ansible.builtin.dnf module – Manages packages with the dnf package manager
ansible.builtin.dnf module – Manages packages with the dnf package manager
https://docs.ansible.com/projects/ansible/latest/collections/ansible/builtin/dnf_module.html
ansible.builtin.dnf module – Manages packages with the dnf package manager Note
This module is part of ansible-core and included in all Ansible installations. In most cases, you can use the short module name dnf even without specifying the collections keyword. However, we recommend you use the Fully Qualified Collection Name (FQCN) ansible.builtin.dnf for easy linking to the module documentation and to avoid conflicting with other collections that may have the same module name.
Synopsis
Requirements
Parameters
Attributes
Notes
Examples
Synopsis Installs, upgrade, removes, and lists packages and groups with the dnf package manager.
Note
This module has a corresponding action plugin.
Aliases: yum
Requirements The below requirements are needed on the host that executes this module.
python3-dnf
Parameters Parameter
Comments
allow_downgrade boolean
added in Ansible 2.7
Specify if the named package and version is allowed to downgrade a maybe already installed higher version of that package. Note that setting allow_downgrade=true can make this module behave in a non-idempotent way. The task could end up with a set of packages that does not match the complete list of specified packages to install (because dependencies between the downgraded package and others can cause changes to the packages which were in the earlier transaction).
Since this feature is not provided by dnf itself but by ansible.builtin.dnf module, using this in combination with wildcard characters in name may result in an unexpected results.
Choices:
false ← (default)
true
allowerasing boolean
added in ansible-base 2.10
If true it allows erasing of installed packages to resolve dependencies.
Choices:
false ← (default)
true
autoremove boolean
If true, removes all “leaf” packages from the system that were originally installed as dependencies of user-installed packages but which are no longer required by any such package. Should be used alone or when state=absent.
Choices:
false ← (default)
true
best boolean
added in ansible-core 2.17
When set to true, either use a package with the highest version available or fail.
When set to false, if the latest version cannot be installed go with the lower version.
Default is set by the operating system distribution.
Choices:
false
true
bugfix boolean
added in Ansible 2.7
If set to true, and state=latest then only installs updates that have been marked bugfix related.
Note that, similar to dnf upgrade-minimal, this filter applies to dependencies as well.
Choices:
false ← (default)
true
cacheonly boolean
added in ansible-core 2.12
Tells dnf to run entirely from system cache; does not download or update metadata.
Choices:
false ← (default)
true
conf_file string
The remote dnf configuration file to use for the transaction.
disable_excludes string
added in Ansible 2.7
Disable the excludes defined in DNF config files.
If set to all, disables all excludes.
If set to main, disable excludes defined in [main] in dnf.conf.
If set to repoid, disable excludes defined for given repo id.
disable_gpg_check boolean
Whether to disable the GPG checking of signatures of packages being installed. Has an effect only if state=present or state=latest.
This setting affects packages installed from a repository as well as “local” packages installed from the filesystem or a URL.
Choices:
false ← (default)
true
disable_plugin list / elements=string
added in Ansible 2.7
Plugin name to disable for the install/update operation. The disabled plugins will not persist beyond the transaction.
Default: []
disablerepo list / elements=string
Repoid of repositories to disable for the install/update operation. These repos will not persist beyond the transaction. When specifying multiple repos, separate them with a ,.
Default: []
download_dir string
added in Ansible 2.8
Specifies an alternate directory to store packages.
Has an effect only if download_only is specified.
download_only boolean
added in Ansible 2.7
Only download the packages, do not install them.
Choices:
false ← (default)
true
enable_plugin list / elements=string
added in Ansible 2.7
Plugin name to enable for the install/update operation. The enabled plugin will not persist beyond the transaction.
Default: []
enablerepo list / elements=string
Repoid of repositories to enable for the install/update operation. These repos will not persist beyond the transaction. When specifying multiple repos, separate them with a “,”.
Default: []
exclude list / elements=string
added in Ansible 2.7
Package name(s) to exclude when state=present, or latest. This can be a list or a comma separated string.
Default: []
install_weak_deps boolean
added in Ansible 2.8
Will also install all packages linked by a weak dependency relation.
Choices:
false
true ← (default)
installroot string
Specifies an alternative installroot, relative to which all packages will be installed.
Default: “/”
list string
Various (non-idempotent) commands for usage with /usr/bin/ansible and not playbooks. Use ansible.builtin.package_facts instead of the list argument as a best practice.
lock_timeout integer
added in Ansible 2.8
Amount of time to wait for the dnf lockfile to be freed.
Default: 30
name aliases: pkg
list / elements=string
A package name or package specifier with version, like name-1.0. When using state=latest, this can be ‘*’ which means run: dnf -y update. You can also pass a url or a local path to an rpm file. To operate on several packages this can accept a comma separated string of packages or a list of packages.
Comparison operators for package version are valid here >, <, >=, <=. Example - name >= 1.0. Spaces around the operator are required.
You can also pass an absolute path for a binary which is provided by the package to install. See examples for more information.
Default: []
nobest boolean
added in ansible-core 2.11
This is the opposite of the best option kept for backwards compatibility.
Since ansible-core 2.17 the default value is set by the operating system distribution.
Choices:
false
true
releasever string
Specifies an alternative release from which all packages will be installed.
security boolean
added in Ansible 2.7
If set to true, and state=latest then only installs updates that have been marked security related.
Note that, similar to dnf upgrade-minimal, this filter applies to dependencies as well.
Choices:
false ← (default)
true
skip_broken boolean
added in Ansible 2.7
Skip all unavailable packages or packages with broken dependencies without raising an error. Equivalent to passing the –skip-broken option.
Choices:
false ← (default)
true
sslverify boolean
added in ansible-core 2.13
Disables SSL validation of the repository server for this transaction.
This should be set to false if one of the configured repositories is using an untrusted or self-signed certificate.
Choices:
false
true ← (default)
state string
Whether to install (present, latest), or remove (absent) a package.
Default is None, however in effect the default action is present unless the autoremove=true, then absent is inferred.
Choices:
“absent”
“present”
“installed”
“removed”
“latest”
update_cache aliases: expire-cache
boolean
added in Ansible 2.7
Force dnf to check if cache is out of date and redownload if needed. Has an effect only if state=present or state=latest.
Choices:
false ← (default)
true
update_only boolean
added in Ansible 2.7
When using latest, only update installed packages. Do not install packages.
Has an effect only if state=present or state=latest.
Choices:
false ← (default)
true
use_backend string
added in ansible-core 2.15
Backend module to use.
Choices:
“auto” (default): Automatically select the backend based on the ansible_facts.pkg_mgr fact.
“dnf”: ansible.builtin.dnf
“dnf4”: Alias for dnf
“dnf5”: ansible.builtin.dnf5
“yum”: Alias for auto (see Notes)
“yum4”: Alias for dnf
validate_certs boolean
added in Ansible 2.7
This only applies if using a https url as the source of the rpm. For example, for localinstall. If set to false, the SSL certificates will not be validated.
This should only set to false used on personally controlled sites using self-signed certificates as it avoids verifying the source site.
Choices:
false
true ← (default)
Attributes Attribute
Support
Description
action partial
dnf has 2 action plugins that use it under the hood, ansible.builtin.dnf and ansible.builtin.package.
Indicates this has a corresponding action plugin so some parts of the options can be executed on the controller
async none
Supports being used with the async keyword
bypass_host_loop none
Forces a ‘global’ task that does not execute per host, this bypasses per host templating and serial, throttle and other loop considerations
Conditionals will work as if run_once is being used, variables used will be from the first available host
This action will not work normally outside of lockstep strategies
check_mode full
Can run in check_mode and return changed status prediction without modifying target, if not supported the action will be skipped.
diff_mode full
Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode
platform Platform: rhel
Target OS/families that can be operated against
Notes Note
When used with a loop: each package will be processed individually, it is much more efficient to pass the list directly to the name option.
Group removal doesn’t work if the group was installed with Ansible because upstream dnf’s API doesn’t properly mark groups as installed, therefore upon removal the module is unable to detect that the group is installed https://bugzilla.redhat.com/show_bug.cgi?id=1620324.
While use_backend=yum and the ability to call the action plugin as ansible.builtin.yum are provided for syntax compatibility, the YUM backend was removed in ansible-core 2.17 because the required libraries are not available for any supported version of Python. If you rely on this functionality, use an older version of Ansible.
Examples
-
name: Install the latest version of Apache ansible.builtin.dnf: name: httpd state: latest
-
name: Install Apache >= 2.4 ansible.builtin.dnf: name: httpd >= 2.4 state: present
-
name: Install the latest version of Apache and MariaDB ansible.builtin.dnf: name: - httpd - mariadb-server state: latest
-
name: Remove the Apache package ansible.builtin.dnf: name: httpd state: absent
-
name: Install the latest version of Apache from the testing repo ansible.builtin.dnf: name: httpd enablerepo: testing state: present
-
name: Upgrade all packages ansible.builtin.dnf: name: “*” state: latest
-
name: Update the webserver, depending on which is installed on the system. Do not install the other one ansible.builtin.dnf: name: - httpd - nginx state: latest update_only: yes
-
name: Install the nginx rpm from a remote repo ansible.builtin.dnf: name: ‘http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm’ state: present
-
name: Install nginx rpm from a local file ansible.builtin.dnf: name: /usr/local/src/nginx-release-centos-6-0.el6.ngx.noarch.rpm state: present
-
name: Install Package based upon the file it provides ansible.builtin.dnf: name: /usr/bin/cowsay state: present
-
name: Install the ‘Development tools’ package group ansible.builtin.dnf: name: ‘@Development tools’ state: present
-
name: Autoremove unneeded packages installed as dependencies ansible.builtin.dnf: autoremove: yes
-
name: Uninstall httpd but keep its dependencies ansible.builtin.dnf: name: httpd state: absent autoremove: no
-
name: Install a modularity appstream with defined stream and profile ansible.builtin.dnf: name: ‘@postgresql:9.6/client’ state: present
-
name: Install a modularity appstream with defined stream ansible.builtin.dnf: name: ‘@postgresql:9.6’ state: present
-
name: Install a modularity appstream with defined profile ansible.builtin.dnf: name: ‘@postgresql/client’ state: present Authors Igor Gnatenko (@ignatenkobrain)
Cristian van Ee (@DJMuggs)
Berend De Schouwer (@berenddeschouwer)
Adam Miller (@maxamillion)
Collection links Issue Tracker Repository (Sources) Communication © Copyright Ansible project contributors. Last updated on Dec 22, 2025.