8

Technically speaking, if one wanted to update a RHEL or CentOS server using yum, but only up to a certain release date (i.e. don't install any updates released after X date), would it be possible and if so, how?

So far, the only way I can think of is to use a dedicated satellite server or a local repository and simply not sync it after a certain date, but this is not what I'm looking for.

The reason I'm asking is that we have a central (shared) satellite server that serves multiple customers, and one of the customers asked to keep all of its servers (including new servers being built) to the same update level until they are ready to move up. Without a new dedicated satellite created only for this customer (which we wouldn't not sync after X date), the only way I can think of would be if we could prevent servers (including freshly built ones) from updating past a certain release date.

I've searched around and couldn't find anything (such as a yum option or plugin that does this) that would indicate it's even possible, but in case I just didn't search for the right thing, I'm asking you.

Please let me know if the question is unclear.

Yanick Girouard
  • 2,385
  • 1
  • 18
  • 19
  • Are they trying to avoid a certain release (e.g. keeping at version 6.4 instead of 6.5), or are they only concerned about packages? – ewwhite Sep 15 '14 at 14:32
  • Only about packages. – Yanick Girouard Sep 15 '14 at 14:33
  • Do you have any form of configuration management? Puppet, for instance? – ewwhite Sep 15 '14 at 14:44
  • 1
    I believe this can be done with "Red Hat Satellite" only. – alexus Sep 15 '14 at 14:46
  • Yes, we use BladeLogic Server Automation, which is what we use for patching. I didn't mention it because most people don't know it, but in fact we're trying to do this using a Red Hat Patch Catalog in BSA. I was just trying to see if it was even possible natively before asking BMC Software for a product enhancement because this is not currently possible in BSA either. – Yanick Girouard Sep 15 '14 at 14:47

2 Answers2

2

It sounds like this customer should either have their own organisation inside the satellite (and you could then give them org admin rights if you so desired), OR you should clone the channels you need, and then, when they say go, you go into each cloned channel and update it (can't quite think of the terminology right now, but its next to the 'sync' button.

When you originally clone a channel, you can opt to clone it with no/all/selected errata. In 5.6 (or was it 5.5?) they added an option to clone to match a particular release. Before that, you had to use a script (unsupported?)

One work of warning though, when updating, do it though the 'Manage channels' part of the interface, not through the 'Errata' part of the interface, of you'll drive yourself nuts.

Note that Red Hat have some RHEL 5 and RHEL 6 best-practice guides for managing SOE's (Standard Operating Environments), which may be of interest to you.

eg. https://access.redhat.com/articles/1169613 (Subscriber Content)

Cameron Kerr
  • 4,069
  • 19
  • 25
  • Thanks for the detailed answer. That confirms what I thought I understood, which is that the only way to do it is from the satellite itself, and not from the client, and that other than "not updating it" there's no way to freeze a channel at a specific date. That's mainly what I needed to know. – Yanick Girouard Sep 16 '14 at 13:13
  • 1
    Cloning a channel essentially does freeze it (unlike the Red Hat channels that you would clone it from). One other thing to point out: if you log in as the satellite admin (not an org admin), you'll find a few scheduled tasks you may like to kick off after updating the cloned channels -- something like errata-cache, errata-queue and ... one other, right at the top of the list). Otherwise, if you don't wait long enough, you _may_ find you'll see no updates available. Similarly, that's not a fast job, so you'll want to check that its finished, and run 'yum cleanall' client-side as a precaution. – Cameron Kerr Sep 16 '14 at 13:24
2

If what you want is to have multiple machines with exactly the same packages and versions, you could use yum load-ts (yum load-transaction)

From man yum:

load-transaction

This command will re-load a saved yum transaction file, this allows you to run a transaction on one machine and then use it on another. The two common ways to get a saved yum transaction file are from "yum -q history addon-info last saved_tx" or via. the automatic saves in $TMPDIR/yum_save_tx.* when a transaction is solved but not run.

Community
  • 1
Pere
  • 141
  • 4