Want to subscribe to topics you're interested in?
Become a Member

Automatic nightly YUM updates with yum-cron

Discussion in 'System Administration' started by eva2000, Sep 28, 2014.

  1. ahmed

    ahmed Member

    243
    19
    18
    Feb 21, 2017
    Ratings:
    +26
    Local Time:
    10:50 AM
    shall I create a normal cron yum update y ??
     
  2. dooma

    dooma Active Member

    303
    31
    28
    Oct 15, 2016
    Cairo
    Ratings:
    +44
    Local Time:
    10:50 AM
    I got a notification at my Pushover : Failed to check for updates with the following error message: failed to build transcation: uw-imap devel 2007....x86_64 requires libc client..
    and when I ran the below command, I got nothing.
    Code:
    grep yum.cron /var/log/cron | tail -10
    is there any errors ?
     
  3. eva2000

    eva2000 Administrator Staff Member

    41,386
    9,297
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,261
    Local Time:
    6:50 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
  4. iaTa

    iaTa Member

    32
    6
    8
    Mar 26, 2018
    Ratings:
    +6
    Local Time:
    9:50 AM
    Overnight yum-cron updated to the following openssl packages on CentOS 7:
    Code:
    openssl x86_64 1:1.0.2k-16.el7_6.1 updates 493 k
    openssl-devel x86_64 1:1.0.2k-16.el7_6.1 updates 1.5 M
    openssl-libs x86_64 1:1.0.2k-16.el7_6.1 updates 1.2 M
    Is this Ok, do I need to somehow get back to 1.1.1b or do these packages have nothing to do with the nginx/php compilation process?

    I've excluded MariaDB upgrades by altering the exclude line in /etc/yum.conf:
    Code:
    exclude=*.i386 *.i586 *.i686 nginx* php* mysql* MariaDB*
    Wondering if I should do the same with openssl or any other packages (as not able to use --disableplugin=priorities --enablerepo=remi)?
     
  5. eva2000

    eva2000 Administrator Staff Member

    41,386
    9,297
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,261
    Local Time:
    6:50 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    system yum openssl is correct version

    openssl 1.1.1b is only used for nginx's https nothing else so nothing to do

    DO NOT exclude MariaDB or system openssl upgrades so remove then exclusion
     
    • Like Like x 1
  6. iaTa

    iaTa Member

    32
    6
    8
    Mar 26, 2018
    Ratings:
    +6
    Local Time:
    9:50 AM
    Sorry going back to the exclude situation I didn't edit yum.conf, I added to the base section of /etc/yum/yum-cron.conf:
    Code:
    [base]
    exclude=*.i386 *.i586 *.i686 nginx* php* mysql* MariaDB*
    Is this also not advisable?
     
    Last edited: Mar 22, 2019
  7. eva2000

    eva2000 Administrator Staff Member

    41,386
    9,297
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,261
    Local Time:
    6:50 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    you could do that though I generally wouldn't but up to you - it's been a few years since a MariaDB yum update went funky.
     
    • Like Like x 1
  8. Mik

    Mik New Member

    2
    0
    1
    Aug 22, 2019
    Singapore
    Ratings:
    +0
    Local Time:
    4:50 PM
    Forgive my noob question, I am furiously reading all the documentation I can find on centmin but there are some basic questions I can't really find an answer for.
    If I missed the answer from the docs I deeply apologise.

    It is my understanding that I can safely schedule nightly yum update with no problems. What I don't understand is, since centmin carefully pick and choose specific versions of each package to optimise them, is there any risk yum will update one of the packages breaking the optimisations or worse, breaking the carefully tuned working connections between them?

    Again, I hope I am not wasting anybody's time..

    using centmin mod 123.09beta01
     
  9. BobbyWibowo

    BobbyWibowo Active Member

    178
    39
    28
    Jul 30, 2015
    Indonesia
    Ratings:
    +62
    Local Time:
    3:50 PM
    1.17.x
    10.1.x
    Huh, I had no idea it does that. I noticed it seem to be building a few packages manually, occasionally when running centmin, but I didn't give it much thought. I suppose even if a system package was installed, the ones built by centmin should be in a path with higher priority anyway.

    The only packages I excluded from yum-cron are all of ImageMagick packages, cause centmin has a separate installer script which also includes building the php extension, that you can also add to your cronjob.

    I've had mine setup that way for a few years already, with no issues worth mentioning, but still take it with a grain of salt (especially the bits about the packages possibly being installed into path with higher priority or whatever).
     
    • Like Like x 1
  10. eva2000

    eva2000 Administrator Staff Member

    41,386
    9,297
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,261
    Local Time:
    6:50 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    There is usually no risk as the software versions done via source compile for specific versions i.e. nginx and php-fpm are setup with yum exclusions so that yum packages won't conflict with nginx and php.

    Yes some source compiled versions are installed to /usr/local/bin will take priority over defaults in /usr/bin though not that many.

    In centmin mod 123.09beta the imagemagick packages are now yum versionlocked so they don't get updated with yum or yum-cron unless you version unlock them. The version unlock is automatically done in centmin.sh menu option 15 for imagick php extension + imagemagick yum package updates
     
    • Like Like x 1
    • Informative Informative x 1