Patching 7.5 hosts

Latest response

How can I stay on RHEL 7.5 while applying patches ( There is 7.6 version already on the repo and I do not want to upgrade to 7.6 )? I am looking for the best practice here. Any suggestions?

I have following repo enabled for patching RHEL 7 machines.

Red Hat Enterprise Linux 7 Server RPMs x86_64 7Server


Hi Shisheer,

You may set release version lock by using 'subscription-manager' command which would limit updates to only the specified release. You could check out this thread where such similar issue was discussed

I hope this helps.

I think the specific post with the answer (by Sadashiva Murthy (nice find)) is on "22 September 2017 8:05 AM"

RJ, I'm new to the Ansible and would like to use it to patch my servers on a scheduled date each month. I checked with RH about support for this and their answer is even though we have Satellite they don't support Ansible updates without Ansible Engine Subscription. Do you have any insight if an automated monthly "yum update" in a playbook. I can do single packages but not an full update. thanks.

Check this out. This might help.

Hello Sadashiva, Not sure if this works in my case because I am seeing the following while running 'subscription-manager release --list'. I do not see 7.5 as available options.

subscription-manager release --list

+-------------------------------------------+ Available Releases +-------------------------------------------+ 7Server

Hi Shisheer,

Yes, when I run 'subscription-manager release --list' this is what I see on my system:

[root@osp2 ~]# subscription-manager release --list
          Available Releases

Please run "subscription-manager refresh" and then run "subscription-manager list" and check what it shows. You may post the results here as well.

Hi Sadashiva, I ran the 'subscription-manager' refresh and ran 'subscription-manager release --list' and here is the output. However, I still see 7Server instead of 7.5. Is there another way to patch 7.5 updates only not upgrading to 7.6? I do have RHEL 7.5 repo on my repository list. May be I should just sync that and apply patches from it.

subscription-manager list +-------------------------------------------+ Installed Product Status +-------------------------------------------+ Product Name: Red Hat Enterprise Linux Server Product ID: ** Version: 7.5 Arch: x86_64 Status: Subscribed Status Details:

subscription-manager release --list +-------------------------------------------+ Available Releases +-------------------------------------------+ 7Server

That looks to me that it is set to "7.5". You may try running "yum update redhat-release-server" command and check if that tries to update it to 7.6 or just stays at 7.5 only, but don't update it. If this tries to pull out 7.6 package then you may need to run the command "subscription-manager release --set=7.5" first and then run "yum clean all", after which you may try to run "yum update redhat-release-server" and verify.

I got it working. However, I had to sync the RHEL 7.5 repo, publish/promote the repo and run 'yum --releasever=7.5 update' and it worked. It just applied the patches related to 7.5 and didn't try to upgrade to 7.6. Hope this helps to anyone having the same concerns.Thanks.

Nice that you got it working. Yes, that way you could temporarily set the release version, however, to set it permanently you would need to set using "subscription-manager" command