RHEL - How to back out a failed patch

 

Linux patch management: How to back out a failed patch


Check the server for pending patches/updates

[root@rhel77 ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.7 (Maipo)
Use the check-update command to non-interactively check for outstanding updates on your server:
[root@rhel77 ~]# yum check-update
After a successful reboot, check the RHEL version to confirm that the server is updated to X.X version

[root@rhel77 ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.9 (Maipo)
Reverting the updates
First, check the history of the transaction with the yum command:
[root@rhel77 ~]# yum history
Loaded plugins: product-id, search-disabled-repos, subscription-manager
ID     | Login user               | Date and time    | Action(s)      | Altered
-------------------------------------------------------------------------------
     8 | root <root>              | 2020-11-01 23:10 | I, O, U        |  157 EE
The Action(s) and Altered columns give information about what changes occurred with this transaction.
Action(s):
  • I - New package Installed
  • O - Package is Obsoleted
  • U - Package is Updated
Altered:
  • 157 packages were altered
  • EE - There were some errors/warnings in the transaction
Using yum history packages-list shows the changes that happened from that package's point of view.
As systemd is the first process started in RHEL versions 7 and above, that package is protected with /etc/yum/protected.d/systemd.conf:
[root@rhel77 ~]# cat /etc/yum/protected.d/systemd.conf
systemd
Revert the last transaction with yum history undo:
[root@rhel77 ~]# yum history undo last
Loaded plugins: product-id, search-disabled-repos, subscription-manager
Undoing transaction 8, from Sun Nov  1 23:10:56 2020
    Updated     NetworkManager-1:1.18.0-5.el7.x86_64                        @?rhel-7-server-rpms
    Update                     1:1.18.8-1.el7.x86_64                        @rhel-7-server-rpms
    Updated     NetworkManager-config-server-1:1.18.0-5.el7.noarch          @?rhel-7-server-rpms
    Update                                   1:1.18.8-1.el7.noarch          @rhel-7-server-rpms
    Updated     NetworkManager-libnm-1:1.18.0-5.el7.x86_64                  @?rhel-7-server-rpms
....
Resolving Dependencies
--> Running transaction check
…
--> Finished Dependency Resolution
Error: Trying to remove "systemd", which is protected
Caution: The following process is unsupported and untested. Resolve any issues that arise from the downgrade by recovering from a backup or reinstallation.
Move the yum configuration file, which protects systemd:
[root@rhel77 ~]# mv /etc/yum/protected.d/systemd.conf /etc/yum/protected.d/systemd.conf.bak
Re-run the yum history undo last command:
[root@rhel77 ~]# yum history undo last
Loaded plugins: product-id, search-disabled-repos, subscription-manager
Undoing transaction 8, from Sun Nov  1 23:10:56 2020
....
Skipping the running kernel: kernel-3.10.0-1160.2.2.el7.x86_64
....

Dependencies Resolved

=======================================================================================================================
 Package                                    Arch       Version                           Repository               Size
=======================================================================================================================
Installing:
 iwl7265-firmware                           noarch     22.0.7.0-72.el7                   rhel-7-server-rpms      7.3 M
Removing:
 bc                                         x86_64     1.06.95-13.el7                    @rhel-7-server-rpms     215 k
 iwl7260-firmware                           noarch     25.30.13.0-79.el7                 @rhel-7-server-rpms      87 M
 linux-firmware                             noarch     20200421-79.git78c0348.el7        @rhel-7-server-rpms     394 M
Downgrading:
 NetworkManager                             x86_64     1:1.18.0-5.el7                    rhel-7-server-rpms      1.9 M
 NetworkManager-config-server               noarch     1:1.18.0-5.el7                    rhel-7-server-rpms      149 k
 NetworkManager-libnm    
…

Transaction Summary
=======================================================================================================================
Install      1 Package
Remove       3 Packages
Downgrade  152 Packages
…
Running transaction
  Installing : libgcc-4.8.5-39.el7.x86_64                                                                        1/308
  Installing : 1:grub2-common-2.02-0.80.el7.noarch                                                               2/308
  Installing : redhat-release-server-7.7-10.el7.x86_64                                                           3/308
warning: /etc/os-release saved as /etc/os-release.rpmsave
  Installing : setup-2.8.71-10.el7.noarch                                                                        4/308
warning: /etc/shadow created as /etc/shadow.rpmnew
  Installing : 1:grub2-pc-modules-2.02-0.80.el7.noarch   
....
yum-utils.noarch 0:1.1.31-52.el7                   

Complete!
Reboot the server
Check the version of RHEL and the kernel:
[root@rhel77 ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.7 (Maipo)

[root@rhel77 ~]# rpm -q kernel
kernel-3.10.0-1062.el7.x86_64
kernel-3.10.0-1160.2.2.el7.x86_64

[root@rhel77 ~]# uname -r
3.10.0-1160.2.2.el7.x86_64
The server is using the latest kernel version from RHEL 7.9. You can change the default kernel using grub2-set-default command.
Apply the patch in subsets to get more flexibility of rollback
Pinning RHEL to a specific version is one way you can prevent the system from being updated to the latest minor version. Subscription Manager can be used to set the version of RHEL:
[root@rhel77 ~]# subscription-manager release --list
+-------------------------------------------+
          Available Releases
+-------------------------------------------+
7.0
7.1
7.2
7.3
7.4
7.5
7.6
7.7
7.8
7.9
7Server
Check the available updates and repo status before pinning the version:
[root@rhel77 ~]# yum update
...
Transaction Summary
=======================================================================================================================
Install    2 Packages (+2 Dependent packages)
Upgrade  152 Packages


[root@rhel77 ~]# subscription-manager repos --list-enabled
Repo ID:   rhel-7-server-rpms
Repo Name: Red Hat Enterprise Linux 7 Server (RPMs)
Repo URL:  https://cdn.redhat.com/content/dist/rhel/server/7/latest/$basearch/os
Enabled:   1
Pin the version to RHEL 7.8, clear the yum cache, and check the enabled repos:
[root@rhel77 ~]# subscription-manager release --set=7.8

[root@rhel77 ~]# yum clean all

[root@rhel77 ~]# subscription-manager repos --list-enabled
Repo ID:   rhel-7-server-rpms
Repo Name: Red Hat Enterprise Linux 7 Server (RPMs)
Repo URL:  https://cdn.redhat.com/content/dist/rhel/server/7/7.8/$basearch/os
Enabled:   1
It's evident from the Repo URL output above that it's now using 7.8 and not latest.
Run yum update and check whether there are changes to the updates available:
[root@rhel77 ~]# yum update
....
Transaction Summary
=======================================================================================================================
Install    2 Packages (+1 Dependent package)
Upgrade  136 Packages
Patching in subsets
The history option with yum uses the transaction to rollback/undo the operation. So, updating the packages as subsets gives the flexibility to roll them back. This is a better approach than updating the system as a whole.
Update the 'device-mapper' package with update device-mapper.
[root@rhel77 ~]# yum update device-mapper

Loaded plugins: product-id, search-disabled-repos, subscription-manager
Resolving Dependencies
--> Running transaction check
---> Package device-mapper.x86_64 7:1.02.158-2.el7 will be updated
--> Processing Dependency: device-mapper = 7:1.02.158-2.el7 for package: 7:device-mapper-libs-1.02.158-2.el7.x86_64
---> Package device-mapper.x86_64 7:1.02.170-6.el7 will be an update
--> Running transaction check
---> Package device-mapper-libs.x86_64 7:1.02.158-2.el7 will be updated
---> Package device-mapper-libs.x86_64 7:1.02.170-6.el7 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================================
 Package                        Arch               Version                        Repository                      Size
=======================================================================================================================
Updating:
 device-mapper                  x86_64             7:1.02.170-6.el7               rhel-7-server-rpms             297 k
Updating for dependencies:
 device-mapper-libs             x86_64             7:1.02.170-6.el7               rhel-7-server-rpms             325 k

Transaction Summary
=======================================================================================================================
Upgrade  1 Package (+1 Dependent package)

Total download size: 621 k
Is this ok [y/d/N]:
Check the history with yum history.
[root@rhel77 ~]# yum history
Loaded plugins: product-id, search-disabled-repos, subscription-manager
ID     | Login user               | Date and time    | Action(s)      | Altered
-------------------------------------------------------------------------------
     2 | root <root>              | 2020-11-02 15:25 | Update         |    2   
     1 | System <unset>           | 2020-09-14 04:25 | Erase          |    1 EE
history list
Get more specific details about transaction ID 2 using yum history info 2.
[root@rhel77 ~]# yum history info 2
Loaded plugins: product-id, search-disabled-repos, subscription-manager
Transaction ID : 2
Begin time     : Mon Nov  2 15:25:12 2020
Begin rpmdb    : 345:fc299a705f95203fda639ed1153803ad6771d7fb
End time       :            15:25:14 2020 (2 seconds)
End rpmdb      : 345:f8faef254573c0653a624c30ee393b08bb365ab2
User           : root <root>
Return-Code    : Success
Command Line   : update device-mapper
Transaction performed with:
    Installed     rpm-4.11.3-40.el7.x86_64                  installed
    Installed     subscription-manager-1.24.13-1.el7.x86_64 installed
    Installed     yum-3.4.3-163.el7.noarch                  installed
Packages Altered:
    Updated device-mapper-7:1.02.158-2.el7.x86_64      @?rhel-7-server-rpms
    Update                7:1.02.170-6.el7.x86_64      @rhel-7-server-rpms
    Updated device-mapper-libs-7:1.02.158-2.el7.x86_64 @?rhel-7-server-rpms
    Update                     7:1.02.170-6.el7.x86_64 @rhel-7-server-rpms
history info
Finally, undo the last transaction using yum history undo last.
[root@rhel77 ~]# yum history undo last

Loaded plugins: product-id, search-disabled-repos, subscription-manager
Undoing transaction 2, from Mon Nov  2 15:25:12 2020
    Updated device-mapper-7:1.02.158-2.el7.x86_64      @?rhel-7-server-rpms
    Update                7:1.02.170-6.el7.x86_64      @rhel-7-server-rpms
    Updated device-mapper-libs-7:1.02.158-2.el7.x86_64 @?rhel-7-server-rpms
    Update                     7:1.02.170-6.el7.x86_64 @rhel-7-server-rpms
Resolving Dependencies
--> Running transaction check
---> Package device-mapper.x86_64 7:1.02.158-2.el7 will be a downgrade
---> Package device-mapper.x86_64 7:1.02.170-6.el7 will be erased
---> Package device-mapper-libs.x86_64 7:1.02.158-2.el7 will be a downgrade
---> Package device-mapper-libs.x86_64 7:1.02.170-6.el7 will be erased
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================================
 Package                        Arch               Version                        Repository                      Size
=======================================================================================================================
Downgrading:
 device-mapper                  x86_64             7:1.02.158-2.el7               rhel-7-server-rpms             294 k
 device-mapper-libs             x86_64             7:1.02.158-2.el7               rhel-7-server-rpms             322 k

Transaction Summary
=======================================================================================================================
Downgrade  2 Packages

Total download size: 616 k
Is this ok [y/d/N]:

Comments

Post a Comment

Popular posts from this blog

Vathsa's- Linux - SysOps and DevOps

Image
AWS - Auto Scale magento- Ecommerce web servers -------------------------------------------------------------- AZURE SAMPLE WORK-1 Cluster 1 AWS- Project 1 AWS  VPC-Private - Project 1 **********************************************         Megento - my_first_cluster ********************************************** ******************************************* Microsoft AZURE Commands - Day to Day ------------------------------------------------------------------------------------------- #!/bin/bash RgName="MyResourceGroup" Location="eastus" # Create a resource group. az group create    --name $RgName    --location $Location # Create an availability set for the two VMs that host both websites. az vm availability-set create   --resource-group $RgName   --location $Location  --name MyAvailabilitySet  --platform-fault-domain-count 2  --platform-update-domain-count 2 # Create a virtual network and a su...
Read more

Local Yum Repository for Oracle Linux 8

            Local Yum Repository for Oracle Linux 8   Configure Server Repositories Repository Creation Resync the Repository Setup the HTTP Server Point Servers to the Local Repository Make sure the repositories of interest are available on the server, # vim oel8-tmp.repo [ol8_baseos_latest] name=Oracle Linux $releasever BaseOS ($basearch) baseurl=https://yum.oracle.com/repo/OracleLinux/OL8/baseos/latest/$basearch gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle gpgcheck=1 enabled=1 Install OEL8 related repo files from below command # dnf reinstall oraclelinux-release-el8 # dnf clean packages # dnf install oracle-epel-release-el8.x86_64 oracle-gluster-release-el8.x86_64 oracle-spacewalk-client-release-el8.x86_64 oraclelinux-developer-release-el8.x86_64 oraclelinux-release-el8.x86_64 # dnf install oracle-epel-release-el8.x86_64 oracle-gluster-release-el8.x86_64 oracle-spacewa...
Read more