Hi All,

This next article in the series discusses how to enable and disable locally available repositories.

Surprisingly, this is actually important to do, since if we were to try patching with the standard local repositories still available, the yum Security utility may not pick up the packages that need patching.

As it turns out, there is a really cool command - installed as part of 'yum-utils', that makes it easy to enable and disable repositories - yum-config-manager.

When enabling and disabling repositories you will need to make sure that the names you use on your systems match those in the scripts you use. Of course, the example scripts here use the names of the local repositories available to them.

These scripts should be used on the servers being patched.

In general, the usage pattern would be :

  • disable-vm-repos.sh (disable the standard OEL repositories)
  • enable-vm-patching-repos.sh (enable the new patching repositories)
  • perform patching work
  • disable-vm-patching-repos.sh (disable the new patching repositories)
  • enable-vm-repos.sh (enable the standard OEL repositories)

The following scripts enable / disable the non patching repositories.

[08:35 AM root@server-to-be-patched /rxr/depot/root/patching]# cat enable-vm-repos.sh
#!/bin/bash

/usr/bin/yum-config-manager -q --enable local-puppetlabs-deps,local-puppetlabs-pc1,local-puppetlabs-products,local-rsyslog-v8-stable,local_ol6_UEKR3_latest,local_ol6_UEK_latest,local_ol6_addons,local_ol6_latest,local-epel


[08:35 AM root@server-to-be-patched /rxr/depot/root/patching]# cat disable-vm-repos.sh
#!/bin/bash

/usr/bin/yum-config-manager -q --disable local-puppetlabs-deps,local-puppetlabs-pc1,local-puppetlabs-products,local-rsyslog-v8-stable,local_ol6_UEKR3_latest,local_ol6_UEK_latest,local_ol6_addons,local_ol6_latest,local-epel,patching_ol6_base

The following scripts enable / disable the patching repositories.

[09:28 AM root@server-to-be-patched /rxr/depot/root/patching]# cat enable-vm-patching-repos.sh
#!/bin/bash

/usr/bin/yum-config-manager -q --enable patching_ol6_UEKR3_latest,patching_ol6_UEK_latest,patching_ol6_addons,patching_ol6_latest


[08:57 AM root@server-to-be-patched /rxr/depot/root/patching]# cat disable-vm-patching-repos.sh
#!/bin/bash

/usr/bin/yum-config-manager -q --disable patching_ol6_UEKR3_latest,patching_ol6_UEK_latest,patching_ol6_addons,patching_ol6_latest

For any undo actions :

If you ever find yourself in the situation where you need to undo that patching, then apart from enabling the patching repositories you'll also need to enable the 'ol6_base' and 'ol6_latest' repositories to support the undo operation.
Without these repositories being available, it's very likely any undo operations will fail (trust me, I know!).

[04:46 PM root@server-to-be-patched /rxr/depot/root/patching]# cat enable-extra-undo-repos.sh
#!/bin/bash

/usr/bin/yum-config-manager -q --enable patching_ol6_base,local_ol6_latest


[04:46 PM root@server-to-be-patched /rxr/depot/root/patching]# cat disable-extra-undo-repos.sh
#!/bin/bash

/usr/bin/yum-config-manager -q --disable patching_ol6_base,local_ol6_latest

The sequence looks like this :

  • disable-vm-repos.sh (disable the standard OEL repositories)
  • enable-vm-patching-repos.sh (enable the new patching repositories)
  • enable-extra-undo-repos.sh (enable the ol6_base and ol6_latest repositories)
  • perform undo of patching work
  • disable-extra-undo-repos.sh (disable the ol6_base and ol6_latest repositories)
  • disable-vm-patching-repos.sh (disable the new patching repositories)
  • enable-vm-repos.sh (enable the standard OEL repositories)

So as you can see, managing the enabling and disabling of the available repositories
is also an important part of the patching process.

In the next article, we're going to examine 'yum-history'.

This is an absolutely vital piece of the patching puzzle, since it allows you to work with yum transactions.

And if you need to back out your patches - or even just get more information on what a patch transaction did, 'yum-history' allows you to do just that.

See the full series on Linux Patching here.