kernel upgrading with up2date on RHEL Cpanel server

By default Cpanel servers do not allow kernel upgrading with up2date. This is to avoid important software like kernel get updated with out your knowledge.

up2date have pkgSkipList option which allow you to specify which packages do not update. On Cpanel servers, you will find pkgSkipList have following packages listed

kernel*; courier*; mysql*; spamassassin*; httpd*; perl; mysql*; php*; mod_ssl*;

Other than kernel, other softwares in the list are provided by cpanel, so installing OS provided version of these software will break Cpanel Server.

You need to upgrade kernel at times to keep your server secure. To do this, you need to remove kernel* from pkgSkipList

This can be done with command up2date –configure and on the prompt, you have to enter number corresponding to pkgSkipList to edit it values. Take a copy of existing values and enter new value, with out kernel*, to save just hit enter key. You will be back in command prompt.

# up2date –configure
0. debug No
1. useRhn Yes
2. rhnuuid 16742c3c-9744-11da-8231-00123f7395f8
3. isatty Yes
4. showAvailablePacka No
5. useNoSSLForPackage No
6. storageDir /var/spool/up2date
7. pkgSkipList [‘courier*’, ‘mysql*’, ‘spamassassin*’, ‘httpd*’, ‘perl’,
8. retrieveOnly No
9. noSSLServerURL http://rhn.ev1servers.net/XMLRPC
10. networkSetup Yes
11. networkRetries 5
12. pkgsToInstallNotUp [‘kernel’, ‘kernel-modules’, ‘kernel-devel’]
13. enableProxy No
14. noBootLoader No
15. proxyPassword
16. updateUp2date Yes
17. keepAfterInstall No
18. useGPG Yes
19. headerCacheSize 40
20. forceInstall No
21. systemIdPath /etc/sysconfig/rhn/systemid
22. retrieveSource No
23. enableRollbacks No
24. gpgKeyRing /etc/sysconfig/rhn/up2date-keyring.gpg
25. adminAddress [‘root@localhost’]
26. serverURL https://rhn.ev1servers.net/XMLRPC
27. fileSkipList []
28. versionOverride
29. sslCACert /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
30. noReplaceConfig Yes
31. enableProxyAuth No
32. disallowConfChange [‘noReboot’, ‘sslCACert’, ‘useNoSSLForPackages’, ‘noSSLSe
33. headerFetchCount 10
34. proxyUser
35. removeSkipList [‘kernel*’]
36. httpProxy
37. noReboot No

Enter number of item to edit : 7

Attribute: pkgSkipList
Comment: A list of package names, optionally including wildcards, to skip
Current value: kernel*; courier*; mysql*; spamassassin*; httpd*; perl; mysql*; php*; mod_ssl*;

New Value: courier*; mysql*; spamassassin*; httpd*; perl; mysql*; php*; mod_ssl*;

Now you can upgrade kernel with

up2date -u

# up2date -u

Fetching Obsoletes list for channel: rhel-x86_64-es-4…

Fetching Obsoletes list for channel: rhel-x86_64-es-4-extras…

Fetching rpm headers…
#################

Name Version Rel
——————-

kernel 2.6.9 22.0.2.EL x86_64
kernel-smp 2.6.9 22.0.2.EL x86_64

Testing package set / solving RPM inter-dependencies…
###########
kernel-2.6.9-22.0.2.EL.x86_ ##########Done.
kernel-smp-2.6.9-22.0.2.EL. ########## Done.
Preparing ############ [100%]

Installing…
1:kernel-smp ########## [100%]
2:kernel #############[100%]
#

After doing this, you should verify /etc/grub.conf updated properly

# cat /etc/grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/sda5
# initrd /initrd-version.img
#boot=/dev/sda
default=1
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Red Hat Enterprise Linux ES (2.6.9-22.0.2.EL)
root (hd0,0)
kernel /vmlinuz-2.6.9-22.0.2.EL ro root=/dev/sda5
initrd /initrd-2.6.9-22.0.2.EL.img
title Red Hat Enterprise Linux ES (2.6.9-22.0.2.ELsmp)
root (hd0,0)
kernel /vmlinuz-2.6.9-22.0.2.ELsmp ro root=/dev/sda5
initrd /initrd-2.6.9-22.0.2.ELsmp.img
title Red Hat Enterprise Linux ES (2.6.9-22.ELsmp)
root (hd0,0)
kernel /vmlinuz-2.6.9-22.ELsmp ro root=LABEL=/1
initrd /initrd-2.6.9-22.ELsmp.img
title Red Hat Enterprise Linux ES-up (2.6.9-22.EL)
root (hd0,0)
kernel /vmlinuz-2.6.9-22.EL ro root=LABEL=/1
initrd /initrd-2.6.9-22.EL.img
#

The default=1, will boot the second entry in the grub. First entry is 0. When u upgrade kernel, it will be added to top of grub.conf, in this upgrade, you will see two entry, first is normal kernel (position 0) and second is SMP kernel (position 1), we use default=1 as this is Intel(R) Pentium(R) 4 CPU 3.00GHz CPU and is HT, so two virtual CPU’s.


Posted in Uncategorized. Bookmark the permalink.