In that case, I have four solutions for you that will solve this problem handily.
Executive Summary
Keep in mind that the only way to have reasonable assurance that something will work is for someone to test that it works. So, for a priori assurance that an update or installation wont break anything requires a lot of testing. Someone must always do the testing, thats the only want to know. No software is perfect, nothing can be, people are flawed creatures, people write software and software is complex so you will *always* have bugs. Your solutions to this requirement are:
1) switch everything you use to commercially supported software, that has all been tested by individuals with the expertise to ensure that all the components will work work flaws. This is possible, and its basically transfering the responsibility of testing onto a third party. All reliability is accomplished via testing and QA activities. So, if you want a full package that did this you would want to switch your OS to something like Redhat Enterprise Linux, and switch all your web applications to ones that are certified for that platform (and also supported and tested for it), and make sure you never run anything else.
2) Test your changes before your implement them.
3) Pay someone else to test your changes before you implement them
4) Install the updates, watch for an issue and if you find one and roll back
Discussion
So, now I'll explain why these are your only choices. Here are the repositories you have configured on your system, and what roll that may play in your current situation:
/etc/yum.repos.d
Thats the ASL repo, commercial supported by us. That repo only contains ASL components, and not any operating system components (like PHP, apache, mysql, etc.). It won't change your OS, and these packages are tested and supported to run correctly on the base OS it is installed on.-rw-r--r-- 1 root root 442 Jul 16 2010 asl.repo
That is our free and unsupported open source repository. It contains lots of software, which you should always test first. If you can not test this software, then you should not use this repository. Software from this repository could be the source of your issue, as this contains components that can change Apache, so these could be potential sources.-rw-r--r-- 1 root root 1337 Aug 19 2010 atomic.repo
That is the free and unsupported Centos OS repository, it contains a lot of software which you should always test first. Its not commercially supported or tested for conflict (although they do a bang up job, so this isnt a ding on them, you get what you pay for, and its free). If you can not test this software, then you should not use this repository. Software from this repository could be the source of your issue, as this contains components that can change Apache and the entire Operating System, so these could be potential sources.-rw-r--r-- 1 root root 2245 Apr 25 2010 CentOS-Base.repo
Looks like you have a disabled (older?) repo that is the same as above.-rw-r--r-- 1 root root 2347 Mar 31 2009 CentOS-Base.repo.old
That is the free and unsupported Centos OS repository, it contains a lot of software which you should always test first. Its not commercially supported or tested for conflict (although they do a bang up job, so this isnt a ding on them, you get what you pay for, and its free). If you can not test this software, then you should not use this repository. Software from this repository could be the source of your issue, its unlikely given whats in the repository but it could happen.-rw-r--r-- 1 root root 626 Apr 25 2010 CentOS-Media.repo
No idea, I cant even find that repo - the best I find is that they are part of the centos mirrors, in which case you may have conflicting/overlapping repos setup. If you dont know what this repo is, disable it. Software from this repository could be the source of your issue.-rw-r--r-- 1 root root 227 Mar 31 2009 intergenia.repo
The Plesk RPM repo, commercially supported by Parallels. This also does not change Apache, so its also not likely the source of your issues.-rw-r--r-- 1 root root 250 Sep 22 06:02 plesk.repo
Analysis
So, from what I can see you are using a free and unsupported operating system, that hasnt had robust testing (although its dine fine software by itself) and its certainly not been certified or tested with whatever else you are running. You are also using several other opensource repositories that are also not supported or tested for your software. So you have a lot of software you need to test somehow to know that its always going to work for you.
You also have a *lot* of web applications that are unknown to me (and maybe to you), that may also be untested for your environment. Since you have a segfault in Apache that is a very reasonable source, or it may be in PHP, Apache or some Apache module. None of which are commercially supported or tested versions for your environment and its applications.
You are also using two commercial products (ASL and Parallels). We certainly support the ASL components, we do not supply or support anything else. Parallels certainly supports PSA (and anything else you purchased from them), but they too do not support or supply anything else. Neither of those products is likely the cause of your segfaults, as the problem is in Apache and Apache is not supplied by either Parallels or us.
And your delima is that ASL is simply reporting a fact: that the repository maintainers are reporting that updates are available for their software. You don't want those updates to break your system, and you aren't using software that anyone has tested to ensure that it won't break your system.
So, as to whether those updates for their software will cause issues on your platform is something that is not knowable to ASL, and its not knowable to you without testing. So, what do to?
Solutions
Option A: Get a commercially supported OS and all other software
As you have stated you can't do any testing yourself, then that means you will want to only use software that someone else has tested and supports. So, you will need to use a commercially support operating system, (as you are using CentOS and say that you are happy with it, I recommend you purchase a license for Redhat Enterprise Linux, which CentOS is based off of, and move your sites to a commercially supported platform.) You will also want to only use commercially support web software, for example if you use phpBB, then you will want to use vBulletin, and so on and make sure all your software is commercially support and tested before the fact by someone qualified to do this.
Option B: Test your updates yourself.
Setup a simple test environment, as biggles said you could do this on your desktop. Just get a copy of vmware, copy over your server to your desktop, run your updates there and if it doesnt break anything you can try them on your production system. And yes, you may still have to rollback an OS update, you never know what could happen. Maybe you have some application that uses an older function that the OS vendor deprecated, and you stil need it.
Option C: Pay someone qualified to do the testing for you
Hire a qualified engineer or engineers to do this testing for you. This is how its done in the commercial and government sectors and offers you a lot of flexibility, it lets you run open source, free, unsupported software with the same reliability as commercial software. Again, its all about testing, so if you pay someone to test it for you, and they are qualified to do this, you can get the same quality you would get from commercial software.
Option D: Install and rollback if you run into issues
Use the golden rule: "What Changed?" If something was working, and you made a change (installing an OS update for example), then its logically to assume that was the cause. So, heres a cheap way of living without any test environment (a test environment is ideal, so this is field expedient, not the preferred or recommended approach):
1. Configure yum to save rollback information.
Add the line
tsflags=repackage
to /etc/yum.conf.
2. Configure command-line rpm to save rollback information:
Add the line:
%_repackage_all_erasures 1
to /etc/rpm/macros.
3) Install the update(s)
4) Watch your system
5) If they break something, check this log to see what changed and when it changed:
/var/log/yum.log
5) Back out the updates, which you can do with either rollback, or oldpackages
Method 1:
To rollback to a previous state, perform an rpm update with the --rollback option followed by a date/time specifier.
Examples:
rpm -Uhv --rollback '9:00 am'
rpm -Uhv --rollback '4 hours ago'
rpm -Uhv --rollback 'december 25'.
Method 2:
Use the "oldpackage" option to manually force a specific RPM:
rpm -Uvh --oldpackage foo-1-1.i386.rpm
Keep in mind this will only let you rollback what can be rolled back. Some OS updates are not reversible, for example, if you did an upgrade of mysql that changed your tables you would not be able to roll back this way.
Method 3:
Perform nightly backups of your system (you should do this anyway), and roll back to your last update. If you setup something like the rdiff-backup schema in this post:
https://www.atomicorp.com/forums/viewto ... kup#p15855
Or something else that allows for easy access to live copies of your backups (like backuppc), you can pick and choose what you want to restore (such as your DBs if you changed the schema). You can also use this in conjunction with rollbacks, its particularly helpful with web applications and things that are not managed by package management.
Conclusion
The bottom line is that someone has to test your changes and you have to have a plan to roll back. Anyone that tells you otherwise is mistaken and probably trying to sell you something.
So to recap:
Option A: Switch to all commercial software and transfer the responsibility of testing to someone else
Option B: Test your updates before you roll them out, and roll them back out if they dont work for you
Option C: Hire people to do this testing for you
Option D: Update your production system without testing, watch for issues, and rollback if you need to
I hope this helps!
