One way to maintain one OS version across your AWS infrastructure is to disable kernel upgrade
Use case Scenario
You’ve a client who is complaining about the OS getting upgraded automatically which is causing the development team alot of issues with versioning of the product. For eg : The instance run on RHEL (RedHat) 6.5 and now are been upgraded to 6.7 which is problem for development team in terms of versioning and development of any website/webapp/product.
Lame solution
Ask your customer to not fire yum commands to ensure kernal packages are not upgraded, but this will limit upgrade or update other packages as well which can be problem in future.
Full proof solution
Configure the Linux machine in a way that the kernel is never upgraded automatically.
Steps to disable kernel upgrades
Step 1 : Look for yum-cron
If you’ve installed yum-cron which will install all updates automatically then I would suggest to make some configuration changes.
Go to /etc/sysconfig/yum-cron.conf
Add the following to the YUM PARAMETER line: YUM_PARAMETER="-x kernel* -x php*"
Step 2 : Exclude kernel or other packages from /etc/yum.conf
To make permanent changes, edit the /etc/yum.conf
file and following entries to it:
[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exclude=kernel* redhat-release* <==== Add this line
Step 3 : Disable kernel upgrade from /boot/grub.conf
Take backup of /boot/grub/grub.conf
$ sudo cp -a /boot/grub/grub.conf /boot/grub/grub.conf.bkp
Edit /boot/grub/grub.conf
and change the line :
“default=0” to “default=1”
You can check OS and kernel version with following commands :
lsb_release -a
rpm -qf /etc/redhat-release
That’s it!
You have a system which will never upgrade automatically and which is compliance friendly.
Social Profiles