cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Maxxranger
Mission Specialist
Mission Specialist
2 weeks ago
  • 843 Views

Package installs should not use latest.

Dear all,

I get this advise by use the very nice lint feature of ansible-navigator

I already consulted the docs about ansible.builtin.dnf

Wat kind of data need to be used add the key/value "state:"

CLI:

[student@workstation playbook-review]$ ansible-navigator lint internet.yml -m stdout
package-latest: Package installs should not use latest.
internet.yml:6 Task/Handler: Install Software

 
Snippet:

  tasks:
    - name: Install Software
      ansible.builtin.dnf:
        name:
          - firewalld
          - httpd
          - mariadb-server
          - php
          - php-mysqlnd
        state: latest



Best regards,
Bert

Labels (3)
Labels
Join the discussion
11 Replies
Chetan_Tiwary_
Community Manager
Community Manager
2 weeks ago
  • 404 Views

@Maxxranger I think  --syntax-check will perform syntax validation without executing any tasks and in the output you will get errors or success based on the validity of the syntax   whereas 

--check is what is called as Dry RUn which means it will pretend to execute those tasks but will not make any changes and in the output you will see things like changed , ok or skipped based on assumtptions if the playbook was actually run. 

 

https://ansible.readthedocs.io/projects/navigator/faq/#how-do-i-use-ansible-playbook-parameters-like... 

https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_checkmode.html 

0 Kudos
Travis
Moderator
Moderator
2 weeks ago
  • 339 Views

@Chetan_Tiwary_ - you're 100% right, --syntax-check does nothing. The --check will as you stated do a Dry Run. What I am cautioning though is that even with modules that support Dry Run, this could be turned off in the configuration file, an environment variable, or at the playbook/task level, so it is always a good idea to check. Also, I know the yum and dnf modules support the dry run, but if there are other modules in the playbook that aren't supporting dry run or you have command, shell, raw modules in use, those aren't even idempotent, so you need to take special care.

Since you are using ansible-navigator command, I highly encourage doing a Lint on the playbook as that is much better than --syntax-check which only tells you that the YAML appears to be properly formatted and doesn't even let you know if the playbook will run.

Travis Michette, RHCA XIII
https://rhtapps.redhat.com/verify?certId=111-134-086
SENIOR TECHNICAL INSTRUCTOR / CERTIFIED INSTRUCTOR AND EXAMINER
Red Hat Certification + Training
0 Kudos
Join the discussion
You must log in to join this conversation.
Red Hat Learning Community

Red Hat

Learning Community

A collaborative learning environment, enabling open source skill development.

Red Hat Inc. Copyright @ 2025 Red Hat Privacy statement Terms of service Community Guidelines