Does DNSonly server update the kernel automatically?
Today I checked the kernel versions on my two DNS servers and found they were both quite out of date! (One on 4.old... and the other 3.1.really-old...! This is odd since they were created at the same time.) After running yum update and a reboot they on are now on the same kernel as my web servers.
They don't have Security Advisor (why not?), so whenever my web servers require a reboot due to updates I also reboot DNSonly servers (figuring they might also need it).
I ugess I assumed wrongly that they update as web servers do so I'd like a complete run down on this.
Do DNSonly servers not run a nightly update like web servers?
What updates are automated, and what needs to be manually done on DNSonly servers?
-Pete
-
I am aware that by default cPanel doesn't update the kernel (unless you enable it in Tweak Settings). Security Advisor will flag new kernels and out of date software (needing a reboot). Manually updating from CLI on any server is easy enough too.
But DNSonly servers do not have Security Advisor, nor Tweak Settings. I'm guessing it does system packages along with cPanel/WHM (but with the kernel option off), but I am not sure. WHM only has the Upgrade to Latest Version menu item, and not System Update nor Update Server Software.
So I'm asking what (if anything) does cPanel update automatically? I'm looking for documentation on what (exactly) needs to be manually updated specific on DNSonly servers.
0 -
Yes, the update system is the same on DNSOnly machines as it is on normal cPanel servers. Do you see anything custom in /etc/cpupdate.conf?
0 -
Thanks, cPRex
Nope.
# cat cpupdate.conf
CPANEL=release
RPMUP=daily
SARULESUP=daily
STAGING_DIR=/usr/local/cpanel
UPDATES=dailyQ1: So from this can I conclude that upcp will perform all the tasks of: Upgrade to Latest Version, System Update, and Update Server Software (cPanel, OS, and packages), *except* kernel updates, correct?
Q2: All my servers run the same OS so I wait for Security Adviser to notify me of a needed update/reboot and perform that on DNSonly servers as well. Sometimes it wouldn't be needed because DNSonly doesn't have certain software installed, but no harm.
Is this "the way?" (Wouldn't it be nice if DNSonly also had Security Advisor? But, I know, it's free... ;) )
Q3: Is there a way to automate kernel updates on DNSonly? I assume yes, but it doesn't have Tweak Settings, so it would need to be in a config file somewhere.
Q4: Lastly, I've noticed the update kernel checkbox now defaults to checked on standard servers on the OS manual update page. That's new, isn't it? (This is w/o the Tweak Settings option being enabled.) Also, unless I'm mistaken, Security Advisor now alerts of a new kernel and gives us the option to reboot into it (without yum update on the CLI first), right?
Do these things represent a change in the recommendation? Just wondering - I still do kernel updates manually, so I'm there just in case.
-Pete
0 -
A1 - Yes, it looks like that's the case. We only perform the kernel download and then notify the user through the Security Advisor system, but that doesn't happen on DNSOnly. Here's the portion of /scripts/rpmup showing this:
# The $syspkgs object will have already notified about the error.
# We do not die on failure in case _check_and_set_system_exclude_rules needs to
# change the kernel exclude back below
my $syspkgs_update_success = $syspkgs->update();
if ( !$syspkgs_update_success ) {
require Cpanel::Notify;
Cpanel::Notify::notification_class(
'class' => 'update_packages::UpdateFailed',
'application' => 'update_packages::UpdateFailed',
'constructor_args' => []
);
}
Cpanel::ServerTasks::schedule_task( ['SystemTasks'], 5, "recache_system_reboot_data" );
return $syspkgs_update_success ? 0 : 1;A2 - I think the above covers Q2 as well, but let me know if that isn't clear.
A3 - Not through WHM directly
A4 - I don't *think* this is a new change.
1 -
Those "tweak" settings are in file:
/var/cpanel/cpanel.configIf you change something you should use WHM API.
For example if you want that cPanel/WHM upgrades kernel automatically run this in DNSONLY server command line (as root):
whmapi1 set_tweaksetting key='rpmup_allow_kernel' value=11
Please sign in to leave a comment.
Comments
7 comments