-
Notifications
You must be signed in to change notification settings - Fork 72
Version locking of Foreman packages
Version locking feature is there to protect Foreman installation from breakages caused by unwanted upgrades of the related rpm packages. The feature locks selected packages using yum versionlock plugin.
All packages from Foreman/Satellite repo. The locking tool finds the repo foreman-installer is installed from and selects all packages it contains.
Version locking is implemented in two places. Foreman-maintain do the actual locking and unlocking. Foreman-installer can automatically lock/unlock packages using foreman-maintain during its run. Foreman-installer detects if foreman-maintain has the feature implemented and acts accordingly. Foreman-maintain can detect if the yum versionlock plugin is installed and configured properly and even install it an fix the configuration where needed. Version locking can be used along with custom packages locking in place as foreman-maintain unlocks only the packages it locked.
Automatic version locking can be set with --lock-package-versions option of the installer
$ foreman-installer --lock-package-versions
or by changing the scenario config
:custom:
:lock_package_versions: trueWhen the auto-locking is enabled the installer locks the packages automatically after each installer run and unlock packages on installer invocation. Everything should work transparently. The only case that requires extra action is manual Foreman upgrade without foreman-maintain. In that case
$ foreman-maintain packages unlock
needs to be called prior yum update in order to get the Foreman packages updated.
Automatic locking of versions is disabled by default so no version locking unless it is configured. The feature is going to be enabled by default in Satellite 6.6 (server only, not in capsule)
It is possible to controll the locking of the packages manually e.g. with older installer that lacks the feature. To protect packages run
$ foreman-maintain packages lock
and to enable update of packages use
$ foreman-maintain packages unlock
Please note that installer needs the packes to be unlocked for it to work properly.
To see if the packages are locked currently there is
$ foreman-maintain packages status
Foe easier scripting there is also command foreman-maintain packages is-locked that reflects
the status with the exit code so
foreman-maintain installation is-locked --assumeyes || foreman-maintain installation lock --assumeyesWhen for some reason the automatic locking needs to be disabled it is only necessary to run
$ foreman-installer --no-lock-package-versions
or update the installer config (e.g `/etc/foreman-installer/scenarios.d/katello.yaml') end set
:custom:
:lock_package_versions: false