[CentOS] Allow updates but not upgrades

Thu May 10 14:06:28 UTC 2012
Alfred von Campe <alfred at von-campe.com>

On May 10, 2012, at 1:36, Gregory Machin wrote:

> I have a requirement where I need machines to only upgrade to even
> numbered sub releases eg: 6.0 , 6.2, 6.4 and only on my approval. But
> will allow updates within a given release.

Others have debated the usefulness of this requirement, so I won't address this here.

> How can I achieve this ?

You can easily achieve this by keeping a local mirror of the CentOS repository.  I have a cron job every night that does something like this (I update the version manually whenever there is a new CentOS point release):

  rsync --archive --delete --partial --stats --verbose \
    --exclude="alpha" --exclude="ia64" --exclude="ppc" --exclude="s390*" \
    $CENTOSRSYNCREPO/6.2 /local/www/html/CentOS

I also have a symlink from (in the current case) 6 to 6.2:

    ls -l /local/www/html/CentOS/
    lrwxrwxrwx  1 root root    3 Dec 23 09:17 6 -> 6.2
    drwxrwxr-x 10  342  342 4096 Dec 21 06:37 6.2

Finally, I modify the yum repo config files to point to my mirror (this is just a small snippet from /etc/yum.repos.d/CentOS-Base.repo):

   [base]
   name=CentOS-$releasever - Base
   #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
   #baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
   baseurl=http://centosmirror.XXX.com/CentOS/$releasever/os/$basearch/

So all my servers and desktops update from my local mirror and I control when I move the symlink to point to the next release.  You can achieve what you want in this way as well.

Alfred