10

I have the following:

  • Bunch of guest VM's that are running Centos 6.3
  • Host running Centos 6.3.
  • Recently I created a new Centos 6.3 VM to test out something
  • Ran yum update after a fresh install of a minimal server
  • Noticed Centos is now at 6.4

I would like to keep the version unchanged as I understand that untested changes have the ability to introduce instability (I'm learning server admin/Centos so that I can develop my own applications that automate various 'needs', one such need is to download data, another is to perform analysis on the downloaded data, and yet another need is to execute certain actions based on the analysis).

I'm in the Dev phase of Dev -> Test -> Prod with respect to implementing what I'm doing, so up-time and stability isn't "necessary" at this stage, however, I would like to ensure I've done all I can to ensure up-time/stability will be solid when time does come to have a Prod environment. So, I would like to keep my guest and host KM's running 6.3 until I decide that an upgrade is necessary and/or provides significant benefit(s).

A few questions:

  • How do I prevent automatic upgrades from occurring to versions of the server OS when performing yum update?
  • Is there a "standard" location on the internet for finding what changes occur in a version upgrade?
  • Am I being paranoid about server version changes with respect to stability?
Adrian Torrie
  • 253
  • 1
  • 3
  • 11
  • 4
    You're being _way_ overly paranoid. – Michael Hampton Mar 22 '13 at 04:39
  • @MichaelHampton Why? – Adrian Torrie Mar 22 '13 at 04:40
  • 6
    "untested changes have the ability to introduce instability" You know what else introduces instability? Un-patched vulnerabilities and aging/outdated software. :) – EEAA Mar 22 '13 at 04:41
  • If you want to keep the packages you use at a particular version, you'll need to build a stack that has localized or contained builds of those packages. That way the stack always uses its own version of say... Java or some other library, and doesn't rely on what the system has. However... this is hard to maintain, and updates to things like the kernel or drivers may break it. – SpacemanSpiff Mar 22 '13 at 04:41
  • 4
    First, it's not a major upgrade, more like a service pack. Second, if you go down this road, your systems will be running 6.3 ten years from now, about seven years after they should have gotten an _actual_ major upgrade.... – Michael Hampton Mar 22 '13 at 04:47
  • Just upgrade and face any problems before rather than after. – pkhamre Mar 22 '13 at 07:08
  • 1
    Ironically, I just spent an hour this evening fixing a broken CentOS 6.3 box that was broken precisely _because_ someone attempted to prevent the system from being updated. By naively blacklisting `kernel*`, which has a lot of nasty side effects... – Michael Hampton Mar 22 '13 at 08:09
  • Thank you very much all for your comments, you've taught me a lot in just a short space of time. – Adrian Torrie Mar 22 '13 at 23:54
  • 2
    You're not necessarily being overly paranoid. I just lost a day trying to install vendor software that requires specifically 6.3, because `yum update` moved me to 6.4. I blame the vendor, but CentOS is what I can control for now. – Jander Jul 17 '13 at 19:52

3 Answers3

17
yum --releasever=6.3 update

will stick to 6.3 repo.

Ladadadada
  • 25,847
  • 7
  • 57
  • 90
najdan
  • 171
  • 2
14

How do I prevent automatic upgrades from occurring to versions of the server OS when performing yum update?

The upgrade from CentOS 6.3 to CentOS 6.4 is a point release. As the link says

Old point releases are never supported. If you want/need to "freeze" at an old point release you are on your own.

What this means is that if you want to stick at C6.3 then no updates will be provided so what you might as well do is disable all the yum repositories. You can do this by adding enabled=0 (or changing the enabled=1 to 0) to each of the [...] sections of the files in /etc/yum.repos.d.

This is a really bad idea. You're on your own. You don't get bug fixes, backported security fixes and updates etc.; you lose your herd immunity.

Is there a "standard" location on the internet for finding what changes occur in a version upgrade?

You can subscribe to the CentOS Announce mailing list which will provide you with a list of updates. The answer to this question is relevant here too. You can check the Centos release notes pages.

Am I being paranoid about server version changes with respect to stability?

No, like all software systems operating systems have their bugs and vulnerabilities. Just like any other piece of software you should evaluate and test proposed changes in your environment before deploying them to your production systems.

You need to evaluate the risks of 'fixing' your OS version and receiving no updates (which over time leaves you open to increased numbers of vulnerabilities) against the risks of updating via a testing process to ensure that nothing breaks when an update is applied.

Community
  • 1
user9517
  • 114,104
  • 20
  • 206
  • 289
  • 1
    Excellent answer, thank you very much for providing the information on how to freeze, and also clarifying why things should/should not be done. Very clear. – Adrian Torrie Mar 22 '13 at 23:52
  • 1
    -1 from me... You didn't answer his first question directly nor clearly. He didn't ask if he should do it or not and why, he asked how to do it. The next answer is the best one, but yours explain why you should "not" do it. Still, some companies will still want to lock a system to a certain point release even it's a bad idea, so giving a straight answer is always appreciated despite the reason behind the question. – Yanick Girouard Dec 10 '15 at 18:33
  • Thanks for leaving the comment, I wouldn't have noticed otherwise. I'll carry in not caring too if you don't mind. – user9517 Dec 10 '15 at 18:53
  • Down-voting an answer without commenting on why is rude and against the site's code of conduct, which is why I explained. Feel free to care or not, no harm intended. – Yanick Girouard Dec 11 '15 at 14:11
  • None taken. It's not against the code of conduct BTW. There is no requirement to explain a DV only a request that you consider doing so. And this has been CW for a long time so I really wouldn't have known with out the comment. – user9517 Dec 11 '15 at 14:29
6

For CentOS 7.x, the yum --releasever=X update method does not seem to (always) work. This is what I had to do instead:

Stick to version

  1. Check http://vault.centos.org/ for available versions (eg: 7.3.1611)
  2. Edit /etc/yum.repos.d/CentOS-Vault.repo so that it includes a full set of repo definitions for the chosen version (7.3.1611 in our case). You should have 5 repos named [C7.3.1611-X].
  3. Disable all CentOS repos: yum-config-manager -v --disable CentOS\*
  4. Enable the 7.3 repos you added: yum-config-manager --enable C7.3\*
  5. yum update

Obviously this will prevent any security updates.

Unstick

  1. yum-config-manager --disable C7.3*
  2. yum-config-manager --enable base

(YMMV with these instructions depending on what was disabled above)

Akom
  • 271
  • 3
  • 4
  • I would comment instead as that makes more sense, but my "reputation" doesn't allow for it. I agree with the above answer re: CentOS 7.x, but I suspect that the reason that --relasever doesn't work is that most installations use a "mirrorlist", which does not support using a minor version (if you feed it into the mirrorlist URL, you get an error). I was able to use mirrors.centos.org instead of vault.centos.org, however, just so long as I did not try to use a mirrorlist. – Ryan Novosielski Jan 02 '19 at 23:42
  • This is the correct answer for CentOS 7. I recently encountered a pango ABI incompatibility issue so that I need an old version of pango from CentOS 7.4, instead of the current 7.6 version. Enabling CentOS Vault and downgrade from it fixed my issue. – Zhuoyun Wei Jan 18 '19 at 13:34