User Tools

Site Tools


maintenance:general:rhel_updates

Linux updates

As with any Linux distribution, CentOS and RedHat continuously update the many packages that are part of the that version of the distribution. And, since the NetYCE application is closely knitted to the Linux environment, there are some dependencies on what can and cannot be updated on the Linux level.

This article will clarify what the options are to update the Linux system while still maintaining a reliable and supported NetYCE system.

For the regular Linux maintenance of bringing the installed packages up-to-date, two options are available for NetYCE systems:

  • The 'yum'-based update using an internet connection (or local RHEL7 repository)
  • A from NetYCE downloaded 'rpm'-based image file to be installed on the local server

RHEL 'yum' update

NetYCE can be installed on CentOS 7.x and RedHat 7.x Linux distributions (RHEL = 'RedHat Enterprise Linux'). Both use the yum package manager that is part of these distributions. It can perform system updates, including dependency analysis and obsolete processing based on “repository” metadata. It can also perform installation of new packages, removal of old packages and perform queries on the installed and/or available packages.

Any NetYCE (VM) system downloaded from NetYCE (the 'Genesis' VM) or installed using our RHEL installation guide can safely be updated using the yum system at any desired interval. The repository provided by CentOS and RedHat ensures that packages updated this way will not significantly change their use. It is intended that their updates are transparent for their environment.

To update any system 'root' permissions are required. It is recommended NOT to update a system while users are at work as it will disrupt operations. A reboot afterwards is optional if a new Linux kernel was installed.

To perform a yum update, execute as yce user the command sudo yum update. A Sample 'yum' session can be found below.

To use a 'yum' repository for your distribution, an internet connection must be established. The yum tool will try lo locate repositories in the area and download from there. Firewall or customer policies may prevent such an approach. If local (customer owned) repository mirror is be available, that can be used instead. Otherwise, NetYCE can offer a downloadable image to perform the updates with.

After the update an activation is required. As some packages updated libraries that are in use by running NetYCE processes, it is recommended to restart those.
If a new Linux kernel was installed it can only be activated by restarting the server (sudo reboot).
If only the NetYCE processes need to be restarted, it is sufficient to re-create the setup using yce_setup.pl -r (see the sample session).

NetYCE 'rpm' repository

As an option to customers that cannot update their system directly from a 'yum' (internet) repository, we can offer a downloadable repository that can perform the (NetYCE required) package updates locally.

When made available to a customer, NetYCE creates periodically a downloadable 'rpm'-image file that must be copied to the NetYCE server. This file contains all current 'rpm' package files for an EL7 system that are needed for a (baseline) NetYCE server. It cannot update any customer installed packages and its dependencies as these are not included in the image.

The NetYCE script install_repo.pl will then update the local system with the packages it finds in this file by performing installs and updates including all dependencies.

$ install_repo.pl
usage: install_repo.pl -d <rpm-dir> [-i|-u] [-v lvl]
   -d dir  the path to the directory containing the rpm files (from the unpacked repo-image)
   -u      update installed packages where available
   -i      install missing packages where available
   -v lvl  verbosity level to screen (0, 1, or 2) - logfile is fully verbose

   Always perform the updates (-u) before the upgrades (-i) to resolve dependencies.
   When combined, the update will be executed before the install.
   Conflicting packages will be erased before updates or installs.

As the volume of this rpm-repository is significant (600+ MB) and needs to be unpacked before use, the minimal free-disk-space requirement is about 1.5 GB.

Package upgrades

The yum update can safely be used at any time to “update” a package. This in contrast to a package “upgrade”. Replacing a package with a specific version number usually introduces changes that are not transparent to the user or application. It might involve changes configuration files, different options, modified output, etc.

These changes cannot be supported by NetYCE as their impact cannot be predicted.

Additional packages

A customer may desire to install additional packages. If those packages are part of the CentOS or RedHat distribution there is only a minimal risk it can cause an issue with NetYCE operations. If NetYCE support is needed and the issue cannot be reproduced, we will request to remove a customer installed package to verify its impact on the issue.

Custom packages or packages from third parties could pose a higher risk as these might not have been tested on this CentOS or RedHat environment. NetYCE will not support issues related to their installation.

Maria DB updates

NetYCE uses the MySQL derived Maria DB as its database. The MariaDB version that came pre-installed on the downloaded 'Genesis' NetYCE VM should not be “upgraded”, but only “updated”. The version installed depends on the NetYCE release and Linux version and was thoroughly tested for compatibility with the SQL statements and replication features.

There is an important difference here between “upgrade” and “update”. An “upgrade” introduces new features which could introduce compatibility issues. For MariaDB an upgrade will increase the 'dot' version, like from 10.3 to 10.4. An “update” will only increase the subversion, like moving from 10.3.30 to 10.3.32.

Updates will not add new features but will introduce bug-fixes, performance gains and security vulnerability fixes. Especially because of the latter, MariaDB will continue to release updates for ALL of its versions. After updating any MariaDB version will be up-to-date security wise.

A customer should NOT upgrade a NetYCE MariaDB version as it potentially will introduce incompatible functions and dependencies with the NetYCE application.

The MariaDB version used with NetYCE release 8.0.0 on CentOS7 or RedHat7 is MariaDB 10.3.x. A forthcoming release will upgrade to MariaDB 10.6.x, but is currently unsupported (and untested). The introduction of a newer MariaDB version will initially only be available to new installations and new 'Genesis' VM downloads.

Every NetYCE update installation will verify if the database matches the requirements of the Linux and NetYCE versions. Failure will prevent installation.

These checks can be manually performed by executing the ck_setup.pl script:

$ ck_setup.pl
-- OK. Have a 'x86_64' architecture
-- OK. Have a supported EL7 distribution: CentOS EL7 7.9.2009
-- OK. Have YCEperl version '8.0.0'
-- OK. Found current '5.32.0' perl CORE/libperl.so
-- OK. Found link to previous '5.24.0' perl CORE/libperl.so
-- OK. Mariadb version '10.2' is supported for EL7
-- OK. Found required mysql library 'libmariadbd.so.19'

Supported versions:

RHEL version NetYCE version MariaDB version Support status
EL6 7.x 10.0 ok
EL6 7.x 10.1 ok
EL6 7.x 10.2 ok
EL7 7.x 10.2 ok
EL7 7.x 10.3 ok
EL7 7.x 10.4 ok
EL7 8.0 10.2 ok
EL7 8.0 10.3 ok
EL7 8.0 10.4 ok
EL7 8.0 10.5 no
EL7 8.0 10.6 no, under test

MariaDb version 10.6.x is not the latest version. Since its general availability in July 2021 there have been introduced versions 10.7 (feb 2022) and 10.8 (may 2022). As we strongly favour the most stable version, we will not (yet) support these.

Note that RHEL8 is not included. It was prematurely made end-of-life and is not supported by NetYCE.

Perl / Python dependencies

NetYCE scripts use mostly Perl and to a lesser degree Python3. NetYCE created its own Perl environment totally separate from the Linux environment that also uses perl for its maintenance tasks. Updates to this YcePerl are related to the NetYCE version requirements and can be downloaded if needed from Download Releases, Licenses, Databases.

Like the MariaDB validation, new NetYCE updates also test for required YcePerl updates.

The Python3 environment is not separate from the Linux version. Its basic support is ingrained in the 'Genesis' VM and any additional libraries and dependencies are only installed by NetYCE for customer specials. The environment should be maintained by the customer.

Sample 'yum' session

As yce user execute sudo yum update:

$ sudo yum update
Loaded plugins: fastestmirror
Determining fastest mirrors
epel/x86_64/metalink                                                                   |  20 kB  00:00:00
 * base: nl.mirrors.clouvider.net
 * epel: mirror.hostnet.nl
 * extras: mirror.widexs.nl
 * updates: mirror.nforce.com
base                                                                                   | 3.6 kB  00:00:00
epel                                                                                   | 4.7 kB  00:00:00
extras                                                                                 | 2.9 kB  00:00:00
mariadb                                                                                | 3.4 kB  00:00:00
mysecureshell                                                                          |  951 B  00:00:00
updates                                                                                | 2.9 kB  00:00:00
(1/6): epel/x86_64/updateinfo                                                          | 1.0 MB  00:00:00
(2/6): extras/7/x86_64/primary_db                                                      | 247 kB  00:00:00
(3/6): mariadb/updateinfo                                                              | 5.8 kB  00:00:00
(4/6): epel/x86_64/primary_db                                                          | 7.0 MB  00:00:00
(5/6): mariadb/primary_db                                                              |  59 kB  00:00:00
(6/6): updates/7/x86_64/primary_db                                                     |  16 MB  00:00:03
Resolving Dependencies
--> Running transaction check
---> Package MariaDB-client.x86_64 0:10.2.41-1.el7.centos will be updated
---> Package MariaDB-client.x86_64 0:10.2.44-1.el7.centos will be an update
---> Package MariaDB-common.x86_64 0:10.2.41-1.el7.centos will be updated
 :::
 :::
---> Package kernel.x86_64 0:3.10.0-1160.6.1.el7 will be erased
--> Finished Dependency Resolution

Dependencies Resolved

==============================================================================================================
 Package                        Arch            Version                               Repository         Size
==============================================================================================================
Installing:
 kernel                         x86_64          3.10.0-1160.66.1.el7                  updates            50 M
Updating:
 MariaDB-client                 x86_64          10.2.44-1.el7.centos                  mariadb            11 M
 MariaDB-common                 x86_64          10.2.44-1.el7.centos                  mariadb            81 k
 MariaDB-compat                 x86_64          10.2.44-1.el7.centos                  mariadb           2.2 M
 :::
 :::

Transaction Summary
==============================================================================================================
Install   1 Package  (+1 Dependent package)
Upgrade  64 Packages
Remove    1 Package

Total download size: 210 M
Is this ok [y/d/N]: y

At this point a confirmation is required. Enter 'y'.

Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/66): MariaDB-common-10.2.44-1.el7.centos.x86_64.rpm                                 |  81 kB  00:00:00
(2/66): MariaDB-compat-10.2.44-1.el7.centos.x86_64.rpm                                 | 2.2 MB  00:00:00
(3/66): MariaDB-client-10.2.44-1.el7.centos.x86_64.rpm                                 |  11 MB  00:00:03
(4/66): MariaDB-devel-10.2.44-1.el7.centos.x86_64.rpm                                  | 6.7 MB  00:00:03
(5/66): at-3.1.13-25.el7_9.x86_64.rpm                                                  |  51 kB  00:00:00
 :::
 :::
Total                                                                          12 MB/s | 210 MB  00:00:17
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : 1:grub2-common-2.02-0.87.0.1.el7.centos.9.noarch                                         1/131
  Updating   : 32:bind-license-9.11.4-26.P2.el7_9.9.noarch                                              2/131
  Updating   : 1:grub2-pc-modules-2.02-0.87.0.1.el7.centos.9.noarch                                     3/131
  Updating   : kernel-headers-3.10.0-1160.66.1.el7.x86_64                                               4/131
 :::
 :::
  systemd-sysv.x86_64 0:219-78.el7_9.5
  tzdata.noarch 0:2022a-1.el7
  unzip.x86_64 0:6.0-24.el7_9
  zlib.x86_64 0:1.2.7-20.el7_9
  zlib-devel.x86_64 0:1.2.7-20.el7_9

Complete!

This concludes the Linux update. As some packages updated libraries what are in use by running NetYCE processes, it is recommended to restart these. If a new Linux kernel was installed it can only be activated by restarting the server (sudo reboot).

If only the NetYCE processes need to be restarted, it is sufficient to re-create the setup using yce_setup.pl -r

$ yce_setup.pl -r
-- ----------------------------------------
-- Starting 'yce_setup' regenerate
-- System release
-- OK. Have a 'x86_64' architecture
-- OK. Have a supported EL7 distribution: CentOS EL7 7.9.2009
-- OK. Have YCEperl version '8.0.0'
-- OK. Found current '5.32.0' perl CORE/libperl.so
-- OK. Found link to previous '5.24.0' perl CORE/libperl.so
-- OK. Mariadb version '10.2' is supported for EL7
-- OK. Found required mysql library 'libmariadbd.so.19'
-- Connected to database at '172.17.0.24' using version '10.2.44-MariaDB-log'

Current setup:
devel7a.left.netyce.org (*)
  | IP-address  | IPv4             | IPv6
  |  users      |  172.17.0.24     |  3001::24
  | Database    | Primary          | Secondary
  |  id=1       |  devel7a (*)     |  devel7b
devel7b.right.netyce.org
  | IP-address  | IPv4             | IPv6
  |  users      |  172.17.0.25     |  3001::25
  | Database    | Primary          | Secondary
  |  id=2       |  devel7b         |  devel7a (*)
  local server is marked with (*)
-- Create configs for server 'devel7a'
-- Yce: /opt/yce/etc/devel7a_yce.conf
-- Retrieving file-transfer configurations...
 :::
 :::
-- Relaunching NetYCE daemons...
 :::
 :::
-- mojo: 12547 12588 12589 12590 12591 12592 12593
     mojo hot-deploy on pid 12547
     running 'mojo': 12547 12588 12589 12590 12591 12592 12593
-- yce_xch: 12627
     stop: /opt/yce/system/init/yce_xch stop
     wait stop 'yce_xch':
     start: /opt/yce/system/init/yce_xch start
     wait start 'yce_xch': 30612
-- Completed
LDAP: couldn't connect to LDAP server
maintenance/general/rhel_updates.txt · Last modified: 2022/05/25 12:34 by yspeerte