Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docs: Add MD for package-latest rule #2559

Merged
merged 3 commits into from
Oct 6, 2022
Merged

Docs: Add MD for package-latest rule #2559

Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
3694b89
Docs: Add MD for package-latest rule
oraNod Oct 5, 2022
62f8233
chore: auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Oct 5, 2022
a96608f
Avoided discouraged syntax
ssbarnea Oct 6, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
65 changes: 65 additions & 0 deletions src/ansiblelint/rules/package_latest.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
# package-latest

This rule checks that package managers install software in a controlled, safe manner.

Package manager modules, such as `ansible.builtin.yum`, include a `state` parameter that configures how Ansible installs software.
In production environments, you should set `state` to `present` and specify a target version to ensure that packages are installed to a planned and tested version.

Setting `state` to `latest` not only installs software, it performs an update and installs additional packages.
This can result in performance degradation or loss of service.
If you do want to update packages to the latest version, you should also set the `update_only` parameter to `true` to avoid installing additional packages.

## Problematic Code

```yaml
---
- name: Example playbook
hosts: localhost
tasks:
- name: Install Ansible
ansible.builtin.yum: name=ansible state=latest # <- Installs the latest package.

- name: Install Ansible-lint
ansible.builtin.pip: name=ansible-lint
args:
state: latest # <- Installs the latest package.

- name: Install some-package
ansible.builtin.package:
name: some-package
state: latest # <- Installs the latest package.

- name: Install Ansible with update_only to false
ansible.builtin.yum:
name: sudo
state: latest
update_only: false # <- Updates and installs packages.
```

## Correct Code

```yaml
---
- name: Example playbook
hosts: localhost
tasks:
- name: Install Ansible
ansible.builtin.yum: name=ansible-2.12.7.0 state=present # <- Pins the version to install with yum.

- name: Install Ansible-lint
ansible.builtin.pip: name=ansible-lint
args:
state: present
version: 5.4.0 # <- Pins the version to install with pip.

- name: Install some-package
ansible.builtin.package:
name: some-package
state: present # <- Ensures the package is installed.

- name: Update Ansible with update_only to true
ansible.builtin.yum:
name: sudo
state: latest
update_only: true # <- Updates but does not install additional packages.
```