How to tie a system to a specific update of Red Hat Enterprise Linux?

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 9
  • Red Hat Subscription Manager (RHSM)
  • Red Hat Satellite 6.x

Issue

  • Red Hat Network Classic provided Extended Update Support (EUS) subscriptions to set the preferred minor version of the registered system, but this same feature isn't visible in Red Hat Subscription Manager
  • How do I tie a system to a specific update in Red Hat Subscription Manager?
  • How do I tie a system to a specific update or minor release with Red Hat Network (RHN) Classic?
  • How do I prevent yum from updating or upgrading the minor release or kernel?
  • How to prevent system upgrade to the latest release from yum update ?
  • How to limit updates or upgrades to only security packages?
  • Executing subscription-manager release --set=6Server command outputs:
No releases match '6Server'.  Consult 'release --list' for a full listing

Resolution

IMPORTANT
It is important to understand that updates to non-current or older minor releases will not include all Security and Bug errata. Please refer to theRHEL Life Cycle documentation and the Extended Update Support (EUS) Add-On for further details.

IMPORTANT
It should be noted, that updating a system without a release lock, and then applying a release lock later, will result in dependency errors, if the version that is release locked to is lower than the most recent minor release for the version of RHEL currently installed on your system. For this reason it is only advised to run yum installations and updates only after the release lock has been applied.

It is only recommended to restrict the minor release update for minor releases still covered under the EUS program with the EUS repository channels enabled by a valid EUS subscription.

If changing release versions, ensure that yum's cache is cleared out with the following command (NOTE: the typical yum clean all command will not properly clear the cache in this instance).

RHEL 7:
# rm -rf /var/cache/yum

RHEL 8:
# rm -rf /var/cache/dnf

To only allow security updates, follow the guide Is it possible to limit yum so that it lists or installs only security updates?

~~~
# cdn-sync -c rhel-x86_64-server-6.6.z
~~~

- To lock the minor version in Red Hat Subscription Manager (RHSM) / Satellite6.x

- Pre-configuration when using EUS repositories enabled by EUS Subscription

For clients managed by Satellite6.x, EUS repositories should be synced with Satellite6.x.

  • Confirm Pool IDs of RHEL Subscription and EUS Subscription, and attach it.

    # subscription-manager list --available
Subscription Name: Extended Update Support
...

# subscription-manager attach --pool= Pool ID of EUS Subscription
Successfully attached a subscription for: Extended Update Support

# subscription-manager attach --pool= Pool ID of RHEL Subscription

  • Disable standard repositories and enable EUS repositories.

    # subscription-manager repos --disable=rhel-8-for-x86_64-baseos-rpms --disable=rhel-8-for-x86_64-appstream-rpms
# subscription-manager repos --enable=rhel-8-for-x86_64-baseos-eus-rpms --enable=rhel-8-for-x86_64-appstream-eus-rpms
# subscription-manager repos --list-enabled

Repo ID:   rhel-8-for-x86_64-baseos-eus-rpms
Repo Name: Red Hat Enterprise Linux 8 for x86_64 - BaseOS - Extended Update Support (RPMs)
Repo URL:  https://cdn.redhat.com/content/eus/rhel8/$releasever/x86_64/baseos/os
Enabled:   1

Repo ID:   rhel-8-for-x86_64-appstream-eus-rpms
Repo Name: Red Hat Enterprise Linux 8 for x86_64 - AppStream - Extended Update Support (RPMs)
Repo URL:  https://cdn.redhat.com/content/eus/rhel8/$releasever/x86_64/appstream/os
Enabled:   1
- Common Settings with/without EUS Entitlement
Temporary Setting

Use the --releasever=X.Y option with yum to override the major.minor release versions, where X is the major release and Y is the minor release. Since it is not persistent, this option would need to be repeated for later executions of yum.

# yum clean all
# yum --releasever=8.6 update
Permanent Setting

  • Use subscription-manager's "release" command to set the preferred minor version persistently, for example:

  • NOTE: For Satellite 6, if you would like to lock the RHEL minor version, you need to enable and sync the specific repository. For example, in order to lock the minor version to RHEL 7.8, enable and sync Red Hat Enterprise Linux 7 Server RPMs x86_64 7.8 repository from the Satellite webui.

    • To determine which releases are available:

      # subscription-manager release --list

    • To set a release:

      # subscription-manager release --set=8.6
# yum clean all

# subscription-manager repos --list-enabled
Repo ID:   rhel-8-for-x86_64-appstream-eus-rpms
Repo Name: Red Hat Enterprise Linux 8 for x86_64 - AppStream - Extended Update Support (RPMs)
Repo URL:  https://cdn.redhat.com/content/eus/rhel8/8.6/x86_64/appstream/os
Enabled:   1

Repo ID:   rhel-8-for-x86_64-baseos-eus-rpms
Repo Name: Red Hat Enterprise Linux 8 for x86_64 - BaseOS - Extended Update Support (RPMs)
Repo URL:  https://cdn.redhat.com/content/eus/rhel8/8.6/x86_64/baseos/os
Enabled:   1

    • To determine which releases system is set to:

      # subscription-manager release --show

    • To unset a specific release:

      # subscription-manager release --unset
# yum clean all
# subscription-manager repos

Repo ID:   rhel-8-for-x86_64-appstream-eus-rpms
Repo Name: Red Hat Enterprise Linux 8 for x86_64 - AppStream - Extended Update Support (RPMs)
Repo URL:  https://cdn.redhat.com/content/eus/rhel8/$releasever/x86_64/appstream/os
Enabled:   1

Repo ID:   rhel-8-for-x86_64-baseos-eus-rpms
Repo Name: Red Hat Enterprise Linux 8 for x86_64 - BaseOS - Extended Update Support (RPMs)
Repo URL:  https://cdn.redhat.com/content/eus/rhel8/$releasever/x86_64/baseos/os
Enabled:   1

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

14 Comments

Log in to comment
MW Newbie 12 points
26 March 2019 3:49 PM

What about RHEL 7?

RR Red Hat Newbie
17 April 2019 2:43 AM

Hi Michael, The above procedure is applicable to RHEL 7 too. RHEL 6 is simply an example used for demonstration purposes.

KK Newbie 7 points
6 April 2021 12:04 AM

Hi, listed steps belong to Server side. I have a group of 120 servers running 7.4 and I need to lock them on 7.8. Is there a way to do it from the Satellite ??? (for example you can lock by release date or version). For example, any restriction I could put inside the content view ??

Felipe Aranda's picture Community Member 90 points
30 April 2021 5:18 PM

Hi, yes, it is possible using Satellite. Take a look at the steps outlined in this kb:

How modify the release version of content hosts under a host collection in Red Hat Satellite 6 https://access.redhat.com/solutions/3485931

BG Community Member 99 points
19 July 2019 6:17 AM

What is the meaning of pinning to 7Server? Pinning to 7.5 or 7.6 is obvious. But in my understanding, 7Server is the latest and the same as not pinning at all. Or am I wrong? Since there is a EUS repository for 7Server, I probably am.

Bram Mertens's picture Active Contributor 261 points
28 August 2019 8:54 AM

To limit the output of the subscription-manager repos command add the --list-enabled option.

AL Community Member 57 points
19 May 2021 2:02 PM

Hello, is it possible to tie a ubi8/ubi container to a certain minor version?

TH Red Hat Active Contributor 290 points
19 May 2021 2:57 PM

Note that UBI containers are only supported and updated on the current / latest minor release. For example, after the release of Red Hat Enterprise Linux 8.4, container images with tag 8.3 will not receive any further updates. All future updates will be based on 8.4.

AL Community Member 57 points
20 May 2021 5:36 AM

Hello Tomas, Thank's for answering, but in the end a ubi8/ubi container will use whatever repository i present to it. And i hope this is legal, as long my host has also the EUS subscription. But it is impossible to create the repository mirror itselve for an EUS repository. Which I had intended

DN Pro 717 points
29 May 2022 5:14 AM

How can you see which point release is set (pinned) using subscription-manager?

We have a crapplication from a major vendor which demands a specific point release. To prevent our Ansible-based SOE continually executing the task to set affected systems to a specific release, we'd been running:

# subscription-manager release --show

as suggested above to check before setting a release.

I just reviewed the code and realised that this commands only returns '8' (for RHEL 8.4), not '8.4' as we'd expected. This strikes me as a bug. If all the other subscription-manager commands return a specific release and sub-release version why doesn't the --show argument have the same level of detail?

Reproduce this by running:

subscription-manager release --set=8.5
subscription-manager release --show
DN Pro 717 points
29 May 2022 5:31 AM

To resolve my own problem - it turns out that the Ansible tasks we'd written weren't correctly pinning to a specific sub-release. Once I did that the show command now returns '8.5' (for the example above)

RM Newbie 5 points
25 May 2023 7:12 PM

I followed the steps and can check and see I have my server set to 8.7... it still upgraded to 8.8 sigh

JP Red Hat Active Contributor 166 points
28 June 2023 8:49 AM

Could the resolution be updated to show something like $( uname -m ) instead of static x86_64 in that repos handling section, to make it work on non-x86_64 architectures as well?

JM Newbie 5 points
10 August 2023 2:12 PM

@Everyone, what about if I'm using something like SUSE MANAGER to patch RHEL, if I patch via the SUMA console and let's say the server is hat RHEL 8.5, I just want it to patch, but not take it to RHEL 8.8. Is there a way to lock it at 8.5 without using "subscription-manager"?

Thanks,

Joe