Performing AIX live update with Ansible

I recently tested AIX Live Update (aka Live Kernel Update or LKU) with Ansible.

The IBM Power development team provided support for LKU in v1.9.0 of the IBM AIX Ansible collection. See links below.

Explore What's New: AIX Ansible collection version 1.9.0 available now !

https://community.ibm.com/community/user/power/blogs/shreyansh-chamola/2024/07/10/availability

lku – Performs live kernel update

https://ibm.github.io/ansible-power-aix/modules/lku.html

module > lku

https://galaxy.ansible.com/ui/repo/published/ibm/power_aix/content/module/lku/

At the time of writing this post, the latest version of the AIX Ansible collection was 1.9.2. This is what I installed on my Ansible controller.

# ansible-galaxy collection list ibm.power_aix

# /.ansible/collections/ansible_collections

Collection Version

------------- -------

ibm.power_aix 1.9.2

I review the provided lku demo playbook that came with the collection:

/.ansible/collections/ansible_collections/./ibm/power_aix/playbooks/demo_lku.yml

Note that this module, currently, only supports live update operations on AIX VMs managed by PowerVC.

The module uses the geninstall -k command for live kernel update.

I created my own playbook to test this new module.

lku_quark.yml:

---

- name: Perform live kernel update operation on AIX

hosts: quark

gather_facts: false

collections:

- ibm.power_aix

vars:

PVC_name: pvc

PVC_password: abc123

PVC_user: root

directory: /tmp

filesets_fixes: IJ45274s1a.230207.epkg.Z

tasks:

- name: To install all the updates and interim fixes that are available in the "{{ directory }}" directory

lku:

PVC_name: "{{ PVC_name }}"

PVC_password: "{{ PVC_password }}"

PVC_user: "{{ PVC_user }}"

directory: "{{ directory }}"

filesets_fixes: "{{ filesets_fixes }}"

- name: Display result

debug: var=result

Note the ifix (IJ45274s1a.230207.epkg.Z) was copied to the /tmp directory on the AIX host (not the controller) .

I ran my live update (lku) playbook from my Ansible controller.

# ansible-playbook lku_quark.yml

PLAY [Perform live kernel update operation on AIX] ************************************************************************************

TASK [To install all the updates and interim fixes that are available in the "/tmp" directory] ***************************************

[WARNING]: Module did not set no_log for PVC_password

ok: [quark]

TASK [Display result] *****************************************************************************************************************

ok: [quark] => {

"result": {

"changed": false,

"cmd": "geninstall -k -d /tmp IJ45274s1a.230207.epkg.Z",

"failed": false,

"msg": "Live Kernel Update operation has been performed successfully.",

"rc": 0,

"stderr": "",

"stderr_lines": [],

"stdout": "\n\n+-----------------------------------------------------------------------------+\n Pre-Live Update Verification...\n+-----------------------------------------------------------------------------+\nVerifying environment...done\nVerifying /var/adm/ras/liveupdate/lvupdate.data file...done\nComputing the estimated time for the live update operation...done\nResults...\n\nEXECUTION INFORMATION\n---------------------\n LPAR: quark\n PowerVC: 10.8.12.120\n user: root\n\n Blackout time(in seconds): 20\n Total operation time(in seconds): 1172\n\n << End of Information Section >>\n\n+-----------------------------------------------------------------------------+\n Live Update Requirement Verification...\n+-----------------------------------------------------------------------------+\n\nINFORMATION\n-----------\nINFO: Any system dumps present in the current dump logical volumes will not be available after live update is complete.\n\n << End of Information Section >>\n\n+-----------------------------------------------------------------------------+\n Live Update Preview Summary...\n+-----------------------------------------------------------------------------+\nThe live update preview succeeded.\n\nNon-interruptable live update operation begins in 10 seconds.\n\nInitializing live update on original LPAR.\n\nValidating original LPAR environment.\n\nBeginning live update operation on original LPAR.\n\nRequesting resources required for live update.\n............\nNotifying applications of impending live update.\n\nCreating rootvg for boot of surrogate.\n................................................................\nStarting the surrogate LPAR.\n........................................................................................................................................................\nCreating mirror of original LPAR's rootvg.\n........................................\nMoving workload to surrogate LPAR.\n........\n\tBlackout Time started.\n\n\tBlackout Time end.\n\nWorkload is running on surrogate LPAR.\n................................................................................\nShutting down the Original LPAR.\n........................\nThe live update operation succeeded.\n",

"stdout_lines": [

"",

"+-----------------------------------------------------------------------------+",

" Pre-Live Update Verification...",

"+-----------------------------------------------------------------------------+",

"Verifying environment...done",

"Verifying /var/adm/ras/liveupdate/lvupdate.data file...done",

"Computing the estimated time for the live update operation...done",

"Results...",

"",

"EXECUTION INFORMATION",

"---------------------",

" LPAR: quark",

" PowerVC: 10.8.12.120",

" user: root",

"",

" Blackout time(in seconds): 20",

" Total operation time(in seconds): 1172",

"",

" << End of Information Section >>",

"",

"+-----------------------------------------------------------------------------+",

" Live Update Requirement Verification...",

"+-----------------------------------------------------------------------------+",

"",

"INFORMATION",

"-----------",

"INFO: Any system dumps present in the current dump logical volumes will not be available after live update is complete.",

"",

" << End of Information Section >>",

"",

"+-----------------------------------------------------------------------------+",

" Live Update Preview Summary...",

"+-----------------------------------------------------------------------------+",

"The live update preview succeeded.",

"",

"Non-interruptable live update operation begins in 10 seconds.",

"",

"Initializing live update on original LPAR.",

"",

"Validating original LPAR environment.",

"",

"Beginning live update operation on original LPAR.",

"",

"Requesting resources required for live update.",

"............",

"Notifying applications of impending live update.",

"",

"Creating rootvg for boot of surrogate.",

"................................................................",

"Starting the surrogate LPAR.",

"........................................................................................................................................................",

"Creating mirror of original LPAR's rootvg.",

"........................................",

"Moving workload to surrogate LPAR.",

"........",

"\tBlackout Time started.",

"",

"\tBlackout Time end.",

"",

"Workload is running on surrogate LPAR.",

"................................................................................",

"Shutting down the Original LPAR.",

"........................",

"The live update operation succeeded."

"warnings": [

"Module did not set no_log for PVC_password"

]

}

PLAY RECAP ****************************************************************************************************************************

quark : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

The lku module handles all the steps required to perform a (PowerVC-based) live update operation. This includes authenticating with the PowerVC server. For example, I noted that before I ran the playbook, the AIX host to be updated, had not yet authenticated with the PowerVC server (which something you would typically do with the pvcauth command, before starting live update). A few moments after started running the playbook, the host had successfully authenticated with PowerVC, and then the live update process began on the host.

root@quark / # pvcauth -l

Address : 10.8.12.120

User name: root

Project : ibm-default

Port : 5000

TTL : 5:59:59

root@quark / #

Broadcast message from root@quark (pts/1) at 23:07:22 ...

Live AIX update in progress.

root@quark / # ps -ef | grep geninstall

root 8716586 8978832 0 23:06:39 pts/1 0:00 /bin/ksh /usr/sbin/geninstall -k -d /tmp IJ45274s1a.230207.epkg.Z

PowerVC deployed the surrogate VM and then live migrated the workload from the original VM to the surrogate. When it complete, the original VM was removed. All of which is expected with live update.

A screenshot of a computer

Description automatically generated

The playbook performed exactly as I hoped it would. After the live operation was finished, the ifix was installed and active on my AIX VM (quark), without a reboot!

# uptime ; emgr -l

12:36AM up 108 days, 23:05, 3 users, load average: 1.98, 1.92, 1.42

ID STATE LABEL INSTALL TIME UPDATED BY ABSTRACT

=== ===== ========== ================= ========== ======================================

1 S IJ45274s1a 08/08/24 23:19:41 Ifix for APAR IJ45274

STATE codes:

S = STABLE

I look forward to seeing how the team further enhances this particular Ansible module for AIX live update.