"Reboot required" package updating from command line?
How can I tell if a package I'm about to update requires a reboot for it to be inplemented? (RHEL 5.8) From the Software Updater GUI interface, there is an icon to the left that shows which updates do. I want to see that requirement when I use 'yum' or 'rpm' from the command line. Even after I update a package that I know requires a reboot, nowhere does it say that. Do I just not know where to look? Or maybe I'm missing an option?? Thanks for any pointers! ...Marie Hutchens
Marie Hutchens
Responses
Good question, Marie.
I have the same one for 'restart'. Say, if apache was updated and for update to take effect the running apache serivce needs to be restarted.
Greetings,
This is actually a question that appears from time to time in support cases ; if you want to request this feature you can follow the indications of this kbase :
https://access.redhat.com/knowledge/articles/11141
typically there should be a warning or a message if a service was restarted as part of an upgrade process, but most services are not restarted if they are still running. Just as well, any kernel upgrade requires a reboot to the new kernel to be effective.
Kind regards,
Félix
Red Hat
Guru
1925 points
I was thinking that there might be something in the RPM that indicates the user should reboot the system or restart a service after an upgrade. I haven't found any such thing, but I'll hunt down an expert if I can.
As for a rule of thumb on when to reboot or restart, I'd add a couple of other items to those that Felix mentioned:
- Since many applications use libc, if you update libc, you can consider rebooting or restarting applications to get your applications to include the updated libc.
- To begin using updates to the X Window System or related desktop components, logging out of the desktop and logging back in should get changes (or run init 3 then init 5 to be sure).
- You can usually just restart any updated service. There should be no need to reboot.
Chris, you are right. But it requires an expert knowledge of the dependencies from the person running the update.
As well as the person to be attentive to the yum output. Basically, you are saying that dependency resolution should be done in a head of a person doing the updates.
I'd rather have yum or another service warn me, email me etc about the need to reboot/restart. And yum should have a configuration and command line option to actually restart the services that need to be restarted, and an option for reboot if it is required.
Same kind of thing should be applied to the .rpmnew files. Sometimes they can contain fixes/workarounds for security vulnerabilities. Like it was with apache some time ago.
gentoo has dispatch-conf, and every time you run any package update operation it warns you that NN number of configuration files need to be updated. It does not require user interaction, but in the warning message it mentions the tool that will help merge the changes. Dispatch-conf is the tool at the day that allows to merge changes, accept the new file, discard the new file, etc.
It would be beneficial to have something similar in Red Hat Linux.
Please let me know what you think about this, and I or somebody else can raise an RFE about it.
Surgey, i think you comment should be taken seriously by red hat.
no automatic install should ever be done without the user having the 'up-front' visibility/capability to continue with the update or not if a re-boot will take place. having worked with othe unix systems such as hp-ux, red hat should immediately correct this problem and allow the user to continue with the install or not. this should if using yum or rpm installs.
jim
Red Hat
Guru
1925 points
Jim, you have a good point that there should be a way to find out when a package upgrade requires a reboot or service restart. I'm tracking down an expert to see if there are command-line tools to do this (as was requested), since I don't know of an option to yum or other command that can show that kind of information. If not, then a request for enhancement is certainly in order.
A minor contribution, some packages like sshd, exim and httpd are restarted when they are patched.
e.g. http://rhn.redhat.com/errata/RHBA-2012-0261.html
* The httpd service is now automatically restarted after a package upgrade, if
the service is running. (BZ#719941)
But yes, there is no way of being sure any set of patches is catered for e.g libc
We patch regularly a known set of packages, and we have worked through if
they need a restart. But for others, unless a mechanism is found, a reboot is a good idea.
This is less a Redhat issue than a generic Linux issue. RPMs don't really have a "reboot required" toggle in the any of the build-time defines/macros (at least, not that I recall). So, any tool that references the RPM has to be intelligent enough to infer that either a service restart or a full OS-restart is required. General rules of thumb, however, are:
- If you update any libs, you need to restart the service to force the runtime-linker to read the updated libs
- If the installed/updated RPMs add new dynamic shared objects, you need to restart the service to force the runtime-linker to read the new/updated libs
- If the installed RPM updates a static configuration file (e.g. httpd.conf) rather than tweaking an application's in-memory configuration, you need to restart the service to force it to reread its configuration (things like PostFix, xinetd, and the like are an exception because you can generally send a SIGUSR or SIGHUP to force the service to reread its configuration)
- If you update any libraries that are referenced by the running kernel or related binaries, you'll need to reboot (exception being if you're using something like the [now proprietary - thanks for nothing, Oracle] KSplice to do your system patching).
- If you update any loaded drivers, you'll have to unload and reload those drivers
- If you update any drivers that can't be unloaded and reloaded without causing a system panic (e.g., typical disk drivers), you're going to need to reboot the system
Any utility that infers what post-installation actions have to occur would pretty much be using a heuristic that consults rules list similar to the above to do it. Some of the tools I've seen that do so make some incorrect inferences (i.e., if you're really determined not to reboot or restart, you can "magic" things, but it's generally not worth the effort).
You can sort out the above by doing an `rpm -qlp <RPMPKG>` and perusing the output. It's a pain, but you can, at least, give yourself an idea of "should I do this now or wait till I can get a downtime".
Yum and RPM being "standard in the community" tools aren't really things that RedHat is going to want to just change, willy nilly. More likely, they'd want to create a new utility with built in "intelligence".
Guru
6222 points
The following rule of thumb:
1) kernel updates need a reboot, for the running kernel will not be able to refresh itself (atleast not for now RHEL 6.x and lower)
2) glibc update it is very wise to do a reboot for it has a huge impact on all programs written in C or language that are precompiled to C code.
3) apache should only be restarted, the rpm does not do that for the programmer does not know whether or not your websites can be restarted.
a warning would be nice.
This not hard to implement. Just some lines of code in the post script.
Technically, you don't need console to run the GUI: just set up an Xserver on your local host and do X-redirection. I administer Solaris, AIX, RedHat and other systems all day from a Windows administration console by doing X-redirection of the GUI utilities.
Aside from during the initial KickStart process, about the only time we use the console on any of our UNIX hosts is when they've crashed and can only be recovered from maintenance mode.
Solaris uses the OpenSSH client. You should be able to do an `ssh -X remote.system.name` and it will set up an SSH tunnel for your X-session (and set the display variable to something like "localhost:10.0"). To allow root do do what it needs to do:
- `sudo -i`
- `cp ~LOGINUSER/.Xauthority .`
- <LaunchGUItool>
Hi everyone,
is there any news since last update from this discussion?
I raised a case to Support regarding this same question and they pointed me to this discussion thread and following link: https://access.redhat.com/solutions/27943
I still have some doubts that Support is working to answer me but I would like to share with you for the benefit of the discussion:
- I though RHEL7 didn't need to reboot after a kernel upgrade but the article says it does
- as I pointed Support Suse has "zypper ps" to know which running processes need a restart after an upgrade. as someone else says at a comment on the article Support told me, Debian also tracks this at "/var/run/reboot-required.pkgs". why can't RedHat do the same?
- as my rule of thumb, if a package has upgraded and the time of start from its process is from before the upgrade, a restart is needed.
- RHEL6 didn't need a reboot because there was no systemd. so bigger downtimes now with RHEL7.
regards.
Guru
6222 points
Hello Joaquin,
What do you mean by bigger downtimes? Longer downtimes or more frequent?
Have you taken the time to count the number of systemd patches since the General Availablity of RHEL 7.1?
Almost the same as the number of kernel updates. So there might not have been a need for extra reboots.
Kind regards,
ir. Jan Gerrit Kootstra
Hi Jan,
yes, I meant more frequent, sorry.
do you mean that updates for kernel and systemd are coordinated and happen at the same time? if so that is a great thing and I hope they can keep it up. if there are urgent security updates one of them might need to be updated without the other, right?
thanks and regards,
Joaquin Veira
FYI folks, there is this kbase Solution https://access.redhat.com/solutions/27943 "Which packages require a system reboot after update?"
In fact, all errata pushed live to RHN after September 16 2015 for packages listed in the above Solution will be tagged as "reboot_suggested" on RHN Classic Hosted and Satellite 5.6/5.7 so customers can be aware and decide to boot systems after applying these erratas.
Guru
6222 points
Hello Xixi,
Please tell us how to make the tag visible, for I am trying to on my test Satellite 5.7 and I have not found any tab on the search result for the RHEL 7 lastest kernel, published this week.
I also published a comment on the solution page you mentioned.
Kind regards,
Jan Gerrit Kootstra
Hello Jan,
What's the advisory number, and have you looked on the errata details page (not package details)?
Best,
Hello again Jan, A bug has since been identified that's preventing Satellite 5 from consuming the reboot_suggested bit, it's a private Bugzilla but if you have filed a support case pls ask support to attach to BZ # 1287378, and I'll also update again here once we have resolution. Thanks for reporting the issue, and your patience,
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.