Exclude modules from update

flatspin · September 27, 2018, 8:05am

Hi friends,

I know that we had some discussions about cherry picking on updates, but I think it needs to revive this subject.

I’m using apps in NC 13 that are not supported by NC 14. Now that NC 14 was released and so automatically is selected in softwarecenter, I’m not abled to update this instance by GUI.
I think some others will have the same situation.

IMO the possibility to exclude single/some modules from update is really needed to prevent broken modules. Especially for NC with it’s apps.
So for now I always have to do yum update --exclude=netsherver-nextcloud,nextcloud to prevent an update of NC.

Not really comfortable and not what softwarecenter is ment for.

Best regards.

robb · September 27, 2018, 10:00am

I do like the approach of excluding modules instead of individual packages. So if you want to exclude nextcloud with your updates, it shouldn’t be too difficult to add a selection box for installed moduels that you want to exclude from updates. I mean, if you can exclude the update through commandline, this should be possible through web-GUI too.

giacomo · September 27, 2018, 11:54am

You can’t exclude groups installation from yum, you can exclude only packages.
And I wouldn’t expose such risky feature in the UI since the package name can be changed from developers bringing to unexpected behavior.
Risky configurations should be always hard to do

Ralf, you can follow this guide: https://access.redhat.com/solutions/10185
In this case, you need to create a template-custom:

mkdir -p /etc/e-smith/templates-custom/etc/yum.conf/
cp /etc/e-smith/templates/etc/yum.conf/10base /etc/e-smith/templates-custom/etc/yum.conf/10base
echo "exclude=<your_package>" >> /etc/e-smith/templates-custom/etc/yum.conf/10base
expand-template /etc/yum.conf

flatspin · September 27, 2018, 1:00pm

Thanks Giacomo for this hint.
My solution was to do a sh-file (update.sh) and execute it on CLI.

Just thinking loud: Isn’t it possible to make a panel for template-custom? There are a lot of customizations which need to do a template-custom, so it would be an enhancement to be able to do this by GUI. This could be used for maintaining bulk import of blaklisted domains, or to execute info commands of nut or for this update purpose and many else.

PS: there’s a little typo in your command:

giacomo · September 27, 2018, 2:03pm

First, everything is dangerous (like template-customs) should always be hide to the normal user. The user shouldn’t be able to break the system from the web interface.
Also, to write a template you need a deep understanding of the system, you need also some perl knowledge. And if you have such skills, you should be able to work with a shell.

But we could create a page to display existing template-custom.

Fixed, thank you!

flatspin · September 27, 2018, 2:25pm

The webadmin should only be accessed by sysadmin, so no “normal user” should be able to access this panel. A sysadmin shuld know what he/she is doing.The risk shouldn’t be to high IMO.
But it’s ok, for me, if devs say no, this is to risky.
I’m just a really lazy guy, so I thought it would be fine for me to have it…
You have to know, I’m working with an about 6 Fingersystem on the keyboard, never learned 10 fingers

flatspin · September 28, 2018, 7:09am

I think that would be fine. I remember that I ran into an update-issue (from 6 to 7), because of an old forgotten template-custom (you helped me out).
OTH I wouldn’t put to much effort in that, as it is not to complicated to check the template-custom on CLI.