====== Linux updates ====== As with any Linux distribution, CentOS and RedHat continuously update the many packages that are part of the that version of the distribution. And, since the NetYCE application is closely knitted to the Linux environment, there are some dependencies on what can and cannot be updated on the Linux level. This article will clarify what the options are to update the Linux system while still maintaining a reliable and supported NetYCE system. For the regular Linux maintenance of bringing the installed packages up-to-date, two options are available for NetYCE systems: \\ * The 'yum'-based update using an internet connection (or local RHEL7 repository) * A from NetYCE downloaded 'rpm'-based image file to be installed on the local server ===== RHEL 'yum' update ===== NetYCE can be installed on CentOS 7.x and RedHat 7.x Linux distributions (RHEL = 'RedHat Enterprise Linux'). Both use the **''yum''** package manager that is part of these distributions. It can perform system updates, including dependency analysis and obsolete processing based on "repository" metadata. It can also perform installation of new packages, removal of old packages and perform queries on the installed and/or available packages. Any NetYCE (VM) system downloaded from NetYCE (the 'Genesis' VM) or installed using our [[maintenance:general:rhel7_installation_guide|RHEL installation guide]] can safely be updated using the ''yum'' system at any desired interval. The repository provided by CentOS and RedHat ensures that packages updated this way will not significantly change their use. It is intended that their updates are transparent for their environment. To update any system 'root' permissions are required. It is recommended NOT to update a system while users are at work as it will disrupt operations. A reboot afterwards is optional if a new Linux kernel was installed. To perform a yum update, execute as ''yce'' user the command ''sudo yum update''. A [[maintenance:general:rhel_updates#Sample 'yum' session]] can be found below. To use a 'yum' repository for your distribution, an internet connection must be established. The yum tool will try lo locate repositories in the area and download from there. Firewall or customer policies may prevent such an approach. If local (customer owned) repository mirror is be available, that can be used instead. Otherwise, NetYCE can offer a [[maintenance:general:rhel_updates#NetYCE 'rpm' repository|downloadable image]] to perform the updates with. After the update an activation is required. As some packages updated libraries that are in use by running NetYCE processes, it is recommended to restart those. \\ If a new Linux kernel was installed it can only be activated by restarting the server (''sudo reboot''). \\ If only the NetYCE processes need to be restarted, it is sufficient to re-create the setup using ''yce_setup.pl -r'' (see the sample session). ===== NetYCE 'rpm' repository ===== As an option to customers that cannot update their system directly from a 'yum' (internet) repository, we can offer a downloadable repository that can perform the (NetYCE required) package updates locally. When made available to a customer, NetYCE creates periodically a downloadable 'rpm'-image file that must be copied to the NetYCE server. This file contains all current 'rpm' package files for an EL7 system that are needed for a (baseline) NetYCE server. It cannot update any customer installed packages and its dependencies as these are not included in the image. The NetYCE script ''install_repo.pl'' will then update the local system with the packages it finds in this file by performing installs and updates including all dependencies. $ install_repo.pl usage: install_repo.pl -d [-i|-u] [-v lvl] -d dir the path to the directory containing the rpm files (from the unpacked repo-image) -u update installed packages where available -i install missing packages where available -v lvl verbosity level to screen (0, 1, or 2) - logfile is fully verbose Always perform the updates (-u) before the upgrades (-i) to resolve dependencies. When combined, the update will be executed before the install. Conflicting packages will be erased before updates or installs. As the volume of this rpm-repository is significant (600+ MB) and needs to be unpacked before use, the minimal free-disk-space requirement is about 1.5 GB. ===== Package upgrades ===== The ''yum update'' can safely be used at any time to "update" a package. This in contrast to a package "upgrade". Replacing a package with a specific version number usually introduces changes that are not transparent to the user or application. It might involve changes configuration files, different options, modified output, etc. These changes cannot be supported by NetYCE as their impact cannot be predicted. ===== Additional packages ===== A customer may desire to install additional packages. If those packages are part of the CentOS or RedHat distribution there is only a minimal risk it can cause an issue with NetYCE operations. If NetYCE support is needed and the issue cannot be reproduced, we will request to remove a customer installed package to verify its impact on the issue. Custom packages or packages from third parties could pose a higher risk as these might not have been tested on this CentOS or RedHat environment. NetYCE will not support issues related to their installation. ===== Maria DB updates ===== NetYCE uses the MySQL derived **Maria DB** as its database. The MariaDB version that came pre-installed on the downloaded 'Genesis' NetYCE VM should not be "upgraded", but only "updated". The version installed depends on the NetYCE release and Linux version and was thoroughly tested for compatibility with the SQL statements and replication features. There is an important difference here between "upgrade" and "update". An "upgrade" introduces new features which could introduce compatibility issues. For MariaDB an upgrade will increase the 'dot' version, like from ''10.3'' to ''10.4''. An "update" will only increase the subversion, like moving from ''10.3.30'' to ''10.3.32''. Updates will not add new features but will introduce bug-fixes, performance gains and security vulnerability fixes. Especially because of the latter, MariaDB will continue to release updates for ALL of its versions. After updating any MariaDB version will be up-to-date security wise. A customer should NOT upgrade a NetYCE MariaDB version as it potentially will introduce incompatible functions and dependencies with the NetYCE application. The MariaDB version used with **NetYCE release 8.0.0** on CentOS7 or RedHat7 is **MariaDB 10.3.x**. A forthcoming release will upgrade to MariaDB 10.6.x, but is currently unsupported (and untested). The introduction of a newer MariaDB version will initially only be available to new installations and new 'Genesis' VM downloads. Every NetYCE update installation will verify if the database matches the requirements of the Linux and NetYCE versions. Failure will prevent installation. These checks can be manually performed by executing the ''ck_setup.pl'' script: $ ck_setup.pl -- OK. Have a 'x86_64' architecture -- OK. Have a supported EL7 distribution: CentOS EL7 7.9.2009 -- OK. Have YCEperl version '8.0.0' -- OK. Found current '5.32.0' perl CORE/libperl.so -- OK. Found link to previous '5.24.0' perl CORE/libperl.so -- OK. Mariadb version '10.2' is supported for EL7 -- OK. Found required mysql library 'libmariadbd.so.19' Supported versions: ^ RHEL version ^ NetYCE version ^ MariaDB version ^ Support status ^ | EL6 | 7.x | 10.0 | ok | | EL6 | 7.x | 10.1 | ok | | EL6 | 7.x | 10.2 | ok | | |||| | EL7 | 7.x | 10.2 | ok | | EL7 | 7.x | 10.3 | ok | | EL7 | 7.x | 10.4 | ok | | |||| | EL7 | 8.0 | 10.2 | ok | | EL7 | 8.0 | 10.3 | ok | | EL7 | 8.0 | 10.4 | ok | | EL7 | 8.0 | 10.5 | no | | EL7 | 8.0 | 10.6 | no, under test | MariaDb version 10.6.x is not the latest version. Since its general availability in July 2021 there have been introduced versions 10.7 (feb 2022) and 10.8 (may 2022). As we strongly favour the most stable version, we will not (yet) support these. > Note that RHEL8 is not included. It was prematurely made end-of-life and is not supported by NetYCE. ===== Perl / Python dependencies ===== NetYCE scripts use mostly Perl and to a lesser degree Python3. NetYCE created its own Perl environment totally separate from the Linux environment that also uses perl for its maintenance tasks. Updates to this YcePerl are related to the NetYCE version requirements and can be downloaded if needed from [[maintenance:downloads:system_updates:system_updates|Download Releases, Licenses, Databases]]. Like the MariaDB validation, new NetYCE updates also test for required YcePerl updates. The Python3 environment is not separate from the Linux version. Its basic support is ingrained in the 'Genesis' VM and any additional libraries and dependencies are only installed by NetYCE for customer specials. The environment should be maintained by the customer. ===== Sample 'yum' session ===== As ''yce'' user execute ''sudo yum update'': $ sudo yum update Loaded plugins: fastestmirror Determining fastest mirrors epel/x86_64/metalink | 20 kB 00:00:00 * base: nl.mirrors.clouvider.net * epel: mirror.hostnet.nl * extras: mirror.widexs.nl * updates: mirror.nforce.com base | 3.6 kB 00:00:00 epel | 4.7 kB 00:00:00 extras | 2.9 kB 00:00:00 mariadb | 3.4 kB 00:00:00 mysecureshell | 951 B 00:00:00 updates | 2.9 kB 00:00:00 (1/6): epel/x86_64/updateinfo | 1.0 MB 00:00:00 (2/6): extras/7/x86_64/primary_db | 247 kB 00:00:00 (3/6): mariadb/updateinfo | 5.8 kB 00:00:00 (4/6): epel/x86_64/primary_db | 7.0 MB 00:00:00 (5/6): mariadb/primary_db | 59 kB 00:00:00 (6/6): updates/7/x86_64/primary_db | 16 MB 00:00:03 Resolving Dependencies --> Running transaction check ---> Package MariaDB-client.x86_64 0:10.2.41-1.el7.centos will be updated ---> Package MariaDB-client.x86_64 0:10.2.44-1.el7.centos will be an update ---> Package MariaDB-common.x86_64 0:10.2.41-1.el7.centos will be updated ::: ::: ---> Package kernel.x86_64 0:3.10.0-1160.6.1.el7 will be erased --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================== Package Arch Version Repository Size ============================================================================================================== Installing: kernel x86_64 3.10.0-1160.66.1.el7 updates 50 M Updating: MariaDB-client x86_64 10.2.44-1.el7.centos mariadb 11 M MariaDB-common x86_64 10.2.44-1.el7.centos mariadb 81 k MariaDB-compat x86_64 10.2.44-1.el7.centos mariadb 2.2 M ::: ::: Transaction Summary ============================================================================================================== Install 1 Package (+1 Dependent package) Upgrade 64 Packages Remove 1 Package Total download size: 210 M Is this ok [y/d/N]: y At this point a confirmation is required. Enter 'y'. Downloading packages: Delta RPMs disabled because /usr/bin/applydeltarpm not installed. (1/66): MariaDB-common-10.2.44-1.el7.centos.x86_64.rpm | 81 kB 00:00:00 (2/66): MariaDB-compat-10.2.44-1.el7.centos.x86_64.rpm | 2.2 MB 00:00:00 (3/66): MariaDB-client-10.2.44-1.el7.centos.x86_64.rpm | 11 MB 00:00:03 (4/66): MariaDB-devel-10.2.44-1.el7.centos.x86_64.rpm | 6.7 MB 00:00:03 (5/66): at-3.1.13-25.el7_9.x86_64.rpm | 51 kB 00:00:00 ::: ::: Total 12 MB/s | 210 MB 00:00:17 Running transaction check Running transaction test Transaction test succeeded Running transaction Updating : 1:grub2-common-2.02-0.87.0.1.el7.centos.9.noarch 1/131 Updating : 32:bind-license-9.11.4-26.P2.el7_9.9.noarch 2/131 Updating : 1:grub2-pc-modules-2.02-0.87.0.1.el7.centos.9.noarch 3/131 Updating : kernel-headers-3.10.0-1160.66.1.el7.x86_64 4/131 ::: ::: systemd-sysv.x86_64 0:219-78.el7_9.5 tzdata.noarch 0:2022a-1.el7 unzip.x86_64 0:6.0-24.el7_9 zlib.x86_64 0:1.2.7-20.el7_9 zlib-devel.x86_64 0:1.2.7-20.el7_9 Complete! This concludes the Linux update. As some packages updated libraries what are in use by running NetYCE processes, it is recommended to restart these. If a new Linux kernel was installed it can only be activated by restarting the server (''sudo reboot''). If only the NetYCE processes need to be restarted, it is sufficient to re-create the setup using ''yce_setup.pl -r'' $ yce_setup.pl -r -- ---------------------------------------- -- Starting 'yce_setup' regenerate -- System release -- OK. Have a 'x86_64' architecture -- OK. Have a supported EL7 distribution: CentOS EL7 7.9.2009 -- OK. Have YCEperl version '8.0.0' -- OK. Found current '5.32.0' perl CORE/libperl.so -- OK. Found link to previous '5.24.0' perl CORE/libperl.so -- OK. Mariadb version '10.2' is supported for EL7 -- OK. Found required mysql library 'libmariadbd.so.19' -- Connected to database at '172.17.0.24' using version '10.2.44-MariaDB-log' Current setup: devel7a.left.netyce.org (*) | IP-address | IPv4 | IPv6 | users | 172.17.0.24 | 3001::24 | Database | Primary | Secondary | id=1 | devel7a (*) | devel7b devel7b.right.netyce.org | IP-address | IPv4 | IPv6 | users | 172.17.0.25 | 3001::25 | Database | Primary | Secondary | id=2 | devel7b | devel7a (*) local server is marked with (*) -- Create configs for server 'devel7a' -- Yce: /opt/yce/etc/devel7a_yce.conf -- Retrieving file-transfer configurations... ::: ::: -- Relaunching NetYCE daemons... ::: ::: -- mojo: 12547 12588 12589 12590 12591 12592 12593 mojo hot-deploy on pid 12547 running 'mojo': 12547 12588 12589 12590 12591 12592 12593 -- yce_xch: 12627 stop: /opt/yce/system/init/yce_xch stop wait stop 'yce_xch': start: /opt/yce/system/init/yce_xch start wait start 'yce_xch': 30612 -- Completed