Exclude packages

[thiagolinhares]

Hi there.
It would be nice to have an option to exclude certain packages from updating/upgrading.

groups:
  - name: xpto_special_package
    vars:
      excluded_packages: mysql-server, apache
    targets:
      - abc123.domain.tld
      - def4556.domain.tld

As to identify which package is the right for that O.S, we could use spec class such as Puppet does.
E.g: https://github.com/puppetlabs/puppetlabs-apache/blob/master/spec/classes/apache_spec.rb

[nmaludy]

@thiagolinhares Looking into this a little this morning, it seems to be very inconsistent across OSes on how to "exclude" certain packages.

RedHat / yum

With yum you can do yum upgrade --exclude=mypackage or you can use yum versionlock mypackage

Debian / apt

With apt there is no way to do apt install --exclude you can only do an equivalent of a "versionlock" using apt-mark hold.

SLES

With zypper you can do zypper update --exclude=mypackage or you can use zypper addlock mypackage.

Windows

There is no way to exclude or lock packages natively. Whatever was done here would have to be custom.

Gathering my thoughts

So, the support for package "exclusion" seems to be inconsistent and varied across operating systems. The only way i could see us getting around this is to take the list of packages from patching::available_update then filter that given our "exclusion" list and finally pass the filtered list into patching::update.

I think doing something like this is possible, but i see a lot of edge cases that would need to be handled.

It looks like all OSes, except windows, support the ability to "lock" packages at a given version. Is this an acceptable solution for you?

[thiagolinhares]

Hi Nick!
Yes its a nice approach and would fit good for us!

Thanks for your help!!