Why your repositories easily become a “dumping ground”?
When CentOS 8 reached End of Life (EOL) unexpectedly, I had to migrate 5 production servers to CentOS Stream 9 in just one week. The most valuable lesson I learned was: if you loosen repository management, the system will soon turn into an inescapable mess.
A familiar scenario: You use the default BaseOS, but install EPEL for countless tools, or Remi for the latest PHP 8.2. With just one careless dnf update, a critical system package (like openssl or libxml2) could be overwritten by an incompatible version from a third-party repo. The result? Services crash immediately.
DNF Priorities is the savior. It allows us to assign priority levels to each software source, ensuring core OS packages remain strictly protected.
Three Methods for Conflict Management: Which is the Optimal Choice?
Before running any commands, let’s weigh the management methods to see why DNF Priorities is trusted by experts.
1. Manually Enabling/Disabling Repos (–enablerepo)
You disable all foreign repos and only enable them when needed to install a specific package.
- Pros: Absolute on-the-spot control.
- Cons: Extremely labor-intensive for managing 10-20 servers. This method also makes automated update scripts useless.
2. Using the exclude Directive in Configuration Files
Declare exclude=package_name directly in the .repo file to ban specific packages from a source.
- Pros: Blocks targets precisely.
- Cons: Difficult to maintain long-term. When the blocklist grows to dozens of packages, your configuration file will look like tech debt.
3. Configuring DNF Priorities (Recommended by Experts)
Assign each repo a number from 1 to 99. The lower the number, the higher the priority.
- Pros: Fully automated and enterprise-standard.
- Cons: Requires logical thinking about priority order from the start to avoid update bottlenecks.
Implementing DNF Priorities on CentOS Stream 9
In CentOS Stream 9, DNF has this feature built-in. However, you should proactively check the supporting plugins.
Step 1: Install Core Plugins
Run the following command to ensure the system has all management tools:
sudo dnf install dnf-plugins-core -yStep 2: Assign Priority Levels Wisely
The priority=N parameter works on a simple principle: 1 is the highest, 99 is the lowest. To avoid re-editing later, I usually apply a spacing formula like this:
- Levels 1-5: Reserved for BaseOS, AppStream (The untouchables).
- Levels 10-20: Reputable community repos like EPEL (with over 15,000 packages).
- Levels 50+: Third-party repos or internal custom software repositories.
Step 3: Configure System Repositories
We will modify files in /etc/yum.repos.d/. Let’s start with the main repo:
sudo vi /etc/yum.repos.d/centos.repoAdd the line priority=1 to the end of each [baseos] and [appstream] section:
[baseos]
name=CentOS Stream $releasever - BaseOS
# ...
enabled=1
priority=1
[appstream]
name=CentOS Stream $releasever - AppStream
# ...
enabled=1
priority=1Step 4: Set up EPEL
For EPEL, set a lower priority (e.g., 10). This prevents EPEL from overwriting packages with the same name but higher stability found in AppStream.
sudo vi /etc/yum.repos.d/epel.repo[epel]
name=Extra Packages for Enterprise Linux $releasever
enabled=1
priority=10Step 5: Verify the Results
To ensure DNF has “applied the rules,” clear the cache and check the list:
sudo dnf clean all
sudo dnf repolist --with-prioritiesIf the Priority column shows the numbers you just entered, you’ve succeeded.
Practical Tip: Never Set Everything to 1
In my early days with CentOS Stream 9, I made the mistake of setting every repo to priority=1. The result was DNF “freezing” due to conflicts between two repos with equal authority.
Golden Rule: Always leave gaps between priority levels (e.g., 1, 10, 20). If you need to insert a new repo in between later, you won’t have to overhaul the entire system.
If you truly need to install a Beta version from a low-priority repo, use a temporary command to disable the plugin instead of modifying the config:
sudo dnf install package_name --disableplugin=prioritiesMastering repositories not only keeps your server running smoothly but also lets you sleep soundly when the system auto-updates. Happy and confident sysadmining!
