はじめに
PowerVC 2.2.0 の導入のマニュアルで推奨がある Security iFix IT45538 を適用したログです。
マニュアル:Installing from download
To get the latest security fixes for PowerVC 2.2.0, it is highly recommended to install the OpsMgr iFix IT45538.
手順は、APAR の README を元に実行しています。
IT45538-2.2.0-OPSMGR-README.txt
環境
PowerVC 2.2.0 on RHEL 8.6 ppc64le
準備
前提
途中で createrepo コマンド導入操作があるため、対象サーバーに createrepo コマンドが存在しない場合は、RHEL 8.6 App Stream の dnf リポジトリー設定が必要です
APAR をPowerVC サーバーに配置します。
・iFix モジュールの展開
# ls -ltr
total 224556
-rw-r--r-- 1 root root 229942083 Jun 3 00:49 IT45538-2.2.0-OPSMGR.tgz
# tar -zxf IT45538-2.2.0-OPSMGR.tgz
# echo $?
0
・iFix の確認
# ls -l
total 224556
drwxr-xr-x 4 root root 167 Apr 15 07:00 IT45538-2.2.0-OPSMGR
-rw-r--r-- 1 root root 229942083 Jun 3 00:49 IT45538-2.2.0-OPSMGR.tgz
# cd IT45538-2.2.0-OPSMGR/
# ls -l
total 44
-rw-r--r-- 1 root root 12624 Apr 15 07:00 IT45538-2.2.0-OPSMGR-README
drwxr-xr-x 7 root root 110 Apr 10 06:30 packages
-rw-r--r-- 1 root root 957 Mar 29 02:38 patch_opsmgr_post.yml
-rwxr-xr-x 1 root root 12389 Apr 2 21:59 patch_opsmgr.sh
-rw-r--r-- 1 root root 2747 Apr 8 12:43 post_ifix.yml
-rw-r--r-- 1 root root 1085 Apr 2 22:00 pre_ifix.yml
drwxr-xr-x 2 root root 52 Apr 9 02:42 templates
クラスター名の確認
# powervc-opsmgr inventory -l
+--------------------------------------------------------------------------------+
| PowerVC Inventory - pvc220 |
+--------------------------------------------------------------------------------+
Cluster Name : pvc220
Cluster ID : aaab1b1f-234c-40be-a039-750c6f5a55c5
Install Method : cluster
Edition : private_cloud
Firewall Config : True
Login User : root
Virtual IP : 172.16.100.xxx
Primary/Bootstrap Host : 172.16.100.xxx
Hosts : 172.16.100.xxx
+--------------------------------------------------------------------------------+
| *** End of PowerVC Inventory - pvc220 *** |
+--------------------------------------------------------------------------------+
Cluster Name は pvc220 です。
iFix 適用実行
実行コマンド
# time ./patch_opsmgr.sh pvc220 /work/APAR/IT45538-2.2.0-OPSMGR.tgz
実行ログ
# time ./patch_opsmgr.sh pvc220 /work/APAR/IT45538-2.2.0-OPSMGR.tgz
Opsmgr IFIX Path: /work/APAR/IT45538-2.2.0-OPSMGR.tgz
Cluster Name: pvc220
/work/APAR/IT45538-2.2.0-OPSMGR.tgz is valid tar file
patch_opsmgr_pre.yml file not present, hence continuing
Repository dvd-BaseOS is listed more than once in the configuration
Repository dvd-AppStream is listed more than once in the configuration
Repository dvd-BaseOS is listed more than once in the configuration
Repository dvd-AppStream is listed more than once in the configuration
Repository dvd-BaseOS is listed more than once in the configuration
Repository dvd-AppStream is listed more than once in the configuration
Configuring Yum repository for PowerVC-Opsmgr-IFix...
Repository dvd-BaseOS is listed more than once in the configuration
Repository dvd-AppStream is listed more than once in the configuration
Repository dvd-BaseOS is listed more than once in the configuration
Repository dvd-AppStream is listed more than once in the configuration
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Repository dvd-BaseOS is listed more than once in the configuration
Repository dvd-AppStream is listed more than once in the configuration
ifix-IT45538-2.2.0-OPSMGR 3.3 MB/s | 29 kB 00:00
python3-PyYAML 418 kB/s | 27 kB 00:00
python39-cryptography 4.6 MB/s | 27 kB 00:00
python3-PyNaCl 3.9 MB/s | 27 kB 00:00
python3-bcrypt 5.4 MB/s | 27 kB 00:00
POWERVC Openstack noarch 2.5 MB/s | 374 kB 00:00
POWERVC Openstack ppc64le 4.9 MB/s | 171 kB 00:00
POWERVC Opsmgr noarch 2.4 MB/s | 143 kB 00:00
POWERVC Opsmgr ppc64le 5.0 MB/s | 27 kB 00:00
POWERVC Openstack noarch 4.7 MB/s | 492 kB 00:00
POWERVC Openstack noarch rhel8 707 kB/s | 20 kB 00:00
POWERVC Openstack multiarch rhel8 31 kB/s | 6.7 kB 00:00
POWERVC Openstack ppc64le 2.8 MB/s | 139 kB 00:00
RHEL86_BaseOS 5.5 MB/s | 2.0 MB 00:00
RHEL86_AppStream 25 MB/s | 6.5 MB 00:00
RHEL86_Supplement 1.9 MB/s | 21 kB 00:00
RHEL86_High_Availabilityt 22 MB/s | 420 kB 00:00
IBM-Power-Managed 797 kB/s | 23 kB 00:00
Deleting versionlock for: python3-pyOpenSSL-0:22.0.0-1.ibm.el8.*
Deleting versionlock for: python3-paramiko-0:2.9.0-2.ibm.el8.*
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Repository dvd-BaseOS is listed more than once in the configuration
Repository dvd-AppStream is listed more than once in the configuration
Last metadata expiration check: 0:00:03 ago on Mon 03 Jun 2024 05:19:57 AM EDT.
Dependencies resolved.
============================================================================================================================================
Package Architecture Version Repository Size
============================================================================================================================================
Upgrading:
powervc-opsmgr noarch 2.2.0-202404121146.2.ibm.el8 ifix-IT45538-2.2.0-OPSMGR 1.8 M
python3-paramiko noarch 3.4.0-2.ibm.el8 ifix-IT45538-2.2.0-OPSMGR 313 k
python3-powervc-opsmgr noarch 2.2.0-202404121146.2.ibm.el8 ifix-IT45538-2.2.0-OPSMGR 270 k
python3-pyOpenSSL ppc64le 23.3.0-4.ibm.el8 ifix-IT45538-2.2.0-OPSMGR 104 k
python39-cryptography ppc64le 39.0.2-1.ibm.el8 ifix-IT45538-2.2.0-OPSMGR 1.1 M
zookeeper noarch 3.9.1-4.ibm.el8 ifix-IT45538-2.2.0-OPSMGR 20 M
Transaction Summary
============================================================================================================================================
Upgrade 6 Packages
Total size: 24 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: python39-cryptography-39.0.2-1.ibm.el8.ppc64le 1/1
Upgrading : python39-cryptography-39.0.2-1.ibm.el8.ppc64le 1/12
Upgrading : python3-paramiko-3.4.0-2.ibm.el8.noarch 2/12
Upgrading : powervc-opsmgr-2.2.0-202404121146.2.ibm.el8.noarch 3/12
Running scriptlet: powervc-opsmgr-2.2.0-202404121146.2.ibm.el8.noarch 3/12
Upgrading : python3-powervc-opsmgr-2.2.0-202404121146.2.ibm.el8.noarch 4/12
Upgrading : python3-pyOpenSSL-23.3.0-4.ibm.el8.ppc64le 5/12
Running scriptlet: zookeeper-3.9.1-4.ibm.el8.noarch 6/12
Upgrading : zookeeper-3.9.1-4.ibm.el8.noarch 6/12
Running scriptlet: zookeeper-3.9.1-4.ibm.el8.noarch 6/12
Cleanup : python3-powervc-opsmgr-2.2.0-202311020741.1.ibm.el8.noarch 7/12
Cleanup : python3-paramiko-2.9.0-2.ibm.el8.noarch 8/12
Cleanup : python3-pyOpenSSL-22.0.0-1.ibm.el8.ppc64le 9/12
Cleanup : powervc-opsmgr-2.2.0-202311020741.1.ibm.el8.noarch 10/12
Running scriptlet: zookeeper-3.9.1-2.ibm.el8.noarch 11/12
Cleanup : zookeeper-3.9.1-2.ibm.el8.noarch 11/12
Running scriptlet: zookeeper-3.9.1-2.ibm.el8.noarch 11/12
Cleanup : python39-cryptography-36.0.1-2.ibm.el8.ppc64le 12/12
Running scriptlet: python39-cryptography-36.0.1-2.ibm.el8.ppc64le 12/12
Verifying : powervc-opsmgr-2.2.0-202404121146.2.ibm.el8.noarch 1/12
Verifying : powervc-opsmgr-2.2.0-202311020741.1.ibm.el8.noarch 2/12
Verifying : python3-paramiko-3.4.0-2.ibm.el8.noarch 3/12
Verifying : python3-paramiko-2.9.0-2.ibm.el8.noarch 4/12
Verifying : python3-powervc-opsmgr-2.2.0-202404121146.2.ibm.el8.noarch 5/12
Verifying : python3-powervc-opsmgr-2.2.0-202311020741.1.ibm.el8.noarch 6/12
Verifying : python3-pyOpenSSL-23.3.0-4.ibm.el8.ppc64le 7/12
Verifying : python3-pyOpenSSL-22.0.0-1.ibm.el8.ppc64le 8/12
Verifying : python39-cryptography-39.0.2-1.ibm.el8.ppc64le 9/12
Verifying : python39-cryptography-36.0.1-2.ibm.el8.ppc64le 10/12
Verifying : zookeeper-3.9.1-4.ibm.el8.noarch 11/12
Verifying : zookeeper-3.9.1-2.ibm.el8.noarch 12/12
Installed products updated.
Upgraded:
powervc-opsmgr-2.2.0-202404121146.2.ibm.el8.noarch python3-paramiko-3.4.0-2.ibm.el8.noarch
python3-powervc-opsmgr-2.2.0-202404121146.2.ibm.el8.noarch python3-pyOpenSSL-23.3.0-4.ibm.el8.ppc64le
python39-cryptography-39.0.2-1.ibm.el8.ppc64le zookeeper-3.9.1-4.ibm.el8.noarch
Complete!
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Repository dvd-BaseOS is listed more than once in the configuration
Repository dvd-AppStream is listed more than once in the configuration
Last metadata expiration check: 0:00:27 ago on Mon 03 Jun 2024 05:19:57 AM EDT.
Adding versionlock on: python3-paramiko-0:3.4.0-2.ibm.el8.*
Adding versionlock on: python3-pyOpenSSL-0:23.3.0-4.ibm.el8.*
Adding versionlock on: python39-cryptography-0:39.0.2-1.ibm.el8.*
Adding versionlock on: zookeeper-0:3.9.1-4.ibm.el8.*
Adding versionlock on: python39-urllib3-1:1.25.10-1.ibm.el8.*
Running patch_opsmgr_post.yml
PLAY [install] *****************************************************************************************************************************
TASK [Gathering Facts] *********************************************************************************************************************
Monday 03 June 2024 05:20:38 -0400 (0:00:00.506) 0:00:00.506 ***********
[DEPRECATION WARNING]: Distribution rhel 8.6 on host 172.16.100.173 should use /usr/libexec/platform-python, but is using /usr/bin/python
for backward compatibility with prior Ansible releases. A future Ansible release will default to using the discovered platform python for
this host. See https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information. This feature will
be removed in version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
ok: [172.16.100.173]
TASK [Check if directory present on non primary node] **************************************************************************************
Monday 03 June 2024 05:20:42 -0400 (0:00:04.436) 0:00:04.943 ***********
ok: [172.16.100.173]
TASK [Create directory] ********************************************************************************************************************
Monday 03 June 2024 05:20:43 -0400 (0:00:00.543) 0:00:05.486 ***********
skipping: [172.16.100.173]
TASK [sync version file] *******************************************************************************************************************
Monday 03 June 2024 05:20:43 -0400 (0:00:00.343) 0:00:05.830 ***********
ok: [172.16.100.173 -> 172.16.100.173] => (item=172.16.100.173)
PLAY RECAP *********************************************************************************************************************************
172.16.100.173 : ok=3 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
Monday 03 June 2024 05:20:43 -0400 (0:00:00.537) 0:00:06.367 ***********
===============================================================================
Gathering Facts --------------------------------------------------------------------------------------------------------------------- 4.44s
Check if directory present on non primary node -------------------------------------------------------------------------------------- 0.54s
sync version file ------------------------------------------------------------------------------------------------------------------- 0.54s
Create directory -------------------------------------------------------------------------------------------------------------------- 0.34s
Successfully updated the PowerVC-OPS Manager RPM. Please proceed with the installation.
real 1m42.164s
user 0m35.306s
sys 0m2.323s
所要時間2分弱でした。
導入確認
# yum repo-pkgs ifix-IT45538-2.2.0-OPSMGR list --showduplicates
Updating Subscription Management repositories.
Repository dvd-BaseOS is listed more than once in the configuration
Repository dvd-AppStream is listed more than once in the configuration
Last metadata expiration check: 0:02:44 ago on Mon 03 Jun 2024 05:19:57 AM EDT.
Installed Packages
powervc-opsmgr.noarch 2.2.0-202404121146.2.ibm.el8 @ifix-IT45538-2.2.0-OPSMGR
python3-paramiko.noarch 3.4.0-2.ibm.el8 @ifix-IT45538-2.2.0-OPSMGR
python3-powervc-opsmgr.noarch 2.2.0-202404121146.2.ibm.el8 @ifix-IT45538-2.2.0-OPSMGR
python3-pyOpenSSL.ppc64le 23.3.0-4.ibm.el8 @ifix-IT45538-2.2.0-OPSMGR
python39-cryptography.ppc64le 39.0.2-1.ibm.el8 @ifix-IT45538-2.2.0-OPSMGR
zookeeper.noarch 3.9.1-4.ibm.el8 @ifix-IT45538-2.2.0-OPSMGR
Available Packages
powervc-opsmgr.noarch 2.2.0-202404121146.2.ibm.el8 ifix-IT45538-2.2.0-OPSMGR
python3-paramiko.noarch 3.4.0-2.ibm.el8 ifix-IT45538-2.2.0-OPSMGR
python3-powervc-opsmgr.noarch 2.2.0-202404121146.2.ibm.el8 ifix-IT45538-2.2.0-OPSMGR
python3-pyOpenSSL.ppc64le 23.3.0-4.ibm.el8 ifix-IT45538-2.2.0-OPSMGR
python39-cryptography.ppc64le 39.0.2-1.ibm.el8 ifix-IT45538-2.2.0-OPSMGR
python39-urllib3.noarch 1:1.25.10-1.ibm.el8 ifix-IT45538-2.2.0-OPSMGR
zookeeper.noarch 3.9.1-4.ibm.el8
無事適用 ifix が適用できたようです。
適用後には、ifix の dnf リポジトリーが追加されていました。
# dnf repolist | grep ifix
ifix-IT45538-2.2.0-OPSMGR ifix-IT45538-2.2.0-OPSMGR
# cat /etc/yum.repos.d/ifix_IT45538-2.2.0-OPSMGR.repo
[ifix-IT45538-2.2.0-OPSMGR]
name=ifix-IT45538-2.2.0-OPSMGR
gpgcheck=1
enabled=1
baseurl=file:///opt/ibm/powervc-opsmgr/ifixes/2.2.0/opsmgr_ifix/IT45538/
priority=90
module_hotfixes=1
モジュールが "/opt/ibm/powervc-opsmgr/ifixes/2.2.0/opsmgr_ifix/IT45538/" にコピーされるので今後不要であれば削除しても良いものと思います。
以上です。