Frequency of Release Tier Updates

nibb

Well-Known Member
Mar 22, 2008
319
5
68
Some concerns about how updates changed with WHM.

In the past cPanel servers had an option to set Automatic, Manual or Never Update releases for the Operating system security updates only.

The feature seems to be gone. Now you still have the options both for cPanel and Operating Systems Package Updates, but its either update the whole operating system or nothing.

I do not like this. cPanel has no way to know when a server has to be rebooted once updates where applied or what needs to manually be applied on a server that has custom changes. Like with a custom kernel. If you set the Automatic option, it seems WHM will run the regular yum update and update everything. If you set it to manual, it means no security updates.

In the past you had the option to set Security Updates to be applied automatically but still leave the Operating System Updates as manual option. This is a serious compromise, so you can't receive security updates automatically anymore unless you update the whole OS every time.

There is also something very annoying about cPanel how updates are pushed out now. WHM suggests RELEASE candidate as Recommended and this worked great for years, but lately I notice there is an update every single day. What is this? If I want that, I would set to Current or Edge. It seems every single change cPanel is developing, they are pushing it out daily. I'm seriously considering downgrading to Stable except Stable is like 2 big versions behind. Stable is still on 11.56 and Release is on 11.58

I'm 100% sure this wasn't like this in the past. The new update scheme is new. cPanel was not pushing updates to Release every day. I can understand if those are security bugs, but I don't think so. In the past 2 weeks, it seems every day I logged into WHM there was a new Update Available. Ok, I'm exaggerating, but its maybe every 3 days.

This is completely inefficient for production servers. Every WHM updates takes time as it makes dozens of checks. This also slightly increases load for that period and takes a few minutes. Doing this once to apply all the updates at once is far more logic than doing the whole process for every single minor bug change. So unless its a serious bug or security update, I would suggest to consolidate changes into bigger releases instead of making a new release every 5 bug fixes.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,222
463
Hello @nibb,

I'd like to thank you for taking the time to provide us with feedback on the update process and frequency. I've forwarded this thread to our Community Manager to ensure your feedback is communicated through the proper channels, however I did want to provide some input on a couple of your concerns.

I'm seriously considering downgrading to Stable except Stable is like 2 big versions behind. Stable is still on 11.56 and Release is on 11.58
This is actually just a product of our release cycle. 11.58 is one major production version after 11.56. Production releases will always have an even number, and development releases will always have an odd number. A full description of how the release cycle works is available on our Product Versions and the Release Process document. The cPanel Development Process blog post also offers some further insight into how this works.

I'm 100% sure this wasn't like this in the past. The new update scheme is new. cPanel was not pushing updates to Release every day. I can understand if those are security bugs, but I don't think so. In the past 2 weeks, it seems every day I logged into WHM there was a new Update Available. Ok, I'm exaggerating, but its maybe every 3 days.
New builds are published to the "Release" build tier more frequently in the immediate days/weeks after a new major version is released. However, these builds mostly consist of bug resolutions as opposed to new features or functionality. That said, the information you have provided suggests you may find the "Stable" build tier more suitable to your preferences. The version will have significant public exposure by the time it reaches the "Stable" tier, and is therefore less likely to require multiple updates to address bug reports.

In the past you had the option to set Security Updates to be applied automatically but still leave the Operating System Updates as manual option. This is a serious compromise, so you can't receive security updates automatically anymore unless you update the whole OS every time.
"Security Package Updates" was renamed to "Operating System Updates" in cPanel version 11.28. However, note that beyond the name change, it still does the same thing, which is to run "yum update" on the system. Have you considered excluding the custom YUM packages or the ones you are concerned about via the "exclude=" line in your system's "/etc/yum.conf" file? This way, you can leave automatic updates enabled, and manually update the packages you don't want updated automatically.

I'm happy to help answer any additional questions you have.

Thank you.
 
  • Like
Reactions: Infopro

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,608
79
458
cPanel Access Level
Root Administrator
One I want to add to what Michael stated: our operating system updates do not touch the kernel. We add an exclusion for the kernel before running "yum update".
 

nibb

Well-Known Member
Mar 22, 2008
319
5
68
Thanks for the clarification about the name change in that setting. I will research this further because then its CloudLinux updating the kernels. Since for a few months now, something is updating everything on the cPanel servers.

I guess I will also move to the Stable release but that seems like ancient to receive new futures vs the Release channel.

The Release channel seems like a Beta now. Updates done in the last days:
2016-08-10
2016-08-09
2016-08-05

Actually that is just the changelog, I'm sure that 58.0.13 was pushed 3 times the same day because I updated that twice and suddenly 5.0.13 was available again.

What is the procedure? I can't move because I'm on 58 and Stable seems to be 56. This means I would have to stop updates for a couple of months until Stable reaches me? I think there will be one or more security updates before that date and I will have no choice but to upgrade. You can't downgrade for obvious reasons.

I was actually happy with the Release channel for years. This new push an update every 24-48 hours (sometimes even twice a day) seems like new to me and to quickly to keep up. (yes, I actually do read the changelogs before applying updates on every software)
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,222
463
Thanks for the clarification about the name change in that setting. I will research this further because then its CloudLinux updating the kernels. Since for a few months now, something is updating everything on the cPanel servers.
Internal case CPANEL-7967 was recently opened to address an issue where cPanel updates remove all kernel exclusions configured in the /etc/yum.conf file when "Operating System Package Updates" isn't disabled in "WHM Home » Server Configuration » Update Preferences". I'll update this thread with more information on the status of this case as it becomes available. In the meantime, you can temporarily workaround this issue by configuring "Never Update" for "Operating System Package Updates".

I guess I will also move to the Stable release but that seems like ancient to receive new futures vs the Release channel.

The Release channel seems like a Beta now. Updates done in the last days:
2016-08-10
2016-08-09
2016-08-05

Actually that is just the changelog, I'm sure that 58.0.13 was pushed 3 times the same day because I updated that twice and suddenly 5.0.13 was available again.
Our goal is four production releases a year as of 2016. Here's part of the Product Versions and the Release Process - cPanel Knowledge Base - cPanel Documentation document that should help to explain this better:

Production releases
As of 2016, our goal is to complete at least four production releases each year with the following schedule:
  • The first production release around January.
  • The second production release around April.
  • The third production release around July.
  • The fourth production release around October.
Production releases use the following process:
  1. We complete development of the production release.
  2. We test the functionality of the release's new features.
  3. We publish the release to the development tiers, and to the EDGE, CURRENT, and RELEASE tiers.

    Note: At this point, except for critical security issues, we no longer develop or publish any changes to the previous releases.

  4. After the release enters the RELEASE tier, we assess any immediate maintenance needs.
  5. After we resolve the immediate maintenance needs, we publish the production release to the STABLE tier.
What is the procedure? I can't move because I'm on 58 and Stable seems to be 56. This means I would have to stop updates for a couple of months until Stable reaches me? I think there will be one or more security updates before that date and I will have no choice but to upgrade. You can't downgrade for obvious reasons.
You will need to wait until cPanel version 58 reaches the "Stable" build, and then choose "Stable" via "WHM >> Update Preferences". Note that cPanel 58 it's tentatively planned for publication to the "Stable" tier within the next couple of weeks, not months.

I was actually happy with the Release channel for years. This new push an update every 24-48 hours (sometimes even twice a day) seems like new to me and to quickly to keep up. (yes, I actually do read the changelogs before applying updates on every software)
You may find the "Stable" build tier is better suited for your servers now that our goal is four production releases per year.

Let us know if you have any additional questions.

Thanks!