In our infrastrcture, we have servers installed and managed by puppet. All our software is then installed from rpm. On each server is a small script that performs yum update if there is some change in the repository.
What I need to achieve is to perform automatic downgrade as well, so the package installed on all servers is the same as latest in the repository. We would like to perform rollbacks this way. So developers have some simple (web is a must) interface to move package live/remove package (perform rollback/downgrade).
I know debian supports this feature via priorities (or some speicific apt magick - I am not sure now, it's been a while when I configured that last time).
Is it possible to manage yum to perform this way?
It sounds like you need a local repository mirror where you can control the versions - perhaps with different environments for staging, production, etc.
Ideally, you'd have a server with an internet connection and an internal network connection. It would run a webserver on the internal network, perhaps with different paths for different environments:
...et cetera. You could then carefully manage package updates, and all the servers on the internal network can simply do a
yum updateto stay in-step. By using environments in puppet you could automatically configure each server to use this as it's only yum repo, and prevent them going to the internet for more packages (even if they did have an internet connection).Would that work?
as you are using puppets, and yum, you might think about pining the package to specific release, that would satisfy the case of downgrades, one way to do it is to create a list of packages from nodes representative for your configuration and compare the list against packages in the repos. or use the forgebase module https://forge.puppetlabs.com/ryanuber/packagelist. for package repo managment if you do not need foreman/katello as was advised above, i would recommend looking at mrepo, reposync, and best of all Pulp