0

On several of my RHEL 9 machines managed by Ansible, the java-1.8.0-openjdk package is versionlocked:

 - name: java-1.8.0-openjdk-1:1.8.0.402.b06-2.el9 state: present

However, Ansible tries to update it anyway, and this causes the Ansible Tower job to fail.

Below are the corresponding commands when run via Bash shell.

[myhost root ~]# dnf versionlock Updating Subscription Management repositories. rhel9flexnet 105 kB/s | 2.0 kB 00:00 rhel9checkmkagent 113 kB/s | 2.0 kB 00:00 rhel9elk8 97 kB/s | 1.7 kB 00:00 rhel9epel 127 kB/s | 2.3 kB 00:00 java-1.8.0-openjdk-1:1.8.0.402.b06-2.el9.* [myhost root ~]# dnf update Updating Subscription Management repositories. rhel9flexnet 112 kB/s | 2.0 kB 00:00 rhel9checkmkagent 122 kB/s | 2.0 kB 00:00 rhel9elk8 108 kB/s | 1.7 kB 00:00 rhel9epel 133 kB/s | 2.3 kB 00:00 Error: Problem: package java-1.8.0-openjdk-1:1.8.0.402.b06-2.el9.x86_64 from @System requires java-1.8.0-openjdk-headless(x86-64) = 1:1.8.0.402.b06-2.el9, but none of the providers can be installed - cannot install both java-1.8.0-openjdk-headless-1:1.8.0.442.b06-2.el9.x86_64 from rhel-9-for-x86_64-appstream-rpms and java-1.8.0-openjdk-headless-1:1.8.0.402.b06-2.el9.x86_64 from @System - cannot install both java-1.8.0-openjdk-headless-1:1.8.0.442.b06-2.el9.x86_64 from rhel-9-for-x86_64-appstream-rpms and java-1.8.0-openjdk-headless-1:1.8.0.402.b06-2.el9.x86_64 from rhel-9-for-x86_64-appstream-rpms - cannot install the best update candidate for package java-1.8.0-openjdk-headless-1:1.8.0.402.b06-2.el9.x86_64 - cannot install the best update candidate for package java-1.8.0-openjdk-1:1.8.0.402.b06-2.el9.x86_64 (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages) [myhost root ~]# dnf list installed java-1.8.0-* Updating Subscription Management repositories. Installed Packages java-1.8.0-openjdk.x86_64 1:1.8.0.402.b06-2.el9 @rhel-9-for-x86_64-appstream-rpms java-1.8.0-openjdk-headless.x86_64 1:1.8.0.402.b06-2.el9 @rhel-9-for-x86_64-appstream-rpms [myhost root ~]# dnf list available java-1.8.0-* Updating Subscription Management repositories. rhel9flexnet 111 kB/s | 2.0 kB 00:00 rhel9checkmkagent 122 kB/s | 2.0 kB 00:00 rhel9elk8 99 kB/s | 1.7 kB 00:00 rhel9epel 130 kB/s | 2.3 kB 00:00 Available Packages java-1.8.0-openjdk.x86_64 1:1.8.0.442.b06-2.el9 rhel-9-for-x86_64-appstream-rpms java-1.8.0-openjdk-demo.x86_64 1:1.8.0.442.b06-2.el9 rhel-9-for-x86_64-appstream-rpms java-1.8.0-openjdk-devel.x86_64 1:1.8.0.442.b06-2.el9 rhel-9-for-x86_64-appstream-rpms java-1.8.0-openjdk-headless.x86_64 1:1.8.0.442.b06-2.el9 rhel-9-for-x86_64-appstream-rpms java-1.8.0-openjdk-javadoc.noarch 1:1.8.0.442.b06-2.el9 rhel-9-for-x86_64-appstream-rpms java-1.8.0-openjdk-javadoc-zip.noarch 1:1.8.0.442.b06-2.el9 rhel-9-for-x86_64-appstream-rpms java-1.8.0-openjdk-src.x86_64 1:1.8.0.442.b06-2.el9 rhel-9-for-x86_64-appstream-rpms

On a shell I would just run

dnf update --exclude=java-1.8.0-*

to bypass the problem and get a successful update. However, this needs to be done via Ansible playbooks.

I am interested to know how would one do that via Ansible (workaround), and especially why dnf tries to update versionlocked packages (main issue).

EDIT 1

I've modified our update playbook:

- name: Update packages yum: name: "{{ packages_name }}" state: latest exclude: "{{ (packages_donotupdate | default([])) | join(',') }}"

so to exclude from the update the packages listed in the variable "packages_donotupdate" (if defined), but it does not work -- it does not update any package on the server. (Note: we use the "yum" Ansible module for backward compatibility reasons.)

Improve this question

2 Answers 2

Reset to default
3

You have versionlocked java-1.8.0-openjdk-1:1.8.0.402.b06-2.el9.

But it depends on java-1.8.0-openjdk-headless-1:1.8.0.402.b06-2.el9, which is not versionlocked, and so dnf is trying to update that package to java-1.8.0-openjdk-headless-1:1.8.0.442.b06-2.el9, as the versionlock by itself says nothing about that. But then dnf runs into the dependency that requires java-1.8.0-openjdk-headless to be the exact same version as the installed java-1.8.0-openjdk, and so it displays the error message.

If you want dnf to skip these without errors using a versionlock, you should versionlock both packages, just like you're doing with dnf exclude "java-1.8.0-*"

Improve this answer
2

Without having tested this on a local container: the skip_broken option to the ansible dnf module should allow you to skip such updates.

The problem I see with that (but that's more of a general dnf thing) is that you will get "OK" update result even if things that you wanted to update can't be updated.

You might try to do the same as with your --exclude by using the exclude:

- name: Upgrade all packages (but Java 1.8.0) ansible.builtin.dnf: name: "*" exclude: "java-1.8.0-*" state: latest

or such

Improve this answer
3
  • I just tested, and unfortunately the --skip-broken option of dnf doesn't solve the problem in this case. Commented May 14 at 9:36
  • hence my exclude solution? Commented May 14 at 9:49
  • Yes, I've tried that, thanks. See my question edit. Commented May 14 at 14:17

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.