You can use exclude list to exclude all kernel patches, it supprots wildcards Check VPC documentation for more details.
The exclude list is provided as an input to the yum utility.
I will recommed that you create and use a Global exclude file fucntionality which will make sure that the kernel patches are excluded for all usual job runs. This will avoid accidental upgrade of kernel
Thanks Rohit for the input. Looking for some more detail info on this.
1. where to get the VPC document. i am using RedhatRepositoryManager.sh utility, is it all the same with VPC?
2. I need use the yum utility once I complete the patch download. Do I need to pass the exclude list at that time?
TheRedhatRepositoryManager.sh utility is meant to download the patches. You can download all the patches without having to worry about excluding the kernl patches.
I beleive you will have to install VPC (Vendor Patch content) for using the patch functionality.
YOu should be able to download it and the documentation from the Support site using your support credentials.
The VPC installer creates jobs that have parameters to do patch analayis and deployment.
The global exlclude file lives om teh appserver where VPC Is installed.
Do have VPC Installed ?
I am not sure if we have VPC installed but my feeling is it is not (how to check?)
So it means without VPC we can not go ahead to identify which are the kernel patches and which are security patch?
What is the use case here you are trying to address here ?
VPC lets you:
- do patch analysis - it will run against a set of servers to find out which all patches are missing on which all servers
- it creates deploy jobs which can be used to install missing patches obtained from such a patch analysis.
- you can control which patches to install and use deploy job capabilities.
What do you want to do ?
All kernelpatches in Linux will start by the name kernel*.
The redhat levels don't really mean anything. if you take a rhel 5.1 box and install all the current patches except the kernel patches does that make it rhel 5.6? or what if you just patch the kernel and nothing else - does that make it 5.6 ? redhat does not work like suse with regards to the levels. redhat is on more of a continuous release cycle - when you apply patches, those are always the current patches for that major release of rhel. imo the minor release number means nothing.
so i think you want to just exclude the kernel patches.