dnf_versionlock: new module (#3552)

* dnf_versionlock: new module

* dnf_versionlock: fix style in doc

* dnf_versionlock: use check_rc in run_command

* dnf_versionlock: fix style and typos in doc

tests/integration/targets/dnf_versionlock/tasks/install.yml

@@ -0,0 +1,6 @@
+---
+- name: Install dnf versionlock plugin
+  dnf:
+    name: dnf-plugin-versionlock
+    state: present
+...

tests/integration/targets/dnf_versionlock/tasks/lock_bash.yml

@@ -0,0 +1,32 @@
+---
+- name: Clear locklist
+  community.general.dnf_versionlock:
+    state: clean
+  register: clear_locklist
+
+- assert:
+    that:
+      - clear_locklist.locklist_post | length == 0
+
+- name: Lock installed package bash
+  community.general.dnf_versionlock:
+    name: bash
+    state: present
+  register: lock_bash
+
+- assert:
+    that:
+      - lock_bash is changed
+      - lock_bash.locklist_post | length == 1
+
+- name: Unlock installed package bash
+  community.general.dnf_versionlock:
+    name: bash
+    state: absent
+  register: unlock_bash
+
+- assert:
+    that:
+      - unlock_bash is changed
+      - unlock_bash.locklist_post | length == 0
+...

tests/integration/targets/dnf_versionlock/tasks/lock_updates.yml

@@ -0,0 +1,72 @@
+---
+- name: Check packages with updates
+  dnf:
+    list: updates
+  register: updates
+
+- name: Set local facts
+  set_fact:
+    _packages: "{{ (updates.results | map(attribute='name') | list)[:5] }}"
+
+- debug:
+    msg:
+      - "The packages to be locked and unlocked are: {{ _packages}}"
+
+- block:
+    - name: Clear locklist
+      community.general.dnf_versionlock:
+        state: clean
+      register: clear_locklist
+
+    - assert:
+        that:
+          - clear_locklist.locklist_post | length == 0
+
+    - name: Lock packages with updates
+      dnf_versionlock:
+        name: "{{ _packages }}"
+        state: present
+      register: lock_packages
+
+    - assert:
+        that:
+          - lock_packages is changed
+          - (lock_packages.locklist_post | length) <= (_packages | length)
+
+    - name: Update packages with updates while locked
+      command: >-
+        dnf update -y
+        --setopt=obsoletes=0 {{ _packages | join(' ') }}
+      args:
+        warn: false
+      register: update_locked_packages
+      changed_when: '"Nothing to do" not in update_locked_packages.stdout'
+
+    - assert:
+        that:
+          - update_locked_packages is not changed
+
+    - name: Unlock packages with updates
+      dnf_versionlock:
+        name: "{{ _packages }}"
+        state: absent
+      register: unlock_packages
+
+    - assert:
+        that:
+          - unlock_packages is changed
+          - unlock_packages.locklist_post | length == 0
+
+    - name: Update packages
+      dnf:
+        name: "{{ _packages }}"
+        state: latest
+      check_mode: yes
+      register: update_packages
+
+    - assert:
+        that:
+          - update_packages is changed
+
+  when: updates.results | length > 0
+...

tests/integration/targets/dnf_versionlock/tasks/main.yml

@@ -0,0 +1,8 @@
+---
+- block:
+    - include_tasks: install.yml
+    - include_tasks: lock_bash.yml
+    - include_tasks: lock_updates.yml
+  when: (ansible_distribution == 'Fedora' and ansible_distribution_major_version is version('23', '>=')) or
+        (ansible_distribution in ['RedHat', 'CentOS'] and ansible_distribution_major_version is version('8', '>='))
+...