Page 1 of 1
Kernel Update
Posted:
Wed Jun 20, 2012 11:31 pmby simonc
Hi Gardo,
Any way to update the kernel without affecting the vicidal , asterisk functionallity?
I have been able to update all centos outdated packages except the kernel. I tried it on a test server and it brakes dahdi , and extensions do not work.
Any help would be appreciated.
Re: Kernel Update
Posted:
Thu Jun 21, 2012 8:30 amby williamconley
After kernel updates, you must recompile the asterisk packages. Look at the "scratch install" instructions which download, compile, and install these packages ... you can skip the download, but you must recompile and reinstall them. There have also been several posts during which gardo has posted explicit instructions on this process.
However: continually updating your system is (IMHO) a bureaucratic time-wasting exercise. Once your Vicidial system is online and working, the only thing that should be upgraded is the Vicidial application (to gain new features or fix bugs). You'll not "gain" anything by updating/upgrading the OS upon which Vicidial runs. The purpose of the Vicidial system is to make calls according to the applications/scripts/data in Vicidial. Updating the OS has Zero impact on this mission. The only exception is if you are experiencing problems with said OS that require fixing. If you aren't, then you can expect that upgrading will eventually CAUSE problems that have to be fixed. LOL
Re: Kernel Update
Posted:
Thu Jun 21, 2012 9:59 pmby simonc
Thank you for your input. Since everything is stable at the moment, i will leave it under the goautodial pre-compiled kernel.
Other than that, everything is working perfectly.
Re: Kernel Update
Posted:
Mon Jul 02, 2012 6:51 pmby gers55
I have been running on a custom kernel with no major issues. Did you try
- Code: Select all
depmod -a
and restart after loading kernel or alternatively do a start/stop on the server after loading kernel.
Re: Kernel Update
Posted:
Mon Jul 02, 2012 7:43 pmby williamconley
running on a custom kernel isn't a problem. but it generally requires recompiling dahdi, among other things. so "chancing it" to get the new kernel (or see if it'll work) ... accomplishes what, exactly? LOL (Vicidial does not "run better" on a new kernel, the old one isn't rusty or anything ...).
I generally recommend kernel updates and other OS updates for those with nothing better to do than continually update their operating systems ... but that's just me.
Re: Kernel Update
Posted:
Thu Jul 05, 2012 6:11 amby gardo
You can safely update to the latest kernel. You just need to recompile DAHDI with 3 simple steps:
# cd /usr/src/dahdi
# make
# make install
Restart or reboot your server to make sure everything is working. Alternately you can just stop Asterisk and reload DAHDI then start Asterisk again.
No need to recompile anything else.
Re: Kernel Update
Posted:
Fri Jul 06, 2012 9:50 amby williamconley
And what is gained by this again? (latest kernel sounds cool, but ... why?)
Re: Kernel Update
Posted:
Tue Jul 10, 2012 2:08 pmby gardo
Mostly security updates and other fixes.
Re: Kernel Update
Posted:
Tue Jul 10, 2012 7:04 pmby williamconley
I'd love to hear what "security updates" are involved. LOL
IPtables supplies security, and the iptables schema is set by a restore command.
Apache is the other basic vulnerability, and the websites are generally what is vulnerable. And updating the kernel generally does not update apache.
If iptables is set to whitelist mode, I sincerely doubt a kernel update will have ANY impact on security. I can't speak to "other fixes", but security ... not likely.
But it will take time, and create a headache if recompiling fails or if one of the installed packages is not compatible with the new kernel (which has happened, if you update the kernel often enough).
Re: Kernel Update
Posted:
Wed Jul 11, 2012 3:36 amby DomeDan
http://lwn.net/Alerts/openSUSE/openSUSE security alerts
Recent openSUSE security alerts
(596 alerts total)
ID Package Date
openSUSE-SU-2012:0845-1 accountservice 2012-07-06
openSUSE-SU-2012:0826-1 php5 2012-07-04
openSUSE-SU-2012:0827-1 opera 2012-07-04
openSUSE-SU-2012:0828-1 java 2012-07-04
openSUSE-SU-2012:0829-1 tiff 2012-07-04
openSUSE-SU-2012:0830-1 python-crypto 2012-07-04
openSUSE-SU-2012:0831-1 viewvc 2012-07-04
openSUSE-SU-2012:0832-1 kvm 2012-07-04
openSUSE-SU-2012:0833-1 clamav 2012-07-04
openSUSE-SU-2012:0834-1 krb5 2012-07-04
openSUSE-SU-2012:0835-1 puppet 2012-07-04
openSUSE-SU-2012:0812-1 kernel 2012-07-03
openSUSE-SU-2012:0813-1 chromium, v8 2012-07-03
openSUSE-SU-2012:0809-1 socat 2012-07-02
openSUSE-SU-2012:0799-1 kernel 2012-06-28
openSUSE-SU-2012:0787-1 python-httplib2 2012-06-25
openSUSE-SU-2012:0781-1 kernel 2012-06-22
openSUSE-SU-2012:0759-1 libvpx 2012-06-19
openSUSE-SU-2012:0760-1 mozilla 2012-06-19
openSUSE-SU-2012:0755-1 python-tornado 2012-06-18
3 of the latest 20 security updates is to the kernel.
we can check
http://lwn.net/Search/DoSearch and search for "opensuse kernel"
openSUSE security update to kernel
([Security] Posted Jul 3, 2012 17:22 UTC (Tue) by ris)
openSUSE has released a security update to kernel
openSUSE security update to kernel
([Security] Posted Jun 28, 2012 19:11 UTC (Thu) by n8willis)
openSUSE has released a security update to kernel
SUSE security update to Linux kernel
([Security] Posted Jun 26, 2012 16:37 UTC (Tue) by ris)
SUSE has released a security update to Linux kernel
openSUSE security update to kernel
([Security] Posted Jun 22, 2012 18:22 UTC (Fri) by n8willis)
openSUSE has released a security update to kernel
SUSE security update to Linux kernel
([Security] Posted Jun 20, 2012 16:54 UTC (Wed) by ris)
SUSE has released a security update to Linux kernel
SUSE security update to Xen
([Security] Posted Jun 13, 2012 16:20 UTC (Wed) by ris)
SUSE has released a security update to Xen
SUSE security update to kernel
([Security] Posted Jun 4, 2012 15:32 UTC (Mon) by ris)
SUSE has released a security update to kernel
SUSE security update to Linux kernel
([Security] Posted May 14, 2012 16:35 UTC (Mon) by ris)
SUSE has released a security update to Linux kernel
SUSE security update to kernel
([Security] Posted Apr 26, 2012 18:42 UTC (Thu) by jake)
SUSE has released a security update to kernel
SUSE security update to Linux kernel
([Security] Posted Apr 24, 2012 16:11 UTC (Tue) by ris)
SUSE has released a security update to Linux kernel
openSUSE security update to kernel
([Security] Posted Apr 20, 2012 16:39 UTC (Fri) by ris)
openSUSE has released a security update to kernel
SUSE security update to Real Time Linux Kernel
([Security] Posted Mar 14, 2012 17:31 UTC (Wed) by corbet)
SUSE has released a security update to Real Time Linux Kernel
kernel: memory corruption
([Security] Posted Feb 9, 2012 20:35 UTC (Thu) by jake)
From the openSUSE advisory: CVE-2011-4604: If root does read() on a specific socket, it's possible to corrupt (kernel) memory over network, with an ICMP packet, if the B.A.T.M.A.N. mesh protocol is used.
kernel: denial of service
([Security] Posted Feb 9, 2012 20:34 UTC (Thu) by jake)
From the openSUSE advisory: CVE-2011-4087: A local denial of service when using bridged networking via a flood ping was fixed.
openSUSE security update to kernel
([Security] Posted Feb 9, 2012 20:33 UTC (Thu) by jake)
openSUSE has released a security update to kernel
openSUSE security update to kernel
([Security] Posted Feb 9, 2012 20:31 UTC (Thu) by jake)
openSUSE has released a security update to kernel
SUSE security update to Linux kernel
([Security] Posted Feb 7, 2012 18:21 UTC (Tue) by ris)
SUSE has released a security update to Linux kernel
SUSE security update to kernel
([Security] Posted Feb 6, 2012 18:44 UTC (Mon) by ris)
SUSE has released a security update to kernel
Oracle security update to kernel
([Security] Posted Jan 26, 2012 19:53 UTC (Thu) by jake)
Oracle has released a security update to kernel
SUSE security update to Linux kernel
([Security] Posted Dec 14, 2011 18:32 UTC (Wed) by corbet)
SUSE has released a security update to Linux kernel
Edit: oh yeah we're on the GoAutoDial forum, but this can be applied to centOS too just look at
http://lwn.net/Alerts/CentOS/ instead
Re: Kernel Update
Posted:
Wed Jul 11, 2012 12:48 pmby williamconley
Interesting. Two "local network" security flaws fixed. Necessary if you have bad guys on your local network. Both avoided by NOT having a bad guy on your local network and using IPTables whitelist security. The rest are "just updates" that do not mention what they do.
Hopefully none of them introduce a flaw or update a package to something incompatible with any php/perl/asterisk dependencies.
I still like "lock it down, and leave it alone".
Re: Kernel Update
Posted:
Thu Jul 12, 2012 9:09 amby simonc
I will try to replicate my current setup on a new Goautodial server and test from there.
Last time i tried that i had to recompile dahdi as gardo mentionned. However, the conferences were screwed up , and the server would kernel panic after thousands of lines of meetme. something( forgot the line exactly )
Re: Kernel Update
Posted:
Thu Jul 12, 2012 10:44 amby williamconley
the vicidial backup system is very helpful for porting your configuration from one server to the next.
it is actually quite normal to back up just the database, install a "fresh" system (vicibox,goautodial, either will do regardless of which you had previous). then restore the database and upgrade the database. then you'll have the newest system and your data will match it.