My Favorites

Close

Please to see your favorites.

  • Bookmark
  • Email Document
  • Printer Friendly
  • Favorite
  • Rating:

Best practice for applying Program Temporary Fixes (PTFs)

This document (7016640) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Desktop 11
SUSE Linux Enterprise High Availability Extension 11
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 11
SUSE Manager
SUSE Studio

Situation

SUSE Technical Services provided a set of packages to fix a given situation (so called PTF = Program Temporary Fix).

Please note that such a PTF is fully supported by SUSE until the respective Maintenance Update containing the fix (can be reviewed within the changelog) has been released via the regular update repositories.
Customers running PTF fixes will be notified via the related service request once a patch for a PTF has been released.

Now the question is: How should a PTF be applied to a server.

Resolution

Usually package management tasks are executed via YaST2 or zypper. These tools fetch the packages from given installation media or online repositories.

Program Temporary Fixes on the other hand are not distributed as repositories but as plain http directories and as such require a download of the packages. The easiest and most convenient solution is to download the whole
http directory via wget and to install the packages in the folder using rpm -Fvh. This procedure ensures all packages are being fetched but only those already installed on the system will be updated.

The procedure would be:
  1. Create a folder "PTF":
    mkdir /root/PTFinstall-$(date +"%F-%H-%M")

  2. Change into the previously created directory:
    cd $_

  3. Download the provided URL recursively using wget:
    wget --no-directories --recursive --reject "index.html*" --user=<NCC/SCCusername> --ask-password --no-parent  <URL>

    NOTE:  If the above <URL> is pointing to a directory, be sure the URL ends with a trailing slash (/).  Otherwise, wget can interpret it as a file, and may traverse up into the parent directory and then down other subdirectories.  This is true despite the use of "--no=parent" on the command line.

  4. Install the RPMs using:
    rpm -Fvh *rpm

Special Case kernel RPMs

While the above procedure is very convenient, special attention should be payed to kernel RPMs. The used rpm -F option will replace the existing RPM and hence a preinstalled kernel will be replaced by the new one. This behaviour may not be desired and the TEST-/PTF should get installed in parallel to the existing one.

In this case, please identify which kernel RPMs have been installed previously (rpm -qa | grep kernel-) and install the PTF-RPMs using

rpm -ivh rpm1 rpm2 rpm3 ...

As there may be several kernel flavors in an architecture specific HTTP directory, please pay special attention to the kernel flavors and only install those kernel RPMs that are needed.


Special Case on CaasP product RPMs

When running updates through the Velum dashboard interface *after applying a PTF*, it is possible that zypper removes the PTF again. 
When that is happening, please do the following :
  1. Install the PTFs with the command :
    transactional-update pkg install *PTF*rpm
    or

    transactional-update ptf install *PTF*rpm

    In the case "Signature verification failed" messages are observed, please use "i" to ignore, otherwise the PTF will not be installed.

    Reboot the admin note manually
    # reboot


  2. Once the system is back up, verify the rpm is installed with :
    rpm -qa |grep PTF

  3. Create a lock on the package using zypper, so that the next update will not overwrite the PTF with a possible problem version again.
    zypper al <PTF_PACKAGE_NAME>

  4. Verify  the lock was properly set using  :
    zypper ll
ATTENTION: Once the PTF is superseded with a regular maintenance update, and that update is released / included in the regular update repositories, please make sure to remove the lock that was set on the package before applying these updates, so the package(s) can be properly updated again going forward.

Additional Information

How to install a kernel RPM:

Situation:

1. The packages have been downloaded using the above described procedure and the directory contains the following files:


sles11sp3:~/PTFinstall-2016-05-26-10-00 # l
total 1159804
drwxr-xr-x  2 root root      4096 May 26 10:07 ./
drwx------ 10 root root      4096 May 26 10:00 ../
-rw-r--r--  1 root root   7058123 May 12 13:59 kernel-default-3.0.101-0.47.79.1.10806.1.PTF.974428.nosrc.rpm
-rw-r--r--  1 root root  24281811 May 12 13:59 kernel-default-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm
-rw-r--r--  1 root root  15551478 May 12 13:59 kernel-default-base-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm
-rw-r--r--  1 root root 303585616 May 12 13:59 kernel-default-debuginfo-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm
-rw-r--r--  1 root root  52651476 May 12 13:59 kernel-default-debugsource-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm
-rw-r--r--  1 root root   6353063 May 12 13:59 kernel-default-devel-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm
-rw-r--r--  1 root root  26063477 May 12 13:59 kernel-default-devel-debuginfo-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm
-rw-r--r--  1 root root  14489809 May 12 13:59 kernel-default-extra-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm
-rw-r--r--  1 root root   4759014 May 12 13:59 kernel-default-hmac-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm
-rw-r--r--  1 root root 119311862 May 12 12:30 kernel-source-3.0.101-0.47.79.1.10806.1.PTF.974428.src.rpm
-rw-r--r--  1 root root  91798255 May 12 12:30 kernel-source-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm
-rw-r--r--  1 root root  88043183 May 12 12:30 kernel-source-vanilla-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm
-rw-r--r--  1 root root   7057543 May 12 14:46 kernel-xen-3.0.101-0.47.79.1.10806.1.PTF.974428.nosrc.rpm
-rw-r--r--  1 root root  24034382 May 12 14:46 kernel-xen-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm
-rw-r--r--  1 root root  14660596 May 12 14:46 kernel-xen-base-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm
-rw-r--r--  1 root root 286017607 May 12 14:46 kernel-xen-debuginfo-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm
-rw-r--r--  1 root root  51501488 May 12 14:46 kernel-xen-debugsource-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm
-rw-r--r--  1 root root   6292081 May 12 14:46 kernel-xen-devel-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm
-rw-r--r--  1 root root  23449988 May 12 14:46 kernel-xen-devel-debuginfo-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm
-rw-r--r--  1 root root  14508510 May 12 14:46 kernel-xen-extra-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm
-rw-r--r--  1 root root   4754534 May 12 14:46 kernel-xen-hmac-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm

2. Identify the installed kernel RPMs

sles11sp3:~/PTFinstall-2016-05-26-10-00 # rpm -qa | grep kernel-
kernel-default-base-3.0.101-0.47.71.1
kernel-firmware-20110923-0.52.3
kernel-default-3.0.101-0.47.71.1

3. Install the required packages only:

rpm -ivh kernel-default-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm kernel-default-base-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm

As the kernel-firmware was was not provided, it does not need to get updated. As mentioned, this will install the PTF kernel beside the existing kernel and not replace it so it can act as fallback. So a rpm -qa | grep kernel- will look afterwards:

sles11sp3:~/PTFinstall-2016-05-26-10-00 # rpm -qa | grep kernel-
kernel-default-3.0.101-0.47.79.1.10806.1.PTF.974428
kernel-default-base-3.0.101-0.47.71.1
kernel-default-base-3.0.101-0.47.79.1.10806.1.PTF.974428
kernel-firmware-20110923-0.52.3
kernel-default-3.0.101-0.47.71.1

Please also visit TID#7016511 for information on "How to import suse_key for signed PTF packages"

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7016640
  • Creation Date:30-JUN-15
  • Modified Date:13-NOV-19
    • SUSESUSE Linux Enterprise Desktop
      SUSE Linux Enterprise Real Time Extension
      SUSE Linux Enterprise Server
      SUSE Manager
      SUSE Studio
< Back to Support Search

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center