Rolling back yum transactions

Ever had the system update a package, which winds up breaking the most random things? How can you roll back? How can you prevent that same buggy package from updating itself again the next time the system checks for updates, yet still get newer versions of that package when its released?

I ran across something like this recently. The symptom was that PHPMyAdmin was no longer working on this LAMP server. In short, it was found that an Apache update was to blame, which was found in this bug report: https://bz.apache.org/bugzilla/show_bug.cgi?id=61202

So how can the update to Apache be rolled back? First, try to confirm that Apache was indeed updated recently:

[[email protected] ~]# tail /var/log/yum.log
Jul 08 04:23:49 Updated: httpd24u-filesystem-2.4.26-1.ius.centos6.noarch
Jul 08 04:23:49 Updated: httpd24u-tools-2.4.26-1.ius.centos6.x86_64
Jul 08 04:23:50 Updated: httpd24u-2.4.26-1.ius.centos6.x86_64
Jul 08 04:23:50 Updated: 1:httpd24u-mod_ssl-2.4.26-1.ius.centos6.x86_64

Now find the transaction ID within yum by running:

[[email protected] ~]# yum history
ID     | Login user               | Date and time    | Action(s)      | Altered
-------------------------------------------------------------------------------
   220 | root               | 2017-07-08 04:23 | Update         |    4

View the details of this transaction by running:

[[email protected] ~]# yum history info 220
...
Transaction performed with:
    Installed     rpm-4.8.0-55.el6.x86_64                       @centos6-x86_64
    Installed     yum-3.2.29-81.el6.centos.noarch               @centos6-x86_64
    Installed     yum-metadata-parser-1.1.2-16.el6.x86_64       @anaconda-CentOS-201410241409.x86_64/6.6
    Installed     yum-plugin-fastestmirror-1.1.30-40.el6.noarch @centos6-x86_64
    Installed     yum-rhn-plugin-2.4.6-1.el6.noarch             @spacewalk
Packages Altered:
    Updated httpd24u-2.4.25-4.ius.centos6.x86_64            @rackspace-centos6-x86_64-ius
    Update           2.4.26-1.ius.centos6.x86_64            @rackspace-centos6-x86_64-ius
    Updated httpd24u-filesystem-2.4.25-4.ius.centos6.noarch @rackspace-centos6-x86_64-ius
    Update                      2.4.26-1.ius.centos6.noarch @rackspace-centos6-x86_64-ius
    Updated httpd24u-mod_ssl-1:2.4.25-4.ius.centos6.x86_64  @rackspace-centos6-x86_64-ius
    Update                   1:2.4.26-1.ius.centos6.x86_64  @rackspace-centos6-x86_64-ius
    Updated httpd24u-tools-2.4.25-4.ius.centos6.x86_64      @rackspace-centos6-x86_64-ius
    Update                 2.4.26-1.ius.centos6.x86_64      @rackspace-centos6-x86_64-ius
history info
...

To roll back the updates, getting us back to Apache 2.4.25 in this case, simple undo the transaction by running:

[[email protected]web01 ~]# yum history undo 220

Then confirm Apache is back to the previous version 2.4.25:

[[email protected] ~]# rpm -qa |grep -i httpd24u
httpd24u-filesystem-2.4.25-4.ius.centos6.noarch
httpd24u-2.4.25-4.ius.centos6.x86_64
httpd24u-mod_ssl-2.4.25-4.ius.centos6.x86_64
httpd24u-tools-2.4.25-4.ius.centos6.x86_64

Next, restart Apache so the changes take place:

[[email protected] ~]# service httpd restart

Finally, exclude the buggy packages from ever being installed again. In this example, Apache 2.4.26 will never be installed, however any newer versions released after that will install/update normally.

[[email protected] ~]# yum install yum-plugin-versionlock
[[email protected] ~]# yum versionlock add! httpd24u-mod_ssl-2.4.26-1.ius.centos6.x86_64 httpd24u-2.4.26-1.ius.centos6.x86_64 httpd24u-tools-2.4.26-1.ius.centos6.x86_64 httpd24u-filesystem-2.4.26-1.ius.centos6.noarch

Upgrade MySQL on CentOS

Sometimes you may run across a scenerio where you have to update MySQL. This is easy enough to do, however you should always test this out on a dev server before applying to production just in case you run into problems.

As a critical note, before performing the update, make sure you have a working MySQLdump of all your databases. This cannot be stressed enough! There are many ways of performing a MySQLdump. Be sure you can actually restore from those backups as well! One possible method of performing the backup of all the databases into a single large file, which locks the tables creating possible downtime, would be:

[[email protected] ~]# mysqldump --all-databases --master-data | gzip -1 > /root/all.sql.gz

On CentOS, I prefer to use the IUS repo’s as they are actively maintained, and they do not overwrite stock packages which is important.

So to get started, first setup the IUS repo if it isn’t already installed on your server:

# CentOS 6
[[email protected] ~]# rpm -ivh http://dl.iuscommunity.org/pub/ius/stable/CentOS/6/x86_64/ius-release-1.0-14.ius.centos6.noarch.rpm

# CentOS 7
[[email protected] ~]# rpm -ivh http://dl.iuscommunity.org/pub/ius/stable/CentOS/7/x86_64/ius-release-1.0-14.ius.centos7.noarch.rpm

To upgrade MySQL, yum has a plugin called ‘yum-replace’, which will automatically replace one package with another of your choosing. This simplifies the process of upgrading MySQL.

First, confirm that you are not already running another custom version of MySQL:

[[email protected] ~]# rpm -qa |grep -i mysql
mysql55-server-5.5.45-1.ius.el6.6.z.x86_64
mysql55-5.5.45-1.ius.el6.6.z.x86_64
...

Using the output from above, it looks like we just have MySQL 5.5 installed. I want to upgrade from MySQL 5.5 to MySQL 5.6. Here is how you would run it:

[[email protected] ~]# yum install yum-plugin-replace
[[email protected] ~]# yum replace mysql55 --replace-with mysql56u

During the upgrade process, I noticed that I could no longer log in with the root MySQL user. So to reset the root MySQL password:

[[email protected] ~]# service mysqld stop
[[email protected] ~]# mysql -uroot
mysql> use mysql;
mysql> update user set password=PASSWORD("enternewpasswordhere") where User='root';
mysql> flush privileges;
mysql> quit
[[email protected] ~]# service mysqld restart

Once the version has been updated, be sure to run mysql_upgrade. mysql_upgrade examines all tables in all databases for incompatibilities with the current version of MySQL Server. mysql_upgrade also upgrades the system tables so that you can take advantage of new privileges or capabilities that might have been added.

[[email protected] ~]# mysql_upgrade

If you find that the upgrade is not going to work for your environment, you can roll back to the original version:

[[email protected] ~]# yum replace mysql56u --replace-with mysql55

The yum-replace plugin makes upgrading and downgrading MySQL very fast and simple. But just to reiterate an earlier statement, make sure you test this out on a development server before applying to your production server! It is always possible that something may not be compatible with the new version of MySQL! So always test first so you know what to expect!

Upgrade PHP on CentOS

The version of PHP that ships with CentOS 6 and CentOS 7 is getting a bit outdated. Oftentimes, people will want to use a newer version of PHP, such as PHP 5.6. This is easy enough to do, however you should always test this out on a dev server before applying to production just in case you run into problems.

On CentOS, I prefer to use the IUS repo’s as they are actively maintained, and they do not overwrite stock packages which is important.

So to get started, first setup the IUS repo if it isn’t already installed on your server:

# CentOS 6
[[email protected] ~]# rpm -ivh http://dl.iuscommunity.org/pub/ius/stable/CentOS/6/x86_64/ius-release-1.0-14.ius.centos6.noarch.rpm

# CentOS 7
[[email protected] ~]# rpm -ivh http://dl.iuscommunity.org/pub/ius/stable/CentOS/7/x86_64/ius-release-1.0-14.ius.centos7.noarch.rpm

To upgrade PHP, yum has a plugin called ‘yum-replace’, which will automatically replace one package with another of your choosing. This simplifies the process of upgrading PHP greatly.

First, confirm that you are not already running another custom version of PHP:

[[email protected] ~]# rpm -qa |grep -i php
php-tcpdf-dejavu-sans-fonts-6.2.11-1.el6.noarch
php-cli-5.3.3-46.el6_7.1.x86_64
php-pdo-5.3.3-46.el6_7.1.x86_64
...

Using the output from above, it looks like we just have the stock PHP version installed. I want to upgrade from PHP 5.3 which is the default package on CentOS 6, and replace it with PHP 5.6. Here is how you would run it:

[[email protected] ~]# yum install yum-plugin-replace
[[email protected] ~]# yum replace php --replace-with php56u

Perhaps you find that your application doesn’t work with PHP 5.6, so you want to try PHP 5.5 instead:

[[email protected] ~]# yum install yum-plugin-replace
[[email protected] ~]# yum replace php56u --replace-with php55u

Or maybe you find that the upgrade is not going to work for your environment, so you want to roll back to the original version:

[[email protected] ~]# yum replace php55u --replace-with php

The yum-replace plugin makes upgrading and downgrading PHP very fast and simple. But just to reiterate an earlier statement, make sure you test this out on a development server before applying to your production server! Its always possible that a module that worked in PHP 5.3 is deprecated in a newer version of PHP, or perhaps your site code is using deprecated functions that no longer exist! So always test first so you know what to expect!

RHCSA Study Guide – Objective 2 : Packages

############################
Everything below are my raw notes that I took while attending an unofficial RHCSA training session.  I am posting them here in hopes they will assist others who may be preparing to take this exam.  

My notes are my own interpretation of the lectures, and are certainly not a replacement to classroom training either through your company, or by taking the official RHCSA classes offered through Red Hat.  If you are new to the Red Hat world, I strongly suggest looking into their training courses over at Red Hat.
############################

EXAM NOTE: Will need to know how to manually enable/create a repo

rpm -i : install
rpm -q : query the database
rpm -e : erase rpm.

EXAM NOTE: Probably won’t need to know much about rpm other then the above.

rpm -qa : Queries and lets you know everything that is installed.
rpm -qi : Queries the rpm database for pkg info.
rpm -qf : Determines which rpm a file is associated with.
rpm -ql : Queries the rpm database to determine which files are associated with an rpm.
rpm -Va : Verifies all installed packages.
rpm -Vi  : Verifies given package.
rpm -Va |grep ^..5  : This will show you everything user has changed recently.  Can be useful!

EXAM NOTE: Asides from the last one, nothing here is likely going to be applicable for the test.

How to extract RPM Contents:

cd /temp/dir
rpm2cpio /path/to/package | cpio -i -d -m

EXAM NOTE: This will not be on test. If Apache is messed up, just reinstall it.

The wrapper for RPM is yum (Yellowdog updater modified).

install : Install stuff
search : Find stuff  : ex.  yum search bash
provides : Find files within packages when yum search doesn't help : ex. yum provides sed
clean all : Useful if you broke your conf file and yum is broke.  ex. yum clean all

EXAM NOTE: The above stuff will be used on test.

How to setup repository when Redhat says: “All your packages can be found at:
http://www.example.com/directory/of/packages.” To do this, first setup the repo:

vi /etc/yum.repos.d/myrepo.repo
[myrepo]
name = my repo thingy
gpgcheck = 0
baseurl=http://www.example.com/directory/of/packages

Now list the available repos:

yum repolist

To import key if you like:

yum import /url/to/gpg/key

EXAM NOTE: **IMPORTANT** The above will be on test! This is CRITICAL. Without this, you cannot do anything!

To use a local repo, you set the baseurl as follows:

baseurl=file:///path/to/your/file