• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question Updating OS components without breaking Plesk

I

iainh

Basic Pleskian
I understand Plesk's position is that packages like OpenSSL are a part of the base OS and so not updated by Plesk, but conversely I've been advised it is better not to update the server via yum so that OS updates are in line with Plesk support.

So maybe the first question to ask is:
  • Do Plesk advise/support/agree to the base OS being kept up to date via yum or should updates only be done via PUM?
As an example, PUM is saying 'All packages are u- to-date' which yum is saying there's a [ending update to kernal-firmware and kernal-headers. So you I let yum process these or wait for them to appear under PUM?

I then have a specific question about OpenSSL. My CentOS 6.10 box is still on OpenSSL 1.0.1e-fips, which is a long way out of date, although SpamAssassin still being on 3.3.1 wold be another OS component that could do with update.

There's plenty of advice on how to do this, but then there's always the Plesk 'warning' about newer versions might break compatibility, and the whole point about running a Plesk box is that people don't want to get knee-deep in UNIX admin. That seems to leave us between a rock and a hard place in terms of wanting/needing to keep core components up-to-date, but being warned about 'self updates' and updates of such components not being seen as part of Plesk's role.

What's the best advice on how to handle OS component updates? PUM only, yum, manual update of components like OpenSSL and SpamAssassin?

Thanks
 
My advice would be to keep the server updated with yum as the updates come out, install Plesk updates as they come out and do not update OS level packages manually.

CentOS is a Red Hat Enterprise Linux derivative and its strengths lie in the long term support and stability. Your openssl and other OS packages get backported security updates and, for a good part of your OS life, also some backported features. The OS as a whole is designed to work with these packages, so are complex third party software packages such as Plesk.

If you manually update core packages such as openssl, you'll be running a system that has been untested as a whole and you'll also need to manually keep up with any security updates, big or small, as opposed to getting them automatically.

If you need a newer OS, I'd adivise migrating to a new, freshly set up CentOS 7 system. Or wait for a bit longer so that Plesk starts supporting CentOS 8 and migrate directly to a new CentOS 8 server.
 
Many thanks @Ales. That pretty much was my thinking, but good to get an experience d review. The last thing I want to do is build an unsupportable system, especially as I'm running Plesk deliberately so as to not get into those complexities. I think it was the ISP though that advised me not to yum update and instread rely on everything to come via PUM. Seems that's not the best advice.

Good to here Plesk on CentOS 8 is coming. I think that will be my next move and should help address some of these older component issues.

Thanks for the advice :)
 
You must log in or register to reply here.

Similar threads

K
Question How does Plesk handle OS updates?
Replies
0
Views
130
Kroptokin
K
G
Issue Plesk Version 12.5.30 upgrade to 17.8.11 failed
Replies
5
Views
2K
Bitpalast
Bitpalast
learning_curve
Resolved Plesk 17.8.11 / Ubuntu 18.04.3 LTS / OpenSSL / TLSv1.3
Replies
2
Views
2K
learning_curve
learning_curve
akira9000
Resolved Just had a bumpy ride upgrading from Plesk 17.8.11 to Obsidian 18.0.28
Replies
10
Views
2K
akira9000
akira9000
Servus
Resolved Plesk Updates Panel shows wrong components
Replies
5
Views
1K
Servus
Servus
Back
Top