % self.disable_excludes])

        if self.cacheonly:
            self.yum_basecmd.extend(['--cacheonly'])

        if self.download_only:
            self.yum_basecmd.extend(['--downloadonly'])

            if self.download_dir:
                self.yum_basecmd.extend(['--downloaddir=%s' % self.download_dir])

        if self.releasever:
            self.yum_basecmd.extend(['--releasever=%s' % self.releasever])

        if self.installroot != '/':
            # do not setup installroot by default, because of error
            # CRITICAL:yum.cli:Config Error: Error accessing file for config file:////etc/yum.conf
            # in old yum version (like in CentOS 6.6)
            e_cmd = ['--installroot=%s' % self.installroot]
            self.yum_basecmd.extend(e_cmd)

        if self.state in ('installed', 'present', 'latest'):
            """ The need of this entire if conditional has to be changed
                this function is the ensure function that is called
                in the main section.

                This conditional tends to disable/enable repo for
                install present latest action, same actually
                can be done for remove and absent action

                As solution I would advice to cal
                try: self.yum_base.repos.disableRepo(disablerepo)
                and
                try: self.yum_base.repos.enableRepo(enablerepo)
                right before any yum_cmd is actually called regardless
                of yum action.

                Please note that enable/disablerepo options are general
                options, this means that we can call those with any action
                option.  https://linux.die.net/man/8/yum

                This docstring will be removed together when issue: #21619
                will be solved.

                This has been triggered by: #19587
            """

            if self.update_cache:
                self.module.run_command(self.yum_basecmd + ['clean', 'expire-cache'])

            try:
                current_repos = self.yum_base.repos.repos.keys()
                if self.enablerepo:
                    try:
                        new_repos = self.yum_base.repos.repos.keys()
                        for i in new_repos:
                            if i not in current_repos:
                                rid = self.yum_base.repos.getRepo(i)
                                a = rid.repoXML.repoid  # nopep8 - https://github.com/ansible/ansible/pull/21475#pullrequestreview-22404868
                        current_repos = new_repos
                    except yum.Errors.YumBaseError as e:
                        self.module.fail_json(msg="Error setting/accessing repos: %s" % to_native(e))
            except yum.Errors.YumBaseError as e:
                self.module.fail_json(msg="Error accessing repos: %s" % to_native(e))
        if self.state == 'latest' or self.update_only:
            if self.disable_gpg_check:
                self.yum_basecmd.append('--nogpgcheck')
            if self.security:
                self.yum_basecmd.append('--security')
            if self.bugfix:
                self.yum_basecmd.append('--bugfix')
            res = self.latest(pkgs, repoq)
        elif self.state in ('installed', 'present'):
            if self.disable_gpg_check:
                self.yum_basecmd.append('--nogpgcheck')
            res = self.install(pkgs, repoq)
        elif self.state in ('removed', 'absent'):
            res = self.remove(pkgs, repoq)
        else:
            # should be caught by AnsibleModule argument_spec
            self.module.fail_json(
                msg="we should never get here unless this all failed",
                changed=False,
                results='',
                errors='unexpected state'
            )
        return res

    @staticmethod
    def has_yum():
        return HAS_YUM_PYTHON

    def run(self):
        """
        actually execute the module code backend
        """

        if (not HAS_RPM_PYTHON or not HAS_YUM_PYTHON) and sys.executable != '/usr/bin/python' and not has_respawned():
            respawn_module('/usr/bin/python')
            # end of the line for this process; we'll exit here once the respawned module has completed

        error_msgs = []
        if not HAS_RPM_PYTHON:
            error_msgs.append('The Python 2 bindings for rpm are needed for this module. If you require Python 3 support use the `dnf` Ansible module instead.')
        if not HAS_YUM_PYTHON:
            error_msgs.append('The Python 2 yum module is needed for this module. If you require Python 3 support use the `dnf` Ansible module instead.')

        self.wait_for_lock()

        if error_msgs:
            self.module.fail_json(msg='. '.join(error_msgs))

        # fedora will redirect yum to dnf, which has incompatibilities
        # with how this module expects yum to operate. If yum-deprecated
        # is available, use that instead to emulate the old behaviors.
        if self.module.get_bin_path('yum-deprecated'):
            yumbin = self.module.get_bin_path('yum-deprecated')
        else:
            yumbin = self.module.get_bin_path('yum')

        # need debug level 2 to get 'Nothing to do' for groupinstall.
        self.yum_basecmd = [yumbin, '-d', '2', '-y']

        if self.update_cache and not self.names and not self.list:
            rc, stdout, stderr = self.module.run_command(self.yum_basecmd + ['clean', 'expire-cache'])
            if rc == 0:
                self.module.exit_json(
                    changed=False,
                    msg="Cache updated",
                    rc=rc,
                    results=[]
                )
            else:
                self.module.exit_json(
                    changed=False,
                    msg="Failed to update cache",
                    rc=rc,
                    results=[stderr],
                )

        repoquerybin = self.module.get_bin_path('repoquery', required=False)

        if self.install_repoquery and not repoquerybin and not self.module.check_mode:
            yum_path = self.module.get_bin_path('yum')
            if yum_path:
                if self.releasever:
                    self.module.run_command('%s -y install yum-utils --releasever %s' % (yum_path, self.releasever))
                else:
                    self.module.run_command('%s -y install yum-utils' % yum_path)
            repoquerybin = self.module.get_bin_path('repoquery', required=False)

        if self.list:
            if not repoquerybin:
                self.module.fail_json(msg="repoquery is required to use list= with this module. Please install the yum-utils package.")
            results = {'results': self.list_stuff(repoquerybin, self.list)}
        else:
            # If rhn-plugin is installed and no rhn-certificate is available on
            # the system then users will see an error message using the yum API.
            # Use repoquery in those cases.

            repoquery = None
            try:
                yum_plugins = self.yum_base.plugins._plugins
            except AttributeError:
                pass
            else:
                if 'rhnplugin' in yum_plugins:
                    if repoquerybin:
                        repoquery = [repoquerybin, '--show-duplicates', '--plugins', '--quiet']
                        if self.installroot != '/':
                            repoquery.extend(['--installroot', self.installroot])

                        if self.disable_excludes:
                            # repoquery does not support --disableexcludes,
                            # so make a temp copy of yum.conf and get rid of the 'exclude=' line there
                            try:
                                with open('/etc/yum.conf', 'r') as f:
                                    content = f.readlines()

                                tmp_conf_file = tempfile.NamedTemporaryFile(dir=self.module.tmpdir, delete=False)
                                self.module.add_cleanup_file(tmp_conf_file.name)

                                tmp_conf_file.writelines([c for c in content if not c.startswith("exclude=")])
                                tmp_conf_file.close()
                            except Exception as e:
                                self.module.fail_json(msg="Failure setting up repoquery: %s" % to_native(e))

                            repoquery.extend(['-c', tmp_conf_file.name])

            results = self.ensure(repoquery)
            if repoquery:
                results['msg'] = '%s %s' % (
                    results.get('msg', ''),
                    'Warning: Due to potential bad behaviour with rhnplugin and certificates, used slower repoquery calls instead of Yum API.'
                )

        self.module.exit_json(**results)


def main():
    # state=installed name=pkgspec
    # state=removed name=pkgspec
    # state=latest name=pkgspec
    #
    # informational commands:
    #   list=installed
    #   list=updates
    #   list=available
    #   list=repos
    #   list=pkgspec

    yumdnf_argument_spec['argument_spec']['use_backend'] = dict(default='auto', choices=['auto', 'yum', 'yum4', 'dnf'])

    module = AnsibleModule(
        **yumdnf_argument_spec
    )

    module_implementation = YumModule(module)
    module_implementation.run()


if __name__ == '__main__':
    main()

Anon7 - 2022
AnonSec Team