Updates, DA and Yum?

Updating a kernel is a dangerous thing, though a lot less dangerous than it used to be when we had to compile our own.

Just about every automated update system I've ever seen excludes kernel updates by default.

Before a kernel update takes effect the system must be rebooted.

Here's what I don't know:

1) Does using yum to update kernels do an update, or just add the new kernel (just adding the new kernel is a lot safer)?

2) Does using yum update your lilo/grub so the new kernel will be selected on your next reboot (a must if the old kernel is replaced by the new)?

3) Does yum automatically reboot the server after it does the update (it shouldn't, because you don't have any control over when this could happen, but if it doesn't then the new kernel doesn't take effect until the system is rebooted)?

All of this becomes quite important if your server requires any special drivers (for example for ethernet or hard drives) that may not be supported without a custom module.

Jeff
 
I actually did a kernel update with Yum before installing DirectAdmin, so these questions are fresh in my memory. This was with centos 3.

Yum installs the new kernel and updated the bootloader (I am using GRUB). It did not reboot the server. It left the old kernel as a boot choice in the bootloader. It set the new kernel as the default choice. It actually worked very smoothly.

I noticed that the default yum.conf does not exclude kernel updates, but does list them as install only (so they are not treated as an update).
 
All very good to know.

Will you be so kind as to document exactly what you did to update and install the kernel?

And please if you would document any changes you made to the "install-only" setting.

I want to try it on a test-server I have here before I actually try it at remotely.

Presuming everything works, I can write the HowTo.

Thanks!

Jeff
 
As I recall, I really didn't do anyting special. Here is a rundown:

- installed CentOS
- did a "yum check-update"
This step is not needed, but I like to see what yum is going to update before I do the actual update.
- did a "yum update"
This actually installs all the updated packages.

The next time I rebooted the new kernel choice was the default. The way yum is installed by default, the kernel updates are not excluded. Because kernels are listed as install only, they are added, and don't replace the previous kernel.
 
On my CentOS and WBEL installs yum doesn't work at all unless I download and install the GPG Key.

Did you neglect to tell us that?

Or did you get it working some other way?

Jeff
 
Another good option to use, and by far the safest route, is to use "yum --download-only update". This downloads all of the updated rpms into the relevant folders inside of /var/cache/yum/ and then you install them manually. That way nothing gets updated or installed that you didn't mean to be installed.
 
Yes, but that way you can't automate it.

If you set up the exclusion list you shouldn't have problems; we've been using automated updates for several years.

Jeff
 
I still have yet to get yum working for some reason. Doing rpm --import for the key gives me "warning: cannot get exclusive lock on /var/lib/rpm/Packages"
 
I found this using Google; it's from a Red Hat list:

> Unsigned warning: cannot get shared lock on /var/lib/rpm/Packages

Something/Someone else is using the rpmdb at the same time.

try:

/sbin/fuser -v /var/lib/rpm/Packages

To see. Or:

ps -aux | grep -i rpm
Click to expand...
Jeff
 
I rebooted and that did the trick. I switched to the freshrpms version and its working now :)
 
fusionictnl said:
DA makes an Ignore list for up2date on RedHat and not for Yum. So if you're updating with Yum, you will probaly update packages wich where customized for DA or are incompatible with DA.

I would recommend you use on Redhat up2date and not yum. On BSD I don't know if DA has created an ignore list for Ports :S
Click to expand...

If I'm reading this right...

is it just a better idea to use up2date to update your server than yum? One time I had apt installed on a Fedora server and killed my apache becuase it installed v2 over 1.3.

If I'm reading this all right, yum will do similar unless you add to an exclude list? I don't want to get into a "which is better", but it would seem to me that if up2date will only update the existing packages, then isn't that the best way? Or am I missing something?
 
If only I read the excludes *BEFORE* yumming my server to death.

30 minutes of near heart failure and its back up and going!!
 
Out of date???

Is this topic now out of date?

I ran a yum update on a fedora core 4 box with no excludes and everything is fine.

Oh and just remember only a fool would run a yum update automatically when *not* in attendance..... Just read all the problems newbies have had doing it.

Alan
 
We run yum update nightly automatically on lots of servers without major problem.

The only problem we've noticed is one time when named broke because yum uploaded a new named.conf file. And you would have had the same problem if you did it manually, and becuse there was no error, you would probably have not noticed.

We believe that there's no real hazard in automating yum as long as the excludes are set up.

Jeff
 
You must log in or register to reply here.
Back
Top