CHG-2020-05-04 yum update: Difference between revisions

From Open Source Ecology
Jump to navigation Jump to search
Line 56: Line 56:
tmpDir="/var/tmp/CHG-2020-05-04_yum_update"
tmpDir="/var/tmp/CHG-2020-05-04_yum_update"
mkdir -p $tmpDir
mkdir -p $tmpDir
# begin to gracefully shutdown nginx in the background
/sbin/nginx -s quit


# first record the set of packages currently installed
# first record the set of packages currently installed

Revision as of 20:36, 27 April 2020

Status

2020-04-27 12:47 UTC

Creating first draft of this change ticket

Change Info

Scheduled Time

This change will take place on 2020-05-04 07:00 UTC

= 2020-05-04 12:45 Kathmandu = 2020-05-04 02:00 Kansas City

https://www.timeanddate.com/worldclock/converter.html?iso=20200504T070000&p1=1440&p2=117&p3=405

Points of Contact

Change being performed by: Michael Altfield

Service owners: Catarina Mota & Marcin Jakubowski

Purpose

This CHG will update all the yum-installed packages on the server.

The last system-wide `yum update` appears to have been preformed on 2018-09-22, so we're well over-due for an update.

Note that security-critical updates are already being updated automatically via `yum-cron`.

Time Length

This whole process is expected to take 1-3 hours

Systems Impacted

The production server will be restarted after the update to apply kernel changes, and this will necessarily bring all of OSE's sites offline temporarily.

Staging Test

TODO: do a fresh sync of prod to staging, reboot, get a whole list of packages that were updated, reboot, and validate.

Pre-state Proof

The below command will output a ton of packages requiring updates before this CHG 

yum list updates

Change Steps

# create dir for logging the change
tmpDir="/var/tmp/CHG-2020-05-04_yum_update"
mkdir -p $tmpDir

# begin to gracefully shutdown nginx in the background
/sbin/nginx -s quit

# first record the set of packages currently installed
rpm -qa &> "${tmpDir}/before.log"

# install yum-utils
yum -y install yum-utils-1.1.31-53.el7 &> "${tmpDir}/yum-utils.log"

# update packages
yum -y update-to GeoIP-1.5.0-14.el7 acl-2.2.51-15.el7 acpid-2.0.19-9.el7 alsa-lib-1.1.8-1.el7 apr-1.4.8-5.el7 audit-2.8.5-4.el7 audit-libs-2.8.5-4.el7 audit-libs-python-2.8.5-4.el7 augeas-libs-1.4.0-9.el7_7.1 awstats-7.7-1.el7 bash-4.2.46-34.el7 bind-libs-9.11.4-16.P2.el7_8.2 bind-libs-lite-9.11.4-16.P2.el7_8.2 bind-license-9.11.4-16.P2.el7_8.2 bind-utils-9.11.4-16.P2.el7_8.2 binutils-2.27-43.base.el7 biosdevname-0.7.3-2.el7 ca-certificates-2019.2.32-76.el7_7 cairo-1.15.12-4.el7 centos-release-7-8.2003.0.el7.centos certbot-1.3.0-1.el7 checkpolicy-2.5-8.el7 chrony-3.4-1.el7 copy-jdk-configs-3.3-10.el7_5 coreutils-8.22-24.el7 cpio-2.11-27.el7 cpp-4.8.5-39.el7 cronie-1.4.11-23.el7 cronie-anacron-1.4.11-23.el7 cryptsetup-libs-2.0.3-6.el7 curl-7.29.0-57.el7 cyrus-sasl-lib-2.1.26-23.el7 dbus-1.10.24-13.el7_6 dbus-libs-1.10.24-13.el7_6 device-mapper-1.02.164-7.el7_8.1 device-mapper-event-1.02.164-7.el7_8.1 device-mapper-event-libs-1.02.164-7.el7_8.1 device-mapper-libs-1.02.164-7.el7_8.1 device-mapper-persistent-data-0.8.5-2.el7 dhclient-4.2.5-79.el7.centos dhcp-common-4.2.5-79.el7.centos dhcp-libs-4.2.5-79.el7.centos dialog-1.2-5.20130523.el7 diffutils-3.3-5.el7 dmidecode-3.2-3.el7 dracut-033-568.el7 dracut-network-033-568.el7 e2fsprogs-1.42.9-17.el7 e2fsprogs-libs-1.42.9-17.el7 ebtables-2.0.10-16.el7 elfutils-default-yama-scope-0.176-4.el7 elfutils-libelf-0.176-4.el7 elfutils-libs-0.176-4.el7 epel-release-7-12 ethtool-4.8-10.el7 expat-2.1.0-11.el7 file-5.11-36.el7 file-libs-5.11-36.el7 filesystem-3.2-25.el7 findutils-4.5.11-6.el7 firewalld-filesystem-0.6.3-8.el7_8.1 fontconfig-2.13.0-4.3.el7 freetype-2.8-14.el7 gcc-4.8.5-39.el7 gcc-c++-4.8.5-39.el7 gdisk-0.8.10-3.el7 gdk-pixbuf2-2.36.12-3.el7 gettext-0.19.8.1-3.el7 gettext-libs-0.19.8.1-3.el7 git-1.8.3.1-21.el7_7 glib2-2.56.1-5.el7 glibc-2.17-307.el7.1 glibc-common-2.17-307.el7.1 glibc-devel-2.17-307.el7.1 glibc-headers-2.17-307.el7.1 gnupg2-2.0.22-5.el7_5 gnutls-3.3.29-9.el7_6 gobject-introspection-1.56.1-1.el7 gperftools-libs-2.6.1-1.el7 gpm-libs-1.20.7-6.el7 grub2-2.02-0.81.el7.centos grub2-common-2.02-0.81.el7.centos grub2-pc-2.02-0.81.el7.centos grub2-pc-modules-2.02-0.81.el7.centos grub2-tools-2.02-0.81.el7.centos grub2-tools-extra-2.02-0.81.el7.centos grub2-tools-minimal-2.02-0.81.el7.centos grubby-8.28-26.el7 gzip-1.5-10.el7 harfbuzz-1.7.5-2.el7 hostname-3.13-3.el7_7.1 httpd-2.4.6-93.el7.centos httpd-tools-2.4.6-93.el7.centos hwdata-0.252-9.5.el7 info-5.1-5.el7 initscripts-9.49.49-1.el7 iproute-4.11.0-25.el7_7.2 iprutils-2.4.17.1-3.el7_7 ipset-7.1-1.el7 ipset-libs-7.1-1.el7 iptables-1.4.21-34.el7 iptables-services-1.4.21-34.el7 irqbalance-1.0.7-12.el7 jasper-libs-1.900.1-33.el7 java-1.8.0-openjdk-1.8.0.242.b08-1.el7 java-1.8.0-openjdk-headless-1.8.0.242.b08-1.el7 kbd-1.15.5-15.el7 kbd-legacy-1.15.5-15.el7 kbd-misc-1.15.5-15.el7 kernel-3.10.0-1127.el7 kernel-devel-3.10.0-1127.el7 kernel-headers-3.10.0-1127.el7 kernel-tools-3.10.0-1127.el7 kernel-tools-libs-3.10.0-1127.el7 kexec-tools-2.0.15-43.el7 kmod-20-28.el7 kmod-libs-20-28.el7 kpartx-0.4.9-131.el7 krb5-libs-1.15.1-46.el7 libX11-1.6.7-2.el7 libX11-common-1.6.7-2.el7 libXfont-1.5.4-1.el7 libacl-2.2.51-15.el7 libattr-2.4.46-13.el7 libblkid-2.23.2-63.el7 libcap-2.22-11.el7 libcgroup-0.41-21.el7 libcom_err-1.42.9-17.el7 libcroco-0.6.12-4.el7 libcurl-7.29.0-57.el7 libdb-5.3.21-25.el7 libdb-utils-5.3.21-25.el7 libdrm-2.4.97-2.el7 libfastjson-0.99.4-3.el7 libffi-3.0.13-19.el7 libgcc-4.8.5-39.el7 libgomp-4.8.5-39.el7 libicu-50.2-4.el7_7 libjpeg-turbo-1.2.90-8.el7 libmount-2.23.2-63.el7 libpcap-1.5.3-12.el7 libpciaccess-0.14-1.el7 libproxy-0.4.11-11.el7 libpwquality-1.2.3-5.el7 libreport-filesystem-2.1.11-53.el7.centos librsvg2-2.40.20-1.el7 librsync-2.0.2-1.el7 libseccomp-2.3.1-4.el7 libselinux-2.5-15.el7 libselinux-python-2.5-15.el7 libselinux-utils-2.5-15.el7 libsemanage-2.5-14.el7 libsemanage-python-2.5-14.el7 libsepol-2.5-10.el7 libsodium-1.0.18-1.el7 libss-1.42.9-17.el7 libssh2-1.8.0-3.el7 libstdc++-4.8.5-39.el7 libstdc++-devel-4.8.5-39.el7 libtiff-4.0.3-32.el7 libuser-0.60-9.el7 libuuid-2.23.2-63.el7 libxcb-1.13-1.el7 libxml2-2.9.1-6.el7.4 linux-firmware-20191203-76.gite8a0f4c.el7 lm_sensors-libs-3.4.0-8.20160601gitf9185e5.el7 logrotate-3.8.6-19.el7 logwatch-7.4.0-35.20130522svn140.el7_5 lsof-4.87-6.el7 lvm2-2.02.186-7.el7_8.1 lvm2-libs-2.02.186-7.el7_8.1 mailx-12.5-19.el7 make-3.82-24.el7 man-db-2.6.3-11.el7 mariadb-5.5.65-1.el7 mariadb-libs-5.5.65-1.el7 mariadb-server-5.5.65-1.el7 mdadm-4.1-4.el7 mesa-libEGL-18.3.4-7.el7 mesa-libGL-18.3.4-7.el7 mesa-libgbm-18.3.4-7.el7 mesa-libglapi-18.3.4-7.el7 mod_security-2.9.2-1.el7 mod_ssl-2.4.6-93.el7.centos mozjs17-17.0.0-20.el7 munin-2.0.54-1.el7 munin-common-2.0.54-1.el7 munin-node-2.0.54-1.el7 mutt-1.5.21-29.el7 neon-0.30.0-4.el7 net-snmp-5.7.2-48.el7_8 net-snmp-agent-libs-5.7.2-48.el7_8 net-snmp-libs-5.7.2-48.el7_8 net-snmp-utils-5.7.2-48.el7_8 nmap-6.40-19.el7 nmap-ncat-6.40-19.el7 nspr-4.21.0-1.el7 nss-3.44.0-7.el7_7 nss-pem-1.0.3-7.el7 nss-softokn-3.44.0-8.el7_7 nss-softokn-freebl-3.44.0-8.el7_7 nss-sysinit-3.44.0-7.el7_7 nss-tools-3.44.0-7.el7_7 nss-util-3.44.0-4.el7_7 ntp-4.2.6p5-29.el7.centos ntpdate-4.2.6p5-29.el7.centos numactl-libs-2.0.12-5.el7 openldap-2.4.44-21.el7_6 openssh-7.4p1-21.el7 openssh-clients-7.4p1-21.el7 openssh-server-7.4p1-21.el7 openssl-1.0.2k-19.el7 openssl-libs-1.0.2k-19.el7 openvpn-2.4.8-1.el7 pam-1.1.8-23.el7 pango-1.42.4-4.el7_7 parted-3.1-32.el7 passwd-0.79-6.el7 pciutils-libs-3.5.1-3.el7 perl-5.16.3-295.el7 perl-DBD-MySQL-4.023-6.el7 perl-DateTime-TimeZone-1.70-2.el7 perl-Getopt-Long-2.40-3.el7 perl-Git-1.8.3.1-21.el7_7 perl-HTTP-Daemon-6.01-8.el7 perl-IO-Socket-IP-0.21-5.el7 perl-IO-Socket-SSL-1.94-7.el7 perl-Net-CIDR-0.20-1.el7 perl-Pod-Escapes-1.04-295.el7 perl-Socket-2.010-5.el7 perl-libs-5.16.3-295.el7 perl-macros-5.16.3-295.el7 perl-version-0.99.07-6.el7 php-PsrLog-1.1.3-1.el7 php-fedora-autoloader-1.0.1-2.el7 php-seld-phar-utils-1.1.0-1.el7 php56w-5.6.40-1.w7 php56w-cli-5.6.40-1.w7 php56w-common-5.6.40-1.w7 php56w-enchant-5.6.40-1.w7 php56w-gd-5.6.40-1.w7 php56w-imap-5.6.40-1.w7 php56w-intl-5.6.40-1.w7 php56w-ldap-5.6.40-1.w7 php56w-mbstring-5.6.40-1.w7 php56w-mysql-5.6.40-1.w7 php56w-pdo-5.6.40-1.w7 php56w-process-5.6.40-1.w7 php56w-snmp-5.6.40-1.w7 php56w-xml-5.6.40-1.w7 plymouth-0.8.9-0.33.20140113.el7.centos plymouth-core-libs-0.8.9-0.33.20140113.el7.centos plymouth-scripts-0.8.9-0.33.20140113.el7.centos policycoreutils-2.5-34.el7 policycoreutils-python-2.5-34.el7 polkit-0.112-26.el7 postfix-2.10.1-9.el7 postgresql-libs-9.2.24-2.el7_7 procmail-3.22-36.el7_4.1 procps-ng-3.3.10-27.el7 pyOpenSSL-0.13.1-4.el7 python-2.7.5-88.el7 python-chardet-2.2.1-3.el7 python-devel-2.7.5-88.el7 python-gobject-base-3.22.0-1.el7_4.1 python-libs-2.7.5-88.el7 python-linux-procfs-0.4.11-4.el7 python-perf-3.10.0-1127.el7 python-requests-2.6.0-9.el7_8 python-slip-0.4.0-4.el7 python-urlgrabber-3.10-10.el7 python-urllib3-1.10.2-7.el7 python-virtualenv-15.1.0-4.el7_7 python-zope-component-4.1.0-5.el7 python2-acme-1.3.0-1.el7 python2-cached_property-1.5.1-2.el7 python2-certbot-1.3.0-1.el7 python2-docopt-0.6.2-8.el7 python2-future-0.18.2-2.el7 python2-iso8601-0.1.11-8.el7 python2-josepy-1.3.0-2.el7 python2-jsonschema-2.5.1-4.el7 python2-keyring-5.0-4.el7 python2-mock-1.0.1-10.el7 python2-parsedatetime-2.4-6.el7 python2-psutil-5.6.7-1.el7 python2-texttable-1.6.2-1.el7 readline-6.2-11.el7 redhat-rpm-config-9.1.0-88.el7.centos rpm-4.11.3-43.el7 rpm-build-libs-4.11.3-43.el7 rpm-libs-4.11.3-43.el7 rpm-python-4.11.3-43.el7 rsync-3.1.2-10.el7 rsyslog-8.24.0-52.el7 screen-4.1.0-0.25.20120314git3c2946.el7 sed-4.2.2-6.el7 selinux-policy-3.13.1-266.el7 selinux-policy-targeted-3.13.1-266.el7 setools-libs-3.3.8-4.el7 setup-2.8.71-11.el7 shadow-utils-4.6-5.el7 shared-mime-info-1.8-5.el7 sqlite-3.7.17-8.el7_7.1 subversion-1.7.14-14.el7 subversion-libs-1.7.14-14.el7 sudo-1.8.23-9.el7 sysstat-10.1.5-19.el7 systemd-219-73.el7_8.5 systemd-libs-219-73.el7_8.5 systemd-sysv-219-73.el7_8.5 tar-1.26-35.el7 tcpdump-4.9.2-4.el7_7.1 telnet-0.17-65.el7_8 tuned-2.11.0-8.el7 tzdata-2019c-1.el7 tzdata-java-2019c-1.el7 unzip-6.0-21.el7 util-linux-2.23.2-63.el7 vim-common-7.4.629-6.el7 vim-enhanced-7.4.629-6.el7 vim-filesystem-7.4.629-6.el7 vim-minimal-7.4.629-6.el7 virt-what-1.18-4.el7 webmin-1.941-1 wget-1.14-18.el7_6.1 xfsprogs-4.5.0-20.el7 xorg-x11-font-utils-7.5-21.el7 yum-3.4.3-167.el7.centos yum-cron-3.4.3-167.el7.centos yum-plugin-fastestmirror-1.1.31-53.el7 zlib-1.2.7-18.el7 &> "${tmpDir}/update.log"

# log the post-state packages and versions
rpm -qa &> "${tmpDir}/after.log"

# check to see what changes require a reboot, if any
needs-restarting -r &> "${tmpDir}/needs-restarting.log"

# reboot the system to apply kernel changes
reboot

Post-state Proof

The below command will output zero or nearly-zero packages after this CHG is successfully complete 

yum list updates

Validation Steps

TODO: enumerate some spot-checks done after the staging run to also be preformed to validate on production

Revert Steps

TODO: construct a command to revert to all the previous package versions && test on staging

Retrieved from "https://wiki.opensourceecology.org/index.php?title=CHG-2020-05-04_yum_update&oldid=218841"