Hello,
On systems where a package is locked to a certain version using yum-versionlock, how BigFix is supposed to handle this situation?
I came across some systems where the kernel was updated because the baseline contained security updates for the kernel package(s), however this package(s) (kernel-*) is locked via yum-versionlock.
Is there a way for BigFix to honor this?
Thank you.
H.
I dont think bigfix can tackle that. you might have create some script to handle those yum lock situation.
The following action Bash script works on Linux:
yum -y install yum-plugin-versionlock
yum versionlock <Package(s)>
if [ $? -eq 0 ]
then
<command(s) to be done like: yum -y update>
exit 0
else
exit 1
fi
1 - It makes sure that version lock is installed
2 - It makes sure that the package(s) to be locked are
3 - if the lock fails, update will not take place and provides an error exit
4 - Post actions will not take place if error exit occurs
5 - If lock succeeds Command(s) executed with a successful exit
6 - if 5, any post actions listed will be done.
Further, if you wanted a reboot no matter of success or failure, then you can force an exit 0.
However, if a BASELINE is used, then everything seems to be out the window.
Have not tested if BigFix will apply package updates if yum is configured to not update a package.