Hi
I have a server III and am attempting to upgrade the software to help secure the box. Using YUM it says all updates are current and yet I know they are not. On investigation I found out that Fedora are upgrading only at core 3, so all those of us running core 2 boxes thinking we are running the latest updates, are not!

I have a security report generated against my standard 1and1 server setup and the list is as long as your arm! What would help is to update a lot of the softwar but being core 2 as stnadard thats a quite a feat to do.

What do you all do? Typing yum update would be great but I really do not want to compile every update as an alternate solution.

Any ideas as to why core 2 is provided and not core 3?

Thanks
Ian

Check out Atomic Rocket Turtle and check out the tutorial section of this site for some guidance. ART used to work with/for Plesk and now maintains pre-compiled repositories of updates for each OS. You basically configure YUM to point to his repository and then you can update your system. I've been using it on some of the older Root III servers with RH9, we'll be trying it with FC2 soon.

http://www.atomicrocketturtle.com

Yep, I use them on my FC2 boxes and they work well... Scott does a great job keeping them up to date.

Scott does a great job but there are some packages he doesn't maintain and will start to be come out-of-date as more people move to FC3. I was actually surprised 1and1 went with FC2 over ES3 which has a longer lifespan. But I'm going to be moving my server to FC3 which does work with Plesk (According to Scott and a few others). I'm mainly doing this so I'm running something thats still supported by the developers as they will release security fixes for it before they release them for the older cores. And thanks to Yum its fairly simple. Plus extreamly fast. I managed to upgrade some servers at the office in 20min from FC2 to FC3 with only a few minutes of downtime. I expect it will take even less on the webserver once I solve a few dependency problems.... ( http://www.atomicrocketturtle.com/forum/viewtopic.php?t=333 )

On investigation I found out that Fedora are upgrading only at core 3, so all those of us running core 2 boxes thinking we are running the latest updates, are not!

Add the yum channels from fedoralegacy.com. They're updating all the way back to RH7.3.

I was actually surprised 1and1 went with FC2 over ES3 which has a longer lifespan.

My guess is that RHEL costs money and FC does not.

Bad news ..... error message and control panel is now useless


Checking for the group 'psaserv'...
Trying to add supplementary group 'psaserv' for user 'apache'... already there Checking for the group 'psaserv'...
Trying to add supplementary group 'psaserv' for user 'psaftp'... already there Checking for the group 'psaserv'...
Trying to add supplementary group 'psaserv' for user 'psaadm'... already there group psacln already exists /usr/local/psa/bin/chrootsh already registered as a login shell ===> Preparing upgrade Trying to start MySQL server... done Trying to establish test connection... connected Trying to backup MySQL database... done MySQL databases are dumped to /var/lib/psa/dumps/mysql.preupgrade.dump.gz
Database integrity check failed: duplicate values of (action_id, component) exist in table log_components

ERROR while trying to
Check the error reason(see log file: /tmp/psa_7.5.3_FedoraCore_2_build75050506.13_upgrade.lo g), fix and try again

Aborting...

error: %pre(psa-7.5.3-fc2.build75050506.13) scriptlet failed, exit status 1
error: install: %pre scriptlet failed (2), skipping psa-7.5.3-fc2.build75050506.13

----- end of output -----
===> Autoinstaller: stopped logging at Fri May 13 14:57:37 2005

I upgraded to FC3 last night and Plesk 7.5.3 with just a few minor dependency problems I had to solve. But downtime was aprox. 5min while psa regenerated the chroots.

I'll post a how-to a bit later.

Before we ran the Plesk update to 7.5.3 we ran "yum update" on a brand new box with no modifications to yum.conf or anything else. All went well except for the kernel update


kernel-smp 100 % done 7/27
grubby: unable to open /dev/hda: No such device or address
grubby fatal error: unable to find a suitable template
grubby fatal error: unable to find a suitable template
util-linux 100 % done 8/27
telnet 100 % done 9/27

I may be reading this post wrong but do these ART updates actually allow you to upgrade your servers OS on the fly? I have a root server I box running RH9 and the only way I can get a new OS is to nuke it and do a restore with a new image.

On a side note I've also asked 1and1 if they would upgrade the hardware on my server to the new specs, but they tell me I would need to purchase a new server.

Anyway, if the upgrade on the fly is possible can someone post instructions or any feedback re the process?

Thanks,
Dylan

You can't really upgrade the OS remotely without some major high wire walking, but you can definitely upgrade to the latest component releases ie: PHP version 4.3.11, MySQL version 4.0.24a, etc ... for RH9, FC2, and other OS's using ART's repository. See the tutorial section of this site for more info on that. I think I wrote it specifically for RH9 when I wrote the tutorial.

As for 1and1 upgrading your server, in order to upgrade they have to move you to a new hardware set all together. You can request them to mirror your drive to the system but that really only buys you a higher monthly fee, and more bandwidth. I would just do a full backup and then migrate to a new server if you really need to.

Thanks for the info. My root server I has been running flawlessly for almost 2 years now. I've secured it up tight and just left it, with minor log reviews and updates.

Based on your experience, what kind of load, ie how many clients / domains do you feel a root server I can handle? The specs are:

2.0 Celeron
256 MB Ram
40 GB HD

Thanks,
Dylan

depends on traffic load and the type of applications running. If this gives you any perspective:

Root III server
3.0Ghz
1Gb RAM
100GB HD
500GB Bandwidth

Website is running email (qmail, spamassassin), DNS, all the normal plesk services, vBulletin forums, Esvon classifieds, IRC, Photopost picture gallery, Mambo CMS, and a link directory application.

Site runs about 250 to 400 concurrent users daily in and out of all the applications above and it's sweating. It's pulling the load nicely but it's out of room to grow. We're moving it now to two new Root III server so it will have have more RAM and split the images and banners off to a seperate server to reduce the Apache load. Also we're moving email and DNS off the box and stopping those services to further reduce the load.

So it really depends on the apps and the traffic load. Can you give me any details on whats running on the box and what the users use it for.

It sounds like your hosting business is doing quite well. I originally started mine as add-on to the network administration services my company provides, but it is starting to grow..slowly however.

How many 1and1 servers are you running, if you don't mind me asking. Are they giving you a discount for leasing so many?

As for my server, it's running about 15 sites most of which are very basic. It does not run DNS but does provide a pretty high amount of email traffic. MySql is also running. I also provide an online backup service to my customers which uses an FTP-SFTP bridge through SSH on the server.

Performance hasn't seemed to decrease at all with the additional online backup load. It's a strong little server I guess :wink:

With 1and1 we're only running about 6 servers, discount ......lol.....don't make me laugh.

You will be surprised at how far that little Root I will go. I'm amazed at how well the current Root III is doing under the load of one of our larger customers with 400+ concurrent users on their site pounding away at the forums, classifieds, uploading pictures, etc .... The load average gets up to 5 or 6 sometimes 10 but the site doesn't show it from the user perspective. The customer only complains becuase he sees the numbers climb and we know it won't scale much further so we're moving it and splitting it up for them. But in actuality it's running fantastic .....now if we could just get the 1and1 support to follow suit.....

:lol:

No doubt re the 1and1 support. I've recently emailed them letting them know my opinion on their support. I mentioned that if their support matched their products, they would be unstoppable. I hope it got through to the right people.

A little off topic here but I noticed your website doesn't have much advertising re your products. Do you not offer your products for sale via the Internet? What methods have you found to be successfully in promoting your hosting business? Do you resell dedicated servers from 1and1 or just slice them up into shared hosting accounts?


Thanks

100% of our business is referral or advertising through other means. We don't sell direct. We like to know a little bit about who our customers are and where they are coming from. We don't have time to chase down any bank robbers in Romania. We do a little of both, we're testing the waters with 1and1, their pricing makes it really attractive to get a Root server and slice it up. That's where we put all our small customers with little online stores or static content pages. For our larger customers we just resell a dedicated server ....ie: the 400+ concurrent user customer from earlier, who we're moving to bigger and more servers.