wiki

User Tools

Site Tools

Trace: aix_patching
aix:aix_patching

Table of Contents

Check Fix to apply on AIX

Global check

First step, check the whole compatibility level between all components on FLRT site https://www14.software.ibm.com/webapp/set2/flrt/power

Check server model and FW, OS level and PowerHA level…: 

[root@nim]/root# /usr/bin/dsh 'lsattr -El sys0 -a modelname' | cut -d ' ' -f3 | sort -u
IBM,8286-42A
IBM,9009-41A
[root@nim]/root# /usr/bin/dsh 'lsattr -El sys0 -a fwversion' | cut -d ' ' -f3 | sort -u
IBM,FW860.42
IBM,FW910.01
[root@nim]/root# oslevel -s
7100-05-02-1810
[root@nim]/root# halevel -s
7.2.2 SP1

AIX patches

To know which security and hiper patch to apply on AIX LPARs, use the IBM FLRT.

All APARs: https://esupport.ibm.com/customercare/flrt/doc?page=aparCSV

Only HIPER: https://public.dhe.ibm.com/software/server/flrtvc/hiper_security.csv

First download latest script FLRTVC.ksh and latest hiper patch file. Please rename the script flrtvc.ksh by adding the version: 

[root@nim]/export/softs/flrt# ksh93 flrtvc_0.8.1.ksh -f hiper_security_2019-01.csv
Fileset|Current Version|Type|EFix Installed|Abstract|Unsafe Versions|APARs|Bulletin URL|Download URL|CVSS Base Score|Reboot Required|Last Update|Fixed In
bos.rte|7.2.3.15|sec||NOT FIXED - There is a vulnerability in FreeBSD that affects AIX.|7.2.3.0-7.2.3.15|IJ09625|http://aix.software.ibm.com/aix/efixes/security/freebsd_advisory.asc||CVE-2018-6922:7.5|NO|11/08/2018|7200-03-03
bos.rte|7.2.3.15|sec||NOT FIXED - There is a vulnerability in FreeBSD that affects AIX.|7.2.3.0-7.2.3.15|IJ09625|http://aix.software.ibm.com/aix/efixes/security/freebsd_advisory.asc||CVE-2018-6922:7.5|NO|11/08/2018|3.1.0.20

For more details add -av

For info, latest security efix can be found in: 

https://aix.software.ibm.com/aix/efixes/security/

To get the list of all APARs and security: 

https://esupport.ibm.com/customercare/flrt/doc?page=aparCSV

Microcode updates

To know which firmware to apply using the latest microcode catalog: https://public.dhe.ibm.com/software/server/firmware/catalog.mic

Copy the file into /var/adm/invscout/microcode/catalog.mic 

[root@nim]/root# invscout -u -catl /tmp/catalog.mic

******  Command  ----  V2.2.0.20
******  Logic Database V2.2.0.2

Initializing ...
Identifying the system ...
Working ...
Getting system microcode level(s) ...
Scanning for device microcode level(s) ...

74 devices detected; each dot (.)
represents 10 devices processed:
.......

Writing Microcode Survey upload file ...
------------------------------------------------------------------------------------------------------------------------------------
Microcode Survey Results
------------------------------------------------------------------------------------------------------------------------------------
Hostname  . . . . . . : nim
Command Version . . . : 2.2.0.20
Logic Database Version: 2.2.0.2
Survey Date and Time  : Mon Jan 21 13:49:25 2019
OS Level  . . . . . . : 7.2.0.0
uname -M  . . . . . . : IBM,8286-42A
catalog.mic date  . . : 01-11-2019


Logical  Current Level  Available Level  Effect        Suggested Action  Device
------------------------------------------------------------------------------------------------------------------------------------
sys0     SV860_138      SV860_180        Take Offline  Update            5148-21L; 5148-22L; 8247-21L; 8247-22L; 8247-42L; 8284-
fcs0     00010000020025201919  00011000040041500010  None          Update            PCIe2 2-Port 16Gb FC Adapter
fcs1     00010000020025201919  00011000040041500010  None          Update            PCIe2 2-Port 16Gb FC Adapter
ent0     30100150              30100150              None          No Action         PCIe2 4-Port (10GbE SFP+ & 1GbE RJ45) Adapter
ent1     30100150              30100150              None          No Action         PCIe2 4-Port (10GbE SFP+ & 1GbE RJ45) Adapter
ent2     30100150              30100150              None          No Action         PCIe2 4-Port (10GbE SFP+ & 1GbE RJ45) Adapter
ent3     30100150              30100150              None          No Action         PCIe2 4-Port (10GbE SFP+ & 1GbE RJ45) Adapter
sissas0  16519500              19511400              None          Update            PCIe3 RAID SAS Adapter Quad-port 6Gb x8 & PCIe3 SAS Tap
hdisk0   37343134              37343138              None          Update            Savvio 15K.3  146/300GB SAS Disk Drive
hdisk24  37343134              37343138              None          Update            Savvio 15K.3  146/300GB SAS Disk Drive

Microcode Survey complete

The output files can be found at:
Upload file: /var/adm/invscout/nim.mup
Report file: /var/adm/invscout/invs.mrp
Report file: /var/adm/invscout/invs.mrrup

To transfer the invscout 'Upload file' for microcode
comparison, see your service provider's web page.

ls -l /var/adm/invscout/ 

 4 -rw-rw----    1 invscout system          474 Feb 19 03:08 8286-42A_21xxxxW-2.InvScoutOutput

664 -rw-r–r– 1 root system 676008 Feb 19 03:08 8286-42A_21xxxxW-2.VPD.xml

You can also use the MUP file /var/adm/invscout/nim.mup and compare it on IBM web page, this will report all firmware status: https://www14.software.ibm.com/support/customercare/mds/fetch?page=mdsUpload.html

aix/aix_patching.txt · Last modified: 2023/12/13 09:37 by manu

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki