Disable Yum auto updating?

gildas

Well-Known Member
Mar 30, 2017
58
5
8
Paris
cPanel Access Level
Root Administrator
Hello,

The apache service associated with my cpanel (version 68.0.36) fell due to a yum update performed last night which updated the easyphp package:
Apr 19 01:16:48 Updated: 1: ea-apr-1.6.3-1.el7.cloudlinux.x86_64
Apr 19 01:16:48 Updated: 1: ea-apr-util-1.6.1-2.el7.cloudlinux.x86_64
Apr 19 01:16:48 Updated: 1: ea-apache24-tools-2.4.33-4.el7.cloudlinux.x86_64
Apr 19 01:16:49 Updated: 2: ea-apache24-config-1.0-128.el7.cloudlinux.noarch
Apr 19 01:16:49 Updated: 1: ea-apache24-mod_proxy_http-2.4.33-4.el7.cloudlinux.x86_64
Apr 19 01:16:49 Updated: 1: ea-apache24-mod_proxy_wstunnel-2.4.33-4.el7.cloudlinux.x86_64
Apr 19 01:16:49 Updated: 1: ea-apache24-mod_proxy-2.4.33-4.el7.cloudlinux.x86_64
Apr 19 01:16:49 Updated: 1: ea-apache24-mod_cgid-2.4.33-4.el7.cloudlinux.x86_64
Apr 19 01:16:50 Updated: 1: ea-apache24-mod_mpm_worker-2.4.33-4.el7.cloudlinux.x86_64
Apr 19 01:18:37 Updated: 1: ea-apache24-2.4.33-4.el7.cloudlinux.x86_64
Apr 19 01:18:37 Updated: 1: ea-apache24-mod_ssl-2.4.33-4.el7.cloudlinux.x86_64
Apr 19 01:18:37 Updated: 1: ea-apache24-mod_mime_magic-2.4.33-4.el7.cloudlinux.x86_64
Apr 19 01:18:37 Updated: 1: ea-apache24-mod_headers-2.4.33-4.el7.cloudlinux.x86_64
Apr 19 01:18:38 Updated: 1: ea-apache24-mod_unique_id-2.4.33-4.el7.cloudlinux.x86_64
Apr 19 01:18:38 Updated: 1: ea-apache24-mod_deflate-2.4.33-4.el7.cloudlinux.x86_64
Apr 19 01:18:38 Updated: 1: ea-apache24-mod_proxy_fcgi-2.4.33-4.el7.cloudlinux.x86_64
Apr 19 01:18:38 Updated: 1: ea-apache24-mod_suexec-2.4.33-4.el7.cloudlinux.x86_64
Apr 19 01:18:38 Updated: 1: ea-apache24-mod_expires-2.4.33-4.el7.cloudlinux.x86_64

I do not want this type of update to happen automatically, because it has stooper the operation of associated servcies.

Do you know how to disable this type of auto update?
In the section "Update Preferences" all the information is in manual.

Best regards
 

gildas

Well-Known Member
Mar 30, 2017
58
5
8
Paris
cPanel Access Level
Root Administrator
Hello,

I had a return of the support cpanel, that I communicate to you

My name is Mark and I will be assisting you with your update issues. It appears the issue you are having is relative to a recent bug (CPANEL-19907) where EA4 packages are updated (if available) during the nightly cron cPanel update, even when system updates are set to "manual".

Our developers are currently working to correct the issue in a future update of cPanel, however, the current workaround is to set your "Operating System Packages Update" to "Never" instead of "Manual" in WHM >> Update Preferences. When set to "Never", the check_cpanel_rpms script will not update EasyApache 4 packages during the run.

Hope this information helps! Please let us know if you have any further questions or concerns regarding this matter. Thank you for your patience.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
Hello,


Actually, I believe this issue is a bit different. The issue you're experiencing I believe is related to a CloudLinux issue with mod_ssl this has already been resolved and noted by CloudLinux. Please see the forum post here:

/opt/cpanel/ea-openssl/lib64 missing

cPanel does not currently offer a way to disable the auto-updating that is done through easyapache 4 but the improvement case noted in the response above is also related to this issue in that if you have updates set to manual. If the Improvement case is acted on the updates for EasyApache would not automatically occur if the updates are set to manual.


Thank you,
 

PeteS

Well-Known Member
Jun 8, 2017
223
48
28
Oregon
cPanel Access Level
Root Administrator
@cPanelLauren Has this bug (CPANEL-19907) been resolved? According to the docs (Update Preferences - Version 74 Documentation - cPanel Documentation) it appears that with regard to EA4, those RPMs update regardless, via /usr/local/cpanel/scripts/sysup regardless of the tech's comments about the work around in the support ticket quoted above. Can you refer us to a current and complete reference matrix as to which subscripts are called by upcp, and when? That would give a clearer understanding of the control afforded by the Update Preferences page.

----

In regard to all updating (not just EA4), I'm looking for a cPanel recommendation for the settings of auto vs. manual updating and also user input on this... on all three setting options in Home »Server Configuration »Update Preferences: Daily Updates, Operating System Package Updates, and Apache SpamAssassin™ Rules Updates.

I have been running on the Release tier with all options set to Automatic for the last year and 4 months without a problem, but in preparation to convert to CloudLinux they (CL) recommended: "...the updates [are] automatic by default but I would strongly recommend to switch them to manual way of providing the updates. Sometimes automatic updates could lead to different unexpected behavior. You can run updates at least once a month or if something critical was found." So I'm looking for more input on this...

(If this is better suited to the CL forum, you can move it there, but please leave it here as well, because I'm wanting input for both CL and non-CL servers.)

-Pete
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
Hi @PeteS


The case you're referencing CPANEL-19907 was resolved in cPanel V72 per the ChangeLog here: 72 Change Log - Change Logs - cPanel Documentation

Can you refer us to a current and complete reference matrix as to which subscripts are called by upcp, and when? That would give a clearer understanding of the control afforded by the Update Preferences page.
I think what you might want is everything maintenance runs which can be found with this:
Code:
# grep -oP '(?<=^sub )[^_][^ ]+' /scripts/maintenance
script
sqlite_auto_rebuild_if_needed
touch_file_exists
file_is_executable
populated_touch_file_exists
run_action
run_actions
show_status
run
process
action_vps_optimizer
action_update_spamassassin_rules
background_freshclam
action_update_freshclam
action_purge_dead_comet_files
action_rpmup
action_sysup
action_find_and_fix_rpm_issues
action_updatesigningkey
action_cloudlinux_update
action_build_locale_databases
action_init_wwwacct_conf
action_fixrndc
action_ipaliases
action_check_cpanel_rpms
action_ftpquotacheck
action_repair_mailman
action_repair_mysql
action_purge_modsec
action_passwd
action_buildexim
action_eximstats
action_exim_purge_old_tracker_files
action_cleanup_signature
increment_pbar
setupenv
setupcrontab
clean_user_squirrelmail_attachment_dirs
clean_roundcube_attachment_directory
check_mysql_version
ensure_active_mysql_profile_is_present
purge_cpupdate_conf
purge_upcp_logs
usage

If you want literally every subscript that runs during upcp you can run something like
Code:
grep 'Processing command' /var/cpanel/updatelogs/last
I'm looking for a cPanel recommendation for the settings of auto vs. manual updating and also user input on this... on all three setting options in Home »Server Configuration »Update Preferences: Daily Updates, Operating System Package Updates, and Apache SpamAssassin™ Rules Updates.
The cPanel recommendation on this is going to always be have everything set to automatic. Based on your needs or configurations you may need another configuration, users may have their own as well. Personally, I set everything to automatic on my servers.

Thanks!
 

PeteS

Well-Known Member
Jun 8, 2017
223
48
28
Oregon
cPanel Access Level
Root Administrator
I think what you might want is everything maintenance runs which can be found with this:
Code:
# grep -oP '(?<=^sub )[^_][^ ]+' /scripts/maintenance
...
I think I asked for more than I wanted. ;) What I really meant was a matrix showing the effect of switching each of the options away from Automatic, to Manual or Never. The V74 seems to disagree with the tech's comments (but maybe that a version specific difference). It looks to me like upcp runs everything, per the following settings...

Daily Updates controls cPanel and WHM updates, and nothing more (maintenance scripts always run). Never prevents these updates even if upcp is manually run.

OS Package Updates controls whether OS RPMs update (cPanel-provided RPMs always update). Never can be manually overridden by /usr/local/cpanel/scripts/rpmup2. Apparently /usr/local/cpanel/scripts/sysup is called by upcp and will always update EA4 (but not other RPMs if Never is selected).

Do I have it correct? If so, the part I am unclear on are the contents of the update groups. There are:
cPanel/WHM updates
OS updates
cPanel-provided RPMs
other RPMs
EA4 which is treated uniquely

Specifically, what are cPanel-provided RPMs, and what are other RPMs?

This all may be a mote point if I stay with "full auto" (which is my desire), but I'm still curious.

Lastly, once converted to CL, does that change any of the above, or the Automatic recommendation?

-Pete
 
Last edited:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
What I really meant was a matrix showing the effect of switching each of the options away from Automatic, to Manual or Never. The V74 seems to disagree with the tech's comments (but maybe that a version specific difference). It looks to me like upcp runs everything, per the following settings...

Daily Updates controls cPanel and WHM updates, and nothing more (maintenance scripts always run). Never prevents these updates even if upcp is manually run.

OS Package Updates controls whether OS RPMs update (cPanel-provided RPMs always update). Never can be manually overridden but /usr/local/cpanel/scripts/rpmup2. Apparently /usr/local/cpanel/scripts/sysup is called by upcp and will always update EA4 (but not other RPMs if Never is selected).
I feel like the documentation answers this pretty well here: Update Preferences - Version 74 Documentation - cPanel Documentation

Automatic - Select Automatic for when you want X to be updated automatically when upcp runs

Manual - Select Manual for when you want to manually run upcp and update X

Never - Select Never when you don't want X updated when upcp is run (either automatically or manually)

cPanel/WHM updates
OS updates
cPanel-provided RPMs
other RPMs
EA4 which is treated uniquely
These can be grouped a bit differently to make sense:
OS updates + Other (3rd party packages) - updated when yum is run or /usr/local/cpanel/scripts/rpmup2 is run

cPanel provided RPMs - updated with cPanel specifically though there is a caveat here - if you run yum update on your server and there are updateable cPanel RPMS they will update as well.

EA4 - handled on its own with EasyApache Maintenance updates

Specifically, what are cPanel-provided RPMs, and what are other RPMs?
cPanel RPM's are prefixed with cPanel and they're anything installed from httpupdate I can't tell you the specific RPM's but you can see them by running something like:

Code:
rpm -qa |grep cpanel-
Other RPM's are RPM's provided by system or 3rd party repositories like CentOS, EPEL, etc.

You can find which repository a package is from using something like repoquery:

Code:
repoquery -i ea-php72-php-ftp-7.2.10-1.1.4.cpanel.x86_64

Name        : ea-php72-php-ftp
Version     : 7.2.10
Release     : 1.1.4.cpanel
Architecture: x86_64
Size        : 62039
Packager    : None
Group       : Development/Languages
URL         : http://www.php.net/
Repository  : EA4
Summary     : A module for PHP applications that need full FTP protocol support
Source      : ea-php72-php-7.2.10-1.1.4.cpanel.src.rpm
Description :
The php-ftp package delivers a module which will allow PHP scripts
client access to files servers speaking the File Transfer Protocol
(FTP) as defined in http://www.faqs.org/rfcs/rfc959. This extension is
meant for detailed access to an FTP server providing a wide range of
control to the executing script. If you only wish to read from or
write to a file on an FTP server, consider using the ftp:// wrapper
with the ea-php72-php-filesystem package which provides a simpler
and more intuitive interface.
Lastly, once converted to CL, does that change any of the above, or the Automatic recommendation?
It wouldn't change any of the above though you should be aware that CloudLinux has their own packages, including their own for EA4 and may have their own recommendation but as far as I am aware the recommendation for both products separately as well as in conjunction with each other is full automatic.

Thanks!
 
  • Like
Reactions: PeteS and rpvw

PeteS

Well-Known Member
Jun 8, 2017
223
48
28
Oregon
cPanel Access Level
Root Administrator
The docs are good, but the grouping info is what I was missing. Thanks for helping me get my head wrapped around this. Hopefully other will benefit from it as well...

-Pete
 
  • Like
Reactions: cPanelLauren