Add CentOS/RedHat yum repository module_hotfixes option

[heronimus]

Proposed changes

Add YUM repository module_hotfixes = True option to protects the repository from package filtering, in case another repository (usually Centos AppStream) is marked as active streams for the Nginx package.

Checklist

Before creating a PR, run through this checklist and mark each as complete.

• I have read the CONTRIBUTING document
• If necessary, I have added Molecule tests that prove my fix is effective or that my feature works
• I have checked that all unit tests pass after adding my changes
• If required, I have updated necessary documentation (defaults/main/ and README.md)

[alessfg]

Thanks for the PR! Could you perhaps add a molecule test too to cover this use case? Modifying the default_centos playbook to include pre_tasks to install NGINX from AppStream, uninstall it, and then run what's already there should work 😄

[heronimus]

Hi @alessfgm,
I just found another fact, this issue only happens with yum with dnf backend (also known as yum4) because of it's modularity feature. So I add pre_task condition only for CentOS/RedHat with major version == 8.
This issue also can be reproduced by only enabling the Nginx @ AppStream package module without installing it first. I can't found ansible dnf resources that equivalent with dnf module enable so I use command for the pre_task. Thanks!

[heronimus]

Btw, I really new with this Molecule test. I saw that there's some previous error about the idempotence test, also my committed lineinfile task also doesn't pass the idempotence test. But I think the lineinfile regexp parameter already ensure idempotence. I'm I wrong with this? or is there any alternative lineinfile option to pass the Molecule idempotence test?

[alessfg]

What's happening is that the yum_repository module is overwriting the module_hotfixes change done by lineinfile. A potential way around that would be to set changed_when for both yum_respository and module_hotfixes to false, but I'm not a big fan of that. A better solution might be to comment out both tasks until module_hotfixes gets merged to Ansible and released and use something like blockinfile in the meantime to manually create the nginx repo file. Or, alternatively, and perhaps what I'd do, is duplicate both tasks, leave yum_repository as it was before for CentOS/RHEL 6/7, and create a blockinfile for CentOS/RHEL 8.

As far as why the pre_task fails -- command is never idempotent by default. Ansible will always run any command you specify unless you use one of a few workarounds. The easiest solution would be to simply set changed_when to false (it's no big deal seeing as it's a pre-task and worst case, it'll simply not enable the dnf nginx module), but there's a few more involved/better examples online if you want to go the extra mile.

[heronimus]

Yup got it, I already push some changes for that, also it seems that CI build is passed now, please review again.

[alessfg]

LGTM! Thanks for your PR!