Current IBM Open Platform 4.1 and 4.2 distributions based on Ambari are not integrating a mechanism to upgrade services definition by applying patches.

This post introduces a simple service patch management procedure and details the instructions on how to apply a service patch into an existing IOP 4.1 or 4.2 cluster. The mechanism is based on updated rpm packages for delivering the patches and relies on yum upgrade capabilities to apply the patches to customer clusters.


  • Passwordless SSH connections between the Ambari server host and all other cluster hosts. Review related documentation.
  • tarball file IOP-patchManagement.tar.gz¬†attached to this post.
  • Run python patching tool as root.
  • Ambari credentials: admin username and admin password.
  • Ambari cluster name.
  • Server port number.
  • Service name to patch.
  • URL of the repository where the new rpm is available. The reposURL to fix specific problems will be provided in BigInsights documentation.¬† Make sure the URL is accessible from Ambari server host and use the repository that matches your cluster platform.

Applying service patch

The following steps are needed to install the patch:

Step 1: Extract Patch Management tool

The IOP-patchManagement.tar.gz attached to this blog contains:, IOP-PATCHES.template and README files. Download and extract the tarball content to Ambari server host. To untar the tarball file execute:

 tar -zxvf IOP-patchManagement_V2.tar_.gz 

Make sure all the files are placed in the same IOP-patchManagement directory and to have execute permission.

Step 2: Stop the service

Stop the service you are patching and turn on the maintenance mode. For example, if you are upgrading Knox:

  1. From the Ambari web dashboard, in the menu bar, click Services.
  2. Chose Knox in the service list on the left menu.
  3. In Knox Services Actions drop-down menu, click on Stop.KnoxStop
  4. Turn on the maintenance mode on confirmation window and Confirm Stop.StopConfirmation

The maintenance mode is turned on typically when performing hardware or software maintenance and it suppresses the alerts and warnings related to the service.

Step 3: Run Patch Management script

Once IOP-patchManagement.tar.gz has been extracted and the content is on Ambari server host (as explained in Step 1), run script as root:


This script automates the process of adding the new repo definition for all the affected nodes in the cluster. It also performs the yum upgrade operation for the specific IOP service requiring the patch.

The script will prompt you for the following parameters:

  • Ambari admin credentials: username and password.

  • Ambari cluster name and server port number.

  • Service name to patch.

  • Patch action [upgrade/downgrade].

  • URL to repository.

This is an example of script input parameters when upgrading Knox:


After entering all the parameters, the script will validate the inputs and apply the patch by upgrading the service for all the affected nodes.

A successful patch installation for Knox would look like this:


Downgrade patch action provides a tool to revert the service upgrade and reinstall its initial rpms version. The action is intended to be run right after failed upgrade execution.

For more details about the script operation refer to the README file in the attached tarball.

Step 4: Start the service

Finally you need to start and turn off the maintenance mode for the upgraded service. For example, if Knox was the service upgraded:

  1. From the Ambari web dashboard, in the menu bar, click Services.
  2. Select Knox in the service list on the left menu.
  3. In Knox Service Actions drop-down menu, click on Start.KnoxStart
  4. Turn off the maintenance mode on the confirmation window and Confirm Start.



NOTE: If several services require to be patched as part of the new repository, repeat steps from 2 to 4 for each individual service before continuing with next step 5.

Step 5: Modify the IOP repository URL

  1. From the Ambari web dashboard, in the menu bar, click Admin > Stacks and Versions.StacksAndVersions
  2. From the Stacks and Versions view, browse to Versions tab and click the icon to Edit Repositories.EditRepositories
  3. Update the IOP Base URL for the Operating System you are configuring  to the URL where the patch is available and click Save.RepositoryURL

Tracking applied patches

Since this patch managements mechanism relies on yum capabilities it makes easy to obtain information about the applied patches into an existing cluster. Yum will keep track of all the new rpms installed in the cluster, their version and the repository where they were installed from.

The following yum commands are useful for this purpose:

 yum list installed | grep IOP 

Will list the RPM packages installed from IOP repos. The output shows package name, version and the repo used to install it.

 yum info "package_name" 

Will provide details for the rpms installed for a specific service: name, architecture, package version, release version, repo, package size… It is accepting wild cards as package_name. e.g knox_* or hbase_*.


Thanks to Vishal A. Ghugare for his collaboration on this blog post.

Join The Discussion

Your email address will not be published. Required fields are marked *