I'm using CentOS and Red Hat Enterprise Linux on a few machines without the GUI. How can I check if recently installed updates require a reboot? In Ubuntu, I'm used to checking if /var/run/reboot-required is present.
Asked
Active
Viewed 1e+01k times
9 Answers
71
https://access.redhat.com/discussions/3106621#comment-1196821
Don't forget that you might need to reboot because of core library updates, at least if it is glibc. (And also, services may need to be restarted after updates).
If you install the
yum-utilspackage, you can use a command calledneeds-restarting.You can use it both for checking if a full reboot is required because of kernel or core libraries updates (using the
-roption), or what services need to be restarted (using the-soption).
needs-restarting -rreturns0if reboot is not needed, and1if it is, so it is perfect to use in a script.An example:
root@server1:~> needs-restarting -r ; echo $?
Core libraries or services have been updated:
openssl-libs -> 1:1.0.1e-60.el7_3.1
systemd -> 219-30.el7_3.9
Reboot is required to ensure that your system benefits from these updates.
More information:
https://access.redhat.com/solutions/27943
1
-
1It's worth mentioning that at least the `-s` option requires root access. – Paul Gear Apr 22 '19 at 22:28
-
2For Fedora, `needs-restarting` is [an DNF plugin](https://dnf-plugins-core.readthedocs.io/en/latest/needs_restarting.html). It doesn’t support `-r` or `-s` (yet). – Franklin Yu Jun 21 '19 at 20:38
-
CentOS 6 doesn't support `-r`, either, and the `needs-restarting` it has is not good enough (doesn't notice when a newer kernel is available). – reinierpost Nov 30 '20 at 12:14
-
`$?` still is `1`, even so `needs-restarting -r` says `No core libraries or services have been updated.` – papanito Mar 04 '22 at 15:08
37
About comparing installed kernels with running one:
#!/bin/bash
LAST_KERNEL=$(rpm -q --last kernel | perl -pe 's/^kernel-(\S+).*/$1/' | head -1)
CURRENT_KERNEL=$(uname -r)
test $LAST_KERNEL = $CURRENT_KERNEL || echo REBOOT
Hope that helps!
alexm
- 491
- 1
- 4
- 5
-
3At first I thought this wasn't working as it continued to tell me to reboot after I had, but then found out that if you are using a DigitalOcean instance, you need to manually change the kernel from their control panel first before rebooting. – Programster Aug 17 '14 at 12:12
-
Is there a reason why the `kernel-` string is being removed from the output of `rpm -q`? – Zlemini Dec 12 '16 at 12:07
-
1The `kernel-` string must be removed to compare it with the output from `uname -r`, which doesn't contain it. – alexm May 31 '17 at 15:42
8
You could compare the ouput of uname -a with the list of installed kernel packages
Dominik
- 2,198
- 13
- 9
-
2Is a different kernel the only reason a linux server would *need* a reboot? – Chris_K Mar 16 '10 at 15:57
-
1Normally, when staying within the 'normal' package upgrade processes (up2date, yum etc.), there shouldn't be really many other reasons to reboot the system besides the kernel upgrade – Dominik Mar 19 '10 at 14:35
-
I suspect that certain other packages may require a reboot eben iof the kernel does not change (when I installed kexec-tools-2.0.0-258 on centos6.0 there was no memory reserved for the dump) – nhed Aug 29 '13 at 19:25
-
BeyondTrust's pbis-open package requests the user to reboot after installation via stdout. – bshacklett Feb 13 '15 at 19:41
8
One thing that can be helpful to look at in terms of "is a reboot required" is whether or not there are any files that have been removed/replaced by the update but for which the old files are still loaded/used by active processes.
Basically, when YUM updates a file that is in use by a process, the file itself may have been marked for deletion, but the process keeps using the old file since it has an open file-descriptor to the old file's inode.
A command to get a count of the number of old files still in use:
#lsof | grep "(path inode=.*)" | wc -l
That command will give you a count of the files.
Use this instead to see which files are actually in use:
#lsof | grep "(path inode=.*)"
That command will produce output similar to the following on a YUM-updated box:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 3782 root mem REG 8,17 153427 /lib64/libcrypto.so.0.9.8e (path inode=153253)
mysqld 3883 mysql mem REG 8,17 153259 /lib64/libcrypt-2.5.so (path inode=153402)
mingetty 4107 root mem REG 8,17 153243 /lib64/libc-2.5.so (path inode=153222)
...
etc
GrangerX
- 166
- 2
- 3
-
Is this a reliable way to detect kernel updates (obviating the need for me also to check that)? – msanford Jul 21 '20 at 21:06
3
Check whether running kernel is the latest one.
If it's not, check whether system was restarted since kernel install.
If it was not, reboot.
CURRENT_KERNEL="$(rpm -q kernel-$(uname -r))"
test -z "$CURRENT_KERNEL" && exit 0 # Current kernel is a custom kernel
LATEST_KERNEL="$(rpm -q kernel | tail -1)"
test -z "$LATEST_KERNEL" && exit 0 # No kernel package installed
LATEST_KERNEL_INSTALLTIME=$(rpm -q kernel --qf "%{INSTALLTIME}\n" | tail -1)
test -z "$LATEST_KERNEL_INSTALLTIME" && exit 1 # Error reading INSTALLTIME
test "$CURRENT_KERNEL" = "$LATEST_KERNEL" && exit 0 # Latest kernel running, no reboot needed
BOOTTIME="$(sed -n '/^btime /s///p' /proc/stat)"
test -z "$BOOTTIME" && exit 1 # Error reading BOOTTIME
test "$LATEST_KERNEL_INSTALLTIME" -lt "$BOOTTIME" && exit 1 # Latest kernel not running, but system was restarted already
# User switched back to an old kernel?
echo reboot
Nicolas Melay
- 606
- 5
- 11
-
This doesn't work if you have a PAE enabled kernel version. The uname -r comamnd returns the PAE suffix after the .elX part but not the rpm names. – Yanick Girouard Sep 13 '13 at 15:41
2
I know this question has been answered already and that folks have posted information about checking for newer kernels as well as deleted files, but I recently wrote a script that checks for both. If either condition is detected, the reboot is scheduled for +30 minutes.
#!/bin/bash
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
NEW_KERN=0
DEAD_FILES=0
die () {
printf "Error, exiting: "
echo $@
exit 1
}
for X in lsof wc column awk rpm sed head uname dd tr cut date logger shutdown; do
which "${X}" >/dev/null 2>&1 || die "required application ${X} not found"
done
DATEY="$(date +%Y%m%d-%H%M%S)"
TMPFILE=/tmp/"$(dd if=/dev/urandom bs=1 count=256 2>/dev/null |tr -c -d '0-9a-f' |cut -c-7)"
[ $TMPFILE == "/tmp/" ] && die
echo "### Reboot automation notice: ${DATEY} ###" > "${TMPFILE}"
lsof +c0 -d DEL | grep -v '\s/SYSV' |awk 'NR==1 || !/dev\/zero/ {print $2,$1,$4,$NF}' | column -t >> "${TMPFILE}"
if [ $(cat ${TMPFILE} |wc -l) -gt 2 ]; then
DEAD_FILES=1
else
echo "### Reboot automation notice: ${DATEY} ###" > "${TMPFILE}"
fi
C_KERN="kernel-$(uname -r)"
A_KERN="$(rpm -q --last kernel |head -1 |sed 's|\s\+.*$||')"
[ $A_KERN != $C_KERN ] && NEW_KERN=1 && printf "Running $C_KERN, but $A_KERN available\n" >> "${TMPFILE}"
echo "### End of reboot automation notice: ${DATEY} ###" >> "${TMPFILE}"
if [[ $DEAD_FILES -eq 0 && $NEW_KERN -eq 0 ]]; then
echo reboot not required
else
logger -t rebooter -p auth.warning -f "${TMPFILE}"
[ $DEAD_FILES -ne 0 ] && echo " Processes running with broken links to executables,"
[ $NEW_KERN -ne 0 ] && echo " New kernel available,"
echo Reboot is required
shutdown -r +30 "System reboot is required. To cancel use shutdown -c. But don't because this system needs to be rebooted"
fi
[ -f "${TMPFILE}" ] && rm -f "${TMPFILE}"
2020-07-15 Update
Since originally writing this answer, I've improved and updated the script. It is available on github here: https://github.com/qth/jutil/blob/master/rbc
Liczyrzepa
- 455
- 4
- 13
1
Here is my version of the alexm code. You can do this:
LAST_KERNEL=$(rpm -q --last kernel | perl -pe 's/^kernel-(\S+).*/$1/' | head -1)
CURRENT_KERNEL=$(uname -r)
if [ $LAST_KERNEL != $CURRENT_KERNEL ]
then
echo "It is time to Reboot!"
else
echo "There is nothing to do!"
fi
-7
install.log install.log.syslog yum.log you check this place what all got new rpm got install
Rajat
- 3,329
- 21
- 29