In this blog we are going to Patch Linux
Machine Using up2date and yum. We are going to take backup of important fine
and necessary steps after patching, backout plan if system crashed
·
Take the back-up of the following files/commands.
·
Common for all
revisions:
·
uname -a
·
ifconfig –a
·
fdisk -l
·
uptime
·
cat /etc/hosts
·
cat /etc/fstab
·
df -h
·
cat /etc/grub.conf
·
cat /etc/sysctl.conf
·
rpm -qa > /packagelist_beforePatch_May2011.txt
·
cat /packagelist_beforePatch_May2011.txt
·
cat /etc/selinux/config
·
cat /etc/resolv.conf
·
chkconfig –list
·
#cat /etc/sysconfig/rhn/up2date
·
#up2date –l
·
#up2date --configure
·
#more /etc/sysconfig/rhn/up2date
·
more /etc/yum.conf
·
yum check-update
·
The below document
takes all the details of the remaining system-files as a part of taking backup
of system configuration:
·
rpm -qa > /packagelist_afterPatch_May2011.txt
·
cat /packagelist_afterPatch_May2011.txt
·
First, you must
update the up2date utility do to havening problems not being able to boot up
after patching.
#up2date up2date
·
this will download and install the latest up2date
utility
·
After verifying that up2date is at the latest revision
and the development and production environment are the same you must first down
load the patches on the all the servers that are being patched and install
patches on the development servers for testing.
#up2date --dry-run Or #up2date -l Or #up2date
--nodownload
·
This will show you the updated
patches/packages that are available for download.
Fetching Obsoletes list for channel: rhel-i386-es-4...
Fetching Obsoletes list for channel: rhel-i386-es-4...
Fetching rpm headers...
########################################
Name Version Rel Arch
·
----------------------------------------------------------------------------------------
·
4Suite 1.0 3.el4_8.1 i386
·
PyXML 0.8.3 6.el4_8.2 i386
·
acpid 1.0.3 2.el4_7.1 i386
·
apr 0.9.4 24.9.el4_8.2 i386
·
apr-util 0.9.4 22.el4_8.2 i386
·
audit 1.0.16 4.el4_8.1 i386
·
audit-libs 1.0.16 4.el4_8.1 i386
·
bash 3.0 21.el4_8.2 i386
·
bind-libs 9.2.4 30.el4_8.5 i386
·
bind-utils 9.2.4 30.el4_8.5 i386
·
compat-openldap 2.1.30 12.el4_8.2 i386
·
cpio 2.5 16.el4_8.1 i386
·
cpp 3.4.6 11.el4_8.1 i386
·
wget 1.10.2 1.el4_8.1 i386
·
xmlsec1 1.2.6 3.1 i386
·
xmlsec1-openssl 1.2.6 3.1 i386
·
Testing package set /
solving RPM inter-dependencies...
·
########################################
·
Name
Version Rel Arch
·
----------------------------------------------------------------------------------------
·
4Suite 1.0 3.el4_8.1 i386
·
PyXML 0.8.3 6.el4_8.2 i386
·
acpid 1.0.3 2.el4_7.1 i386
·
bind-utils 9.2.4 30.el4_8.5 i386
·
compat-openldap 2.1.30 12.el4_8.2 i386
·
gd
2.0.28
5.4E.el4_8.1 i386
·
glibc 2.3.4 2.43.el4_8.3 i686
·
The following Packages were
marked to be skipped by your configuration:
·
Name
Version Rel Reason
·
------------------------------------------------------------------------------------------------
·
kernel 2.6.9 89.0.26.EL Pkg name/pattern
·
kernel-smp 2.6.9 89.0.26.EL Pkg name/pattern
·
kernel-utils 2.4 20.el4 Pkg name/pattern
#more /etc/sysconfig/rhn/up2date
# Automatically generated
Red Hat Update Agent config file, do not edit.
# Format: 1.0
useNoSSLForPackages
[comment] =Use the noSSLServerURL for package, package list, a
nd header fetching
useNoSSLForPackages=0
storageDir[comment]=Where
to store packages and other data when they are retrieved
storageDir=/var/spool/up2date
[comment]=Remote
server URL without SSL
noSSLServerURL=http://xmlrpc.rhn.redhat.com/XMLRPC
networkRetries[comment]=Number
of attempts to make at network connections before
giving up
networkRetries=5
pkgsToInstallNotUpdate[comment]=A
list of provides names or package names of pack
ages to install not update
pkgsToInstallNotUpdate=kernel;kernel-modules;kernel-devel;
Select the required options (
keepAfterInstall & pkgskipList and etc) to change the Configuration of
Up2date Agent.
0. debug No
1. rhnuuid
38e8d384-589b-11d7-9124-00096be0a8c5
2. isatty Yes
showAvailablePacka
No
4. depslist [ ]
5. networkSetup Yes
6. retrieveOnly No
7. enableRollbacks No
8.pkgSkipList ['kernel*']
9.storageDir /var/spool/up2date
· This will download and save only the updates/packages in
/var/spool/up2date or what is defined in line 9 of up2date-config file
· Run
only if packages are downloaded into non-default directories
Example:
#up2date –iuk
/var/spool
·
This will download patches/rpm into a custom
directory. The default download directory is /var/spool/up2date. If the updates/packages have already been
downloaded, use this option below to install the downloaded updates/packages.
·
After patches are installed
#rpm -qa >
/packagelist_afterPatch_10182010.txt
·
A new listing should be done after patching
for future reference.
· Onece
you fine this command then you will get below mention output
vim-enhanced-6.3.046-0.40E.7
vim-minimal-6.3.046-0.40E.7
vixie-cron-4.1-50.el4
vsftpd-2.0.1-6.el4
vte-0.11.11-12.el4
vte-0.11.11-12.el4
wget-1.10.2-0.40E
which-2.16-4
wireless-tools-28-0.pre16.3.3.EL4
words-3.0-3.2
wvdial-1.54.0-3
Xaw3d-1.5-24
# shutdown [OPTION]... TIME [MESSAGE] The shutdown command
format.
# Broadcast message from root@RH5
(/dev/pts/1)
at 14:10 ...
The
system is going down for reboot NOW!
· AFTER THE PREDEFINDED, TESTING PEIORED THE
UPDATES/PATCHES WILL NEED TO BE MOVED TO THE PRODUCTION ENVIROMENT.
PRODUCTION
SERVER
· Take the back-up of the following files/commands.
#uname -a
#ifconfig –a
#cat /etc/hosts
#cat /etc/fstab
#df -h
#cat /etc/sysconfig/rhn/up2date
#cat /etc/grub.conf
#cat /etc/sysctl.conf
#rpm -qa
> /packagelist_10152010.txt#cat /packagelist_10152010.txt
#cat /etc/selinux/config
·
Select the required options (
keepAfterInstall & pkgskipList and etc) to change the Configuration of
Up2date Agent.
0. debug No
1. rhnuuid
38e8d384-589b-11d7-9124-00096be0a8c5
2. isatty Yes
3. showAvailablePacka No
4. depslist [ ]
5. networkSetup Yes
6. retrieveOnly No
7. enableRollbacks No
8.pkgSkipList ['kernel*']
9.storageDir
/var/spool/up2date
(Run only if packages are downloaded into non-default
directories)
Example:
#up2date –iuk /var/spool
·
This will check for downloaded patches first
before downloading from the RHN. The default download directory is
/var/spool/up2date. If the
updates/packages have already been downloaded, use this option to install the
downloaded updates/packages first before checking the RHN for updates/packages.
#rpm -qa >
newpatchlist.txt
·
A new listing should be done after patching
for future reference.
vim-enhanced-6.3.046-0.40E.7
vim-minimal-6.3.046-0.40E.7
vixie-cron-4.1-50.el4
vsftpd-2.0.1-6.el4
vte-0.11.11-12.el4
vte-0.11.11-12.el4
wget-1.10.2-0.40E
which-2.16-4
wireless-tools-28-0.pre16.3.3.EL4
words-3.0-3.2
wvdial-1.54.0-3Xaw3d-1.5-24
#
shutdown [OPTION]... TIME [MESSAGE] The shutdown command format.
#
Broadcast message from root@RH5
(/dev/pts/1) at 14:10 ...
The system is going down for reboot NOW!
(/dev/pts/1) at 14:10 ...
The system is going down for reboot NOW!
· (RH5): How to download and
install patches/Updates for a development/production environment:
Take the back-up of the following
files/commands.
#uname
-a
#ifconfig
–a
#fdisk
-l
#cat
/etc/hosts
#cat
/etc/fstab
#df
-h
#cat
/etc/yum.conf
#cat
/etc/grub.conf
#cat
/etc/sysctl.conf
#rpm
-qa > /packagelist_10152010.txt
#cat
/packagelist_10152010.txt
#cat
/etc/selinux/config
·
First, you must install the yum downloadonly utility to give yum the
ability to download patches/rpm.
·
this will download and install the downloadonly utility
·
After verifying that yum download utility is installed and the
development and production environment are the same you must first down load
the patches on the all the servers that are being patched and install patches
on the development server for testing
·
In addition, you will need to clear the yum cache.
·
This will clean the yum chache when you again fire the command then it
will search all repository for updated packages.
·
Once you fine check-update command then This
will give you a list of updated patches/packages available for download.
kpartx.i386
0.4.7-34.el5_5.1
rhel-i386-server-5
krb5-libs.i386
1.6.1-36.el5_5.4
rhel-i386-server-5
krb5-workstation.i386
1.6.1-36.el5_5.4
rhel-i386-server-5
libsmbclient.i386
3.0.33-3.29.el5_5
rhel-i386-server-5
lvm2.i386
2.02.56-8.el5_5.4
rhel-i386-server-5mkinitrd.i386
5.1.19.6-61.el5_5.1 rhel-i386-server-5
nash.i386
5.1.19.6-61.el5_5.1
rhel-i386-server-5
net-snmp-libs.i386 1:5.3.2.2-9.el5_5.1
rhel-i386-server-5
nscd.i386
2.5-49.el5_5.2 rhel-i386-server-5
·
This will download
and install updates/packages. This may update several packages on server
including kernel.
·
Yum will download
rpm files to the default download directory /var/cache/yum.
[main]
cachedir=/var/cache/yum
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
distroverpkg=redhat-release
tolerant=1
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
# Note: yum-RHN-plugin doesn't honor this.
metadata_expire=1h
# Default.
# installonly_limit = 3
# PUT YOUR REPOS HERE OR IN separate files named file.repo
# in /etc/yum.repos.d
·
Example:#yum
localinstall
/var/cache/yum/rhel-i386-server-5/packages/*
·
Software testing is
built into the yum command
· A new
listing should be done after patching for future reference.
cat newpatchlist.txt
vim-enhanced-6.3.046-0.40E.7
vim-minimal-6.3.046-0.40E.7
vixie-cron-4.1-50.el4
vsftpd-2.0.1-6.el4
vte-0.11.11-12.el4
vte-0.11.11-12.el4
wget-1.10.2-0.40E
which-2.16-4
wireless-tools-28-0.pre16.3.3.EL4
words-3.0-3.2
wvdial-1.54.0-3
·
# Broadcast message
from root@RH5
(/dev/pts/1) at 14:10 ...
(/dev/pts/1) at 14:10 ...
o The system is going down for reboot NOW!
·
AFTER THE PREDEFINDED, TESTING PEIORED THE
UPDATES/PATCHES WILL NEED TO BE MOVED TO THE PRODUCTION ENVIROMENT.
· Take the back-up of the following files/commands.
#uname -a
#ifconfig –a
#cat /etc/hosts
#cat /etc/fstab
#df -h
#cat /etc/yum.conf
#cat /etc/grub.conf
#cat /etc/sysctl.conf
#rpm -qa >
/packagelist_10152010.txt
#cat
/packagelist_10152010.txt
#cat
/etc/selinux/config
·
Example:#yum
localinstall /var/cache/yum/rhel-i386-server-5/packages/*
·
Software testing is
built into the yum command
· A new listing should be done after patching for future
reference.
vim-enhanced-6.3.046-0.40E.7
vim-minimal-6.3.046-0.40E.7
vixie-cron-4.1-50.el4
vsftpd-2.0.1-6.el4
vte-0.11.11-12.el4
vte-0.11.11-12.el4
wget-1.10.2-0.40E
which-2.16-4
wireless-tools-28-0.pre16.3.3.EL4
words-3.0-3.2
wvdial-1.54.0-3
Xaw3d-1.5-24
# shutdown [OPTION]... TIME [MESSAGE] The shutdown command format.
# Broadcast message from
root@RH5
(/dev/pts/1) at 14:10 ...
The system is going down for reboot NOW
· Boot the server from old kernel through GRUB.
· Edit the grub configuration file under /etc/grub.conf.
(Delete the new kernel entry, make the old-kernel as default)
·
If the patching
corrupts the present kernel which corrupts the GRUB, then perform the below
tasks:
·
The GRUB build will
be corrupted as OS is corrupted. So, insert OS-CD on the machine and boot from
CD.
·
Proceed to the OS
from the rescue mode, and select grub.conf.
·
Make appropriate
changes to the file, which reflects old-kernel to be booted as default. (This
makes the server to boot from it.)
·
Restart the server
and Boot the server from the old-kernel.
·
If the old-kernel
and new-kernel both are crashed while patching the machine, then we shall need
to rebuild the server. Follow the below mentioned steps for rebuild:
·
Insert CD into the
cd-rom.
·
Boot the machine
from CD and proceed with installation.
·
After the
installation, work with changing the system configuration files. (Screen-shot
of the system files is taken before patching)
·
Work on restoration
of files from the recent backup.
·
Work with
Nimsoft-tier on getting the machine into monitoring.
·
Restart the machine
and make sure that the machine is back UP to the normal state as before.
(Monitors should work as normal as before after this reboot
No comments:
Post a Comment