• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar

The Geek Diary

HowTos | Basics | Concepts

  • Solaris
    • Solaris 11
    • SVM
    • ZFS
    • Zones
    • LDOMs
    • Hardware
  • Linux
    • CentOS/RHEL 7
    • RHCSA notes
    • SuSE Linux Enterprise
    • Linux Services
  • VCS
    • VxVM
  • Interview Questions
  • oracle
    • ASM
    • mysql
    • RAC
    • oracle 12c
    • Data Guard
  • DevOps
    • Docker
    • Shell Scripting
  • Hadoop
    • Hortonworks HDP
      • HDPCA
    • Cloudera
      • CCA 131

CentOS / RHEL : How to exclude kernel or other packages from getting updated using YUM Versionlock Plugin

By admin

Due to application certification and other restrictions in a production environment, it may be preferred to exclude kernel RPM (or other certain RPM) upgrade via yum update. In that case we can use the YUM versionlock plugin to exclude certian packages/rpms from getting updated.

Note : The example provided in the post is for the exclusion of kernel packages, but the same method applies for other packages as well.

Check for the kernel packages available for upgrade.

# yum check-update kernel*
Loaded plugins: fastestmirror, langpacks
base                                               | 3.6 kB  00:00:00     
extras                                             | 3.4 kB  00:00:00     
updates                                            | 3.4 kB  00:00:00     
Loading mirror speeds from cached hostfile
 * base: ftp.iitm.ac.in
 * extras: ftp.iitm.ac.in
 * updates: ftp.iitm.ac.in

kernel.x86_64                    3.10.0-693.2.2.el7               updates
kernel-tools.x86_64              3.10.0-693.2.2.el7               updates
kernel-tools-libs.x86_64         3.10.0-693.2.2.el7               updates

Excluding kernel packages

To exclude kernels from being upgraded via YUM update:
1. Install yum-versionlock plugin:

# yum install -y yum-versionlock
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: ftp.iitm.ac.in
 * extras: ftp.iitm.ac.in
 * updates: ftp.iitm.ac.in
Resolving Dependencies
--> Running transaction check
---> Package yum-plugin-versionlock.noarch 0:1.1.31-42.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================================================================
 Package                                        Arch                           Version                               Repository                    Size
========================================================================================================================================================
Installing:
 yum-plugin-versionlock                         noarch                         1.1.31-42.el7                         base                          32 k

Transaction Summary
========================================================================================================================================================
Install  1 Package

Total download size: 32 k
Installed size: 45 k
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/yum-plugin-versionlock-1.1.31-42.el7.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEYA 
Public key for yum-plugin-versionlock-1.1.31-42.el7.noarch.rpm is not installed
yum-plugin-versionlock-1.1.31-42.el7.noarch.rpm                                                                                  |  32 kB  00:00:08     
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
 Userid     : "CentOS-7 Key (CentOS 7 Official Signing Key) [security@centos.org]"
 Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
 Package    : centos-release-7-3.1611.el7.centos.x86_64 (@anaconda)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : yum-plugin-versionlock-1.1.31-42.el7.noarch                                                                                          1/1 
  Verifying  : yum-plugin-versionlock-1.1.31-42.el7.noarch                                                                                          1/1 

Installed:
  yum-plugin-versionlock.noarch 0:1.1.31-42.el7                                                                                                         

Complete!

2. Make sure yum plugin versionlock is enabled in /etc/yum/pluginconf.d/versionlock.conf file. You would note a file named /etc/yum/pluginconf.d/versionlock.list against the parameter locklist. The file lists the packages which are to be excluded in yum update.

# cat /etc/yum/pluginconf.d/versionlock.conf 
[main]
enabled = 1
locklist = /etc/yum/pluginconf.d/versionlock.list
#  Uncomment this to lock out "upgrade via. obsoletes" etc. (slower)
# follow_obsoletes = 1

3. Add locked version RPMs to /etc/yum/pluginconf.d/versionlock.list.

# cat /etc/yum/pluginconf.d/versionlock.list 
kernel-3.10.0-693.2.2.el7

4. RPMs which locked version will not be included in the next yup update yo do. Verify this by running the check update command again :

# yum check-update kernel*
Loaded plugins: fastestmirror, langpacks, versionlock
Loading mirror speeds from cached hostfile
 * base: ftp.iitm.ac.in
 * extras: ftp.iitm.ac.in
 * updates: ftp.iitm.ac.in

kernel-tools.x86_64                       3.10.0-693.2.2.el7              updates
kernel-tools-libs.x86_64                  3.10.0-693.2.2.el7              updates

Filed Under: CentOS/RHEL 7, Linux

Some more articles you might also be interested in …

  1. CentOS / RHEL : How to set chroot jail for vsftp for all the users
  2. CentOS / RHEL : How to find free space in a Volume Group in LVM
  3. Linux OS service ‘portmap’
  4. understanding “yum history” command output
  5. Troubleshooting kdump Issues in CentOS/RHEL
  6. What’s the difference between locate and find command in Linux
  7. Beginners Guide to NFS in CentOS / RHEL
  8. Linux OS Service ‘anacron’
  9. How to clean YUM cache in CentOS / RHEL
  10. RHEL 7 – RHCSA Notes : Configure a system to use time services

You May Also Like

Primary Sidebar

Recent Posts

  • How to disable firewalld and nftables and use iptables instead in CentOS/RHEL 8
  • How to add an Ethernet connection using nmcli in CentOS/RHEL 7
  • How to set the order to load certain modules in CentOS/RHEL 7 and 8
  • How to configure initrd / initramfs to including kernel modules in CentOS/RHEL
  • How to configure systemd.path to trigger an event when any changes made to a directory
  • Archives
  • Contact Us
  • Copyright

© 2019 · The Geek Diary