Page 1 of 1
RHEL 5.2 Updates
Posted: Thu May 22, 2008 1:11 pm
by spaceout
I noticed there are a lot of yum updates available for RHEL 5 this morning. Does anyone know if they are safe to install in a Plesk 8.3 / ASL environment?
I always get a little nervous when I see a ton of updates like that. The last time I installed a ton of RH updates my DNS went down and I had a server offline for almost a full day trying to fix the damn thing.
I currently have the following in my yum exclude list in /etc/yum.conf:
exclude=kernel* sendmail bind-chroot caching-nameserver
Posted: Thu May 22, 2008 2:00 pm
by scott
Yup they're safe. Thats RHEL 5.2
Posted: Thu May 22, 2008 2:03 pm
by spaceout
My biggest concern was with the update to Bind. That is what gave me such a hassle last time. Of course, that was before I saw that I needed to exclude bind-chroot from the update because it causes some sort of problem with Plesk
Posted: Thu May 22, 2008 2:29 pm
by Highland
Looks like 5.2 is out (hence the large number of updates).
Since you have bind-chroot excluded you should be fine as far as DNS goes (only other package I exclude is Apache-ASP). Not sure why you'd need to exclude kernels tho.
Posted: Thu May 22, 2008 2:33 pm
by spaceout
Honestly, I don't know much about why kernels would be excluded. That was just the exclude list that Plesk supplied in one of their Knowledge Base articles so I used it.
Posted: Thu May 22, 2008 4:57 pm
by breun
I wouldn't exclude kernels. Recently there was a local root exploit in the kernel which also affected RHEL 5. Note that you need to boot into the updated kernel before you're actually using it. Just installing the updated kernel isn't protecting you.
Posted: Thu May 22, 2008 6:45 pm
by spaceout
Since I'm using the ASL kernel, will the kernel updates from Red Hat mess anything up?
Also, I did run the full yum update and everything seems to be running great.
Posted: Fri May 23, 2008 12:46 am
by scott
Not at all, if you notice we're way ahead of RHEL on kernels (2.6.24 vs 2.6.19). We should have 2.6.25.4 out very soon.
Posted: Fri May 23, 2008 2:59 am
by BerArt
So did anybody update already? Any problems?
Posted: Fri May 23, 2008 8:25 am
by Slider
spaceout wrote:My biggest concern was with the update to Bind. That is what gave me such a hassle last time. Of course, that was before I saw that I needed to exclude bind-chroot from the update because it causes some sort of problem with Plesk
yes me too
I solved this issue
uninstall CHroot-bind
and
I also had to add this line back into /etc/sysconfig/named:
ROOTDIR="/var/named/run-root"
It was removed either by Plesk or uninstalling bind-chroot.
Posted: Fri May 23, 2008 9:36 am
by Highland
No problems running the new stuff but they built their packages weird this time. Normally a package has dependencies like required >= 1.2.3 (unless it's a subpackage, like php 5.2.5 would require 5.2.5 packages). For some odd reason they have some packages requiring a specific version (ie required = 1.2.3) so if you're running 1.2.4 (or if they provide you 1.2.4 in the list) it fails.
Case in point (emphasis mine)
[root@server1 ~]# yum update iptables-ipv6
*snip*
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package iptables-ipv6.i386 0:1.3.5-4.el5 set to be updated
--> Processing Dependency: iptables = 1.3.5-0 for package: iptables-ipv6
--> Finished Dependency Resolution
Error: Missing Dependency: iptables = 1.3.5-0 is needed by package iptables-ipv6
[root@server1 ~]# rpm -q iptables
iptables-1.3.5-4.el5
The stupid thing is that iptables-1.3.5-4 came with RHEL 5.2!
The list of packages that failed in similar manner
cups.i386 1:1.2.4-11.18.el5 rhel-i386-server
iptables-ipv6.i386 1.3.5-4.el5 rhel-i386-server
libhugetlbfs.i386 1.2-5.el5 rhel-i386-server
libxslt-python.i386 1.1.17-2.el5_1.1 rhel-i386-server
ntsysv.i386 1.3.30.1-2 rhel-i386-server
rpm.i386 4.4.2-48.el5 rhel-i386-server
rpm-build.i386 4.4.2-48.el5 rhel-i386-server
rpm-libs.i386 4.4.2-48.el5 rhel-i386-server
rpm-python.i386 4.4.2-48.el5 rhel-i386-server
system-config-date.noarch 1.8.12-3.el5 rhel-i386-server
This doesn't mean you can't run RHEL 5.2, it just means you can't do a simple yum update -y
Posted: Fri May 23, 2008 12:46 pm
by scott
A Requires: like that is just silly. Thanks for the heads up on it, we'll be putting out a iptables 1.4.0 package with the next ASL kernel update, so its good to know about any pitfalls like that in advance.