• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

CentOS / RHEL : How to exclude kernel or other packages from getting updated using YUM Versionlock Plugin

by admin

Due to application certification and other restrictions in a production environment, it may be preferred to exclude kernel RPM (or other certain RPM) upgrade via yum update. In that case we can use the YUM versionlock plugin to exclude certian packages/rpms from getting updated.

Note : The example provided in the post is for the exclusion of kernel packages, but the same method applies for other packages as well.

Check for the kernel packages available for upgrade.

# yum check-update kernel*
Loaded plugins: fastestmirror, langpacks
base                                               | 3.6 kB  00:00:00     
extras                                             | 3.4 kB  00:00:00     
updates                                            | 3.4 kB  00:00:00     
Loading mirror speeds from cached hostfile
 * base: ftp.iitm.ac.in
 * extras: ftp.iitm.ac.in
 * updates: ftp.iitm.ac.in

kernel.x86_64                    3.10.0-693.2.2.el7               updates
kernel-tools.x86_64              3.10.0-693.2.2.el7               updates
kernel-tools-libs.x86_64         3.10.0-693.2.2.el7               updates

Excluding kernel packages

To exclude kernels from being upgraded via YUM update:
1. Install yum-versionlock plugin:

# yum install -y yum-versionlock
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: ftp.iitm.ac.in
 * extras: ftp.iitm.ac.in
 * updates: ftp.iitm.ac.in
Resolving Dependencies
--> Running transaction check
---> Package yum-plugin-versionlock.noarch 0:1.1.31-42.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================================================================
 Package                                        Arch                           Version                               Repository                    Size
========================================================================================================================================================
Installing:
 yum-plugin-versionlock                         noarch                         1.1.31-42.el7                         base                          32 k

Transaction Summary
========================================================================================================================================================
Install  1 Package

Total download size: 32 k
Installed size: 45 k
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/yum-plugin-versionlock-1.1.31-42.el7.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEYA 
Public key for yum-plugin-versionlock-1.1.31-42.el7.noarch.rpm is not installed
yum-plugin-versionlock-1.1.31-42.el7.noarch.rpm                                                                                  |  32 kB  00:00:08     
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
 Userid     : "CentOS-7 Key (CentOS 7 Official Signing Key) [security@centos.org]"
 Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
 Package    : centos-release-7-3.1611.el7.centos.x86_64 (@anaconda)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : yum-plugin-versionlock-1.1.31-42.el7.noarch                                                                                          1/1 
  Verifying  : yum-plugin-versionlock-1.1.31-42.el7.noarch                                                                                          1/1 

Installed:
  yum-plugin-versionlock.noarch 0:1.1.31-42.el7                                                                                                         

Complete!

2. Make sure yum plugin versionlock is enabled in /etc/yum/pluginconf.d/versionlock.conf file. You would note a file named /etc/yum/pluginconf.d/versionlock.list against the parameter locklist. The file lists the packages which are to be excluded in yum update.

# cat /etc/yum/pluginconf.d/versionlock.conf 
[main]
enabled = 1
locklist = /etc/yum/pluginconf.d/versionlock.list
#  Uncomment this to lock out "upgrade via. obsoletes" etc. (slower)
# follow_obsoletes = 1

3. Add locked version RPMs to /etc/yum/pluginconf.d/versionlock.list.

# cat /etc/yum/pluginconf.d/versionlock.list 
kernel-3.10.0-693.2.2.el7

4. RPMs which locked version will not be included in the next yup update yo do. Verify this by running the check update command again :

# yum check-update kernel*
Loaded plugins: fastestmirror, langpacks, versionlock
Loading mirror speeds from cached hostfile
 * base: ftp.iitm.ac.in
 * extras: ftp.iitm.ac.in
 * updates: ftp.iitm.ac.in

kernel-tools.x86_64                       3.10.0-693.2.2.el7              updates
kernel-tools-libs.x86_64                  3.10.0-693.2.2.el7              updates

Filed Under: CentOS/RHEL 7, Linux

Some more articles you might also be interested in …

  1. Linux OS Service ‘anacron’
  2. Understanding Linux multipath (dm-multipath)
  3. sudo Command Examples in Linux
  4. Linux Interview Questions – Linux Printing (CUPS)
  5. CentOS / RHEL 7 : How to reinstall GRUB2 from rescue mode
  6. What happens in the Background when you execute the “useradd” command under Linux
  7. gunzip Command Examples in Linux
  8. How to troubleshoot NFS transfer latency issues using “nfsiostat” in CentOS / RHEL
  9. mkdir and rmdir Command Examples in Linux
  10. How to create sparse files in Linux using ‘dd’ command

You May Also Like

Primary Sidebar

Recent Posts

  • JavaFX ComboBox: Set a value to the combo box
  • Nginx load balancing
  • nginx 504 gateway time-out
  • Images preview with ngx_http_image_filter_module

© 2022 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright