Patching AIX keeps your IBM Unix systems secure, performant, and up-to-date. Whether you're fixing bugs, sealing vulnerabilities, or adding features, updates come as filesets or fixes in Technology Levels (TL), Service Packs (SP), or Interim Fixes (iFIX). AltDisk patching shines here—it clones your rootvg on spare disk, patches safely, and lets you reboot into the new version with minimal downtime and easy rollback.
Why AltDisk Patching?
Traditional patching risks your live system. AltDisk creates a bootable copy of rootvg on another disk (like hdisk5), applies updates there, verifies everything, then switches at reboot. Benefits include zero production impact during patching and instant revert if issues arise.
Patches live on IBM's Fix Central, downloaded as .bff filesets. Filesets group software components; patches target them with version numbers (level, release, modification).
Prerequisites
- Free disk (e.g., hdisk5) in rootvg.
- NFS share with TL/SP packages (e.g.,aixnimserver:/exports/software/aix_72.05.10).
- Backup rootvg fully—patching mishaps happen.
Step-by-Step AltDisk Patching Process
1. Prepare the Alternate Disk
Reduce and clear the target disk from rootvg, then set it up for booting.
# unmirrorvg rootvg hdisk5
# reducevg -df rootvg hdisk5
# chpv -c hdisk5
# ipl_varyon -i # Check bootable devices
# bootlist -m normal -o
# bosboot -ad /dev/hdisk5
2. Mount NFS Share with Packages
# mount aixnimserver:/exports/software/aix_72.05.10 /mnt
This pulls TL/SP .bff files from your NFS server to /mnt.
3. Clone Active rootvg
# alt_disk_copy -d hdisk5 -P1
Phase 1 clones the running rootvg to hdisk5.
4. Apply Emergency Fixes (EMGR)
# chroot /alt_inst /usr/sbin/emgr -P
chroot switches context to the clone; emgr -P prioritizes EMGR packages.
5. Remove EMGR Status
# chroot /alt_inst /usr/sbin/emgr -r -L <Fix>
Clears applied EMGR tracking (-r -L).
6. Commit Filesets
# chroot /alt_inst /usr/sbin/installp -c all
Locks in all applied filesets on the clone.
7. Verify LPP Integrity
# chroot /alt_inst /usr/bin/lppchk -vm3
Level 3 check (-vm3) scans for inconsistencies, dependencies, and more.
8. Apply TL/SP Updates
# alt_disk_copy -d hdisk5 -P23 -l /mnt -b update_all
-P23 handles multiple patch levels; -l /mnt sources packages; -b update_all grabs everything.
Validate the Patched Clone
Wake the alternate rootvg for checks.
# alt_root_op -W -d hdisk5 # Wake for verification
- OS Level: chroot /alt_inst /usr/bin/oslevel -s (e.g., 7200-05-09-2446).
- Compare Target: chroot /alt_inst /usr/bin/oslevel -sl 7200-05-092446.
- Missing ML Fixes: chroot /alt_inst /usr/bin/instfix -i | grep ML.
- Missing SP Fixes: chroot /alt_inst /usr/bin/instfix -i | grep SP.
- Package Consistency: chroot /alt_inst /usr/bin/lppchk -vm3.
Sleep it back when done:
# alt_root_op -S -d hdisk5
Reboot with bootlist -m normal -o hdisk5 to switch. Monitor errpt -a for errors.
Best Practices
- Backup First: Always snapshot rootvg.
- Pre-Patch Audit: instfix -i lists current fixes.
- Test Environment: Pilot in staging.
- Order Matters: TL → SP → iFIX.
- Logs: errpt -a during/after.
- Downtime: Plan reboots.
No comments:
Post a Comment