• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

CentOS / RHEL : How to exclude kernel or other packages from getting updated using YUM Versionlock Plugin

by admin

Due to application certification and other restrictions in a production environment, it may be preferred to exclude kernel RPM (or other certain RPM) upgrade via yum update. In that case we can use the YUM versionlock plugin to exclude certian packages/rpms from getting updated.

Note : The example provided in the post is for the exclusion of kernel packages, but the same method applies for other packages as well.

Check for the kernel packages available for upgrade.

# yum check-update kernel*
Loaded plugins: fastestmirror, langpacks
base                                               | 3.6 kB  00:00:00     
extras                                             | 3.4 kB  00:00:00     
updates                                            | 3.4 kB  00:00:00     
Loading mirror speeds from cached hostfile
 * base: ftp.iitm.ac.in
 * extras: ftp.iitm.ac.in
 * updates: ftp.iitm.ac.in

kernel.x86_64                    3.10.0-693.2.2.el7               updates
kernel-tools.x86_64              3.10.0-693.2.2.el7               updates
kernel-tools-libs.x86_64         3.10.0-693.2.2.el7               updates

Excluding kernel packages

To exclude kernels from being upgraded via YUM update:
1. Install yum-versionlock plugin:

# yum install -y yum-versionlock
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: ftp.iitm.ac.in
 * extras: ftp.iitm.ac.in
 * updates: ftp.iitm.ac.in
Resolving Dependencies
--> Running transaction check
---> Package yum-plugin-versionlock.noarch 0:1.1.31-42.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================================================================
 Package                                        Arch                           Version                               Repository                    Size
========================================================================================================================================================
Installing:
 yum-plugin-versionlock                         noarch                         1.1.31-42.el7                         base                          32 k

Transaction Summary
========================================================================================================================================================
Install  1 Package

Total download size: 32 k
Installed size: 45 k
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/yum-plugin-versionlock-1.1.31-42.el7.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEYA 
Public key for yum-plugin-versionlock-1.1.31-42.el7.noarch.rpm is not installed
yum-plugin-versionlock-1.1.31-42.el7.noarch.rpm                                                                                  |  32 kB  00:00:08     
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
 Userid     : "CentOS-7 Key (CentOS 7 Official Signing Key) [security@centos.org]"
 Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
 Package    : centos-release-7-3.1611.el7.centos.x86_64 (@anaconda)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : yum-plugin-versionlock-1.1.31-42.el7.noarch                                                                                          1/1 
  Verifying  : yum-plugin-versionlock-1.1.31-42.el7.noarch                                                                                          1/1 

Installed:
  yum-plugin-versionlock.noarch 0:1.1.31-42.el7                                                                                                         

Complete!

2. Make sure yum plugin versionlock is enabled in /etc/yum/pluginconf.d/versionlock.conf file. You would note a file named /etc/yum/pluginconf.d/versionlock.list against the parameter locklist. The file lists the packages which are to be excluded in yum update.

# cat /etc/yum/pluginconf.d/versionlock.conf 
[main]
enabled = 1
locklist = /etc/yum/pluginconf.d/versionlock.list
#  Uncomment this to lock out "upgrade via. obsoletes" etc. (slower)
# follow_obsoletes = 1

3. Add locked version RPMs to /etc/yum/pluginconf.d/versionlock.list.

# cat /etc/yum/pluginconf.d/versionlock.list 
kernel-3.10.0-693.2.2.el7

4. RPMs which locked version will not be included in the next yup update yo do. Verify this by running the check update command again :

# yum check-update kernel*
Loaded plugins: fastestmirror, langpacks, versionlock
Loading mirror speeds from cached hostfile
 * base: ftp.iitm.ac.in
 * extras: ftp.iitm.ac.in
 * updates: ftp.iitm.ac.in

kernel-tools.x86_64                       3.10.0-693.2.2.el7              updates
kernel-tools-libs.x86_64                  3.10.0-693.2.2.el7              updates

Filed Under: CentOS/RHEL 7, Linux

Some more articles you might also be interested in …

  1. collectd : command not found
  2. crontab error : “You (user) are not allowed to access to (crontab) because of pam configuration.”
  3. nginx 504 gateway time-out
  4. What are /dev/zero and /dev/null files in Linux
  5. How Passwordless SSH works in Linux / UNIX
  6. How to disable “sudo su” for users in sudoers configuration file
  7. firewall-cmd Command Examples in Linux
  8. “sudo: /etc/sudoers is world writable” – How to correct the permissions of sudoers file
  9. dstat: command not found
  10. shred: command not found

You May Also Like

Primary Sidebar

Recent Posts

  • fprintd-delete Command Examples in Linux
  • fprintd-delete: command not found
  • foreman: command not found
  • foreman Command Examples in Linux

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright