I need to update a CentOS 4.0 system to CentOS 4.3. In my opinion, I should start out with a "yum update yum centos-yumconf" and then follow that with a "yum update". Does anyone have any other input as to what other packages might be needed to be updated with yum and centos-yumconf before the mass upgrade?
Thanks, Barry
--- Barry Brimer barry.brimer@bigfoot.com wrote:
I need to update a CentOS 4.0 system to CentOS 4.3. In my opinion, I should start out with a "yum update yum centos-yumconf" and then follow that with a "yum update". Does anyone have any other input as to what other packages might be needed to be updated with yum and centos-yumconf before the mass upgrade?
Thanks, Barry
I recently upgraded several machines from 4.2 to 4.3 and its best to start with yum centos-yumconf centos-release then go on to rpm* glibc etc etc I had a custom shell script that downloaded the ones i needed for the first run.
Make sure you install the new kernel not upgrade it incase you have problems with the new kernel. You also need to deal with all the rpmsave/rpmnew files.
However if i were you, i wouuld back up my data and reinstall 4.3 afresh from cds. There were changes ie sqlite and so yum would complain.
Hope that helps.
__________________________________________________ Improve the mailing list by performing a simple search before posting and reading the faq/etiquette. Thank you!!
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Mike Stankovic wrote:
--- Barry Brimer barry.brimer@bigfoot.com wrote:
I need to update a CentOS 4.0 system to CentOS 4.3. In my opinion, I should start out with a "yum update yum centos-yumconf" and then follow that with a "yum update". Does anyone have any other input as to what other packages might be needed to be updated with yum and centos-yumconf before the mass upgrade?
Thanks, Barry
I recently upgraded several machines from 4.2 to 4.3 and its best to start with yum centos-yumconf centos-release then go on to rpm* glibc etc etc I had a custom shell script that downloaded the ones i needed for the first run.
Make sure you install the new kernel not upgrade it incase you have problems with the new kernel. You also need to deal with all the rpmsave/rpmnew files.
However if i were you, i wouuld back up my data and reinstall 4.3 afresh from cds. There were changes ie sqlite and so yum would complain.
Hope that helps.
I haven't tried 4.0 ---> 4.3, but I have done 4.1 and 4.2 upgrades to 4.3. I haven't experienced any problems using this method:
su <root passwd> yum update (hit YES when prompted) (go out for a cup of coffee while it downloads and updates) /sbin/shutdown -r now (system wakes up as CentOS 4.3 box)
It's THAT easy. These were all rather vanilla systems without any special drivers or custom kernels that were just doing standard DNS/mail/web services and it just plain worked. The CentOS team did a great job!
Cheers,
Mike Stankovic wrote:
I recently upgraded several machines from 4.2 to 4.3 and its best to start with yum centos-yumconf
thats understandable, since it would bring in the new distributed mirrorlist funcationality.
centos-release then go on to rpm* glibc etc etc I had
why ?? rpm glibc etc update fine in the yum/rpm transactionset...
a custom shell script that downloaded the ones i needed for the first run.
again, why ? yum will handle downloads and install order ( which can be significant ) for you.... why are you downloading using custom scripts ?
Make sure you install the new kernel not upgrade it incase you have problems with the new kernel. You also need to deal with all the rpmsave/rpmnew files.
errr... you only need to deal with them, if it breaks something - if you have configured something or changed functionality of a pkg, you would _want_ this rpmsave / rpmnew situation to come up.
However if i were you, i wouuld back up my data and reinstall 4.3 afresh from cds. There were changes ie sqlite and so yum would complain.
again, this sounds very very extreme. CentOS is not the sort of system you need to re-install every few months - on the other hand, its the sort of system you install once and let it run for years. the yum update path works fine, just stay in sync, update often ( or as often as policy permits )
--- Karanbir Singh mail-lists@karan.org wrote:
Mike Stankovic wrote:
I recently upgraded several machines from 4.2 to
4.3
and its best to start with yum centos-yumconf
thats understandable, since it would bring in the new distributed mirrorlist funcationality.
centos-release then go on to rpm* glibc etc etc I
had
why ?? rpm glibc etc update fine in the yum/rpm transactionset...
a custom shell script that downloaded the ones i needed for the first run.
again, why ? yum will handle downloads and install order ( which can be significant ) for you.... why are you downloading using custom scripts ?
Make sure you install the new kernel not upgrade
it
incase you have problems with the new kernel. You
also
need to deal with all the rpmsave/rpmnew files.
errr... you only need to deal with them, if it breaks something - if you have configured something or changed functionality of a pkg, you would _want_ this rpmsave / rpmnew situation to come up.
However if i were you, i wouuld back up my data
and
reinstall 4.3 afresh from cds. There were changes
ie
sqlite and so yum would complain.
again, this sounds very very extreme. CentOS is not the sort of system you need to re-install every few months - on the other hand, its the sort of system you install once and let it run for years. the yum update path works fine, just stay in sync, update often ( or as often as policy permits )
-- Karanbir Singh : http://www.karan.org/ : 2522219@icq _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
That is from the bad-old-fedora days when connecting to remote servers over inconsistent connections was the order of the day.
Kudos for CentOS which rids me of this menace.
Still 4.0 -> 4.3 is a big upgrade and selinux/yum/apt have all changed.
On most of my systems I make changes to the default config so perhaps my case is unique.
__________________________________________________ Improve the mailing list by performing a simple search before posting and reading the faq/etiquette. Thank you!!
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
On Wed, 2006-04-12 at 05:28 -0700, Mike Stankovic wrote:
--- Karanbir Singh mail-lists@karan.org wrote:
Mike Stankovic wrote:
I recently upgraded several machines from 4.2 to
4.3
<snip>
Still 4.0 -> 4.3 is a big upgrade and selinux/yum/apt have all changed.
On most of my systems I make changes to the default config so perhaps my case is unique.
<snip sigs>
It's good that you are cautious since you are so far behind. IIRC, *some* folks had trouble going from 4.1->4.2 (selinux related? Don't recall now). Anyway, search the archives, if interested, around the time of that and see what advice was given. I followed that advice and had no problems.
Again, it's *IIRC* and my 2 brain cells have been penetrated so long by environmental Gigahertz emanations by now that they may be dysfunctional as well as old, cranky and intolerant. :-)
HTH
--- "William L. Maltby" BillsCentOS@triad.rr.com wrote:
It's good that you are cautious since you are so far behind. IIRC, *some* folks had trouble going from 4.1->4.2 (selinux related? Don't recall now). Anyway, search the archives, if interested, around the time of that and see what advice was given. I followed that advice and had no problems.
Again, it's *IIRC* and my 2 brain cells have been penetrated so long by environmental Gigahertz emanations by now that they may be dysfunctional as well as old, cranky and intolerant. :-)
HTH
Bill
BTW, staying current I have had no problems. But I'm desktop only, so ....
The original poster has not told us why he is still on 4.0
- ie a heavy/important production machine - physically located away ie in a datacenter 300 miles away? - modifications to the system - current updates applied or is it a vanilla 4.0? - ignoramus
I've come across (on forums/lists/net) people with machines that started life as fedora 3 and sidegraded to centOS on the advice given in a mailing list. So its important knowing the exact situation he is in.
__________________________________________________ Improve the mailing list by performing a simple search before posting and reading the faq/etiquette. Thank you!!
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
The original poster has not told us why he is still on 4.0
This system is still on 4.0 because I installed this system for someone a year ago. Any time that there is an update that I think is important for him to install, I send him an email telling him to install a newer version to correct the current issue. It seems that this person has not applied any updates whatsoever since I last touched the system, and I have informed him that it is quite dangerous to have his server live on the internet without updates for a year. As far as the server it is providing web/email/ftp services, and this is his only server. I am not close by to this server, but he is, and he can be hands and eyes (with rescue media) if needed. Thanks to everyone for their input, it is greatly appreciated.
Barry
--- Barry Brimer barry.brimer@bigfoot.com wrote:
The original poster has not told us why he is
still on
4.0
This system is still on 4.0 because I installed this system for someone a year ago. Any time that there is an update that I think is important for him to install, I send him an email telling him to install a newer version to correct the current issue. It seems that this person has not applied any updates whatsoever since I last touched the system, and I have informed him that it is quite dangerous to have his server live on the internet without updates for a year. As far as the server it is providing web/email/ftp services, and this is his only server. I am not close by to this server, but he is, and he can be hands and eyes (with rescue media) if needed. Thanks to everyone for their input, it is greatly appreciated.
Barry _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
That is very serious. You cannot expose an email, web and ftp server on the internet without security updates for a year. The recent sendmail security update allows a remote root exploit !!
There is the possibility that phpbb/phpnuke/awstats are installed/cracked by hackers. Get an admin (hire one) to look at the server and advise you before you proceed further.
It would not be surprising if the server has been compromised and
- on a blacklist/used to send spam - servers and underground bot network - is used to participate in DDOS attacks. You could see the FBI knocking on the door of your friend.
__________________________________________________ Improve the mailing list by performing a simple search before posting and reading the faq/etiquette. Thank you!!
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
On Wed, 2006-04-12 at 12:29, Mike Stankovic wrote:
The recent sendmail security update allows a remote root exploit !!
*If* sendmail is running as root and you can time your exploit to hit while it is executing a setjmp() instruction which sounds kind of theoretical to me. But your point about staying current with updates is absolutely correct.
--- Les Mikesell lesmikesell@gmail.com wrote:
On Wed, 2006-04-12 at 12:29, Mike Stankovic wrote:
The recent sendmail security update allows a remote root exploit !!
*If* sendmail is running as root and you can time your exploit to hit while it is executing a setjmp() instruction which sounds kind of theoretical to me. But your point about staying current with updates is absolutely correct.
From February 15th 2005 through February 14th 2006 the
list at http://www.redhat.com/magazine/017mar06/features/riskreport/ outlines them in greater detail. (Note there have been other risks since February 15th 2006)
__________________________________________________ Improve the mailing list by performing a simple search before posting and reading the FAQ/etiquette. Protect the integrity of your installation with the yum plugins.
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
On Wed, 2006-04-12 at 14:38, Mike Stankovic wrote:
--- Les Mikesell lesmikesell@gmail.com wrote:
On Wed, 2006-04-12 at 12:29, Mike Stankovic wrote:
The recent sendmail security update allows a remote root exploit !!
*If* sendmail is running as root and you can time your exploit to hit while it is executing a setjmp() instruction which sounds kind of theoretical to me. But your point about staying current with updates is absolutely correct.
From February 15th 2005 through February 14th 2006 the
list at http://www.redhat.com/magazine/017mar06/features/riskreport/ outlines them in greater detail. (Note there have been other risks since February 15th 2006)
Yes, I've just seen other comments about the sendmail update that implied that it was part of a long/continuing history of security problems, when in fact catching such a theoretical problem shows that current sendmail is probably one of the best-audited programs around. As that link points out, it isn't anywhere close to the top of the list of programs with recent security problems. Anyway, if you are fairly up to date your biggest risk now is probably password guessing in ssh. It - or pam - should really have some kind of built in rate limiting and IP blacklisting.
Quoting Mike Stankovic mlists2006@yahoo.com:
--- Barry Brimer barry.brimer@bigfoot.com wrote:
The original poster has not told us why he is
still on
4.0
This system is still on 4.0 because I installed this system for someone a year ago. Any time that there is an update that I think is important for him to install, I send him an email telling him to install a newer version to correct the current issue. It seems that this person has not applied any updates whatsoever since I last touched the system, and I have informed him that it is quite dangerous to have his server live on the internet without updates for a year. As far as the server it is providing web/email/ftp services, and this is his only server. I am not close by to this server, but he is, and he can be hands and eyes (with rescue media) if needed. Thanks to everyone for their input, it is greatly appreciated.
Barry _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
That is very serious. You cannot expose an email, web and ftp server on the internet without security updates for a year. The recent sendmail security update allows a remote root exploit !!
There is the possibility that phpbb/phpnuke/awstats are installed/cracked by hackers. Get an admin (hire one) to look at the server and advise you before you proceed further.
It would not be surprising if the server has been compromised and
- on a blacklist/used to send spam
- servers and underground bot network
- is used to participate in DDOS attacks. You could
see the FBI knocking on the door of your friend.
I am an admin. I have not exposed any IP addresses, domain names, client names, or anything else. I do know how serious the problem is. I was hired to set this system up, and no more. I gave the usual lecture on updates and security. He has not maintained it, so now I am being hired (again) to get the system up to date. Part of this will be to hunt for rootkits, perform RPM verification, etc.
Mike Stankovic wrote:
That is from the bad-old-fedora days when connecting to remote servers over inconsistent connections was the order of the day.
CentOS isnt Fedora, so lets not try and offer advice based on non-CentOS experiences. if you must - label it to be such.
Kudos for CentOS which rids me of this menace.
Still 4.0 -> 4.3 is a big upgrade and selinux/yum/apt have all changed.
I dont see how that is relevant in this case....
selinux wont change any customised policy you might have in place. yum updates in the transactionset fine there is no apt included in the base distro
On most of my systems I make changes to the default config so perhaps my case is unique.
most people make changes / config tweaks to software they use... thats why the .rpmnew and .rpmsave are a good thing !!
you might want to read up on package policy and tree policy on CentOS a bit. you seem much confused between Fedora and CentOS
--- Karanbir Singh mail-lists@karan.org wrote:
Mike Stankovic wrote:
That is from the bad-old-fedora days when
connecting
to remote servers over inconsistent connections
was
the order of the day.
CentOS isnt Fedora, so lets not try and offer advice based on non-CentOS experiences. if you must - label it to be such.
Kudos for CentOS which rids me of this menace.
Still 4.0 -> 4.3 is a big upgrade and
selinux/yum/apt
have all changed.
I dont see how that is relevant in this case....
There is no need for a high-handed response.
selinux wont change any customised policy you might have in place. yum updates in the transactionset fine there is no apt included in the base distro
On most of my systems I make changes to the
default
config so perhaps my case is unique.
most people make changes / config tweaks to software they use... thats why the .rpmnew and .rpmsave are a good thing !!
you might want to read up on package policy and tree policy on CentOS a bit. you seem much confused between Fedora and CentOS
Have you tried a 4.0 -> 4.3 directly over an inconsistent internet connection?
Yes as you missed my last post, we cannot jump to conclusions without knowing the exact situation the original poster is in. There is no confusion between Fedora and CentOS (in my mind), and you yourself said there was an issue from 4.1 -> 4.2 What changes/updates has he made to the system?
__________________________________________________ Improve the mailing list by performing a simple search before posting and reading the faq/etiquette. Thank you!!
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Mike Stankovic wrote:
CentOS isnt Fedora, so lets not try and offer advice based on non-CentOS experiences. if you must - label it to be such.
Kudos for CentOS which rids me of this menace.
Still 4.0 -> 4.3 is a big upgrade and
selinux/yum/apt
have all changed.
I dont see how that is relevant in this case....
There is no need for a high-handed response.
the main point for the existence of CentOS is to offer a stable and upgradeable distro with a long life ( & a nice price tag ). You've just hacked that off by saying the best way to move between update cycles within the same release is to backup data and reinstall using CD..... :)
--- Karanbir Singh mail-lists@karan.org wrote:
Mike Stankovic wrote:
CentOS isnt Fedora, so lets not try and offer
advice
based on non-CentOS experiences. if you must - label it to be such.
Kudos for CentOS which rids me of this menace.
Still 4.0 -> 4.3 is a big upgrade and
selinux/yum/apt
have all changed.
I dont see how that is relevant in this case....
There is no need for a high-handed response.
the main point for the existence of CentOS is to offer a stable and upgradeable distro with a long life ( & a nice price tag ). You've just hacked that off by saying the best way to move between update cycles within the same release is to backup data and reinstall using CD..... :)
-- Karanbir Singh : http://www.karan.org/ : 2522219@icq _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
As you can see in this thread http://lists.centos.org/pipermail/centos/2006-March/062793.html I took my cleanly installed 4.2 and yummed it to 4.3. That avoided the hassles of 4.1 -> 4.2 plus I had a nicer partitions. Because i had experimented with packages from non-base/didn't have the yum plugins as i do now, I felt i would get a consistent experience with a clean reinstall.
One of the systems had centos 3.5 (from which i saved the htsearch in the previous seach post) which i felt was not giving me maximum returns. A clean install is in order for 3 -> 4
Because i have learned from the 4.1 era, i will not experiment with packages and will yum my way to 4.4 and beyond.
It is however prudent to hear from the original poster why he is still on 4.0 and avoid sideshows? Don't you agree?
__________________________________________________ Improve the mailing list by performing a simple search before posting and reading the faq/etiquette. Thank you!!
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
On Wed, 2006-04-12 at 06:18 -0700, Mike Stankovic wrote:
--- Karanbir Singh mail-lists@karan.org wrote:
Mike Stankovic wrote:
That is from the bad-old-fedora days when
connecting
to remote servers over inconsistent connections
was
the order of the day.
CentOS isnt Fedora, so lets not try and offer advice based on non-CentOS experiences. if you must - label it to be such.
Kudos for CentOS which rids me of this menace.
Still 4.0 -> 4.3 is a big upgrade and
selinux/yum/apt
have all changed.
I dont see how that is relevant in this case....
There is no need for a high-handed response.
selinux wont change any customised policy you might have in place. yum updates in the transactionset fine there is no apt included in the base distro
On most of my systems I make changes to the
default
config so perhaps my case is unique.
most people make changes / config tweaks to software they use... thats why the .rpmnew and .rpmsave are a good thing !!
you might want to read up on package policy and tree policy on CentOS a bit. you seem much confused between Fedora and CentOS
Have you tried a 4.0 -> 4.3 directly over an inconsistent internet connection?
Any major updates on an inconsistent Internet connection can cause problems.
We have addressed that by adding 10 mirrors to the update system ...
There should be failover protection (assuming you install yum and centos-yumconf first).
That said, IF one has inconsistent internet connectivity, they should definitely do large updates in chunks ... as a yum (and rpm) can cause duplicate packages if it is interrupted after the install stage and before the cleanup stage.
I have done numerous 4.0 -> 4.3 test upgrades as a test ... and I did not have a problem at all. (BTW, the 4.1 -> 4.2 problem won't happen on 4.0 -> 4.3 ... or even 4.1 -> 4.3 ... only 4.1 -> 4.2).
There is no problem with being cautious ... and taking the install in chunks can minimize problems as long as you use yum and do package dependency checking. BUT ... for the average user with a standard broadband connection, utilizing the standard update method from centos- yumconf-4.5 with geoip mirrors and failover a normal "yum upgrade" should be safe enough.
We do want everyone to understand that in previous upgrade cycles we recognize that there was problems, which is why we spent the time to design the new update system for CentOS-4 2 months ago: http://www.centos.org/modules/news/article.php?storyid=118
So, some of the concerns of the past have been addressed. At the same time, it is hard to be too cautious :)
Yes as you missed my last post, we cannot jump to conclusions without knowing the exact situation the original poster is in. There is no confusion between Fedora and CentOS (in my mind), and you yourself said there was an issue from 4.1 -> 4.2 What changes/updates has he made to the system?
That is true as well ... other than he was running 4.0 and wants to run 4.3, we don't know much else.
If I was overly concerned about updates and Internet connectivity though, I would just maintain a local mirror (and I do :). I would also test the update on a test system prior to upgrading an extremely important production system (and I do :).
On Wed, 2006-04-12 at 08:40, Johnny Hughes wrote:
That said, IF one has inconsistent internet connectivity, they should definitely do large updates in chunks ... as a yum (and rpm) can cause duplicate packages if it is interrupted after the install stage and before the cleanup stage.
With Centos 3.x I normally do a 'yum --download-only update' to pull a local copy first but the current version of yum doesn't have that option. Do you really have to rsync the whole repository now to be sure you can get a couple of updates in a transaction?
Les Mikesell spake the following on 4/12/2006 9:27 AM:
On Wed, 2006-04-12 at 08:40, Johnny Hughes wrote:
That said, IF one has inconsistent internet connectivity, they should definitely do large updates in chunks ... as a yum (and rpm) can cause duplicate packages if it is interrupted after the install stage and before the cleanup stage.
With Centos 3.x I normally do a 'yum --download-only update' to pull a local copy first but the current version of yum doesn't have that option. Do you really have to rsync the whole repository now to be sure you can get a couple of updates in a transaction?
AFAIK - I don't think the current yum will continue if it doesn't complete the download of packages.
Barry Brimer wrote:
I need to update a CentOS 4.0 system to CentOS 4.3. In my opinion, I should start out with a "yum update yum centos-yumconf" and then follow that with a "yum update". Does anyone have any other input as to what other packages might be needed to be updated with yum and centos-yumconf before the mass upgrade?
during the 4.1-> 4.2 stage there were some auditlib issues, i would recommend something like this :
yum update kernel* audit* yum centos-yumconf reboot the machine ( yes, really, use the newer kernel ) yum update
- KB
-
Barry Brimer -
Chris Mauritz -
Johnny Hughes -
Karanbir Singh -
Les Mikesell -
Mike Stankovic -
Scott Silva -
William L. Maltby