I have multiple lists of RPMs (one per configuration), and a set of remote machines. Each list includes all of the RPMs needed to run my machine in the configuration I choose.
For a given configuration and machine, I need to make sure that:
- Every RPM in the configuration's RPM list is installed, in the exact same version; and
- Any RPM not in the list is not installed (and uninstall it if necessary)
I've been looking into Ansible and its yum module, but though it's easy ensuring given RPMs are installed, I couldn't find a way to specify that any other RPMs should be uninstalled.
What's a good way of doing that?
It's right there, in the documentation you linked:
Note it can be applied to groups as well:
However, if your requirement is to ensure any package not in your list is not installed, you should start reviewing your provision procedure, i.e., if a machine is under control since its inception, there shouldn't be way out of your control for a package to be installed.
rpm -qawill list all installed RPMs. You could simply save a known good servers output to a txt file and then run a diff against other servers.I've not used Ansible, but possibly you could use this output to list packages to remove.