• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved A false positive with KernelCare???

LordLiverpool

LordLiverpool

Basic Pleskian
Hello Pleskians,

I'm a noob so please go easy!

Yesterday I provisioned a new AWS Lightsail Plesk Server running Onyx 17.8.11.

The "dashboard advisor" recommended switching on KernelCare, so I did.

Today I got an email saying:

Some problems occurred with the System Updates tool on your server ec2-nnn-nnn-nnn-nnn.eu-west-1.compute.amazonaws.com. Please resolve them manually.

Reason: 2019-09-24 06:25:49 INFO: pum is called with arguments: ['--update', '--json']

2019-09-24 06:26:28 INFO: no packages to update E:Could not configure 'kernelcare:amd64'. , E:Internal error, packages left unconfigured. kernelcare:amd64

2019-09-24 06:26:29 ERROR: installArchives() failed

2019-09-24 06:26:29 ERROR: Exited with returncode 1.

When I logged in today it looks like KernelCare has already expired!
Wow, that was quick! (see image attached)

c4e9f938-7141-4afe-9dd2-b2974f464e2b-original.png


Questions:
  1. Has the email been sent because KernelCare wants me to purchase a licence for their plugin? (a false positive)
  2. Should I deactivate KernelCare or is the email warning me of a genuine issue?
  3. Does Plesk offer an alternative free route that I can use to keep my kernel updated?
I googled the error code and found this article:

Unable to update Plesk: Sub-process /usr/bin/dpkg returned an error code (1): iF mysql-server-5.7

But I'm unsure if the resolution provided is relevant to me or not?
I don't want to blindly follow the instructions.

Any help is appreciated.

Thank You.
 
So I got the exact same email today.

Is this email really a nag, an advert to get me to purchase a KernalCare licence?

Why does the Plesk Advisor recommend my installing it? Surely there's a free alternative? Manual updates?
 
@LordLiverpool

In essence, there are two issues here, one of them being an actual issue (read: leading to error notifications) and the other being of minor importance.

Let's start with the less important issue - there are two important facts that you have to be aware of :

1 - KernelCare does not support all kernels : Kernelcare extension sometimes cannot or cannot yet (!) be used - implying that the extension does not add value, (and)
2 - in most (but not all) virtualized environments, Kernelcare extension does not work : Kernelcare cannot "reach" the kernel on the host server of the virtual machine.

In short, Kernelcare is not always adding value - as a golden rule of thumb : use Kernelcare extension if and only if you have a dedicated server.

The second issue -the most important one- is already mentioned : Kernelcare does not support all kernels.

The above implies that a lot of factually correct error notifications will follow - but you can safely ignore them, nothing goes wrong with the server anyway.

In summary, I highly recommend that you just uninstall the Kernelcare extension entirely - that is all!

Hope the above helps and explains a bit.

Kind regards.........
 
@trilotto

Thanks very much for replying, it's appreciated.

trialotto said:
2 - in most (but not all) virtualized environments, Kernelcare extension does not work : Kernelcare cannot "reach" the kernel on the host server of the virtual machine.
Click to expand...

My Plesk server is an AWS Lightsail instance, I am guessing this is a virtual machine.

trialotto said:
In summary, I highly recommend that you just uninstall the Kernelcare extension entirely - that is all!
Click to expand...

That will stop the email.

I guess I will need to manually update my server
 
@LordLiverpool

LordLiverpool said:
I guess I will need to manually update my server
Click to expand...

No, not really : just go to "Extensions > Kernelcare (click on the extension name) > select Remove on the dropdown menu" and that is all.

If you cannot find it, you can always use a command from the command line (SSH) : plesk bin extension -u kernelcare-plesk (from the back of my head, I can be mistaken).

The before mentioned command will uninstall the Kernelcare extension.

Kind regards.....
 
LordLiverpool said:
@Dave W

Thanks for replying, it's appreciated.

OK, that makes me wonder how do I manually update the kernel if I explicitly don't wish to use KernelCare?

Method #1 on this webpage seems good:
Different Ways To Update Linux Kernel For Ubuntu - OSTechNix

Grabbing the latest code from this official repository
Index of /~kernel-ppa/mainline

Any thoughts? Have you ever needed to do this?

Cheers
Click to expand...

@LordLiverpool

First of all, there is always the need to keep kernels updated to the latest version.

However, that does not imply that you should do it or can do it without problems - it is highly specialized work to do it properly.

Second, if and whenever possible, try to use the reboot-less option - not having to reboot is a great feature, preventing service disruption and allowing direct patching.

However, the above does not imply that you can simply rely on reboot-less options offered by Kernelcare or similar services - rely on Canonical Livepatch Service.

Canonical Livepatch Service might be or it can become a bit expensive, but it still is cheaper than the costs associated with broken down and/or compromised servers.

Third, whenever not having the possibility to go for the reboot-less option : use apt-get.

There is no reason to install an additional tool or to engage in dpkg fumbling, if you have an easy method available by using apt-get, a native and stable Ubuntu tool.

Anyway, do not use a PPA - also for the sake of security and/or to prevent package dependency issues.

In short, it is highly recommended to only work with kernel updates if and only if you know exactly what you are doing!!!!

Hope the above helps a bit.

Kind regards.........
 
@Dave W

Thank you for taking the time to reply.

So you're saying I do need to update my Kernel from time to time
Not to use a PPA

If I was to not bother updating my Kernel for a say 2-3 years would it make much of a difference?!?

I think most likely I would rent a new server with the latest kernel, OS and services etc installed
and then bulk-migrate my websites across, mitigating the need to update the kernel.

Any thoughts? Thanks.
 
Not updating your kernel for a few years would cause a tangible security risk and you'd also miss out on bug fixes and improvements.

I don't understand why are you complicating this so much? Update your kernel as you would any other OS package, use regular OS updates. Restart the server when appropriate to load the updated kernel.

That's all there is to it.
 
@Ales

Thanks for replying, it's appreciated.

My apologies, I'm not trying to complicate anything, I'm sorry if it appears that way.
What I'm trying to do is gain a greater understanding of the subject by using this forum to obtain experienced opinions, like yours.
If I appear overly cautious it because I've never had to manage this issue before and I don't want to make any mistakes.

Thank you for your advice, it's greatly appreciated.
 
You must log in or register to reply here.

Similar threads

P
Issue System Update tool error
Replies
1
Views
839
IgorG
IgorG
H
Issue SPF - Error 26 - DNS lookup failure - hardfail / softfail
Replies
0
Views
993
Hockeychap
H
T
Forwarded to devs Kernelcare extension - odd behavior on Ubuntu 18.04
Replies
6
Views
982
trialotto
T
W
Issue Email Sending After installing Update No. 2 not working (Obsidian 18.0.29)
Replies
1
Views
1K
WhizzHacks
W
T
Forwarded to devs Issue - Package Update Manager notification
Replies
3
Views
943
trialotto
T
Back
Top