cloud engineer
If you’re getting a “HTTP Error 404 – Not Found” error when trying to run yum update, it could be a corrupted cache. Clear the cache on the system by running the following.
yum clean all rm -rf /var/cache/yum/* |
yum clean all rm -rf /var/cache/yum/*
Run yum update again. The errors should be gone.
How to install the latest version of the Sublime Text editor on Ubuntu or Mint.
wget -qO - https://download.sublimetext.com/sublimehq-pub.gpg | sudo apt-key add - sudo apt-get install apt-transport-https echo "deb https://download.sublimetext.com/ apt/stable/" | sudo tee /etc/apt/sources.list.d/sublime-text.list sudo apt-get update sudo apt-get install sublime-text |
wget -qO - https://download.sublimetext.com/sublimehq-pub.gpg | sudo apt-key add - sudo apt-get install apt-transport-https echo "deb https://download.sublimetext.com/ apt/stable/" | sudo tee /etc/apt/sources.list.d/sublime-text.list sudo apt-get update sudo apt-get install sublime-text
It will add the sublime-text.list file in /etc/apt/sources.list.d directory.
If you tried to run apt update and you get this error, try the following.
$ apt update E: Could not get lock /var/lib/dpkg/lock-frontend - open (11: Resource temporarily unavailable) [duplicate] |
$ apt update E: Could not get lock /var/lib/dpkg/lock-frontend - open (11: Resource temporarily unavailable) [duplicate]
Kill the process.
$ sudo killall apt apt-get |
$ sudo killall apt apt-get
If that doesn’t work, remove the locked files.
$ sudo rm /var/lib/apt/lists/lock $ sudo rm /var/cache/apt/archives/lock $ sudo rm /var/lib/dpkg/lock* |
$ sudo rm /var/lib/apt/lists/lock $ sudo rm /var/cache/apt/archives/lock $ sudo rm /var/lib/dpkg/lock*
Run apt update again.
Here’s the command to check if the system needs a reboot after running yum update.
Must be root or run it sudo.
$ needs-restarting -r ; echo $? Core libraries or services have been updated: openssl-libs -> 1:1.0.2k-21.el7_9 kernel -> 3.10.0-1160.31.1.el7 dbus -> 1:1.10.24-15.el7 linux-firmware -> 20200421-80.git78c0348.el7_9 glibc -> 2.17-324.el7_9 systemd -> 219-78.el7_9.3 Reboot is required to ensure that your system benefits from these updates. More information: https://access.redhat.com/solutions/27943 1 |
$ needs-restarting -r ; echo $? Core libraries or services have been updated: openssl-libs -> 1:1.0.2k-21.el7_9 kernel -> 3.10.0-1160.31.1.el7 dbus -> 1:1.10.24-15.el7 linux-firmware -> 20200421-80.git78c0348.el7_9 glibc -> 2.17-324.el7_9 systemd -> 219-78.el7_9.3 Reboot is required to ensure that your system benefits from these updates. More information: https://access.redhat.com/solutions/27943 1
In this instance, it requires a reboot due to a new kernel.
To check which packages are available for an update.
yum check-update |
yum check-update
Make an IP alias reservation.
gcloud compute instances network-interfaces update instance-name \ --zone us-central1-c \ --aliases default:/32 \ --project project-id |
gcloud compute instances network-interfaces update instance-name \ --zone us-central1-c \ --aliases default:/32 \ --project project-id
Here’s how to update AWS Certificate Manager SSL Cert.
#!/bin/bash cd /etc/letsencrypt/live/domain.com/ arn='arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' aws acm import-certificate \ --certificate fileb://cert.pem \ --certificate-chain fileb://chain.pem \ --private-key fileb://privkey.pem \ --certificate-arn $arn \ --region us-east-1 |
#!/bin/bash cd /etc/letsencrypt/live/domain.com/ arn='arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' aws acm import-certificate \ --certificate fileb://cert.pem \ --certificate-chain fileb://chain.pem \ --private-key fileb://privkey.pem \ --certificate-arn $arn \ --region us-east-1
You can run this every time certbot updates your certificate. Or you can schedule it in crontab.
I have an Ansible playbook that will patch all Ansible clients defined in the Ansible hosts file. The following are contents of my hosts file, and the update playbook.
File: /etc/ansible/hosts
[all:vars] ansible_user='ubuntu' ansible_become=yes ansible_become_method=sudo ansible_python_interpreter='/usr/bin/env python3' [servers] server1 server2 server3 [servers:vars] ansible_python_interpreter=/usr/bin/python3 |
[all:vars] ansible_user='ubuntu' ansible_become=yes ansible_become_method=sudo ansible_python_interpreter='/usr/bin/env python3' [servers] server1 server2 server3 [servers:vars] ansible_python_interpreter=/usr/bin/python3
File: /etc/ansible/update.yml
--- - hosts: servers become: true become_user: root tasks: - name: Update apt repo and cache on all Debian/Ubuntu boxes apt: update_cache=yes force_apt_get=yes cache_valid_time=3600 - name: Upgrade all packages on servers apt: upgrade=dist force_apt_get=yes - name: Check if a reboot is needed on all servers register: reboot_required_file stat: path=/var/run/reboot-required get_md5=no - name: Reboot the box if kernel updated reboot: msg: "Reboot initiated by Ansible for kernel updates" connect_timeout: 5 reboot_timeout: 300 pre_reboot_delay: 0 post_reboot_delay: 30 test_command: uptime when: reboot_required_file.stat.exist |
--- - hosts: servers become: true become_user: root tasks: - name: Update apt repo and cache on all Debian/Ubuntu boxes apt: update_cache=yes force_apt_get=yes cache_valid_time=3600 - name: Upgrade all packages on servers apt: upgrade=dist force_apt_get=yes - name: Check if a reboot is needed on all servers register: reboot_required_file stat: path=/var/run/reboot-required get_md5=no - name: Reboot the box if kernel updated reboot: msg: "Reboot initiated by Ansible for kernel updates" connect_timeout: 5 reboot_timeout: 300 pre_reboot_delay: 0 post_reboot_delay: 30 test_command: uptime when: reboot_required_file.stat.exist
Here’s how I run my Ansible update playbook.
ansible-playbook -i /etc/ansible/hosts /etc/ansible/update.yml |
ansible-playbook -i /etc/ansible/hosts /etc/ansible/update.yml
The advantage of using Ansible is, I can run a single playbook to update dozens of servers. It’s also a great tool for rolling out software as well as executing commands to a group of servers.