Disable Yum auto updating?
Hello,
The apache service associated with my cpanel (version 68.0.36) fell due to a yum update performed last night which updated the easyphp package:
Apr 19 01:16:48 Updated: 1: ea-apr-1.6.3-1.el7.cloudlinux.x86_64
Apr 19 01:16:48 Updated: 1: ea-apr-util-1.6.1-2.el7.cloudlinux.x86_64
Apr 19 01:16:48 Updated: 1: ea-apache24-tools-2.4.33-4.el7.cloudlinux.x86_64
Apr 19 01:16:49 Updated: 2: ea-apache24-config-1.0-128.el7.cloudlinux.noarch
Apr 19 01:16:49 Updated: 1: ea-apache24-mod_proxy_http-2.4.33-4.el7.cloudlinux.x86_64
Apr 19 01:16:49 Updated: 1: ea-apache24-mod_proxy_wstunnel-2.4.33-4.el7.cloudlinux.x86_64
Apr 19 01:16:49 Updated: 1: ea-apache24-mod_proxy-2.4.33-4.el7.cloudlinux.x86_64
Apr 19 01:16:49 Updated: 1: ea-apache24-mod_cgid-2.4.33-4.el7.cloudlinux.x86_64
Apr 19 01:16:50 Updated: 1: ea-apache24-mod_mpm_worker-2.4.33-4.el7.cloudlinux.x86_64
Apr 19 01:18:37 Updated: 1: ea-apache24-2.4.33-4.el7.cloudlinux.x86_64
Apr 19 01:18:37 Updated: 1: ea-apache24-mod_ssl-2.4.33-4.el7.cloudlinux.x86_64
Apr 19 01:18:37 Updated: 1: ea-apache24-mod_mime_magic-2.4.33-4.el7.cloudlinux.x86_64
Apr 19 01:18:37 Updated: 1: ea-apache24-mod_headers-2.4.33-4.el7.cloudlinux.x86_64
Apr 19 01:18:38 Updated: 1: ea-apache24-mod_unique_id-2.4.33-4.el7.cloudlinux.x86_64
Apr 19 01:18:38 Updated: 1: ea-apache24-mod_deflate-2.4.33-4.el7.cloudlinux.x86_64
Apr 19 01:18:38 Updated: 1: ea-apache24-mod_proxy_fcgi-2.4.33-4.el7.cloudlinux.x86_64
Apr 19 01:18:38 Updated: 1: ea-apache24-mod_suexec-2.4.33-4.el7.cloudlinux.x86_64
Apr 19 01:18:38 Updated: 1: ea-apache24-mod_expires-2.4.33-4.el7.cloudlinux.x86_64
I do not want this type of update to happen automatically, because it has stooper the operation of associated servcies.
Do you know how to disable this type of auto update?
In the section "Update Preferences" all the information is in manual.
Best regards
-
Hello, I had a return of the support cpanel, that I communicate to you [quote]My name is Mark and I will be assisting you with your update issues. It appears the issue you are having is relative to a recent bug (CPANEL-19907) where EA4 packages are updated (if available) during the nightly cron cPanel update, even when system updates are set to "manual". Our developers are currently working to correct the issue in a future update of cPanel, however, the current workaround is to set your "Operating System Packages Update" to "Never" instead of "Manual" in WHM >> Update Preferences. When set to "Never", the check_cpanel_rpms script will not update EasyApache 4 packages during the run. Hope this information helps! Please let us know if you have any further questions or concerns regarding this matter. Thank you for your patience. 0 -
Hello, Actually, I believe this issue is a bit different. The issue you're experiencing I believe is related to a CloudLinux issue with mod_ssl this has already been resolved and noted by CloudLinux. Please see the forum post here: cPanel does not currently offer a way to disable the auto-updating that is done through easyapache 4 but the improvement case noted in the response above is also related to this issue in that if you have updates set to manual. If the Improvement case is acted on the updates for EasyApache would not automatically occur if the updates are set to manual. Thank you, 0 -
@cPanelLauren Has this bug (CPANEL-19907) been resolved? According to the docs (Update Preferences - Version 74 Documentation - cPanel Documentation) it appears that with regard to EA4, those RPMs update regardless, via /usr/local/cpanel/scripts/sysup regardless of the tech's comments about the work around in the support ticket quoted above. Can you refer us to a current and complete reference matrix as to which subscripts are called by upcp, and when? That would give a clearer understanding of the control afforded by the Update Preferences page. ---- In regard to all updating (not just EA4), I'm looking for a cPanel recommendation for the settings of auto vs. manual updating and also user input on this... on all three setting options in Home "Server Configuration "Update Preferences: Daily Updates, Operating System Package Updates, and Apache SpamAssassin" Rules Updates. I have been running on the Release tier with all options set to Automatic for the last year and 4 months without a problem, but in preparation to convert to CloudLinux they (CL) recommended: "...the updates [are] automatic by default but I would strongly recommend to switch them to manual way of providing the updates. Sometimes automatic updates could lead to different unexpected behavior. You can run updates at least once a month or if something critical was found." So I'm looking for more input on this... (If this is better suited to the CL forum, you can move it there, but please leave it here as well, because I'm wanting input for both CL and non-CL servers.) -Pete 0 -
Hi @PeteS The case you're referencing CPANEL-19907 was resolved in cPanel V72 per the ChangeLog here: 72 Change Log - Change Logs - cPanel Documentation Can you refer us to a current and complete reference matrix as to which subscripts are called by upcp, and when? That would give a clearer understanding of the control afforded by the Update Preferences page.
I think what you might want is everything maintenance runs which can be found with this:# grep -oP '(?<=^sub )[^_][^ ]+' /scripts/maintenance script sqlite_auto_rebuild_if_needed touch_file_exists file_is_executable populated_touch_file_exists run_action run_actions show_status run process action_vps_optimizer action_update_spamassassin_rules background_freshclam action_update_freshclam action_purge_dead_comet_files action_rpmup action_sysup action_find_and_fix_rpm_issues action_updatesigningkey action_cloudlinux_update action_build_locale_databases action_init_wwwacct_conf action_fixrndc action_ipaliases action_check_cpanel_rpms action_ftpquotacheck action_repair_mailman action_repair_mysql action_purge_modsec action_passwd action_buildexim action_eximstats action_exim_purge_old_tracker_files action_cleanup_signature increment_pbar setupenv setupcrontab clean_user_squirrelmail_attachment_dirs clean_roundcube_attachment_directory check_mysql_version ensure_active_mysql_profile_is_present purge_cpupdate_conf purge_upcp_logs usage
If you want literally every subscript that runs during upcp you can run something likegrep 'Processing command' /var/cpanel/updatelogs/last
I'm looking for a cPanel recommendation for the settings of auto vs. manual updating and also user input on this... on all three setting options in Home "Server Configuration "Update Preferences: Daily Updates, Operating System Package Updates, and Apache SpamAssassin" Rules Updates.
The cPanel recommendation on this is going to always be have everything set to automatic. Based on your needs or configurations you may need another configuration, users may have their own as well. Personally, I set everything to automatic on my servers. Thanks!0 -
I think what you might want is everything maintenance runs which can be found with this:
# grep -oP '(?<=^sub )[^_][^ ]+' /scripts/maintenance ...
I think I asked for more than I wanted. ;) What I really meant was a matrix showing the effect of switching each of the options away from Automatic, to Manual or Never. The V74 seems to disagree with the tech's comments (but maybe that a version specific difference). It looks to me like upcp runs everything, per the following settings... Daily Updates controls cPanel and WHM updates, and nothing more (maintenance scripts always run). Never prevents these updates even if upcp is manually run. OS Package Updates controls whether OS RPMs update (cPanel-provided RPMs always update). Never can be manually overridden by /usr/local/cpanel/scripts/rpmup2. Apparently /usr/local/cpanel/scripts/sysup is called by upcp and will always update EA4 (but not other RPMs if Never is selected). Do I have it correct? If so, the part I am unclear on are the contents of the update groups. There are: cPanel/WHM updates OS updates cPanel-provided RPMs other RPMs EA4 which is treated uniquely Specifically, what are cPanel-provided RPMs, and what are other RPMs? This all may be a mote point if I stay with "full auto" (which is my desire), but I'm still curious. Lastly, once converted to CL, does that change any of the above, or the Automatic recommendation? -Pete0 -
What I really meant was a matrix showing the effect of switching each of the options away from Automatic, to Manual or Never. The V74 seems to disagree with the tech's comments (but maybe that a version specific difference). It looks to me like upcp runs everything, per the following settings... Daily Updates controls cPanel and WHM updates, and nothing more (maintenance scripts always run). Never prevents these updates even if upcp is manually run. OS Package Updates controls whether OS RPMs update (cPanel-provided RPMs always update). Never can be manually overridden but /usr/local/cpanel/scripts/rpmup2. Apparently /usr/local/cpanel/scripts/sysup is called by upcp and will always update EA4 (but not other RPMs if Never is selected).
I feel like the documentation answers this pretty well here: Update Preferences - Version 74 Documentation - cPanel Documentation Automatic - Select Automatic for when you want X to be updated automatically when upcp runs Manual - Select Manual for when you want to manually run upcp and update X Never - Select Never when you don't want X updated when upcp is run (either automatically or manually)cPanel/WHM updates OS updates cPanel-provided RPMs other RPMs EA4 which is treated uniquely
These can be grouped a bit differently to make sense: OS updates + Other (3rd party packages) - updated when yum is run or /usr/local/cpanel/scripts/rpmup2 is run cPanel provided RPMs - updated with cPanel specifically though there is a caveat here - if you run yum update on your server and there are updateable cPanel RPMS they will update as well. EA4 - handled on its own with EasyApache Maintenance updatesSpecifically, what are cPanel-provided RPMs, and what are other RPMs?
cPanel RPM's are prefixed with cPanel and they're anything installed from httpupdate I can't tell you the specific RPM's but you can see them by running something like:rpm -qa |grep cpanel-
Other RPM's are RPM's provided by system or 3rd party repositories like CentOS, EPEL, etc. You can find which repository a package is from using something like repoquery:repoquery -i ea-php72-php-ftp-7.2.10-1.1.4.cpanel.x86_64 Name : ea-php72-php-ftp Version : 7.2.10 Release : 1.1.4.cpanel Architecture: x86_64 Size : 62039 Packager : None Group : Development/Languages URL : http://www.php.net/ Repository : EA4 Summary : A module for PHP applications that need full FTP protocol support Source : ea-php72-php-7.2.10-1.1.4.cpanel.src.rpm Description : The php-ftp package delivers a module which will allow PHP scripts client access to files servers speaking the File Transfer Protocol (FTP) as defined in http://www.faqs.org/rfcs/rfc959. This extension is meant for detailed access to an FTP server providing a wide range of control to the executing script. If you only wish to read from or write to a file on an FTP server, consider using the ftp:// wrapper with the ea-php72-php-filesystem package which provides a simpler and more intuitive interface.
Lastly, once converted to CL, does that change any of the above, or the Automatic recommendation?
It wouldn't change any of the above though you should be aware that CloudLinux has their own packages, including their own for EA4 and may have their own recommendation but as far as I am aware the recommendation for both products separately as well as in conjunction with each other is full automatic. Thanks!0 -
The docs are good, but the grouping info is what I was missing. Thanks for helping me get my head wrapped around this. Hopefully other will benefit from it as well... -Pete 0
Please sign in to leave a comment.
Comments
7 comments