HP UX Patch Management manual Patch rollback and commitment, Patch commitment

Page 33

Patch rollback and commitment

Patch rollback

You might occasionally want to remove a patch and restore the system to its prepatched state. This process is known as patch rollback. For example, if you installed a patch that resulted in unacceptable system behavior, you might choose to roll back this patch. However, rollback is possible only if certain files were saved as part of the patch installation process. During patch installation, the default behavior is to save copies of all files that are replaced by the new patch before the new versions of these files are loaded. These saved files are called rollback files and are the key to making patch rollback possible. When you roll back a patch, these rollback files are restored to the system. You should override the default behavior only if you have a complete understanding of the patch rollback process.

You cannot roll back a patch unless one of the following is true:

Rollback files corresponding to the patch are available for reinstallation.

Base software and the patch that modifies the software are removed at the same time (removing the base software also removes the patches associated with that software).

For superseded patches, you must first roll back the superseding patch.

You can use the swremove command to roll back a patch (if no dependencies exist for the patch). Use the following command to roll back the patch patch_id:

swremove patch_id

As is true for many SD-UX commands, you can add the -poption to execute the command in preview-only mode. This mode allows you to view output from the command without actual changes occurring. You should initially execute the command in preview mode:

swremove -p patch_id

Advanced topic: patch installation and rollback files

When installing patches, you can explicitly specify that rollback files not be saved. To do this, you add the -x patch_save_files=false option to the swinstall command:

$ swinstall -s /tmp/temporary_depot/depot -x autoreboot=true \ -x patch_match_target=true x patch_save_files=false

Only use the false option if you will never remove a patch under any circumstances.

Patch commitment

Allowing for patch rollback does come at a cost, because the files required for patch rollback consume disk space. If disk space is an issue on a system, you can commit the patches; a process that deletes the associated rollback files, thereby freeing disk space. If disk space is not an issue on a system, you should avoid committing the patches, and leave rollback files in place. If any patch in a supersession chain is committed, all prior patches in the chain lose the ability to be restored, and the save area disk space for those patches will also be reclaimed.

Do not undertake patch commitment without serious consideration of the consequences. When you commit a patch, simple rollback of the patch is no longer possible. Because of this, you should carefully select which patches should be committed. Good candidates include patches that were thoroughly tested in the environment prior to installation, and patches that have been installed on the system for a significant period of time and have not resulted in unwarranted conditions. Other good candidates are patches that have been superseded multiple times. You should also consider a patch's warning status and its HP rating before committing the patch.

To commit an individual patch, execute the swmodify command on the patch with the patch_commit=true option. To commit the patch patch_id, enter this command:

swmodify -x patch_commit=true patch_id

You can add the -poption to this command so it will be executed in preview-only mode.

Patch rollback and commitment 33

Image 33
Contents Patch Management User Guide for HP-UX 11.x Systems Revision history Table of Contents What are standard HP-UX patch bundles? Using Dynamic Root Disk for patch management 107 104Patch management strategies HP-UX patches and patch managementWhere to start How to get patchesOverview Quick start guide for patching HP-UX systemsBefore you begin Should you use standard HP-UX patch bundles?Acquiring and installing standard HP-UX patch bundles Standard HP-UX patch bundlesAcquiring the bundles As root, run the createdepothp-ux11script Installing the bundlesSwlist Advanced topic using Dynamic Root Disk DRDAcquiring the patches Acquiring and installing individual patchesQuick start guide for patching HP-UX systems Swverify -d \* @ /tmp/somepatchdirectory/depot Installing the patchesAdvanced topic using Dynamic Root Disk DRD Patch-related concepts HP-UX patch overviewPatch identification HP-UX software structureSoftware depots and patch depots Patch bundlesPatch state Patch statusState Category tagsSwlist -l fileset -a state grep patchid Swlist -l product -a categorytag patchid Which patches are on a system?For example Examples of the swlist command$ swlist -l product *,c=patch $ swlist -l bundle @ somesystem $ swlist -l product *,c=manualdependenciesAncestors and supersession Ancestors$ swlist -l fileset -a ancestor PHSS29183 Supersession Swlist -a appliedpatches filesetname$ swlist -a appliedpatches Xserver.AGRM Showpatches -s Swlist -l patch -x showsupersededpatches=trueSwlist -a patchstate -x showsupersededpatches=true patchid $ swlist -l fileset -a supersedes PHSS28681HP-UX Patch Supersession Chain Patch-related attributesSee Category tags Patch dependencies Types of dependenciesCorequisites and prerequisites Enforced and unenforced manual dependencies Impact of dependencies on acquiring patchesSwlist -vl fileset -a dependencytype fileset Patch rollback and commitment Patch rollbackPatch commitment Advanced topic patch cleanup utility Cleanup -p -c numberHP-UX patch ratings Rating details HP patch ratingFinding information for a specific patch Critical and noncritical patchesPatch documentation $ swlist -l product -a categorytag PHSS30011Subset of fields in patch text file and patch details Patch warnings Obtaining information using the ItrcAdvanced topic the readme attribute Swlist -l product -a readme patchid moreCritical and noncritical warnings How to handle patch warnings Questions to askAdvanced topic finding patches with warnings Considerations Backup and recoveryPatch management life cycle Patch management overviewPatch management life cycle Patch management overview Restrictive Conservative Innovative Establishing a software change management strategyOperational factor and patch management strategy matrix Recommendations for software change managementPatch management and software depots Consideration of HP patch ratingAcquiring patches for proactive patching Proactive patching strategyAdvanced topic HP-UX Software Assistant Reactive patching strategyAcquiring patches for reactive patching Advanced topic security patching strategyAdvanced topic scanning for security patches Testing the patches to be installedKey features What are standard HP-UX patch bundles?Standard HP-UX patch bundles Standard HP-UX patch bundle use and release dates Obtaining standard HP-UX patch bundlesQuick start guide for patching HP-UX systems Obtaining an Itrc user account Using the IT Resource CenterUseful pages on the Itrc Find individual patchesAccessing the patch database and finding an individual patch Key featuresClick the add to selected patch list button Using the IT Resource Center Check for patches with dependencies Advanced topic checking for all patch dependenciesUsing the IT Resource Center Click the add to selected patch list button Custom patch bundles run a patch assessment Standard patch bundlesSupport information digests Ask your peers in the forumsSearch knowledge base Common software distributor commands for patching Using software depots for patch managementDirectory depots Depot typesTape depots Using depotsViewing depots Choosing depot type and depot locationSwlist -l depot $ swlist -l depot Swlist -l depot @ remotesystem$ swlist -l depot @ swdepot.xyz.com Creating and adding to a directory depot Depot/patches/11.11 Copying patches to depotsRegistering and unregistering directory depots Advanced topic HP-UX Software AssistantCopying products with patch dependencies to depots Examples of registering and unregistering depots Advanced topic access control lists$ swreg -l depot /depot/patches/2003-07periodicdepot $ swreg -u -l depot /depot/patches/2003-07periodicdepotVerifying directory depots Examples of verifying directory depots$ swverify -d \* @ /mydepots/newdirectorydepot Removing software from a directory depot Verification had errorsVerification succeeded $ swverify -d \* @ /mydepots/PHSS30278depotExecution succeeded $ /usr/sbin/cleanup -d /mydepots/patchdepot Advanced topic removing superseded patches from a depot$ swlist -l product -d @ /mydepots/patchdepot Removing a directory depot Installing patches from a depot$ swlist -l product @ /mydepots/patchdepot $ swreg -u -l depot /mydepots/PHCO27780depotReboots the system when required Analysis succeeded Examples of installing patches from a depotInstalling products with patch dependencies from a depot Custom patch bundlesAnalysis and Execution succeeded Examples of listing patches and bundles Rev Patch descriptionRev Bundle Description $ swlist -d @ /mydepots/temporarydepot Creating a custom bundleAnalysis succeeded Finally, remove the temporary depot For more information Using HP-UX Software Assistant for patch managementUsing Dynamic Root Disk for patch management Drd1m Using the Patch Assessment Tool Patch Assessment ToolBenefits of the Patch Assessment Tool Example of running the Patch Assessment Tool Select upload new system information Support and other resources Contacting HPRelated information Typographic conventions HP websitesNon-HP websites Times Patch usage models Components in test Image Then production Patch usage model 1 hardware/application software changeDRD Begi n Product needs to be certified on HP-UX 11i v2/v3 Patch usage model 3 operating environment cold install Patch usage model 3 operating environment cold install Patch usage model 4 operating environment update Patch usage model 4 operating environment update Create clone Patch usage model 5 proactive patchPassed? System Patch usage model 6 reactive patchAncestor GlossaryIPD SWA Index Index See also HWE Index