Home

Automated OS Updates for RedHat Systems

Information about RHN Automatic Updates

In the effort of keeping all the servers in The Planet’s data centers as current as possible, we supply Automated OS Updates to our customer’s servers.

What is The Planet doing with these updates?

RedHat makes these updates available to anyone with an RHN subscription. What we are doing is putting these files on the ‘Automatic update’ section of the satellite server, and if the client is running rhnsd (which is the default on all RHEL systems), it will check for updates every 4 hours, and apply any that are available.

Why do I need this?

There are a significant amount of serious vulnerabilities and bugs that get fixed with these updates as time progresses. As with any OS, not applying the updates puts you and your data at risk. In our continued efforts to provide extraordinary reliability and security across our world-class data centers, we will run Red Hat operating system (OS) updates to ensure that all systems are up-to-date with the latest patches.

What about my control panel?

  • If you are running Cpanel, this probably will not affect your system. Cpanel pulls these updates automatically every time the update script runs (cpup). You will want to make sure that some items exist in your /etc/sysconfig/rhn/up2date pkgSkipList settings. If you ran EasyApache and/or updated to Exim4 a pkgSkipList might look like this pkgSkipList=http*;imap-*;php-*;mysql-*
    If you have any questions please contact support for further assistance.
  • If you are running Plesk, the probability is fairly low as Parallels Plesk uses RPMs of it’s own and does not replace OS files. If you are using packages from Atomic Rocket Turtle, you may want to apply these updates manually or disable automated updates.
  • If you are running Ensim, you will be getting the updates. The Ensim configurations will not be activated during these update as these are OS updates only.

What if I do not want this?

If you feel that managing updates yourself is more appropriate for your set up, you need to be aware of the following:

  1. The security of your server is very important, both for your business and for ours. While we cannot guarantee the complete security of your server, we want to help you keep it up to date with the latest patches and security fixes. These automated operating system updates are a key feature of our “Built-In Value Support.”
  2. Though we are diligently working to provide the latest security to these servers, we also understand that the customer is the final administrator of their server(s). As such, you have the right to choose not to have these updates pushed to your server(s), but yet be available for you to update your server(s) when you are prepared to do so; self-managed updates.
  3. If you decide to manage your own updates you do run the risk of losing your entitlement with RedHat Network. To ensure that this does not happen, you will need to maintain regularly scheduled communications between your server and the RHN satellite. To do this there are some simple steps that you will need to follow, outlined below.

Disabling RHN automatic updates

Overview

Note 1) Make sure you set up a CRON job that runs the appropriate command to maintain your RHN entitlement
Note 2) Replace “package_name” with the specific package you wish to upgrade

Choose the appropriate version information listed below for your server.

RHEL 5

If you would like to “self-manage” the Automatic OS Updates, you must disable the following daemons:

To disable updates: /etc/init.d/rhnsd stop ; chkconfig rhnsd off
To disable notices: /etc/init.d/yum-updatesd stop ; chkconfig yum-updatesd off

If you do this, we recommend the following:

Maintain RHN Entitlement
run rhn-profile-sync every 30-days
Check for Available Packages
yum check-update
Update Specific Package
yum update package_name
Update entire system
yum update

RHEL 4

If you would like to “self-manage” the Automatic OS Updates, you must disable the rhnsd daemon.

/etc/init.d/rhnsd stop ; chkconfig rhnsd off

If you do this, we recommend the following:

Maintain RHN Entitlement
run up2date —hardware -p every 30 days
Check for Available Packages
up2date -l
Update Specific Package
up2date -u package_name
Update entire system
up2date -u
Related Topics: 
BIND stops working after running up2date
Your rating: None Average: 4 (1 vote)