Feature Overview

AAP is currently designed to be updated by running the setup playbook. The current recommendation for patching ( https://access.redhat.com/solutions/4566711 ) is to exclude a very long list of packages from yum update in order to prevent AAP from being accidentally updated without running the playbook.

Cu is finding this process very complicated and requires changes to our standardized patching procedure. The packages to exclude aren't just limited to the AAP repository, but also include several packages from the AppStream repository.

Solutions can be tried

There are two ways AAP could be changed to facilitate this: -

• The AAP repository should include all necessary dependencies with the proper version. That way, the other repositories could be kept up to date by simply keeping the AAP repository disabled.
• AAP should be designed in a way that the setup playbook is not required to update it. A simple yum update should be sufficient to update a node.
• There could be something known as "yum protector" feature applied in AAP. https://access.redhat.com/solutions/98873

(Optional) Use Cases

The current way requires changes to cu company-wide patching process. Since the list of packages is different for each version of AAP and RHEL, cu suspect it will require even more changes in future versions.

Case: https://access.redhat.com/support/cases/03297138