Now that you have your NIM server configured to work with JetPatch, it's time to understand how to collect new patches, download them and patch your AIX clients.
Background
The AIX patches are called TLSP
In general, the AIX server can have a Technology level already installed and a Service Pack related to that technology level:
- AIX version: The following ones are supported by JetPatch 6100, 6200, 7100, 7200
- Technology Level: Two digits which describe the technology level of the patch. Ranges from 00 through 10
- Service Pack: Two digits which describe the Service Pack level of the patch. Ranges from 00 through 10
- Year: Release year
- Week: The week the patch was released (from 00 to 52)
In short: VV00-TL-SP-YYWW
Note: JetPatch currently supports Sevice Pack and Technology level and not Individual fixes.
Discover what's new in IBM file set information
With JetPatch, you can see which patches are already installed on your servers by viewing the patches breakdown in the endpoints management tab.
After you have an understanding of which Technology Level and Which Service Pack you have installed on each endpoint, you can download new patches to the NIM.
The patches must reside under the DLTarget root. This can be found by running the command the following command NIM Master server:
# suma -D
Which will result the following output:
DisplayName=
Action=Download
RqType=Latest
RqName=
Repeats=y
DLTarget=/export/lpp_source
NotifyEmail=root
FilterDir=/usr/sys/inst.images
FilterML=
MaxDLSize=-1
Extend=y
MaxFSSize=-1
When downloading patches under the DLTarget directory and adding it as lpp_source objects to the NIM, a certain format standard should be kept for JetPatch to collect this patch.
The patch directories should be in the following format: TL / SP / TLSP -VV00-TL-SP-YYWW (for example: TL-7200-03-01-1837, SP-7200-03-05-2016, TLSP-7200-03-01-1837).
All the patches are available in IBM's support center: https://www.ibm.com/
AIX | Service Pack | Release Date |
7.2 | 7200-05-07-2346 7200-05-06-2320 7200-05-05-2246 7200-05-04-2220 7200-05-03-2148 7200-05-02-2114 7200-05-01-2038 7200-04-06-2220 7200-04-05-2148 7200-04-04-2114 7200-04-03-2038 7200-04-02-2028 7200-04-01-1939 7200-03-07-2114 7200-03-06-2038 7200-03-05-2016 7200-03-04-1938 |
2023/11/10 2023/04/28 2022/12/02 2022/05/20 2021/12/03 2021/04/16 2020/11/13 2022/09/09 2022/02/11 2021/06/25 2021/02/12 2020/07/17 2019/11/15 2021/06/25 2021/02/12 2020/07/31 2020/02/14 |
7.1 | 7100-05-12-2320 7100-05-11-2246 7100-05-10-2220 7100-05-09-2148 7100-05-08-2114 7100-05-07-2038 7100-05-06-2028 7100-05-05-1939 7100-05-04-1914 7100-05-03-1846 7100-05-02-1832 7100-05-01-1731 7100-04-08-1914 7100-04-07-1845 7100-04-06-1806 7100-04-05-1720 7100-04-04-1717 7100-04-03-1643 7100-04-02-1614 |
2023/07/28 2023/03/10 2022/09/09 2021/12/10 2021/04/16 2020/11/13 2020/07/17 2019/11/15 2019/05/10 2018/11/16 2018/08/17 2017/10/27 2019/07/19 2019/01/25 2018/05/04 2017/09/29 2017/04/14 2016/12/20 2016/05/20 |
JetPatch will always compare the final installed patch to the 12 digits OS level as available by the output of the command 'oslevel -s' (VV00-TL-SP-YYWW), therefore the following special considerations should be kept:
- When downloading TL patches the directory name should be the first SP, so use TL-VV00-TL-01-YYWW instead of TL-VV00-TL-00-YYWW (for example: TL-7200-03-01-1837 instead of TL-7200-03-00-1837)
- Always look into the patch details and check whether IBM's instructions say anything about the final expected OS level (for example: according to IBM 6100-09-08-1643 will show as 6100-09-08-1642, see: 6100-09-08-1643 Special Case
Note: JetPatch provides a means to check the availability of new patches and to download them in accordance to the expected format standard
Check if AIX patches are available
The script is used for the following purposes:
1. Check if new Technology Level (TL) is released / New Service Pack (SP) is released.
2. Download the patches after you've checked new releases were published in IBM.
How to use the "Check if AIX patches are available" script
1. Create a new Task
2. In the Execution section:
- In the "Task Source" select Both.
- Choose the script "Check if AIX patches are available"
- Execution Type "Shell script"
- Execution command
./@file @Action @PatchesList
3. Click on Parameters tab to fill in the configuration :
- Action: can be filled with one of the following options
- check : check for the availability of TL / SP
- download : If you want to download a patch (that you've checked previously)
- PatchesList: can be filled with the following options :
- When the selected Action is check, you can check if a new Technology level was released, or a Service pack.
- For Technology Level check use the following format: TL-VV00-XX (only 6 digits)
- For Service Pack check use the following format: SP-VV00-TL-SP (only 8 digits)
- When the selected Action is download:
- Specify the full patch name :
- TLSP-VV00-TL-SP-YYWW
- TL-VV00-TL-SP-YYWW
- SP-VV00-TL-SP-YYWW.
- Depends on whether you would like to download only the TL usually done when a new TL baseline is released, e.g. 7200-01-00-1643 or a specific SP on-top of a TL, e.g. 7200-00-03-1642 or both TLSP e.g. 7200-00-04-1717. In the last case, the patch will include both the underlying TL and specific SP. The consideration of whether to download a SP or TLSP should be based on the storage limitations available for the NIM. Downloading the complete TLSP for SP release means an overhead of storage for the underlying TL. The upside of this approach is that this TLSP can be installed directly on-top of a server running the previous TL. On the other hand if storage an issue, it’s is recommended to download the TL and then only the incremental SPs
- When downloading a TL patch, JetPatch will create the appropriate directory on the NIM Master server that includes in its name SP1 (for example 7200-01-01-1643 instead of 7200-01-00-1643)
- As explained before it is always recommended to check the special patch notice instructions. If a different 12 digits OS level is expected after installation (see: 6100-09-08-1643 Special Case), in order to still be able to download the patch and still save it in the appropriate format standard (result of 'oslevel -S' command), you can specify a different name to the patch by concatenating the name to the patch being downloaded as following: TL / SP / TLSP- VV00-TL-SP-YYWW:VV00-TL-SP-
YYWW (For example: SP-6100-09-08-1643:6100-09-08- 1642) - Set the timeout to 7200 seconds (depends on intenet connection it can take more than an hour to download the patch).
- Specify the full patch name :
- When the selected Action is check, you can check if a new Technology level was released, or a Service pack.
Note: Error code 119 usually means it failed to finish downloading before timeout.
4. Save task, navigate to Endpoints > Management, and run the task on selected endpoints.
Here is an example:
Note: For both check and download actions you can insert multiple patches using space separation
Exit codes:
returns 0 - Success, 1 - Failure, 2 - Partial success
Note: if you see an exit code 1, please verify the execution command and parameters for the "Check if AIX patches are available"
Patching AIX endpoints
After you've downloaded the patches to the NIM repository, and a built-in task that collects AIX needed updates ran on the server, the needed patches should change on each and every AIX endpoint.
Note: If a 'collect-NIM-updates' task did not run, you can manually trigger the task on the endpoint.
JetPatch will show only applicable patches for AIX servers based on the following mechanism:
- The patch’s release year is greater. As an example the following upgrade will not succeed: 6100-09-04-1441 → 6100-10-02-1041
- If the update is in the same year, the week should be higher. As an example the following upgrade will not succeed:
6100-09-04-1441 → 6100-10-03-1431 - Even if the TL is higher, but the patch only includes the SP, the patch will not be applicable for a lower TL (The system cannot jump from a previous TL to a new TL baseline without installing the new TL either through a migration to the next TL or to TLSP)
You can go ahead and create remediation plans easily!
Note: Rebooting is NOT required as part of the post-task workflow for AIX machine patching.
Post Patching
Rollback is currently not supported (ETA JetPatch 4.3)
Comments
0 comments
Please sign in to leave a comment.