• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

CentOS / RHEL : How to exclude kernel or other packages from getting updated using YUM Versionlock Plugin

by admin

Due to application certification and other restrictions in a production environment, it may be preferred to exclude kernel RPM (or other certain RPM) upgrade via yum update. In that case we can use the YUM versionlock plugin to exclude certian packages/rpms from getting updated.

Note : The example provided in the post is for the exclusion of kernel packages, but the same method applies for other packages as well.

Check for the kernel packages available for upgrade.

# yum check-update kernel*
Loaded plugins: fastestmirror, langpacks
base                                               | 3.6 kB  00:00:00     
extras                                             | 3.4 kB  00:00:00     
updates                                            | 3.4 kB  00:00:00     
Loading mirror speeds from cached hostfile
 * base: ftp.iitm.ac.in
 * extras: ftp.iitm.ac.in
 * updates: ftp.iitm.ac.in

kernel.x86_64                    3.10.0-693.2.2.el7               updates
kernel-tools.x86_64              3.10.0-693.2.2.el7               updates
kernel-tools-libs.x86_64         3.10.0-693.2.2.el7               updates

Excluding kernel packages

To exclude kernels from being upgraded via YUM update:
1. Install yum-versionlock plugin:

# yum install -y yum-versionlock
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: ftp.iitm.ac.in
 * extras: ftp.iitm.ac.in
 * updates: ftp.iitm.ac.in
Resolving Dependencies
--> Running transaction check
---> Package yum-plugin-versionlock.noarch 0:1.1.31-42.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================================================================
 Package                                        Arch                           Version                               Repository                    Size
========================================================================================================================================================
Installing:
 yum-plugin-versionlock                         noarch                         1.1.31-42.el7                         base                          32 k

Transaction Summary
========================================================================================================================================================
Install  1 Package

Total download size: 32 k
Installed size: 45 k
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/yum-plugin-versionlock-1.1.31-42.el7.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEYA 
Public key for yum-plugin-versionlock-1.1.31-42.el7.noarch.rpm is not installed
yum-plugin-versionlock-1.1.31-42.el7.noarch.rpm                                                                                  |  32 kB  00:00:08     
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
 Userid     : "CentOS-7 Key (CentOS 7 Official Signing Key) [security@centos.org]"
 Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
 Package    : centos-release-7-3.1611.el7.centos.x86_64 (@anaconda)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : yum-plugin-versionlock-1.1.31-42.el7.noarch                                                                                          1/1 
  Verifying  : yum-plugin-versionlock-1.1.31-42.el7.noarch                                                                                          1/1 

Installed:
  yum-plugin-versionlock.noarch 0:1.1.31-42.el7                                                                                                         

Complete!

2. Make sure yum plugin versionlock is enabled in /etc/yum/pluginconf.d/versionlock.conf file. You would note a file named /etc/yum/pluginconf.d/versionlock.list against the parameter locklist. The file lists the packages which are to be excluded in yum update.

# cat /etc/yum/pluginconf.d/versionlock.conf 
[main]
enabled = 1
locklist = /etc/yum/pluginconf.d/versionlock.list
#  Uncomment this to lock out "upgrade via. obsoletes" etc. (slower)
# follow_obsoletes = 1

3. Add locked version RPMs to /etc/yum/pluginconf.d/versionlock.list.

# cat /etc/yum/pluginconf.d/versionlock.list 
kernel-3.10.0-693.2.2.el7

4. RPMs which locked version will not be included in the next yup update yo do. Verify this by running the check update command again :

# yum check-update kernel*
Loaded plugins: fastestmirror, langpacks, versionlock
Loading mirror speeds from cached hostfile
 * base: ftp.iitm.ac.in
 * extras: ftp.iitm.ac.in
 * updates: ftp.iitm.ac.in

kernel-tools.x86_64                       3.10.0-693.2.2.el7              updates
kernel-tools-libs.x86_64                  3.10.0-693.2.2.el7              updates

Filed Under: CentOS/RHEL 7, Linux

Some more articles you might also be interested in …

  1. dnstracer Command Examples in Linux
  2. ssh-copy-id: command not found
  3. /var/cache/yum Constantly Filling Files System in CentOS/RHEL
  4. “polkit code=exited status=1/FAILURE” – PolicyKit Failing to Start in CentOS/RHEL 7 and 8
  5. RHEL 7 – RHCSA Notes : Create, delete, and modify local groups and group memberships.
  6. macchanger: command not found
  7. What are sparse files in Linux
  8. grub-mkconfig: command not found
  9. extundelete: command not found
  10. How to Create and Query a BTRFS File System

You May Also Like

Primary Sidebar

Recent Posts

  • ctags: Generates an index (or tag) file of language objects found in source files for many popular programming languages
  • csvtool: Utility to filter and extract data from CSV formatted sources
  • csvstat: Print descriptive statistics for all columns in a CSV file
  • csvsql: Generate SQL statements for a CSV file or execute those statements directly on a database

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright