Issue Forced Plesk update???

[Bitpalast]

I have to admit that this morning I am a bit shocked:




To me this reads like: "In 6 days we will intentionally crash your system so that you will be forced to stay up all night long to fix all the errors that we'll introduce during a failing update and to get your services backup up running. We will also cause a few hundred angry customers on each of your host computers and many additional support requests."

To be frankly honest: So far I have not seen an update that has worked properly and left the system intact. There were always issues.

First response: Changing settings to "Late Adopter" to buy some time.

 

[I-Che]

Hi Peter!

I’m sorry to hear you have got this perception – this wasn’t a plan, definitely. What we want to do is to provide Plesk customers with a product that is stable and secure, i.e. running the last version. We put lots of efforts over time to make the upgrades as stable as possible, which is confirmed by the analysis we made. There is very little possibility when something goes wrong during the upgrade.

Can you please tell me more about issues you had in the past updating or upgrading your Plesk servers? Please feel free to give me more details here or in PM, I’ll be more than happy to help.

 

[Bitpalast]

I have ordered the upgrades from professional services now, just to make sure that when issues arise, Plesk team will immediately solve it.

Anyway, before I had seen a wealth of all kinds of issues, ranging from duplicate OS library files through wrong lib versions used after the ugprade (e.g. the versions from version 17.x after an upgrade to 17.5, which needed a lot of manual cleaning up afterwards) to more simple things, for example that the Apache web server module is automatically changed from "Prefork" to "Event", which then disabled the PHP module there ... I am sorry I cannot provide a complete list, I have just given up on this topic, it has caused too much stress in the past, and will rather buy the upgrade service from Plesk. It is simply too risky to do on your own when you operate the server for many customers. One single failure could result in many hours downtime or at least inaccessibility of the GUI for customers, leading to many support requests and a very high work load.

I was only astonished about the forced upgrade, because I feel that it interferes with business strategies, e.g. maybe we don't want to provide certain features to customers at this time.

Anyway, thank you for answering. So I'll use professional services now. Earlier than planned, but I think they'll handle it as well as in the past.

 

[Andrea Bampi]

I'm sorry if this may sound a silly question, but since I manage four small servers with Plesk Onyx I was a bit scared too (never seen any similar alerts on Plesk 11 and 12, and I still have a couple of servers running those versions)... I checked the blog post and what I understand is that ALL 17.x installations will be forcingly updated to 17.8.x (latest) in the next few days/weeks, unless we completely disable Plesk updates... right?
The blog post mentions legacy 11.x and 12.x versions too, but I frankly didn't get if the legacy versions are (or will be) involved in the forced update too. Do I have to disable Plesk updates everywhere?
Last question, the sentence "Critical security updates are always installed automatically." means that all important security updates will always be installed even if I uncheck "Automatically install Plesk updates (Recommended)"?

 

[Tosh]

I am looking at setting Product Configuration in Partner Central to the "Notify about available updates but do not automatically install them" option. That will allow us to be notified via email and then install updates manually.

Do you plan to circumvent this option and force updates?

 

[Bitpalast]

You nailed it. Plesk will update the major version if you want it or not. The setting in the configuration won't influence this step.

 

[I-Che]

Hi Andrea!
right, the automatic updates apply only for updates from versions 17.0 and 17.5 to 17.8. The statement that all 17.x installations will be updated in the next few days or weeks is not entirely precise - we think months and aim for a 5 months period.
As for Plesk 11.x and 12.x - these versions are not touched by the auto-update. Some preparation work should in the cases of older Plesk versions, like OS upgrades, followed by manually executed Plesk upgrade.
To your point about critical security updates this is a correct statement applicable to your Plesk version. Please note that only really critical security updates will be installed.

 

[I-Che]

I am looking at setting Product Configuration in Partner Central to the "Notify about available updates but do not automatically install them" option. That will allow us to be notified via email and then install updates manually.

Do you plan to circumvent this option and force updates?

hello, in this case (second option) you will be only notified about the update and you can install it at a convenient time.

 

[Dave W]

This really should have been handled better.

 

[JayStock]

I did this update and now my PROFTPD is crashing my server

 

[JohnD]

I was on Plesk legacy v12 and was a bit scared to upgrade to Onyx 17.8
Anyway so what I did was created an entirely new CentOS 7 VM and used the Plesk migration tool to migrate all websites from old VM to new one.
Boom it went like magic and I am glad I did it that way. It was fresh and clean.
Just my 2 cents!

 

[JayStock]

Thank JohnD, but I did the upgrade on my live server. Now every RUNNING FTP process is using 100% of CPU, I can't find a fix or solution anywhere

 

[Monty]

Thank JohnD, but I did the upgrade on my live server. Now every RUNNING FTP process is using 100% of CPU, I can't find a fix or solution anywhere

What's your exact version of the OS, the kernel and the ProFTPd package?

 

[JayStock]

CentOS Linux 7.6.1810 (Core)‬
Plesk Onyx
Version 17.8.11 Update #60, last updated on July 8, 2019 11:29 AM
PROFTPD 1.3.6-cos7.build1708180220.17

Thank you so much for taking the time to attempt to rectify this issue

 

[Monty]

Hmmm OK, so it's the same version of everything as I use and I don't see this issue.

I'd try the following:
Re-install ProFTPd:

# yum reinstall psa-proftpd

Re-install all Plesk updates:

# plesk installer --select-release-current --reinstall-patch --upgrade-installed-components

If that doesn't help, please post the contents of your /etc/proftpd.conf and all files in /etc/proftpd.d/*.conf here

 

[JohnD]

My goodness Monty - you really help everyone.. Regular super hero

 

[JayStock]

no good
179636 jaystockm 20 0 251M 30604 4988 R 100. 0.0 0:19.61 proftpd: jstockman - 65.204.37.24: LIST

/etc/proftpd.conf
#
# To have more informations about Proftpd configuration
# look at : The ProFTPD Project: Home
#

# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName "ProFTPD"
#ServerType standalone
ServerType inetd
DefaultServer on

<Global>
DefaultRoot ~ psacln
AllowOverwrite on

# Prefer to put here directives allowed in server config and Global contexts.
# From ProFTPD: Virtual Servers :
# "any configuration directives inside the "server config" section do not apply outside of the context."

DefaultTransferMode binary
UseFtpUsers on

TimesGMT off
SetEnv TZ :/etc/localtime
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

# Primary log file mest be outside of system logrotate province.
TransferLog /var/log/plesk/xferlog

# Enable PAM authentication
AuthPAM on
AuthPAMConfig proftpd
AuthGroupFile /etc/group

IdentLookups off

<IfModule mod_tls.c>
# common settings for all virtual hosts
TLSEngine on
TLSRequired off

TLSLog /var/log/plesk/ftp_tls.log

TLSRSACertificateFile /usr/local/psa/admin/conf/httpsd.pem
TLSRSACertificateKeyFile /usr/local/psa/admin/conf/httpsd.pem

# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off

# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotations. Some clients do not support
# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
# clients will close the data connection, or there will be a timeout
# on an idle data connection.
TLSRenegotiate none

# As of ProFTPD 1.3.3rc1, mod_tls only accepts SSL/TLS data connections
# that reuse the SSL session of the control connection, as a security measure.
# Unfortunately, there are some clients (e.g. curl) which do not reuse SSL sessions.
TLSOptions NoSessionReuseRequired
</IfModule>
</Global>

# Port 21 is the standard FTP port.
Port 21
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

#Following part of this config file were generate by PSA automatically
#Any changes in this part will be overwritten by next manipulation
#with Anonymous FTP feature in PSA control panel.

#Include directive should point to place where FTP Virtual Hosts configurations
#preserved

ScoreboardFile /var/run/proftpd.scoreboard

#Change default group for new files and directories in vhosts dir to psacln

<Directory /var/www/vhosts>
GroupOwner psacln
</Directory>

UseReverseDNS off

Include /etc/proftpd.d/*.conf

-------------------------------------------
50-plesk.conf

#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.

# Global section
<Global>
<IfModule mod_tls.c>
TLSEngine on
TLSRequired off
</IfModule>
</Global>
# Global section
<VirtualHost 2607:f1c0:820:d2fc:86ea:ce66:5a1d:b70f>
MasqueradeAddress 2607:f1c0:820:d2fc:86ea:ce66:5a1d:b70f
</VirtualHost>

 

[JayStock]

55-passive-ports.conf

<Global>
PassivePorts 49152 65535
</Global>

ssl.conf

<IfModule mod_tls.c>
TLSCipherSuite HIGH:!aNULL:!MD5
TLSProtocol TLSv1 TLSv1.1 TLSv1.2
</IfModule>

 

[Monty]

Nothing unusual in your config.
Just a question: Does the high CPU load issue occur on _every_ single directory, even on ones with only a few files in it? Or does it happen when you list a directory with thousands of file?
If it's the latter then please review: Listing of a directory with more than 20000 files via FTP takes a long time (Spoiler: No workaround yet!)

Some others recommend to set "UseEncoding off" in your proftpd.conf but I wouldn't do that on a production server, you should only try that to see if it makes any difference but keeping it "off" will probably cause a boatload of other problems.

 

[JayStock]

Occurs on every directory, prior to the PLESK update I did not have an issue.

Tried UseEcoding off did not work either

Here is a link to the problem
Issue - High FTP cpu load after 17.8 upgrade