dnf¶

Collection Note

This module is part of the ansible.builtin collection. To install the collection, use:

ansible-galaxy collection install ansible.builtin

Added in version 1.9.

You need further requirements to be able to use this module, see the Requirements section for details.

Synopsis¶

Installs, upgrade, removes, and lists packages and groups with the I(dnf) package manager.

Requirements¶

The following Python packages are needed on the host that executes this module:

python3-dnf

Parameters¶

Parameter	Defaults / Choices	Comments
allow_downgrade bool	Default: no	Specify if the named package and version is allowed to downgrade a maybe already installed higher version of that package. Note that setting O(allow_downgrade=true) can make this module behave in a non-idempotent way. The task could end up with a set of packages that does not match the complete list of specified packages to install (because dependencies between the downgraded package and others can cause changes to the packages which were in the earlier transaction). Version Added: 2.7
allowerasing bool	Default: no	If V(true) it allows erasing of installed packages to resolve dependencies. Version Added: 2.10
autoremove bool	Default: no	If V(true), removes all "leaf" packages from the system that were originally installed as dependencies of user-installed packages but which are no longer required by any such package. Should be used alone or when O(state=absent). Version Added: 2.4
best bool		When set to V(true), either use a package with the highest version available or fail. When set to V(false), if the latest version cannot be installed go with the lower version. Default is set by the operating system distribution. Version Added: 2.17
bugfix bool	Default: no	If set to V(true), and O(state=latest) then only installs updates that have been marked bugfix related. Note that, similar to C(dnf upgrade-minimal), this filter applies to dependencies as well. Version Added: 2.7
cacheonly bool	Default: no	Tells dnf to run entirely from system cache; does not download or update metadata. Version Added: 2.12
conf_file str		The remote dnf configuration file to use for the transaction.
disable_excludes str		Disable the excludes defined in DNF config files. If set to V(all), disables all excludes. If set to V(main), disable excludes defined in C([main]) in C(dnf.conf). If set to V(repoid), disable excludes defined for given repo id. Version Added: 2.7
disable_gpg_check bool	Default: no	Whether to disable the GPG checking of signatures of packages being installed. Has an effect only if O(state=present) or O(state=latest). This setting affects packages installed from a repository as well as "local" packages installed from the filesystem or a URL.
disable_plugin list / elements=str		C(Plugin) name to disable for the install/update operation. The disabled plugins will not persist beyond the transaction. Version Added: 2.7
disablerepo list / elements=str		C(Repoid) of repositories to disable for the install/update operation. These repos will not persist beyond the transaction. When specifying multiple repos, separate them with a C(,).
download_dir str		Specifies an alternate directory to store packages. Has an effect only if O(download_only) is specified. Version Added: 2.8
download_only bool	Default: no	Only download the packages, do not install them. Version Added: 2.7
enable_plugin list / elements=str		C(Plugin) name to enable for the install/update operation. The enabled plugin will not persist beyond the transaction. Version Added: 2.7
enablerepo list / elements=str		C(Repoid) of repositories to enable for the install/update operation. These repos will not persist beyond the transaction. When specifying multiple repos, separate them with a ",".
exclude list / elements=str		Package name(s) to exclude when O(state=present), or latest. This can be a list or a comma separated string. Version Added: 2.7
install_repoquery bool	Default: yes	This is effectively a no-op in DNF as it is not needed with DNF. This option is deprecated and will be removed in ansible-core 2.20. Version Added: 2.7
install_weak_deps bool	Default: yes	Will also install all packages linked by a weak dependency relation. Version Added: 2.8
installroot str	Default: /	Specifies an alternative installroot, relative to which all packages will be installed. Version Added: 2.3
list str		Various (non-idempotent) commands for usage with C(/usr/bin/ansible) and I(not) playbooks. Use M(ansible.builtin.package_facts) instead of the O(list) argument as a best practice.
lock_timeout int	Default: 30	Amount of time to wait for the dnf lockfile to be freed. Version Added: 2.8
name list / elements=str		A package name or package specifier with version, like C(name-1.0). When using state=latest, this can be '*' which means run: dnf -y update. You can also pass a url or a local path to an rpm file. To operate on several packages this can accept a comma separated string of packages or a list of packages. Comparison operators for package version are valid here C(>), C(<), C(>=), C(<=). Example - C(name >= 1.0). Spaces around the operator are required. You can also pass an absolute path for a binary which is provided by the package to install. See examples for more information.
nobest bool		This is the opposite of the O(best) option kept for backwards compatibility. Since ansible-core 2.17 the default value is set by the operating system distribution. Version Added: 2.11
releasever str		Specifies an alternative release from which all packages will be installed. Version Added: 2.6
security bool	Default: no	If set to V(true), and O(state=latest) then only installs updates that have been marked security related. Note that, similar to C(dnf upgrade-minimal), this filter applies to dependencies as well. Version Added: 2.7
skip_broken bool	Default: no	Skip all unavailable packages or packages with broken dependencies without raising an error. Equivalent to passing the C(--skip-broken) option. Version Added: 2.7
sslverify bool	Default: yes	Disables SSL validation of the repository server for this transaction. This should be set to V(false) if one of the configured repositories is using an untrusted or self-signed certificate. Version Added: 2.13
state str	Choices: absent, present, installed, removed, latest	Whether to install (V(present), V(latest)), or remove (V(absent)) a package. Default is V(None), however in effect the default action is V(present) unless the O(autoremove=true), then V(absent) is inferred.
update_cache bool	Default: no	Force dnf to check if cache is out of date and redownload if needed. Has an effect only if O(state=present) or O(state=latest). Version Added: 2.7
update_only bool	Default: no	When using latest, only update installed packages. Do not install packages. Has an effect only if O(state=present) or O(state=latest). Version Added: 2.7
use_backend str	Default: auto Choices: auto, dnf, dnf4, dnf5, yum, yum4	Backend module to use. Version Added: 2.15
validate_certs bool	Default: yes	This only applies if using a https url as the source of the rpm. For example, for localinstall. If set to V(false), the SSL certificates will not be validated. This should only set to V(false) used on personally controlled sites using self-signed certificates as it avoids verifying the source site. Version Added: 2.7

Notes¶

Note

When used with a C(loop:) each package will be processed individually, it is much more efficient to pass the list directly to the O(name) option.
Group removal doesn't work if the group was installed with Ansible because upstream dnf's API doesn't properly mark groups as installed, therefore upon removal the module is unable to detect that the group is installed U(https://bugzilla.redhat.com/show_bug.cgi?id=1620324).
While O(use_backend=yum) and the ability to call the action plugin as M(ansible.builtin.yum) are provided for syntax compatibility, the YUM backend was removed in ansible-core 2.17 because the required libraries are not available for any supported version of Python. If you rely on this functionality, use an older version of Ansible.

Examples¶

- name: Install the latest version of Apache
  ansible.builtin.dnf:
    name: httpd
    state: latest

- name: Install Apache >= 2.4
  ansible.builtin.dnf:
    name: httpd >= 2.4
    state: present

- name: Install the latest version of Apache and MariaDB
  ansible.builtin.dnf:
    name:
      - httpd
      - mariadb-server
    state: latest

- name: Remove the Apache package
  ansible.builtin.dnf:
    name: httpd
    state: absent

- name: Install the latest version of Apache from the testing repo
  ansible.builtin.dnf:
    name: httpd
    enablerepo: testing
    state: present

- name: Upgrade all packages
  ansible.builtin.dnf:
    name: "*"
    state: latest

- name: Update the webserver, depending on which is installed on the system. Do not install the other one
  ansible.builtin.dnf:
    name:
      - httpd
      - nginx
    state: latest
    update_only: yes

- name: Install the nginx rpm from a remote repo
  ansible.builtin.dnf:
    name: 'http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm'
    state: present

- name: Install nginx rpm from a local file
  ansible.builtin.dnf:
    name: /usr/local/src/nginx-release-centos-6-0.el6.ngx.noarch.rpm
    state: present

- name: Install Package based upon the file it provides
  ansible.builtin.dnf:
    name: /usr/bin/cowsay
    state: present

- name: Install the 'Development tools' package group
  ansible.builtin.dnf:
    name: '@Development tools'
    state: present

- name: Autoremove unneeded packages installed as dependencies
  ansible.builtin.dnf:
    autoremove: yes

- name: Uninstall httpd but keep its dependencies
  ansible.builtin.dnf:
    name: httpd
    state: absent
    autoremove: no

- name: Install a modularity appstream with defined stream and profile
  ansible.builtin.dnf:
    name: '@postgresql:9.6/client'
    state: present

- name: Install a modularity appstream with defined stream
  ansible.builtin.dnf:
    name: '@postgresql:9.6'
    state: present

- name: Install a modularity appstream with defined profile
  ansible.builtin.dnf:
    name: '@postgresql/client'
    state: present

Authors¶

Igor Gnatenko (@ignatenkobrain) I.gnatenko.brain@gmail.com
Cristian Van Ee (@djmuggs)
Berend De Schouwer (@berenddeschouwer)
Adam Miller (@maxamillion) Admiller@redhat.com