• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question Why are Plesk System Updates and Yum not in sync?

K

Koen Verbruggen

Basic Pleskian
Plesk System Updates says "All packages are up-to-date".
However a yum check-updates resulted in many packages that needed an update.

I believed System Updates would check yum and other package managers for updates. Is this assumption incorrect?

I've performed a yum update to be not vulnerable for Dirty COW. Is this a okay or should I wait for System Updates to notice available updates? I've not manually added any repositories.
 
Would I've seen the updates if I had set Release tier to Early adopter release?
My assumption is that this only effects the plesk software, but maybe that effects other packages as well?
 
I would suggest you try to run Daily Maintenance script for installation available system updates manually with

# /usr/local/psa/bin/sw-engine-pleskrun /usr/local/psa/admin/plib/DailyMaintainance/script.php -f InstallSystemPackageUpdates
 
Hi Igor,
thanks for your response. Is this a better way then running yum update manually? What extra does it do?

Still trying to figure out: why doens't the Plesk GUI represent status of the updates that yum provided?
 
Koen Verbruggen said:
Still trying to figure out: why doens't the Plesk GUI represent status of the updates that yum provided?
Click to expand...
The difference related to enabled Safe Updates settings:
Screen Shot 2017-05-23 at 14.38.21.png

yum update shows available updates from all repositories. But Plesk System Updates shows available updates only from the same repository that the packages were initially installed from.
 
IgorG said:
The difference related to enabled Safe Updates settings:
View attachment 12831

yum update shows available updates from all repositories. But Plesk System Updates shows available updates only from the same repository that the packages were initially installed from.
Click to expand...
Thanks for the clean answer. So with my yum install other repositories where taken into account as well. As I didn't add any repositories myself I thought these would use the same as Plesk does.
In this case I deliberately wanted to update kernel and some other kernel packages because of the Dirty COW vulnerability. For next times: would it be wise to update only such packages and wait for the rest to come via the original repositories? Or should I wait for all packages to come via their original repo?
 
I think that updating with "yum update" is quite safe. I've done this many times on different Plesk servers and everything was fine. The main thing is not to use exotic third-party repositories. But if you are afraid of problems - it would be better to use the built-in Plesk update system with the default settings.
 
IgorG said:
I think that updating with "yum update" is quite safe. I've done this many times on different Plesk servers and everything was fine. The main thing is not to use exotic third-party repositories. But if you are afraid of problems - it would be better to use the built-in Plesk update system with the default settings.
Click to expand...
Just out of the box repos here for now. Think I will stick to yum update then :)
 
To put it to the test: recovered backup from before the yum install: no updates in GUI.
Set Safe Updates off: no new updates....

DataGrid complaints about vulnerabilities in kernel, but no kernel updates in GUI.
Does this mean the original repo's take their time before being updated? How to find out which repo's are used and which one are used in my manual yum update?
 
When you run 'yum update' all repos, enabled for yum in /etc/yum.repos.d/ are used. So, if you have kernel update from f.e. remi or epel repo - you will see this update only with 'yum update'.
 
repoquery -i kernel returns [...] Repository : updates [...]

in yum.repos.d/CentOS-Base.repo I find this:

Code: 
#released updates
[updates]
name=CentOS-$releasever - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

Bet this is the repo being used then. And not remi or epel (can't any link to such a repo in the yum.repo.d folder).

Don't you think this would be the 'normal' repo and therefore the one being used in GUI as well?

Thanks for helping me grabbing the concept of how yum and plesk are linked. very much appreciated
 
Ok. You have kernel update from official OS vendor repository. I believe that you will see it if you disable mentioned above Safe Updates settings.
 
That is exactly what I thought. However it seems like packages from "update" repo (with the kernel updates) are not shown.
Tried different settings with reboots in between...
 
You must log in or register to reply here.

Similar threads

brainforge
Resolved System updates have started failing.
Replies
2
Views
331
brainforge
brainforge
M
Question yum update for system updates?
Replies
1
Views
654
IgorG
IgorG
danami
Forwarded to devs The GPG keys listed for the "grafana extension repository" repository are already installed but they are not correct for this package.
Replies
7
Views
2K
Peter Debik
P
Z
Resolved Some errors during Plesk update
Replies
7
Views
2K
Zoo3
Z
Linulex
Issue Warning: Information on some packages might not be actual: inconsistencies were detected in the system's package manager database. Please resolve this
Replies
2
Views
944
Linulex
Linulex
Back
Top