Steps to disable kernel upgrade on CentOS AWS

One way to maintain one OS version across your AWS infrastructure is to disable kernel upgrade

Use case Scenario

You’ve a client who is complaining about the OS getting upgraded automatically which is causing the development team alot of issues with versioning of the product. For eg : The instance run on RHEL (RedHat) 6.5 and now are been upgraded to 6.7 which is problem for development team in terms of versioning and development of any website/webapp/product.

Lame solution

Ask your customer to not fire yum commands to ensure kernal packages are not upgraded, but this will limit upgrade or update other packages as well which can be problem in future.


Full proof solution

Configure the Linux machine in a way that the kernel is never upgraded automatically.

Steps to disable kernel upgrades

Step 1 : Look for yum-cron

If you’ve installed yum-cron which will install all updates automatically then I would suggest to make some configuration changes.

Go to /etc/sysconfig/yum-cron.conf

Add the following to the YUM PARAMETER line: YUM_PARAMETER="-x kernel* -x php*"

Step 2 : Exclude kernel or other packages from /etc/yum.conf

To make permanent changes, edit the /etc/yum.conf file and following entries to it:

[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exclude=kernel* redhat-release*                           <==== Add this line

Step 3 :  Disable kernel upgrade from /boot/grub.conf

Take backup of /boot/grub/grub.conf

$ sudo cp -a /boot/grub/grub.conf /boot/grub/grub.conf.bkp

Edit /boot/grub/grub.conf and change the line :

“default=0” to “default=1”

You can check OS and kernel version with following commands :

lsb_release -a
rpm -qf /etc/redhat-release

That’s it!

You have a system which will never upgrade automatically and which is compliance friendly.