Managing DNF/YUM Version Locks on CloudLinux & RHEL-Based Systems: A Complete Guide Print

Overview: Version locking is a critical tool for system administrators to prevent unexpected package upgrades that may lead to compatibility issues or system instability. This article provides a comprehensive guide to listing, adding, deleting, and automating version locks using yum or dnf on CloudLinux, AlmaLinux, CentOS, and RHEL systems.

⚠️ Why Use Version Locking?

• Prevent breaking changes in software updates.

• Maintain known working versions of critical packages (e.g., Apache, PHP, MySQL).

• Delay upgrades until verified patches or compatibility are confirmed.

🔧 How to List Locked Packages

On CloudLinux 7 / CentOS 7:

yum versionlock list

On CloudLinux 8/9 / AlmaLinux 8+ / RHEL 8+:

dnf versionlock list

Expected Output Example:

mysql-community-server-0:8.0.37-1.el8.*
ea-apache24-1:2.4.63-2.el8.cloudlinux.*

➕ How to Add a Version Lock

Syntax:

dnf versionlock add <package-name>-<version-release>.<arch>

Example:

dnf versionlock add ea-apache24-2.4.63-2.el8.cloudlinux.x86_64

Tip: Use rpm -q <package-name> to find the exact version-release string.

❌ How to Remove a Version Lock

Delete specific package lock:

dnf versionlock delete <package-name>

Clear all locks:

dnf versionlock clear

⏰ Automating Unlock with Time-Based Methods

1. One-Time Unlock After 30 Days (Using at)

dnf install at -y
systemctl enable --now atd

echo "dnf versionlock delete ea-apache24" | at now + 30 days

2. Fixed Date Unlock (Using Cron)

0 3 25 8 * dnf versionlock delete ea-apache24

3. Script-Based Conditional Unlock

Create a script to unlock only if a newer verified version is available:

#!/bin/bash
PACKAGE="ea-apache24"
LOCKED_VERSION="2.4.63"
AVAILABLE=$(dnf --showduplicates list $PACKAGE | awk '/available/ && !/Installed/ {print $2}')

if [[ "$AVAILABLE" > "$LOCKED_VERSION" ]]; then
    dnf versionlock delete $PACKAGE
    dnf update -y $PACKAGE
fi

(Schedule via cron weekly or monthly)

🔗 Best Practices:

• Always version-lock critical services before a major system update.

• Keep a log of locked packages for auditing.

• Test newer versions in staging before unlocking.

Conclusion: Version locking offers precise control over package stability, especially in production environments. Whether you're mitigating emergency issues or proactively managing system state, understanding how to use yum or dnf versionlock features effectively can greatly reduce downtime and support incidents.