How often should I reboot the server after updates?

[spaceman]

Hi All,

Currently I've got a server that is reporting "Detected 27 processes that are running outdated executables: 2968 2947 3167 2826 1545 3234 3473 2980 3479 1 2110 3188 2076 3488 2937 2879 3484 3231 136373 3463 2894 3226 3468 136126 436 2064 1576 Reboot the server to ensure the system benefits from these updates." - see also attached screenshot.

This is totally understandable and normal behaviour, I get that.

A few months ago I setup a recurring monthly maintenance plan for all my servers to ensure that they're all rebooted regularly so as to clear down all such processes that had accumulated over the course of the month. All good.

My question: what is best practice in this regard, because I made up that monthly recurring reboot on my own initiative

Should it be more frequent than monthly? Naturally we all want to reboot our servers less, not more, right?

Is it possible to differentiate between high risk processes/executables that really need the server to be rebooted sooner rather than later, as opposed to low risk ones where there's no hurry to reboot?

Thanks all,

Ross

 

[PenguinInternet]

This cPanel notification is one that really bugs me. The reboots are not necessary - Linux is designed for prolonged use and the only reason you would normally need to reboot a server is with a kernel upgrade or a major operational issue / server crashing. Process will run for extended periods of time - that isn't indicating an issue.

 

[cPanelLauren]

Hi @spaceman

You're getting the notice to reboot because PID 1 is included in the list. Pending the kernel is NOT one of the items that need to be updated in most cases a restart of the service itself is fine. The notification will also include a notification to perform one of two tasks when the kernel is not included in the list:

----------------------------------
Detected 3 processes that are running outdated executables: 34649 34664 34658 You must take one of the following actions to ensure the system is up-to-date:
Restart the listed processes.
Reboot the server.
----------------------------------

The notification is a result of the following being run:

/usr/local/cpanel/bin/needs-restarting-cpanel --reboothint

If we look at

/usr/local/cpanel/bin/needs-restarting-cpanel

We can get exactly which processes we recommend you reboot for:

# For which package updates we should recommend a reboot
# Taken from https://access.redhat.com/solutions/27943

REBOOTPKGS = [
    'kernel',
    'glibc',
    'linux-firmware',
    'systemd',
    'udev',
    'openssl-libs',
    'gnutls',
    'dbus',
    ]

This doesn't mean you MUST reboot though, you can check rpm --changelog for those packages to determine for yourself how you'd like to proceed.

Thanks!

 

[spaceman]

Hello Lauren, and thanks for your reply.

While I totally understand your reply... what I'd really like to achieve is where WHM is being more helpful, more prescriptive, than at present.

For example, in my initial post, I'm seeing the very explicit message "Reboot the server to ensure the system benefits from these updates".

That's a pretty clear statement, very unambiguous!

My understanding is that you're suggesting that:

1. I don't *have* to.
2. If I wish to make my own more informed decision, than I have to "check rpm --changelog for those packages"

My point being is that I'd prefer NOT to have to dig deeper, using the command line, to make a more detailed evaluation of what to do. I want WHM to tell me, first time

So for WHM to be more prescriptive, more helpful, is it a question of:

1. Better configuration of the existing settings/alerts already available within WHM
or
2. Raising a feature request to make WHM smarter, more configurable, in this regard?

I'm not expecting WHM to employ special AI/ML techniques to help me with this. Well, not yet, anyway I'd just like better, more refined, guidance... i.e. if I should REALLY do a reboot, and when it's not a big deal.

Thanks,

Ross

 

[cPanelLauren]

For example, in my initial post, I'm seeing the very explicit message "Reboot the server to ensure the system benefits from these updates".

Yes, you're seeing that because of the following:

 "Detected 27 processes that are running outdated executables: 2968 2947 3167 2826 1545 3234 3473 2980 3479 1 2110 3188 2076 3488 2937 2879 3484 3231 136373 3463 2894 3226 3468 136126 436 2064 1576

Note that PID 1 is in the list this is always systemd or init which is the init process which is the parent process for all other processes running on the server this is directly associated with the system's kernel. If pid 1 is outdated that means there's a kernel update available (you've installed the newer kernel but it's not being used) It is ALWAYS recommended to reboot in the instance of a kernel update. That's explicit on purpose, because you need to reboot to update the kernel and there's no way around that one unless you're running kernelcare.

My understanding is that you're suggesting that:

1. I don't *have* to.
2. If I wish to make my own more informed decision, than I have to "check rpm --changelog for those packages"

As I noted in my response in the instance a restart of the processes is a viable option to update all PID's listed you will receive a notification that says:

You must take one of the following actions to ensure the system is up-to-date:
Restart the listed processes.
Reboot the server.

Being that you can't update the kernel without a reboot you received a very explicit notification that you needed to reboot. This is true and you did need to reboot to update the kernel.

My suggestion to determine your course of action is based on the notification above. WHM can't tell you what to do in this instance, but it can suggest the only ways to resolve the issue. This is something you need to determine what to do with. You need to decide if you want to restart these processes to update them or if you'd rather restart the server.

So for WHM to be more prescriptive, more helpful, is it a question of:

1. Better configuration of the existing settings/alerts already available within WHM
or
2. Raising a feature request to make WHM smarter, more configurable, in this regard?

WHM's security advisor in this respect is just a conduit for the information, it's up to you to make an informed decision but if you would like to see this more configurable and "smarter" I would strongly urge you to open a feature request using the link in my signature - if you do open one please post the link here so others can vote on it.

As a general rule of thumb most don't choose to reboot unless the kernel needs to be updated but again this is your call. I'll also reiterate that you received a explicit you need to reboot to resolve these issues message because your kernel needed to be updated.