AIX Patching Via BigFix

Manish · December 5, 2019, 4:31pm

Hello All,

Can anyone please confirm on below points for AIX patching.

1] Is BigFix capable of patching OS with Alt_clone method?

2] Is BigFix capable to apply TL which is major OS update?

3] Basis on past experience, BigFix take time to download OS update during activity (around 2-3 hrs). Have this improved now ?

4] Can tool apply patches only at specific time as AIX patching goes in sequence without using Server Automation Module ?

5] Is tool can shut cluster during patching and start post server reboot without using Server Automation Module ?

Regards,
Manish Singh

Shahban · December 5, 2019, 4:49pm

Hi All,

Any help will be highly appreciated, also looking for the details answers for my environment.

Regards,
Shaban

Manish · December 6, 2019, 4:52am

Hello All,

I have got the ans for 1 to 3 from IBM/HCL wiki.
If anyone can help for point number 4 and 5 that would be helpful.

Regards,
Manish Singh

MatthiasW · December 6, 2019, 7:17am

My suggestion is to play around and run some tests in your environment.
In our environment, we apply patches / ifixes on a montly base during defined maintenance windows.
For Minor and Major Updates, meaning updating AIX Servicepack or Technologylevel we still use NIM in addition with multibos or NIMadm.
Our experience with BigFix for such large updates was pretty different as patch times differed. Maybe due to IBM (downloading SP / TL takes sometimes a lot of time) or our proxy as well.

Regarding point 4 and 5:
4. Yes, you can use maintenance windows or specify actions start times.
5. Cluster stopping works pretty well using below check. Starting cluster after reboot can be done by configuring PowerHA in the way to start cluster services on system start.

// check for PowerHA running
if { exists match (regex “clevmgrd”) of names of processes }
parameter “clusternode” = “{hostname}”
// stop cluster
wait sh -c “/usr/sbin/cluster/utilities/clmgr stop node {parameter “clusternode”} MANAGE=offline WHEN=now broadcast=no”
// wait for applicationscripts to be finished
pause while {exists match (regex “rg_move”) of command line arguments of processes “clcallev”}
endif
// reboot
run /bin/sh -c “trap ‘’ 15; shutdown -Fr”

Rackham · December 11, 2019, 2:55pm

Hi Satish,

Yes, BigFix has support for patching via alt-disk clone. This is very popular with many AIX users of BigFix.
Yes, BigFix can apply both AIX TLs and SPs.
The time to download a TL/SP is dependent mainly on size of the update, and your own network. 2 - 3 hours is typical. But… you should use the NFS Repository function within BigFix so that any given update is only downloaded once and can be used by any of your managed systems.
Yes. You can use baselines and scheduling to put the patches on at any time, and in any order you would like.
The Automation module allows you to coordinate work across different systems. If you need to orchestrate work between systems (shut down a cluster on system a before putting fixes on system b), you’ll need to use the automation module. Otherwise, you can do all patching tasks with pre/post tasks on one system without using automation.