When you're running production servers, the one thing you don't want to do is upgrade the kernel every time a new update comes out. Why? Because that's the only Linux update operation that requires a reboot once it's done—and in a production environment you often can't have downtime.

The Scenario

So you finally have your rpm based server set, stable and secure.  Life is good and you don't figure you have to do anything else for some time.

Then, for some reason, you run at the command line as root:

#yum -y -d0 update

Which just happens to supply an affirmative answer to all prompts for the yum command. Which also happens to run as quietly as possible. And which happens this time to include an update to the kernel packages.

And now things are not working correctly.  How could you have prevented this?

Although you obviously and desperately need a vacation now, you should revisit your system update schedule, your documentation (which, of course, is meticulous, current and readily available) and especially the configuration files that control yum.

But first, why wouldn't you want to update the kernel?

  1. Things sometimes break.  An update might make modules or drivers incompatible so devices such as a wireless card are no longer functional.
  2. Maintain versions across server populations.  This would certainly apply if you have a mix of different server distributions along with some home built boxes.
  3. Compiled the kernel manually, thus bypassing the automatic configuration supplied by yum
  4. You are horribly proud of your uptime so performing a reboot to activate the  new kernel would not be in your best interest.  So if you never reboot, there is never a need to update it.

Why would you want to update the kernel?

  1. Primarily - security.  Kernels have holes just like applications and, if not patched, can provide opportunities for the compromising of the system by the bad guys.
  2. Especially if you are not using a 3rd party repository, to keep your version as up to date as possible.  Major distros release patches to all of their included code including the kernel and strive to test it before release to ensure stability.  To not update is to lag behind which might make things more difficult when performing an upgrade to a major version release.
  3. Taking advantage of a new feature (or to fix a previously broken one) would make you possibly more amenable to a kernel update.

To update the kernel just do what you did above.  Or, better, eliminate the  command line switches so you have some control over the update process and can see what is happening.  Run:

#yum update

and follow the prompts.

Preventing Yum from Updating the Kernel

However, if you don't ever want to just blindly have the kernel updated, you can add the following to your /etc/yum.conf file:

exclude=kernel*

Or, if you insist on using a vanilla configuration file and control everything via the CLI, use

#yum --exclude=kernel* update

Both of these methods will eliminate the kernel from being updated or even included in the potential update listing.