If you are not familiar with modules, check out Ansible - Getting Started with Modules.

There are a few modules that can be used to manage packages.

• apt module
• dnf module
• package module
• package_facts module
• yum module (this article)

It often make sense to use the ansible.builtin.package module because the package module should be able to be used against any Linux distribution. On the other hand, the other package management modules are can only be used against certain distributions. For example, the dnf module can only be used against Red Hat distributions (CentOS, Fedora, Red Hat).

However, be aware that the ansible.builtin.package module may fail fatal with the following based on the package manager being used on the target server, and the version(s) of Python on the target server. 

fatal: [server1.example.com]: FAILED! => {"changed": false, "msg": "The Python 2 yum module is needed for this module. If you require Python 3 support use the `dnf` Ansible module instead."}

What I have found to be most stable is to use the ansible_pkg_mgr fact to determine if the package manager being used on the target server and to then use the module for the package manager being used on the target server.

---
- hosts: all
  tasks:
  - name: update wget using dnf
    ansible.builtin.dnf:
      name: wget
      state: latest
    when: ansible_pkg_mgr == 'dnf'

  - name: update wget using yum
    ansible.builtin.yum:
      name: wget
      state: latest
    when: ansible_pkg_mgr == 'yum'

  - name: update wget using apt
    ansible.builtin.apt:
      name: wget
      state: latest
    when: ansible_pkg_mgr == 'apt'
...

On a Red Hat distributions (CentOS, Fedora, Red Hat), if you need to create a .repo file, such as /etc/yum.repos.d/epel.com, the yum_repository module can be used to create the .repo file.

---
- hosts: all
  tasks:
  - name: add the /etc/yum.repos.d/epel.repo
    ansible.builtin.yum_repository:
      name: epel
      description: EPEL repo
      baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
...

In this example, if the wget package is not installed on the system, the latest version of wget will be installed. If wget is already installed, wget will be updated to to the latest version.

---
- hosts: all
  tasks:
  - name: update wget
    ansible.builtin.yum:
      name: wget
      state: latest
...

Install / Upgrade multiple packages

You could also install or upgrade multiple packages at once, like this.

---
- hosts: all
  tasks:
  - name: update wget and bzip2
    ansible.builtin.yum:
      name: ['wget', 'bzip2']
      state: latest
...

Or like this.

---
- hosts: all
  tasks:
  - name: update wget and bzip2
    ansible.builtin.yum:
      name:
      - wget
      - bzip2
      state: latest
...

Update all packages

The wildcard character can be used to update all installed packages on the managed node.

---
- hosts: all
  tasks:
  - name: update all packages - this is like running the 'yum update' command
    ansible.builtin.yum:
      name: "*"
      state: latest
...

On the managed node, the ps command could be used to see that the yum update command is being run.

[root@server1 ~]# ps -ef | grep yum
root      9111  9011  0 07:15 pts/0    00:00:00 /bin/sh -c /usr/bin/python /root/.ansible/tmp/ansible-tmp-1612617280.7864397-7023-219484007335662/AnsiballZ_yum.py && sleep 0
root      9114  9111  0 07:15 pts/0    00:00:00 /usr/bin/python /root/.ansible/tmp/ansible-tmp-1612617280.7864397-7023-219484007335662/AnsiballZ_yum.py
root      9172  9114 27 07:15 pts/0    00:00:27 /usr/bin/python /usr/bin/yum -d 2 -y update
root     18075  9233  0 07:17 pts/1    00:00:00 grep --color=auto yum

Package successfull installed or updated

If the package was successfully installed or updated, the task should have a status of "changed".

PLAY [all]

TASK [Gather Facts]
ok: [server1.example.com]

TASK [install or upgrade wget]
changed: [server1.example.com]

PLAY RECAP
server1.example.com   : ok=2  changed=1  unreachable=0  failed=0

Lastest version of package already installed 

If the latest version of the package is already installed on the managed node (e.g. target system), the "install or upgrade wget" task should have a status of "ok".

PLAY [all]

TASK [Gather Facts]
ok: [server1.example.com]

TASK [install or upgrade wget]
ok: [server1.example.com]

PLAY RECAP
server1.example.com   : ok=2  changed=0  unreachable=0  failed=0

Become (root, sudo)

Typically, only root can use yum to install packages. The become module can be used to become root.