AIX patches

AIX periodically releases Authorized Program Analysis Reports (APARs), which specify what update filesets (contained in LPPs) are necessary to fix an identified problem. An APAR only specifies the minimum version of an update fileset required to fix a problem; an APAR can therefore be satisfied with later versions of the same filesets. To maintain compatibility, however, Server Automation always adopts the fileset with the lowest version number that meets the minimum version that APAR specifies. If a later version of the update fileset is uploaded, Server Automation still associates the earlier version of the fileset with the APAR.

When uploading an LPP, Server Automation recognizes which APARs the filesets contained in the LPP belong to. An entry is created for the APAR in the SA Library when the first fileset associated with an APAR is uploaded. (In some cases, a fileset is associated with more than one APAR. An entry is created for each APAR the fileset is associated with, if the entry does not already exist.)

If you want to install all LPPs that APAR specifies, you must make certain to upload all of the specified LPPs into the SA Library.

If you do not upload all of the LPPs that APAR specifies, it is still possible for the system administrator to browse for an APAR and install the partial set of LPPs that are uploaded. In such cases, the administrator receives a warning that the filesets for the APAR are not all installed.

The Patch Administrator must first upload and test an LPP before it is generally available in Server Automation. The new fileset is integrated into the APAR only after the LPP is tested and approved. Even though the APAR is updated automatically, you still maintain control over the exact filesets that are allowed to be installed on your managed servers.

Update filesets cannot be installed on a server if the server does not already have the base filesets for which the update filesets are intended.

If, however, a server has a partial set of the base filesets, the APAR can be applied and only the applicable filesets for the base filesets are installed. For example, if an APAR specifies four update filesets to update four base filesets, and you attempt to apply the APAR to a server that has only three of the base filesets, three of the four update filesets from the APAR are installed.

When installing an AIX update fileset, the SA normally applies the fileset, which allows it to be rejected (uninstalled.) If you want to commit the fileset instead (so that it cannot be removed), use the -c option here.

Note
Patch files, such as AIX update filesets and APARS, cannot be added to a particular folder and cannot be owned by a particular user. See the the SA 10.50 User Guide for information about how to use folders.

Importing and remediating AIX patches

SA supports importing and remediating a set of AIX packages from a Maintenance Level (ML) or Technology Level (TL) to perform AIX package installations.

Packages and patches are imported into SA independently. In order to update a server to a particular ML or TL, you can import all the packages and patches that belong to the ML or TL into SA with a single import. During this import, specify a new policy be created for the packages and patches. This will create a policy representing the ML/TL that you can then install on managed servers.

To import AIX patches:

  1. Login to an SA Core as root.

  2. Download all of the packages from an AIX Maintenance Level or Technology Level from IBM’s website and place them in a temporary directory on the SA Core.

  3. Import the patches into the SA Library using the import_aix_packages tool. This tool can also generate a software policy containing all of the packages that have been imported.

    /opt/opsware/mm_wordbot/util/import_aix_packages <directory containing AIX packages>

    where the import command always ends with the path for the directory containing the AIX packages. See AIX import options for additional AIX import options.

Sample import and remediate process for AIX

The following example imports AIX packages from a temporary directory on the SA Core,
/var/tmp/aix_package_files_directory.

  1. Run the AIX import tool:

    1. Sample A: Simple Import of AIX Packages and Patches

      /opt/opsware/mm_wordbot/util/import_aix_packages /var/tmp/aix_package_files_directory

      • By default, the import_aix_packages tool will attempt to identify the OS version of the package being imported. You can also use the '-o' or '--os' option to explicitly define the OS for the imported packages. See AIX import options for options.

      • The imported AIX files can be viewed in the SA Client under Library > By Type > Packages > AIX or Library > By Type > Patches > AIX.

    2. Sample B: Import AIX Packages /Patches and Create a Policy

      Use the ‘-p’ option to import patches and specify a policy:

      /opt/opsware/mm_wordbot/util/import_aix_packages –p /AIX/AIX6.1/AIXPOLICY /var/tmp/aix_package_file_directory

      • The newly created policy can be viewed in the SA Client under Library > By Type > Software Policies or Library > By Folder under the directory:

        /AIX/AIX6.1/AIXPOLICY

  2. Attach the newly created policy, AIXPOLICY, to an AIX managed server.
  3. Remediate the server with the policy attached as you normally would to install the AIX package or patch.

AIX import options

Options for import_aix_packages

Option

Description

-h,
--help

Show this help message and exit

-f,
--force

Force packages to be imported even if already in library.

-o OS,
--os=OS

OS version of packages: '4.3', '5.1', '5.2', '5.3', '6.1', '7.1'

The -o parameter value works with or without quotes, but only one value can be specified at a time.

For example, to specify Technology Level 6 Service Pack 1, you might say:

/opt/opsware/mm_wordbot/util/import_aix_packages –o ‘6.1’ /var/tmp/aix_package_file_directory

OR

/opt/opsware/mm_wordbot/util/import_aix_packages –o 6.1 /var/tmp/aix_package_file_directory

-p POLICY_PATH, --policy_path=POLICY_PATH

Use this option to import AIX patches and generate a specified software policy containing the uploaded units in one step.

Syntax:

/opt/opsware/mm_wordbot/util/import_aix_packages –p <full name and path where SA Software Policy will be created> <directory containing AIX packages>

Example:

/opt/opsware/mm_wordbot/util/import_aix_packages –p /AIX/AIX6.1/AIXPOLICY /var/tmp/aix_package_file_directory

--policy_mode=POLICY_MODE

policy installation semantics: 'update_all', 'install_latest'

-s,
--silent

Display errors only

-u USERNAME,
--username=USERNAME

Upload packages as specified user (default: opsware)

-v,
--verbose

Display verbose output

--manual

Show manual page and exit

Using multiple options

If you are using multiple options, there is no rule about the sequence of the options as long as the command ends with the <directory containing AIX packages> parameter.

For example, these commands would work equally well to import AIX 6.1 patches and create a policy with the uploaded fileset:

/opt/opsware/mm_wordbot/util/import_aix_packages –p /AIX/AIX6.1/aix_policy –o ‘6.1’ /var/tmp/aix_package_file_directory

OR

/opt/opsware/mm_wordbot/util/import_aix_packages –o ‘6.1’ –p /AIX/AIX6.1/aix_policy/var/ tmp/aix_package_file_directory