#9 - Yum Versionlock

Links, Code, and Transcript

In this episode, I would like to show you a method for locking rpm packages to a particular version.

Lets say for example, that you have a package installed on a server, and that a package update is coming, which will likely break your configuration. You would like to somehow exclude this package from getting updated. Today we are going to look at a yum plugin called, version lock, will help us achieve our goal.

I have setup an example, using the httpd package, to illustrate the problem. Lets run, “yum update httpd”, as you can see, an update was found along with a dependency called httpd-tools. But lets say, for the sake of this example, that we want to keep these are their current versions.

# see if httpd has updates
yum update httpd

There is a package called yum-plugin-versionlock, which we can use to solve our problem. Lets take a look at the package info, by running, “yum info yum-plugin-versionlock”. As you can see, it has a version specific purpose, it’s a “yum plugin to lock specific packages from being updated”. Sounds exactly like what we’re looking for.

# look at package info for yum-plugin-versionlock
yum info yum-plugin-versionlock

Lets, go ahead and install it, by running, “yum install yum-plugin-versionlock”.

# install yum-plugin-versionlock
yum install yum-plugin-versionlock

I like to use “rpm –query –list” and then the package name, in this instance, “yum-plugin-versionlock”, to see what files were installed for a particular rpm. This just helps to give a little info about where the config files live. As you can see here, the first couple lines, are config files, and then there is the plugin itself, some documentation, and then the man page.

# show files for yum-plugin-versionlock
rpm --query --list yum-plugin-versionlock

Lets take a look at the versionlock.conf file. It looks pretty straightforward, and it points us to this versionlock.list file. This is where the locked rpm names will live.

Now that we know about versionlock, lets run “yum update httpd” again, we are doing this just to refresh our memory, and so that we can record the package names.

# double check our package names
yum update httpd

Armed with these package names, we are going to run “yum versionlock httpd httpd-tools”. In the output you can see that it says, adding version lock on the packages we specified. Lets have another look at the versionlock.list file, just to make sure it has our additions. Yup, look good!

# lock the httpd httpd-tools packages at current versions
yum versionlock httpd httpd-tools

Okay, now that we have the yum version locks in place, lets run “yum update httpd” again. It looks like it is working, since it says, “no packages marked for update”. You can also safely run “yum update” to update all packages, and if we scroll up, you’ll see that there is no httpd or httpd-tools listed here.

# see if httpd still want to apply an update
yum update httpd

Just before I conclude this episode, I would like to mention, that if the package has already been updated, there is a handy yum option called, –showduplicates, we use it like this, by running “yum list httpd –showduplicates”. This will list all instances of httpd in our repo. Normally you’ll only see the most recent version. So, if you need to downgrade a package for some reason, you can use “show duplicates” to find and install older package versions, then you can use version lock, to lock the package to the older version.

# --showduplicates can show duplicate packages in a repo
yum list httpd --showduplicates

You can also view active versionlocks by running “yum versionlock”.

# view active versionlocks
yum versionlock
  • Published
  • Duration
    4 minutes
  • Download
    MP4 or WebM
You may also like...