Skip to main content

Package Yum/Dnf Exclude List

Brandon Langley
Updated

Package Yum/Dnf Exclude List

Infrastructure: YUM / DNF / APT Package Exclusion
Platform: RHEL/Rocky 8–10, Ubuntu/Debian 22/24

Overview

When your Linux distribution performs routine package updates (via yum update, dnf upgrade, or apt upgrade), it may automatically upgrade packages that Diskover depends on — such as Elasticsearch, Nginx, PHP, or RabbitMQ. These unplanned upgrades can introduce version incompatibilities, break service configurations, or cause downtime.

To prevent this, Diskover recommends configuring your system's package manager to exclude Diskover-managed packages and its supporting services from automatic updates. This ensures that package upgrades only happen intentionally during a planned Diskover upgrade window.

This guide covers how to configure package exclusion on all supported Linux platforms.

Why This Matters

Diskover's components are installed at specific, tested versions that are known to work together. An unplanned upgrade to any of these packages can cause problems such as:

  • Elasticsearch — A major version jump can change index formats or API behavior, breaking Diskover's search and indexing.

  • PHP — Upgrading PHP without updating Diskover Web's configuration can cause the web UI to fail.

  • Nginx — Configuration directives may change between versions, potentially breaking the reverse proxy setup.

  • RabbitMQ — Version upgrades can require Erlang version changes, which may break the message broker.

  • Kibana — Must stay version-matched with Elasticsearch; an independent upgrade will fail.

  • Diskover packages — The diskover* packages (diskover-web, diskover-admin, diskoverd, diskover-scanner*, diskover-file-action*, diskover-plugin*) should only be upgraded through the official Diskover upgrade process.

By excluding these packages, you maintain full control over when and how upgrades happen.

Packages to Exclude

The following packages should be excluded from automatic updates on all Diskover hosts:

Package Pattern

Component

Why Exclude

nginx*

Nginx web server

Config compatibility with Diskover Web

php*

PHP 8.4 runtime

Diskover Web requires a specific PHP version

diskover*

All Diskover packages

Must be upgraded through the official process

rabbitmq*

RabbitMQ message broker

Erlang/RabbitMQ version coordination required

kibana*

Kibana dashboard

Must match the Elasticsearch version exactly

elasticsearch*

Elasticsearch

Index compatibility and cluster stability

Note: You only need to exclude packages for components that are installed on a given host. For example, a dedicated worker host does not need to exclude nginx* or php*.

Configuration — RHEL / Rocky Linux

DNF (Rocky Linux 8–10, RHEL 8–10)

DNF is the default package manager on Rocky Linux and RHEL 8 and later. To exclude Diskover-managed packages, add an excludepkgs line to /etc/dnf/dnf.conf:

  1. Open the DNF configuration file:

sudo vi /etc/dnf/dnf.conf

  1. Add the following line under the [main] section:

[main]
excludepkgs=nginx* php* diskover* rabbitmq* kibana* elasticsearch*

  1. Save the file. Any future dnf upgrade or dnf update commands will skip these packages automatically.

Tip: If you need to temporarily override the exclusion (for example, during a planned Diskover upgrade), use the --disableexcludes flag:

sudo dnf upgrade --disableexcludes=main

Configuration — Ubuntu / Debian

Ubuntu and Debian use APT as their package manager. The equivalent of a YUM/DNF exclude list is holding packages with apt-mark. Held packages are skipped during apt upgrade.

  1. Hold all Diskover-managed packages:

sudo apt-mark hold nginx php8.4* diskover* rabbitmq-server kibana elasticsearch

  1. Verify the holds are in place:

apt-mark showhold

Expected output:

diskover*
elasticsearch
kibana
nginx
php8.4-cli
php8.4-common
php8.4-fpm
...
rabbitmq-server

  1. Any future apt upgrade commands will skip these packages automatically.

Tip: To remove a hold when you're ready to upgrade a specific package:

sudo apt-mark unhold elasticsearch
sudo apt upgrade elasticsearch
sudo apt-mark hold elasticsearch

Which Hosts Need Exclusions

Not every host requires every exclusion. Configure exclusions based on which components are installed on each host:

Host Role

Packages to Exclude

Elasticsearch

elasticsearch*

Web (Diskover Web, Admin, Nginx)

nginx* php* diskover* kibana*

Worker (Diskoverd, Celery)

diskover*

RabbitMQ

rabbitmq*

Single-host (all components)

nginx* php* diskover* rabbitmq* kibana* elasticsearch*

Verification

After configuring your package exclusions, verify that the protected packages are not offered for upgrade:

DNF (Rocky/RHEL):

dnf check-update | grep -E "nginx|php|diskover|rabbitmq|kibana|elasticsearch"

Expected result: no output (excluded packages should not appear).

APT (Ubuntu/Debian):

apt-mark showhold

Expected result: all Diskover-managed packages listed as held.

Troubleshooting

Issue

Cause

Solution

Excluded packages still appear in check-update

Typo in the exclude line or wrong config file

Verify the exclude line is under [main] in the correct file (/etc/dnf/dnf.conf or /etc/yum.conf)

dnf upgrade upgraded a Diskover package

Exclusion not configured or overridden

Re-check /etc/dnf/dnf.conf and ensure excludepkgs is set; check if --disableexcludes was used

APT hold not working

Package name doesn't match exactly

Use dpkg -l | grep <package> to find the exact installed package name, then hold it

Need to upgrade a single excluded package

Planned upgrade scenario

Use --disableexcludes=main (DNF/YUM) or apt-mark unhold <package> (APT) to temporarily allow the upgrade

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk