33

I have 4 servers with Debian Wheezy OS. I have Apticron installed that informs me about updates. Debian updates are realized so often that when I finish to update the last of 4 servers I get new email about new updates on the first server. I try to update all servers when I get a notification but I never know if there is a need to reboot the servers. I have read that if the directory /var/run contains file reboot-required I have to reboot the server. But I never have seen this file in /var/run. How can I know when reboot is required? I don't want reboot my servers every time when I install new updates if it's not needed.

I understand that if I update PHP or MySQL, etc I don't need to reboot the server but updates usually contain many lib....

Below are 9 updates (I have received this week).

krb5-locales 1.10.1+dfsg-5+deb7u3
libdbus-1-3 1.6.8-1+deb7u6
libgssapi-krb5-2 1.10.1+dfsg-5+deb7u3
libk5crypto3 1.10.1+dfsg-5+deb7u3
libkrb5-3 1.10.1+dfsg-5+deb7u3
libkrb5support0 1.10.1+dfsg-5+deb7u3
libruby1.8 1.8.7.358-7.1+deb7u2
libxml2 2.8.0+dfsg1-7+wheezy3
ruby1.8 1.8.7.358-7.1+deb7u2

I have no idea what is libkrb, libgssapi, etc. How can I detect if reboot is needed? Please do not suggest to install UnattendedUpgrades to let the servers update automatically because this can cause websites going offline if something updates not correct.

Benjamin Loison
  • 141
  • 6
user1406271
  • 1,071
  • 4
  • 14
  • 20
  • If you apply only the `security` stream and not general updates, you won't get so many updates. – poolie Jul 06 '16 at 14:11

4 Answers4

39

Installing debian-goodies package provides checkrestart.

It shows which processes are using old versions of libs previously installed.

When not being able to remove all processes out of that list,
a reboot might be needed.

Besides installing needrestart package might help as well, as pointed out in this post comments and as one could find among debian packages search results

check which daemons need to be restarted after library upgrades

In general, consider rebooting after kernel updates (as pointed out by YuKYuk)!

Th. Ma.
  • 525
  • 1
  • 4
  • 14
Nat
  • 524
  • 4
  • 6
  • 16
    Alternatively, checkout [`needrestart`](https://packages.debian.org/search?keywords=needrestart). http://linux-audit.com/determine-processes-which-need-a-restart-with-checkrestart-needrestart/ – ypid Aug 31 '15 at 13:37
  • We are looking for ways to perform, in Debian, a check for kernel-upgrade-only needed reboots, via a script: https://serverfault.com/q/1046334/104173 – Johnny Utahh Dec 16 '20 at 16:38
  • @ypid That warrants a stand-alone answer! – Franklin Yu Dec 11 '21 at 02:12
14

cat /var/run/reboot-required.pkgs to see 'service' waiting for a reload. Nothing needs a reboot, only kernel upgrade (and Windows :) ).

Or on Debian: lsof | grep lib | grep DEL

phk
  • 65
  • 9
YuKYuK
  • 627
  • 3
  • 14
  • Forget to say : he list all updated libs . After that you need to restart apps with dependencies. – YuKYuK Feb 12 '15 at 12:09
  • As I wrote in my question, I have never seen file /var/run/reboot-required.pkgs. I check this folder after each update but nothing. – user1406271 Feb 12 '15 at 12:33
  • lsof | grep lib | grep DEL to see lib waiting to be "updated" – YuKYuK Feb 12 '15 at 12:41
  • YuKYuK, I don't need to know what libs are waiting to be updated. I get this information in apticron emails. Everything will be updated automatically when I run apt-get dist-upgrade. I need a way to detect if reboot is required after updates are finished. – user1406271 Feb 12 '15 at 13:40
  • 2
    Yep and the command show libs waiting to be "updated" and some libs just wait a "service" reboot . Only kernel update need system reboot(because kernel is kernel :) . – YuKYuK Feb 12 '15 at 13:56
  • 3
    Note regarding Debian Jessie: [`reboot-notifier`](https://packages.debian.org/search?keywords=reboot-notifier) is a small package that is not installed by default which appends this file when a reboot is required to load a updated kernel. `reboot-notifier` can be used as alternative for [`update-notifier-common`](https://packages.debian.org/search?keywords=update-notifier-common) which has been removed in Debian Jessie. See also: http://serverfault.com/a/92939/177172. – ypid Jan 21 '16 at 09:04
4

Just to add to this, I had the same problem with my servers and I wrote an update script where I check /var/run/ like YuKYuK suggested:

test -f /var/run/reboot-required && echo rebooting && sudo reboot
Dominik George
  • 162
  • 4
Horsty
  • 171
  • 4
2

Checkout needrestart. See https://linux-audit.com/determine-processes-which-need-a-restart-with-checkrestart-needrestart/

I first posted the hint to needrestart in the comments of the answer suggesting checkrestart but then was motivated to write this in a separate answer instead.

ypid
  • 171
  • 1
  • 4