Frequency of Release Tier Updates

nibb

• August 09, 2016 14:21

Some concerns about how updates changed with WHM. In the past cPanel servers had an option to set Automatic, Manual or Never Update releases for the Operating system security updates only. The feature seems to be gone. Now you still have the options both for cPanel and Operating Systems Package Updates, but its either update the whole operating system or nothing. I do not like this. cPanel has no way to know when a server has to be rebooted once updates where applied or what needs to manually be applied on a server that has custom changes. Like with a custom kernel. If you set the Automatic option, it seems WHM will run the regular yum update and update everything. If you set it to manual, it means no security updates. In the past you had the option to set Security Updates to be applied automatically but still leave the Operating System Updates as manual option. This is a serious compromise, so you can't receive security updates automatically anymore unless you update the whole OS every time. There is also something very annoying about cPanel how updates are pushed out now. WHM suggests RELEASE candidate as Recommended and this worked great for years, but lately I notice there is an update every single day. What is this? If I want that, I would set to Current or Edge. It seems every single change cPanel is developing, they are pushing it out daily. I'm seriously considering downgrading to Stable except Stable is like 2 big versions behind. Stable is still on 11.56 and Release is on 11.58 I'm 100% sure this wasn't like this in the past. The new update scheme is new. cPanel was not pushing updates to Release every day. I can understand if those are security bugs, but I don't think so. In the past 2 weeks, it seems every day I logged into WHM there was a new Update Available. Ok, I'm exaggerating, but its maybe every 3 days. This is completely inefficient for production servers. Every WHM updates takes time as it makes dozens of checks. This also slightly increases load for that period and takes a few minutes. Doing this once to apply all the updates at once is far more logic than doing the whole process for every single minor bug change. So unless its a serious bug or security update, I would suggest to consolidate changes into bigger releases instead of making a new release every 5 bug fixes.

• 

  cPanelMichael

  • August 09, 2016 23:19

  Hello @nibb, I'd like to thank you for taking the time to provide us with feedback on the update process and frequency. I've forwarded this thread to our document. The In the past you had the option to set Security Updates to be applied automatically but still leave the Operating System Updates as manual option. This is a serious compromise, so you can't receive security updates automatically anymore unless you update the whole OS every time.
  "Security Package Updates" was renamed to "Operating System Updates" in cPanel version 11.28. However, note that beyond the name change, it still does the same thing, which is to run "yum update" on the system. Have you considered excluding the custom YUM packages or the ones you are concerned about via the "exclude=" line in your system's "/etc/yum.conf" file? This way, you can leave automatic updates enabled, and manually update the packages you don't want updated automatically. I'm happy to help answer any additional questions you have. Thank you.

  0
• 

  cPanelKenneth

  • August 10, 2016 13:14

  One I want to add to what Michael stated: our operating system updates do not touch the kernel. We add an exclusion for the kernel before running "yum update".

  0
• 

  nibb

  • August 11, 2016 06:25

  Thanks for the clarification about the name change in that setting. I will research this further because then its CloudLinux updating the kernels. Since for a few months now, something is updating everything on the cPanel servers. I guess I will also move to the Stable release but that seems like ancient to receive new futures vs the Release channel. The Release channel seems like a Beta now. Updates done in the last days: 2016-08-10 2016-08-09 2016-08-05 Actually that is just the changelog, I'm sure that 58.0.13 was pushed 3 times the same day because I updated that twice and suddenly 5.0.13 was available again. What is the procedure? I can't move because I'm on 58 and Stable seems to be 56. This means I would have to stop updates for a couple of months until Stable reaches me? I think there will be one or more security updates before that date and I will have no choice but to upgrade. You can't downgrade for obvious reasons. I was actually happy with the Release channel for years. This new push an update every 24-48 hours (sometimes even twice a day) seems like new to me and to quickly to keep up. (yes, I actually do read the changelogs before applying updates on every software)

  0
• 

  cPanelMichael

  • August 16, 2016 21:47

  Thanks for the clarification about the name change in that setting. I will research this further because then its CloudLinux updating the kernels. Since for a few months now, something is updating everything on the cPanel servers.

  
  Internal case CPANEL-7967 was recently opened to address an issue where cPanel updates remove all kernel exclusions configured in the /etc/yum.conf file when "Operating System Package Updates" isn't disabled in "WHM Home " Server Configuration " Update Preferences". I'll update this thread with more information on the status of this case as it becomes available. In the meantime, you can temporarily workaround this issue by configuring "Never Update" for "Operating System Package Updates".

  I guess I will also move to the Stable release but that seems like ancient to receive new futures vs the Release channel. The Release channel seems like a Beta now. Updates done in the last days: 2016-08-10 2016-08-09 2016-08-05 Actually that is just the changelog, I'm sure that 58.0.13 was pushed 3 times the same day because I updated that twice and suddenly 5.0.13 was available again.

  
  Our goal is four production releases a year as of 2016. Here's part of the > Update Preferences". Note that cPanel 58 it's tentatively planned for publication to the "Stable" tier within the next couple of weeks, not months.

  I was actually happy with the Release channel for years. This new push an update every 24-48 hours (sometimes even twice a day) seems like new to me and to quickly to keep up. (yes, I actually do read the changelogs before applying updates on every software)

  
  You may find the "Stable" build tier is better suited for your servers now that our goal is four production releases per year. Let us know if you have any additional questions. Thanks!

  0

Please sign in to leave a comment.