CentOS / RHEL: Yum Lock Package Version At a Particular Version

by on January 20, 2014 · 9 comments· LAST UPDATED January 21, 2014

in , ,

I am a new CentOS / RHEL 6.x server user and DevOP. I need to lock a package called nginx on a server being updated via yum command. How do I lock package version at a particular version on CentOS / Red Hat Enterprise Linux (RHEL) 6.x or Fedora Linux?

You have two options as follows:
Tutorial details
DifficultyIntermediate (rss)
Root privilegesYes
RequirementsNone
Estimated completion time10m
  1. Pass the --exclude directive to the yum command to define list of packages to exclude from updates or installs.
  2. yum versionlock command - Version lock rpm packages command.

Method # 1: yum versionlock command

You need to install yum-plugin-versionlock plugin. It takes a set of name/versions for packages and excludes all other versions of those packages (including optionally following obsoletes). This allows you to protect packages from being updated by newer versions.

Install yum-plugin-versionlock on a CentOS/RHEL server

To install yum-plugin-versionlock package, enter:
# yum -y install yum-versionlock
OR
# yum -y install yum-plugin-versionlock
Sample outputs:

Loaded plugins: product-id, rhnplugin, security, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package yum-plugin-versionlock.noarch 0:1.1.30-14.el6 will be installed
--> Finished Dependency Resolution
 
Dependencies Resolved
 
================================================================================
 Package                  Arch     Version         Repository              Size
================================================================================
Installing:
 yum-plugin-versionlock   noarch   1.1.30-14.el6   rhel-x86_64-server-6    27 k
 
Transaction Summary
================================================================================
Install       1 Package(s)
 
Total download size: 27 k
Installed size: 0
Downloading Packages:
yum-plugin-versionlock-1.1.30-14.el6.noarch.rpm          |  27 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : yum-plugin-versionlock-1.1.30-14.el6.noarch                  1/1
  Verifying  : yum-plugin-versionlock-1.1.30-14.el6.noarch                  1/1
 
Installed:
  yum-plugin-versionlock.noarch 0:1.1.30-14.el6
 
Complete!
 

Syntax

The basic syntax is as follows:

 
yum versionlock package-name-here
yum versionlock package1 package2
yum versionlock add package-wildcard
yum versionlock add package1\*
yum versionlock [command] package1\*
 

To lock the nginx packages at current versions, type:

# yum versionlock nginx
OR
# yum versionlock add nginx

To list all current versionlock entries, run:

# yum versionlock list

To remove/delete versionlock entry for nginx package, enter:

# yum versionlock delete nginx

To remove all versionlock entries:

# yum versionlock clear
Sample outputs:

Loaded plugins: product-id, rhnplugin, security, subscription-manager,
              : versionlock
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
versionlock cleared

Add a exclude (within versionlock) for the latest versions of the packages in the available repos

# yum versionlock exclude pakage1 package2
# yum versionlock exclude pakage-wildcard-here

Demo: Locking ethtool package using yum lock version commands

First, check ethtool package has updates on the server:
# yum check-update
# yum check-update ethtool

Sample outputs:

Loaded plugins: product-id, rhnplugin, security, subscription-manager,
              : versionlock
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
ethtool.x86_64               2:3.5-1.2.el6_5                rhel-x86_64-server-6

Lock down ethtool, enter:
# yum versionlock add ethtool
Sample outputs:

Loaded plugins: product-id, rhnplugin, security, subscription-manager,
              : versionlock
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
Adding versionlock on: 2:ethtool-3.5-1.el6
versionlock added: 1

List entries in versionlock, enter:
# yum versionlock list
Sample outputs:

Loaded plugins: product-id, rhnplugin, security, subscription-manager,
              : versionlock
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
2:ethtool-3.5-1.el6.*
versionlock list done

Try to update ethtool package, enter:
# yum update ethtool
Sample outputs:

Loaded plugins: product-id, rhnplugin, security, subscription-manager,
              : versionlock
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
Setting up Update Process
No Packages marked for Update

Delete ethtool versionlock so that yum can apply an update:
# yum versionlock delete '2:ethtool-3.5-1.el6.*'
Sample outputs:

Loaded plugins: product-id, rhnplugin, security, subscription-manager,
              : versionlock
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
Deleting versionlock for: 2:ethtool-3.5-1.el6.*
versionlock deleted: 1

Tip: List/view history of package?

Use the following command:
# yum --showduplicates list packageNameHere
# yum --showduplicates list ethtool

Sample outputs:

Fig.01: See all packages versions

Fig.01: See all packages versions


The yum command has history option. It allows an admin to access detailed information on the history of yum transactions that have been run on a system. You can see what has happened in past transactions. You can use various command line options to view what happened, undo/redo/rollback to act on that information and start a new history file.

Method # 2: yum --exclude command to lock package version from yum update

Edit /etc/yum.conf
# vi /etc/yum.conf
Append the following line under [main] section to lock php and nginx, enter:

exclude=php* nginx* 

Save and close the file. See how to exclude packages when I use "yum update" command tutorial for more information.

Related media

A quick video tutorial shows you how to prevent any package to be update using yum even its update is available on a CentOS/Red Hat Enterprises Linux server.



(Video 01: yum-versionlock: Lock rpm/yum Packages on a CentOS/RHEL Based Server)

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 9 comments… read them below or add one }

1 Jose Tapia January 20, 2014 at 10:26 pm

Very Usefull information, thans for share like always great stuffs

Reply

2 daza January 21, 2014 at 6:54 am

I assume versionlock will add entry to /etc/yum.conf ?
great article and nice tip.

Reply

3 Nix Craft January 21, 2014 at 7:01 am

Noop.

/etc/yum/pluginconf.d/versionlock.list is the default place to put package version lock information one package and version per/line.

Reply

4 Juergen Caris January 21, 2014 at 8:25 am

Very useful. Thank you for sharing. I didn’t know that there is a versionlock feature in yum. Usually I am editing the .conf file.

Reply

5 Liju January 21, 2014 at 3:30 pm

Does adding “exclude” line in all cenotos.repo do the same ?

[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
………………
…………………..
exclude=httpd php mysql

Reply

6 Sunil Bhoi January 21, 2014 at 10:22 pm

Thanks for proving new concept.”versionlock “.

Reply

7 T.Mini January 27, 2014 at 9:17 pm

Nice find. Thanks!

Reply

8 ksharpdabu February 24, 2014 at 9:40 am

execuse me ,why i use that command “yum versionlock add ppp” on centos 6.4 ,
there is no the option “add” ?
output:
options:
-h, –help show this help message and exit
-t, –tolerant be tolerant of errors
-C run entirely from cache, don’t update cache
-c [config file] config file location
-R [minutes] maximum command wait time
-d [debug level] debugging output level
–showduplicates show duplicates, in repos, in list/search commands
-e [error level] error output level
-q, –quiet quiet operation
-v, –verbose verbose operation
-y answer yes for all questions
–version show Yum version and exit
–installroot=[path] set install root
–enablerepo=[repo] enable one or more repositories (wildcards allowed)
–disablerepo=[repo] disable one or more repositories (wildcards allowed)
-x [package], –exclude=[package]
exclude package(s) by name or glob
–disableexcludes=[repo]
disable exclude from main, for a repo or for
everything
–obsoletes enable obsoletes processing during updates
–noplugins disable Yum plugins
–nogpgcheck disable gpg signature checking
–disableplugin=[plugin]
disable plugins by name
–enableplugin=[plugin]
enable plugins by name
–skip-broken skip packages with depsolving problems
–color=COLOR control whether color is used

Plugin Options:

Reply

9 ksharpdabu February 24, 2014 at 9:49 am

i have know the reason ,because versionlock of i have installed is not the last .
so i can pass to yum and the lock list must be edited manually. not by command

Reply

Leave a Comment

Tagged as: , , ,

Previous Faq:

Next Faq: