3 Replies Latest reply on May 13, 2010 8:06 AM by Soundappan Shanmugam

    Discussion: Inability to rollback Patching for AIX and Linux



      Can anyone provide more insight into why we are unable to rollback AIX and Linux patching. So far I have been told that the OS does not provide sufficient capability:


      a)For Linux the problem lay with the rpm commands instability regarding rollback.

      b)For AIX the issue revolves around the stages of having patches in the COMMIT stage where it needs an Administrator to undo this stage.


      1) Does anyone have any more detail on a and b.

      2) What should we recommend to clients if we tell them they have no rollback for AIX and Linux patching?

      3) What if a patch breaks an app - what then? Manual rollback?





        • 1. Re: Discussion: Inability to rollback Patching for AIX and Linux
          Bill Robinson

          for linux there's a couple things;


          1 - if you do a man on rpm there's a 'rollback' command or something like that. it has been deprecated since rpm 3.x i believe, so it never really worked.


          2 - if you upgrade a bunch of RPMS that have dependencies and you upgrade all of those, you'd need to make sure to have all the old RPMs around so you can do either a rpm -U --oldpackage or rpm -e --nodeps/rpm -U


          or the upgrade rpms require new rpms, so now you've got to track what was new vs what just needs to be downgraded.


          basically it's a mess. this is true on any rpm system - sles, redhat, etc.


          we can uninstall the rpm pretty easy, but uninstalling glibc for a rollback probably isn't a good ideal.


          pretty much this is the problem of the package manager, and most linux admins understand this. so when we talk about rollback, it's not all automagical, it depends on the underlying OS, package management, etc. bladelogic is really just an engine and abstraction layer for this, we still depend on the underlying commands.


          if you have proper testing environments, you should break the app first in dev, and then fix the app or decide not to deploy the 'patch'.

          • 2. Re: Discussion: Inability to rollback Patching for AIX and Linux

            Thanks Bill. I agree on the Dev environments.


            Anyone got any details about AIX and the COMMIT issue? I believe AIX was the initial driver for this question (Rich?).


            With AIX and app's breaking - I would have thought most Admin's would not immediately commit the patches until they have given them a bit of a trial run...would you agree? What would be the normal standard procedure for an AIX admin?


            I did a google and found this link:




            +Installation of ML/TL, Service pack and APAR


            Check for some processes you should stop by hand in time of installation to avoid problems and crashes like Oracle Database server, Tivoli Gateway or TEC server. Before start installation you should commit all the software, installed on the server to make easy roll-back in case of problem in time of installation


            1. smit commit




            1. installp -c all


            Before install TM/ML and Service pack is wise to install installp software itself to have better overview later when you try to preview the process of installation of TL/ML


            1. smit install - bos.rte.install




            1. installp -a -g bos.rte.install


            Next step is to update all the software from TL/ML and Service pack


            1. smit update_all


            Do not forget to set only apply the package, but not commit and keep the copy of replaced files. After installation of packages check again your system:


            1. lppchk -v

            2. oslevel -r

            3. instfix -i|grep ML




            1. instfix -i|grep TL

            2. instfix -i|grep SP

            3. errpt |more

            4. bootlist –m normal -o


            And if everything looks fine reboot your server


            1. shutdown -Fr



            So basically they are saying to commit all installs/patches before doing the next round. When the new round of patches are installed leave them uncommitted.


            If anyone knows more details about why it cannot rollback the info would be appreciated.

            • 3. Re: Discussion: Inability to rollback Patching for AIX and Linux
              Soundappan Shanmugam

              In this discussion I wish to add few more inputs mossy


              Even if u have commited the previous filesets,When there are fileset that may not be with a base level in new ML/TL upgrade.


              The fileset will go to the commit state and not to the applied state and it many not show, when the command installp -S is entered


              Only when all the filesets are removed the Oslevel may be degraded,or else it will remain the same or it may even lead to the older levels.


              So in AIX rollback is a good thing if is done by developers.


              Reg.. Sounddappan Shanmugam