[zypper] transactional-update task are successfull despite the command failing

[RobinR1]

Summary

When I try to install (a) package(s) using the zypper module on SLE Micro, transactional-update is used but even if the command fails, the task is marked OK and the play continues as if everything is alright.

It seems that transactional-update returns a 0 as returncode and Ansible then assumes everything is ok. Actual error messages of transactional-update are ignored.

Issue Type

Bug Report

Component Name

zypper

Ansible Version

$ ansible --version
ansible [core 2.15.12]
  config file = None
  configured module search path = ['/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.9/site-packages/ansible
  ansible collection location = /runner/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.9.18 (main, Jan 24 2024, 00:00:00) [GCC 11.4.1 20231218 (Red Hat 11.4.1-3)] (/usr/bin/python3)
  jinja version = 3.1.4
  libyaml = True

Community.general Version

$ ansible-galaxy collection list community.general

# /usr/local/lib/python3.9/site-packages/ansible_collections
Collection        Version
----------------- -------
community.general 7.5.2  

# /usr/share/ansible/collections/ansible_collections
Collection        Version
----------------- -------
community.general 9.4.0

Configuration

$ ansible-config dump --only-changed
CONFIG_FILE() = None

OS / Environment

NAME="SLE Micro"
VERSION="5.5"
VERSION_ID="5.5"
PRETTY_NAME="SUSE Linux Enterprise Micro 5.5"
ID="sle-micro"
ID_LIKE="suse"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:suse:sle-micro:5.5"

Steps to Reproduce

On target machine the packages wget and vim need to be installed. However the target is missing the repositories with those packages are in, so the task should fail as the packages to be installed are not to be found by the package manager.

- name: Install packages
  community.general.zypper:
   name: 
    - wget
    - vim

Expected Results

I expected the task to fail with error

No provider of "+vim" found
No provider of "+wget" found.

Actual Results

TASK [base-packages : Install packages] *********************
ok: [sle-micro-test]

Task details:

{
  "name": [
    "wget",
    "vim"
  ],
  "state": "present",
  "update_cache": false,
  "rc": 0,
  "cmd": [
    "/usr/sbin/transactional-update",
    "--continue",
    "--drop-if-no-change",
    "--quiet",
    "run",
    "/usr/bin/zypper",
    "--quiet",
    "--non-interactive",
    "--xmlout",
    "install",
    "--type",
    "package",
    "--auto-agree-with-licenses",
    "--no-recommends",
    "--",
    "+wget",
    "+vim"
  ],
  "changed": false,
  "invocation": {
    "module_args": {
      "name": [
        "wget",
        "vim"
      ],
      "state": "present",
      "type": "package",
      "disable_gpg_check": false,
      "disable_recommends": true,
      "force": false,
      "force_resolution": false,
      "update_cache": false,
      "oldpackage": false,
      "allow_vendor_change": false,
      "replacefiles": false,
      "clean_deps": false,
      "extra_args_precommand": null,
      "extra_args": null
    }
  },
  "_ansible_no_log": false
}

And then the next task in the play is started assuming the required packages are installed.

Manually running the transactional-update command on the target machine gives this:

# /usr/sbin/transactional-update --continue --drop-if-no-change --quiet run /usr/bin/zypper --quiet --non-interactive --xmlout install --type package --auto-agree-with-licenses --no-recommends -- +wget +vim; echo rc=$?
<?xml version='1.0'?>
<stream>
<message type="error">No provider of &apos;+vim&apos; found.</message>
<message type="error">No provider of &apos;+wget&apos; found.</message>
</stream>
rc=0

So return code is 0 but the output indicates that the packages are not installed and are in fact not found.
I assume community.general.zypper assumes success when rc=0, but I think it should check the output of the command for <message type="error"> instead of relying on the RC only.

Code of Conduct

• I agree to follow the Ansible Code of Conduct

[ansibullbot]

Files identified in the description:

• plugins/modules/zypper.py

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

[ansibullbot]

cc @AnderEnder @alxgu @andytom @commel @evrardjp @lrupp @sealor @toabctl
click here for bot help

[RobinR1]

Additionally, I tried to mitigate this problem by adding:

- name: Install packages
  community.general.zypper:
   name: 
    - wget
    - vim
  register: zypper_output
  failed_when: "'<message type=\"error\">' in zypper_output.stdout"

However, the zypper_output variable does not contain a stdout or stderr:

    "zypper_output": {
        "changed": false,
        "failed": false,
        "name": [],
        "rc": 0,
        "state": "present",
        "update_cache": false
    }

I seem to have no way to catch the actual output of transactional-update like I see it when I manually execute the command on the target host.