[Pulp-list] RHEL version lock using Pulp

Kodiak Firesmith kfiresmith at gmail.com
Fri Aug 30 18:18:04 UTC 2019 

If you're using bare pulp, the process is pretty much:
1.  Sync the upstream CDN channels for 7.{minor} to your Pulp mirror
2.  Re-point your clients at those repos rather than the normal 7.latest
repos.


On Fri, Aug 30, 2019 at 2:09 PM Aaron Wyllie <aaron.t.wyllie at gmail.com>
wrote:

> Actually, I am starting to think that my work with Satellite 6 now and
> Pulp then may be crossing wires.  I could have sworn that you could setup
> content views in Pulp and I thought I had but my notes don't seem to show
> that.  So, I guess disregard "Option 1".  Maybe someone else here knows
> better.
>
> I get your point about not using subscription-manager.  It sounds like
> you're just present straight yum repositories.  In that case, just import
> the RHEL 7.4 repositories and make them available on your servers the same
> as you would the standard RHEL 7 repositories.  The end result would be the
> same as using "subscription-manager release --set=7.4".
>
> On Fri, Aug 30, 2019 at 1:23 PM Venkataramana Bora <venkbora at in.ibm.com>
> wrote:
>
>> Hi Aaron , thanks a lot for your quick reply. I'm sorry I did not get
>> your first suggestion . I'm really sorry for this, I did not create that
>> before and could not find any useful info about that on Google search too.
>> Can you please provide me if any useful links or how to steps of this?
>>
>> How to create a content view with a filter to include everything up to
>> the day before RHEL 7.5 was released (2018-04-09)?   Point your servers at
>> that and that's all they'll ever see and have access to; essentially, RHEL
>> 7.4.
>>
>> We are not using subscription-manager and we dont have Satellite servers.
>> We are using only Pulp as a Primary for Patches pulling from Redhat CDN and
>> Pulp Slave to distribute those patches to RHEL serveres , as many of those
>> RHEL servers are behind firewall , not exposed to RHEL.
>> Looks like subscription-manager is mandatory for those servers which
>> require version lock.
>>
>>
>>
>>
>>
>>
>> Sincerely,
>> Venkataramana Bora
>> IBM Visakha Hills
>> Visakhapatnam – 530 045, India
>>
>> [image: Inactive hide details for Aaron Wyllie ---08/30/2019 06:59:34
>> PM---Venkataramana, Trying to control through versionlock is an e]Aaron
>> Wyllie ---08/30/2019 06:59:34 PM---Venkataramana, Trying to control through
>> versionlock is an exercise in futility. Don't do
>>
>> From: Aaron Wyllie <aaron.t.wyllie at gmail.com>
>> To: Venkataramana Bora <venkbora at in.ibm.com>
>> Cc: pulp-list <pulp-list at redhat.com>
>> Date: 08/30/2019 06:59 PM
>> Subject: [EXTERNAL] Re: [Pulp-list] RHEL version lock using Pulp
>> ------------------------------
>>
>>
>>
>> Venkataramana,
>>
>> Trying to control through versionlock is an exercise in futility.  Don't
>> do it.
>>
>> You have a few options here:
>>
>> 1. You could create a content view with a filter to include everything up
>> to the day before RHEL 7.5 was released (2018-04-09).  Point your servers
>> at that and that's all they'll ever see and have access to; essentially,
>> RHEL 7.4.
>> 2. You could import the minor point-release version of the RHEL 7
>> repositories you require.  So, instead of these:
>>
>> rhel-7-server-rpms-x86_64 feed: '
>> *https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/os*
>> <https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/os>'.
>> rhel-7-server-extras-rpms-x86_64 feed: '
>> *https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/extras/os*
>> <https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/extras/os>
>> '
>> rhel-7-server-optional-rpms-x86_64 feed:'
>> *https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/optional/os*
>> <https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/optional/os>
>> '
>>
>> You would import these:
>>
>>  rhel-7-server-rpms-x86_64 feed: '
>> *https://cdn.redhat.com/content/dist/rhel/server/7/7.4/x86_64/os*
>> <https://cdn.redhat.com/content/dist/rhel/server/7/7.4/x86_64/os>'.
>> rhel-7-server-extras-rpms-x86_64 feed: '
>> *https://cdn.redhat.com/content/dist/rhel/server/7/7.4/x86_64/extras/os*
>> <https://cdn.redhat.com/content/dist/rhel/server/7/7.4/x86_64/extras/os>'
>> rhel-7-server-optional-rpms-x86_64 feed:'
>> *https://cdn.redhat.com/content/dist/rhel/server/7/7.4/x86_64/optional/os*
>> <https://cdn.redhat.com/content/dist/rhel/server/7/7.4/x86_64/optional/os>
>> '
>>
>> Once those were imported, you can use the command "subscription-manager
>> release --set=7.4" on the servers you need to pin and that is all they will
>> see.
>>
>> Please note that if you *do not* import the minor-point release
>> repositories and you try to use that, it will fail.  An easy way to see
>> what is available would be:
>>
>> # subscription-manager release --list  <== This will tell you what
>> "releases" are available from your Pulp repositories .. if no minor-point
>> release has been imported for RHEL 7, all you will see is "7Server".
>> # subscription-manager release --set=7.4  <== Set the release version to
>> 7.4.
>> # subscription-manager release --show  <== Confirm that the
>> managed-client is now set to release version 7.4
>>
>> That "should" work for your requirements.
>>
>> Cheers.
>>
>> On Fri, Aug 30, 2019 at 8:39 AM Venkataramana Bora <*venkbora at in.ibm.com*
>> <venkbora at in.ibm.com>> wrote:
>>
>>    Hi Team,
>>    Would like to know, on Pulp servers is there any recent development
>>    that enables RHEL servers to lock down into a specific version (say RHEL
>>    7.4 ) using *cdn.redhat.com* <http://cdn.redhat.com> feed? Right now
>>    we are using below Redhat 7 feeds for our Pulp Primary server. We have a
>>    requirement now where we need to have RHEL7.4 only servers that should not
>>    be updated to latest RHEL7.x but we should have latest RHEL7.4 security
>>    updates every month. Kindly let me know if there is any possibility of
>>    specific version locking using Pulp or not. Thanks a lot in advance !
>>
>>    Pulp_repo rhel-7-server-rpms-x86_64 feed: '
>>    *https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/os*
>>    <https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/os>
>>    '.
>>    pulp_repo rhel-7-server-extras-rpms-x86_64 feed:
>>    *'https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/extras/os'*
>>    <https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/extras/os'>
>>    pulp_repo rhel-7-server-optional-rpms-x86_64 feed:'
>>    *https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/optional/os*
>>    <https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/optional/os>
>>    '
>>
>>    Our Pulp Master and Slave servers are with version 2.16.
>>
>>    Right now on one of RHEL 7.4 servers I tried to Lock version this way
>>    but many packages are updating to 7_5 or 7_6 as shown in screen shot and
>>    Kernel is also updating to latest and taking it as default boot Kernel,
>>    leaving old Kernel intact ,
>>    I mean not removing it. After reboot when I type cat
>>    /etc/redhat-release it still shows RHEL 7.4 but I'm concerned with Packages
>>    and Kernel updating to latest. I like to have only security updates on it.
>>
>>    1.#echo '7.4' > /etc/yum/vars/releasever
>>
>>    2.# yum update-minimal --security
>>    or
>>    3.#yum update --security
>>
>>
>>
>>
>>
>>
>>    Sincerely,
>>    Venkataramana Bora
>>    IBM Visakha Hills
>>    Visakhapatnam – 530 045, India
>>
>>    _______________________________________________
>>    Pulp-list mailing list
>> *Pulp-list at redhat.com* <Pulp-list at redhat.com>
>> *https://www.redhat.com/mailman/listinfo/pulp-list*
>>    <https://www.redhat.com/mailman/listinfo/pulp-list>
>>
>>
>>
>> _______________________________________________
> Pulp-list mailing list
> Pulp-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20190830/69461d7a/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 14677819.gif
Type: image/gif
Size: 592 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20190830/69461d7a/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 14495306.gif
Type: image/gif
Size: 1697 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20190830/69461d7a/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20190830/69461d7a/attachment-0002.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 14246478.gif
Type: image/gif
Size: 30657 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20190830/69461d7a/attachment-0003.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 14897731.gif
Type: image/gif
Size: 24786 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20190830/69461d7a/attachment-0004.gif>

More information about the Pulp-list mailing list