Welcome to Centmin Mod Community
Become a Member

Automatic nightly YUM updates with yum-cron

Discussion in 'System Administration' started by eva2000, Sep 28, 2014.

  1. ahmed

    ahmed Active Member

    361
    49
    28
    Feb 21, 2017
    Ratings:
    +63
    Local Time:
    3:55 AM
    shall I create a normal cron yum update y ??

     
  2. dooma

    dooma Active Member

    308
    32
    28
    Oct 15, 2016
    Cairo
    Ratings:
    +45
    Local Time:
    3:55 AM
    I got a notification at my Pushover : Failed to check for updates with the following error message: failed to build transcation: uw-imap devel 2007....x86_64 requires libc client..
    and when I ran the below command, I got nothing.
    Code:
    grep yum.cron /var/log/cron | tail -10
    is there any errors ?
     
  3. eva2000

    eva2000 Administrator Staff Member

    49,875
    11,487
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,839
    Local Time:
    11:55 AM
    Nginx 1.21.x
    MariaDB 10.x
  4. iaTa

    iaTa Member

    36
    7
    8
    Mar 26, 2018
    Ratings:
    +7
    Local Time:
    2:55 AM
    Overnight yum-cron updated to the following openssl packages on CentOS 7:
    Code:
    openssl x86_64 1:1.0.2k-16.el7_6.1 updates 493 k
    openssl-devel x86_64 1:1.0.2k-16.el7_6.1 updates 1.5 M
    openssl-libs x86_64 1:1.0.2k-16.el7_6.1 updates 1.2 M
    Is this Ok, do I need to somehow get back to 1.1.1b or do these packages have nothing to do with the nginx/php compilation process?

    I've excluded MariaDB upgrades by altering the exclude line in /etc/yum.conf:
    Code:
    exclude=*.i386 *.i586 *.i686 nginx* php* mysql* MariaDB*
    Wondering if I should do the same with openssl or any other packages (as not able to use --disableplugin=priorities --enablerepo=remi)?
     
  5. eva2000

    eva2000 Administrator Staff Member

    49,875
    11,487
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,839
    Local Time:
    11:55 AM
    Nginx 1.21.x
    MariaDB 10.x
    system yum openssl is correct version

    openssl 1.1.1b is only used for nginx's https nothing else so nothing to do

    DO NOT exclude MariaDB or system openssl upgrades so remove then exclusion
     
  6. iaTa

    iaTa Member

    36
    7
    8
    Mar 26, 2018
    Ratings:
    +7
    Local Time:
    2:55 AM
    Sorry going back to the exclude situation I didn't edit yum.conf, I added to the base section of /etc/yum/yum-cron.conf:
    Code:
    [base]
    exclude=*.i386 *.i586 *.i686 nginx* php* mysql* MariaDB*
    Is this also not advisable?
     
    Last edited: Mar 22, 2019
  7. eva2000

    eva2000 Administrator Staff Member

    49,875
    11,487
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,839
    Local Time:
    11:55 AM
    Nginx 1.21.x
    MariaDB 10.x
    you could do that though I generally wouldn't but up to you - it's been a few years since a MariaDB yum update went funky.
     
  8. Mik

    Mik New Member

    2
    0
    1
    Aug 22, 2019
    Singapore
    Ratings:
    +0
    Local Time:
    9:55 AM
    Forgive my noob question, I am furiously reading all the documentation I can find on centmin but there are some basic questions I can't really find an answer for.
    If I missed the answer from the docs I deeply apologise.

    It is my understanding that I can safely schedule nightly yum update with no problems. What I don't understand is, since centmin carefully pick and choose specific versions of each package to optimise them, is there any risk yum will update one of the packages breaking the optimisations or worse, breaking the carefully tuned working connections between them?

    Again, I hope I am not wasting anybody's time..

    using centmin mod 123.09beta01
     
  9. BobbyWibowo

    BobbyWibowo Active Member

    197
    42
    28
    Jul 30, 2015
    Indonesia
    Ratings:
    +71
    Local Time:
    8:55 AM
    1.17.x
    10.3.x
    Huh, I had no idea it does that. I noticed it seem to be building a few packages manually, occasionally when running centmin, but I didn't give it much thought. I suppose even if a system package was installed, the ones built by centmin should be in a path with higher priority anyway.

    The only packages I excluded from yum-cron are all of ImageMagick packages, cause centmin has a separate installer script which also includes building the php extension, that you can also add to your cronjob.

    I've had mine setup that way for a few years already, with no issues worth mentioning, but still take it with a grain of salt (especially the bits about the packages possibly being installed into path with higher priority or whatever).
     
  10. eva2000

    eva2000 Administrator Staff Member

    49,875
    11,487
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,839
    Local Time:
    11:55 AM
    Nginx 1.21.x
    MariaDB 10.x
    There is usually no risk as the software versions done via source compile for specific versions i.e. nginx and php-fpm are setup with yum exclusions so that yum packages won't conflict with nginx and php.

    Yes some source compiled versions are installed to /usr/local/bin will take priority over defaults in /usr/bin though not that many.

    In centmin mod 123.09beta the imagemagick packages are now yum versionlocked so they don't get updated with yum or yum-cron unless you version unlock them. The version unlock is automatically done in centmin.sh menu option 15 for imagick php extension + imagemagick yum package updates