emgr – System interim fixes management.
Synopsis
Uses the interim fix manager (emgr) to install packages created with the epkg command and maintain the database containing interim fix information.
It can perform the following operations install, commit, check, mount, unmount, remove, list interim fix (ifix) and view package locks.
Requirements
The below requirements are needed on the host that executes this module.
AIX >= 7.1 TL3
Python >= 3.6
Privileged user with authorization: aix.system.install
Parameters
- action (optional, str, list)
Controls what action is performed.
installperforms an interim fix package installation.
commitperforms a commit operation on specified interim fix.
checkperforms a check operation on installed interim fix.
mountmounts specified interim fix that have been mount-installed.
unmountunmounts specified interim fix that have been mount-installed.
removeperforms an uninstall of the specified interim fix.
view_packagedisplays all packages that are locked, their installer, and the locking label or labels.
display_ifixdisplays the contents and topology of specified interim fix. This option is useful withverbose.
listlists interim fix data.- ifix_package (optional, path, None)
Specifies the path of the interim fix package file.
If from_epkg=yes, then the file must be created with the epkg command and must end with the 16-bit compression extension ‘.Z’. Otherwise the file is manage as a concurrent update ifix package file.
Can be used if action has one of following values
install,display_ifix.Mutually exclusive with list_file.
- ifix_label (optional, str, None)
Specifies the interim fix label that is the unique key that binds all of the different database objects.
Can be used if action has one of following values
list,commit,remove,check,mount,unmount,remove.Required if action=remove and force=True.
Mutually exclusive with ifix_number, ifix_vuid, list_file.
- ifix_number (optional, str, None)
Specifies the interim fix identification number (ID).
The interim fix ID is simply the order number in which the interim fix is listed in the interim fix database. Using this option may be convenient if you are performing operations on interim fixes based on interim fix listings.
Can be used if action has one of following values
list,remove,check,mount,unmount,remove.Mutually exclusive with ifix_label, ifix_vuid, list_file.
- ifix_vuid (optional, str, None)
Specifies the interim fix Virtually Unique ID (VUID) that can be used to differentiate packages with the same interim fix label.
Can be used if action has one of following values
list,remove,check,mount,unmount.Mutually exclusive with ifix_label, ifix_number, list_file.
- list_file (optional, path, None)
Specifies a file that contains a list of package locations if action=install or a list of interim fix labels for the remove, mount, unmount and check operations.
The file must have one item per line, blank lines or starting with
Can be used if action has one of following values
install,remove,check,mount,unmount,display_ifix.Mutually exclusive with ifix_label, ifix_number, ifix_vuid, ifix_package.
- package (optional, str, None)
Specifies the package to view.
Can be used if action=view_package
- alternate_dir (optional, path, None)
Specifies an alternative directory path for installation.
Can be used if action has one of following values
list,install,remove,check,mount,unmount,view_package.- working_dir (optional, path, None)
Specifies an alternative working directory path instead of the default /tmp directory.
If not specified the emgr command will use the /tmp directory.
Can be used if action has one of following values
install,remove,check,mount,unmount,display_ifix.- from_epkg (optional, bool, False)
Specifies to install an interim fix package file created with the epkg command.
Can be used if action=install.
- mount_install (optional, bool, False)
Perform a mount installation. When and interim fix is mount-installed, the interim fix files are mounted over the target files.
This option is not supported for interim fix packages that require rebooting.
Can be used if action=install. Cannot be set when from_epkg=no.
- commit (optional, bool, False)
Commits interim fix containing concurrent updates to disk after its installation.
Can be used if action=install.
- extend_fs (optional, bool, False)
Attempts to resize any file systems where there is insufficient space.
- force (optional, bool, False)
Forces action.
Can be used if action has one of following values
install,remove.When action=install, it specifies the interim fix installation can overwrite an existing package.
When action=remove, it should be considered an emergency procedure because this method can create inconsistencies on the system.
- preview (optional, bool, False)
Perform a preview that runs all of the check operations but does not make any changes.
Can be used if action has one of following values
install,commit,remove.- quiet (optional, bool, False)
Suppresses all output other than errors and strong warnings.
Can be used if action has one of following values
install,commit,remove.- bosboot (optional, str, None)
Controls the bosboot process.
skipskips the usual bosboot process for ifix that require rebooting.
load_debuggerloads the low-level debugger during AIX bosboot.
invoke_debuggerinvokes the low-level debugger for AIX bosboot.Can be used if action has one of following values
install,commit,remove.- verbose (optional, int, None)
Specifies the verbosity level. The verbosity increases with the value.
Can be used if action has one of following values
list,check,view_package.
Notes
Note
System administrators or users with the aix.system.install authorization can run the emgr command on a multi-level secure (MLS) system.
Ifix data, saved files, and temporary files are accessible only by the root user.
You can refer to the IBM documentation for additional information on the emgr command at https://www.ibm.com/support/knowledgecenter/ssw_aix_72/e_commands/emgr.html.
Examples
- name: List interim fix on the system
emgr:
action: list
- name: Install ifix package from file generated with epkg
emgr:
action: install
ifix_package: /usr/sys/inst.images/IJ22714s1a.200212.AIX72TL04SP00-01.epkg.Z
working_dir: /usr/sys/inst.images
from_epkg: true
extend_fs: true
- name: List a specific ifix data in details
emgr:
action: list
ifix_label: IJ22714s1a
verbosity: 3
- name: Check an ifix
emgr:
action: check
ifix_label: IJ22714s1a
- name: Preview ifix commit and display only errors and warnings
emgr:
action: commit
ifix_label: IJ22714s1a
preview: true
quiet: true
- name: Remove an installed ifix based on its VUID
emgr:
action: remove
ifix_vuid: 00F7CD554C00021210023020
- name: Display contents and topology of an ifix
emgr:
action: display_ifix
ifix_package: /usr/sys/inst.images/IJ22714s1a.200212.AIX72TL04SP00-01.epkg.Z
Return Values
- msg (always, str, Missing parameter: force remove requires: ifix_label)
The execution message.
- reboot_required (always, bool, True)
Indicates if ifix requires reboot.
- stdout (always, str, ID STATE LABEL INSTALL TIME UPDATED BY ABSTRACTn === ===== ========== ================= ========== ======================================n 1 S IJ20785s2a 04/30/20 11:03:46 tcpdump CVEs fixed n 2 S IJ17065m3a 04/30/20 11:03:57 IJ17065 is for AIX 7.2 TL03 n 3 Q IJ09625s2a 04/30/20 11:04:14 IJ09624 7.2.3.2 n 4 S IJ11550s0a 04/30/20 11:04:34 Xorg Security Vulnerability fix n n STATE codes:n S = STABLEn M = MOUNTEDn U = UNMOUNTEDn Q = REBOOT REQUIREDn B = BROKENn I = INSTALLINGn R = REMOVINGn T = TESTEDn P = PATCHEDn N = NOT PATCHEDn SP = STABLE + PATCHEDn SN = STABLE + NOT PATCHEDn QP = BOOT IMAGE MODIFIED + PATCHEDn QN = BOOT IMAGE MODIFIED + NOT PATCHEDn RQ = REMOVING + REBOOT REQUIRED)
The standard output.
- stderr (always, str, There is no efix data on this system.)
The standard error.
Status
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by community.