Learn about Centmin Mod LEMP Stack today
Become a Member

Automatic nightly YUM updates with yum-cron for CentOS 7 Only

Discussion in 'System Administration' started by eva2000, Sep 28, 2014.

  1. ahmed

    ahmed Active Member

    361
    49
    28
    Feb 21, 2017
    Ratings:
    +63
    Local Time:
    1:02 AM
    shall I create a normal cron yum update y ??

     
  2. dooma

    dooma Active Member

    326
    34
    28
    Oct 15, 2016
    Cairo
    Ratings:
    +49
    Local Time:
    1:02 AM
    I got a notification at my Pushover : Failed to check for updates with the following error message: failed to build transcation: uw-imap devel 2007....x86_64 requires libc client..
    and when I ran the below command, I got nothing.
    Code:
    grep yum.cron /var/log/cron | tail -10
    is there any errors ?
     
  3. eva2000

    eva2000 Administrator Staff Member

    53,865
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    9:02 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  4. iaTa

    iaTa Member

    43
    7
    8
    Mar 26, 2018
    Ratings:
    +9
    Local Time:
    11:02 PM
    Overnight yum-cron updated to the following openssl packages on CentOS 7:
    Code:
    openssl x86_64 1:1.0.2k-16.el7_6.1 updates 493 k
    openssl-devel x86_64 1:1.0.2k-16.el7_6.1 updates 1.5 M
    openssl-libs x86_64 1:1.0.2k-16.el7_6.1 updates 1.2 M
    Is this Ok, do I need to somehow get back to 1.1.1b or do these packages have nothing to do with the nginx/php compilation process?

    I've excluded MariaDB upgrades by altering the exclude line in /etc/yum.conf:
    Code:
    exclude=*.i386 *.i586 *.i686 nginx* php* mysql* MariaDB*
    Wondering if I should do the same with openssl or any other packages (as not able to use --disableplugin=priorities --enablerepo=remi)?
     
  5. eva2000

    eva2000 Administrator Staff Member

    53,865
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    9:02 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    system yum openssl is correct version

    openssl 1.1.1b is only used for nginx's https nothing else so nothing to do

    DO NOT exclude MariaDB or system openssl upgrades so remove then exclusion
     
  6. iaTa

    iaTa Member

    43
    7
    8
    Mar 26, 2018
    Ratings:
    +9
    Local Time:
    11:02 PM
    Sorry going back to the exclude situation I didn't edit yum.conf, I added to the base section of /etc/yum/yum-cron.conf:
    Code:
    [base]
    exclude=*.i386 *.i586 *.i686 nginx* php* mysql* MariaDB*
    Is this also not advisable?
     
    Last edited: Mar 22, 2019
  7. eva2000

    eva2000 Administrator Staff Member

    53,865
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    9:02 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    you could do that though I generally wouldn't but up to you - it's been a few years since a MariaDB yum update went funky.
     
  8. Mik

    Mik New Member

    2
    0
    1
    Aug 22, 2019
    Singapore
    Ratings:
    +0
    Local Time:
    7:02 AM
    Forgive my noob question, I am furiously reading all the documentation I can find on centmin but there are some basic questions I can't really find an answer for.
    If I missed the answer from the docs I deeply apologise.

    It is my understanding that I can safely schedule nightly yum update with no problems. What I don't understand is, since centmin carefully pick and choose specific versions of each package to optimise them, is there any risk yum will update one of the packages breaking the optimisations or worse, breaking the carefully tuned working connections between them?

    Again, I hope I am not wasting anybody's time..

    using centmin mod 123.09beta01
     
  9. BobbyWibowo

    BobbyWibowo Active Member

    197
    42
    28
    Jul 30, 2015
    Indonesia
    Ratings:
    +71
    Local Time:
    6:02 AM
    1.17.x
    10.3.x
    Huh, I had no idea it does that. I noticed it seem to be building a few packages manually, occasionally when running centmin, but I didn't give it much thought. I suppose even if a system package was installed, the ones built by centmin should be in a path with higher priority anyway.

    The only packages I excluded from yum-cron are all of ImageMagick packages, cause centmin has a separate installer script which also includes building the php extension, that you can also add to your cronjob.

    I've had mine setup that way for a few years already, with no issues worth mentioning, but still take it with a grain of salt (especially the bits about the packages possibly being installed into path with higher priority or whatever).
     
  10. eva2000

    eva2000 Administrator Staff Member

    53,865
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    9:02 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    There is usually no risk as the software versions done via source compile for specific versions i.e. nginx and php-fpm are setup with yum exclusions so that yum packages won't conflict with nginx and php.

    Yes some source compiled versions are installed to /usr/local/bin will take priority over defaults in /usr/bin though not that many.

    In centmin mod 123.09beta the imagemagick packages are now yum versionlocked so they don't get updated with yum or yum-cron unless you version unlock them. The version unlock is automatically done in centmin.sh menu option 15 for imagick php extension + imagemagick yum package updates
     
  11. MaximilianKohler

    MaximilianKohler Member

    189
    5
    18
    Jun 23, 2023
    Ratings:
    +25
    Local Time:
    3:02 PM
    Same for me. I checked the "/var/log/cron" file and there is content in there.
    "grep yum.cron /var/log/cron" doesn't output anything either.
    I see a bunch of:
    root@installsubdomain.mysite.com is not a valid email. root@mysite.com wouldn't be valid either unless I set it up. Does this matter?

    I also see a bunch of:
    So it seems to be having issues with cloudflare even though I do not have the "installsubdomain.mysite.com" proxied on the cloudflare settings.

    Code:
    yum history
    Loaded plugins: fastestmirror, priorities, versionlock
    ID     | Command line             | Date and time    | Action(s)      | Altered
    -------------------------------------------------------------------------------
        43 | install mutt             | 2023-06-30 10:30 | Install        |    3
        42 | -y install yum-cron      | 2023-06-28 22:11 | Install        |    1
        41 | update --disableplugin=p | 2023-06-28 10:09 | Update         |    2 EE
        40 | -y -q install haveged rn | 2023-06-28 05:41 | Install        |    2
        39 | -q -y install pure-ftpd  | 2023-06-28 05:40 | Install        |    3
        38 | -y install redis --enabl | 2023-06-28 05:40 | Install        |    1
        37 | -q -y install liblzf lib | 2023-06-28 05:40 | Install        |    2
        36 | -y install ImageMagick6  | 2023-06-28 05:39 | Install        |    6
        35 | -y swap libwebp-devel li | 2023-06-28 05:39 | E, I           |    3
        34 | -q -y install libmemcach | 2023-06-28 05:38 | Install        |    2
        33 | -q -y install postfix-pe | 2023-06-28 05:37 | Install        |    4
        32 | -y install cmake3        | 2023-06-28 05:29 | Install        |    5
        31 | -q -y install libtidy li | 2023-06-28 05:29 | Install        |    2
        30 | -q -y install libicu62 l | 2023-06-28 05:29 | Install        |    2
        29 | -y install oniguruma5php | 2023-06-28 05:28 | Install        |    2
        28 | -y install systemd-devel | 2023-06-28 05:28 | Install        |    1
        27 | -q -y install libffi-dev | 2023-06-28 05:28 | Install        |    1
        26 | -q -y install fio --disa | 2023-06-28 05:27 | Install        |   15
        25 | -y install postfix --dis | 2023-06-28 05:27 | Install        |    1
        24 | -q -y install cyrus-imap | 2023-06-28 05:27 | Install        |    5
    history list
    
     
  12. eva2000

    eva2000 Administrator Staff Member

    53,865
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    9:02 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Had server sent emails ever worked? Make sure we host isn't blocking port 25 for outbound emails. If server sent emails have never worked. Ensure you have set up properly as per Getting Started Guide step 20 Getting Started Guide - CentminMod.com LEMP Nginx web stack for CentOS and https://community.centminmod.com/th...ver-email-doesnt-end-up-in-spam-inboxes.6999/

    In which case a thread in https://community.centminmod.com/forums/domains-dns-email-ssl-certificates.44/ forums is more appropriate for the email issues
     
  13. MaximilianKohler

    MaximilianKohler Member

    189
    5
    18
    Jun 23, 2023
    Ratings:
    +25
    Local Time:
    3:02 PM
    Thanks! Yes, my host (Hetzner) initially blocks port 25 until you pay your first invoice. So I changed the config files back to "stdio" from "email".
    This means that instead of receiving emails, I'll have to manually check "/var/log/cron" for the same notifications? Or are they stored elsewhere? [EDIT: the answer]

    EDIT: also, I don't see the point of email notification since the directions already set it to automatically update everything?
     
    Last edited: Jul 3, 2023
  14. eva2000

    eva2000 Administrator Staff Member

    53,865
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    9:02 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Ah Hetzner. So you mean /var/log/cron has no entries and is empty or you mean no yum-cron entries only and other crons are logged fine?
     
  15. MaximilianKohler

    MaximilianKohler Member

    189
    5
    18
    Jun 23, 2023
    Ratings:
    +25
    Local Time:
    3:02 PM
    Neither one. I'm referring to the instructions in the first post telling us to change "stdio" to "email" so that we get email notifications. Since I can't get email notifications I'm wondering where the [would-be email] notifications are since I changed back to "stdio" from "email". They're in "/var/log/cron"? And changing from "stdio" to "email" simply emails us the content of that file?
     
  16. eva2000

    eva2000 Administrator Staff Member

    53,865
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    9:02 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    stdio = terminal displayed output so you wouldn't usually see the output in automated cronjob runs

    If you really need to read the emails, simplest method of reading root user emails is to forward them as per official Getting Started Guide step 18 for Managing root emails Getting Started Guide - CentminMod.com LEMP Nginx web stack for CentOS. Of course that is provided Hetzner opens port 25 for you. Or you can bypass that using your own SMTP server on a different port as per Getting Started Guide step 18 Getting Started Guide - CentminMod.com LEMP Nginx web stack for CentOS which says
     
  17. MaximilianKohler

    MaximilianKohler Member

    189
    5
    18
    Jun 23, 2023
    Ratings:
    +25
    Local Time:
    3:02 PM
    Ok, posting this for clarification for anyone who comes across this in the future (might be useful to add this to the OP as well):

    If using "stdio" the emails are in /var/spool/mail/root. And an alternative way of accessing them is to run:
    Then just type "mutt" to view.
     
  18. MaximilianKohler

    MaximilianKohler Member

    189
    5
    18
    Jun 23, 2023
    Ratings:
    +25
    Local Time:
    3:02 PM
    How are you handling system reboots with this? Ubuntu tells me when the server needs to be restarted, but I noticed that CentOS never does, so I looked it up and apparently you have to install a utility (https://www.cyberciti.biz/faq/how-to-check-if-centos-rhel-needs-a-full-reboot/) and then occasionally run these commands?
    Code:
    needs-restarting -r
    systemctl reboot
    I ran
    Code:
    tail -10 /var/log/yum.log
    Aug 09 07:34:24 Updated: openssh.x86_64 7.4p1-23.el7_9
    Aug 09 07:34:24 Updated: openssh-clients.x86_64 7.4p1-23.el7_9
    Aug 09 07:34:24 Updated: openssh-server.x86_64 7.4p1-23.el7_9
    Aug 15 08:01:13 Updated: MariaDB-compat.x86_64 10.4.31-1.el7.centos
    Aug 15 08:01:14 Updated: MariaDB-common.x86_64 10.4.31-1.el7.centos
    Aug 15 08:01:16 Updated: MariaDB-client.x86_64 10.4.31-1.el7.centos
    Aug 15 08:01:16 Updated: MariaDB-shared.x86_64 10.4.31-1.el7.centos
    Aug 15 08:01:17 Updated: MariaDB-devel.x86_64 10.4.31-1.el7.centos
    Aug 15 08:01:30 Updated: MariaDB-server.x86_64 10.4.31-1.el7.centos
    Aug 26 07:34:55 Updated: microcode_ctl.x86_64 2:2.1-73.16.el7_9
    No updates for a month?

    I ran "nano /var/log/cron" (because "grep yum.cron /var/log/cron | tail -10" does nothing) and the cron jobs seem to be running normally.
     
  19. eva2000

    eva2000 Administrator Staff Member

    53,865
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    9:02 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Redhat isn't going to update for the sake of updating, there's no real regular cadence to updates, updates are available when there are updates to be made. So for last month means no updates available.

    CentOS/Redhat doesn't tell you automatically. So yes needs-restarting command can be used. A common time to reboot usually is with Kernel related updates unless you use Kernelcare paid option you can update Kernels without needing to reboot then.

    Rather than reboot each time a package is updated, you can time then to say your Kernel updates. But read Identify packages that will require a system reboot after an update - Red Hat Customer Portal as reboots aren't always required, a service restart maybe sufficient sometimes.

     
  20. eva2000

    eva2000 Administrator Staff Member

    53,865
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    9:02 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Useful to have, so added optional support in Centmin Mod 130.00beta01 see https://community.centminmod.com/th...01-release-discussion.22676/page-2#post-97159