首页 » 系统工具 » 正文

在 RHEL/CentOS 系统上使用 YUM history 命令回滚升级操作

为服务器打补丁是 Linux 系统管理员的一项重要任务,为的是让系统更加稳定,性能更加优化。厂商经常会发布一些安全/高危的补丁包,相关软件需要升级以防范潜在的安全风险。

Yum (Yellowdog Update Modified) 是 CentOS 和 RedHat 系统上用的 RPM 包管理工具,yum history 命令允许系统管理员将系统回滚到上一个状态,但由于某些限制,回滚不是在所有情况下都能成功,有时 yum 命令可能什么都不做,有时可能会删掉一些其他的包。

我建议你在升级之前还是要做一个完整的系统备份,而 yum history 并不能用来替代系统备份的。系统备份能让你将系统还原到任意时候的节点状态。

推荐阅读:

某些情况下,安装的应用程序在升级了补丁之后不能正常工作或者出现一些错误(可能是由于库不兼容或者软件包升级导致的),那该怎么办呢?

与应用开发团队沟通,并找出导致库和软件包的问题所在,然后使用 yum history 命令进行回滚。

注意:

  • 它不支持回滚 selinux,selinux-policy-*,kernel,glibc (以及依赖 glibc 的包,比如 gcc)。
  • 不建议将系统降级到更低的版本(比如 CentOS 6.9 降到 CentOS 6.8),这会导致系统处于不稳定的状态

让我们先来看看系统上有哪些包可以升级,然后挑选出一些包来做实验。

  1. # yum update
  2. Loaded plugins: fastestmirror, security
  3. Setting up Update Process
  4. Loading mirror speeds from cached hostfile
  5. epel/metalink | 12 kB 00:00
  6. * epel: mirror.csclub.uwaterloo.ca
  7. base | 3.7 kB 00:00
  8. dockerrepo | 2.9 kB 00:00
  9. draios | 2.9 kB 00:00
  10. draios/primary_db | 13 kB 00:00
  11. epel | 4.3 kB 00:00
  12. epel/primary_db | 5.9 MB 00:00
  13. extras | 3.4 kB 00:00
  14. updates | 3.4 kB 00:00
  15. updates/primary_db | 2.5 MB 00:00
  16. Resolving Dependencies
  17. --> Running transaction check
  18. ---> Package git.x86_64 0:1.7.1-8.el6 will be updated
  19. ---> Package git.x86_64 0:1.7.1-9.el6_9 will be an update
  20. ---> Package httpd.x86_64 0:2.2.15-60.el6.centos.4 will be updated
  21. ---> Package httpd.x86_64 0:2.2.15-60.el6.centos.5 will be an update
  22. ---> Package httpd-tools.x86_64 0:2.2.15-60.el6.centos.4 will be updated
  23. ---> Package httpd-tools.x86_64 0:2.2.15-60.el6.centos.5 will be an update
  24. ---> Package perl-Git.noarch 0:1.7.1-8.el6 will be updated
  25. ---> Package perl-Git.noarch 0:1.7.1-9.el6_9 will be an update
  26. --> Finished Dependency Resolution
  27. Dependencies Resolved
  28. =================================================================================================
  29. Package Arch Version Repository Size
  30. =================================================================================================
  31. Updating:
  32. git x86_64 1.7.1-9.el6_9 updates 4.6 M
  33. httpd x86_64 2.2.15-60.el6.centos.5 updates 836 k
  34. httpd-tools x86_64 2.2.15-60.el6.centos.5 updates 80 k
  35. perl-Git noarch 1.7.1-9.el6_9 updates 29 k
  36. Transaction Summary
  37. =================================================================================================
  38. Upgrade 4 Package(s)
  39. Total download size: 5.5 M
  40. Is this ok [y/N]: n

你会发现 git 包可以被升级,那我们就用它来实验吧。运行下面命令获得软件包的版本信息(当前安装的版本和可以升级的版本)。

  1. # yum list git
  2. Loaded plugins: fastestmirror, security
  3. Setting up Update Process
  4. Loading mirror speeds from cached hostfile
  5. * epel: mirror.csclub.uwaterloo.ca
  6. Installed Packages
  7. git.x86_64 1.7.1-8.el6 @base
  8. Available Packages
  9. git.x86_64 1.7.1-9.el6_9 updates

运行下面命令来将 git 从 1.7.1-8 升级到 1.7.1-9

  1. # yum update git
  2. Loaded plugins: fastestmirror, presto
  3. Setting up Update Process
  4. Loading mirror speeds from cached hostfile
  5. * base: repos.lax.quadranet.com
  6. * epel: fedora.mirrors.pair.com
  7. * extras: mirrors.seas.harvard.edu
  8. * updates: mirror.sesp.northwestern.edu
  9. Resolving Dependencies
  10. --> Running transaction check
  11. ---> Package git.x86_64 0:1.7.1-8.el6 will be updated
  12. --> Processing Dependency: git = 1.7.1-8.el6 for package: perl-Git-1.7.1-8.el6.noarch
  13. ---> Package git.x86_64 0:1.7.1-9.el6_9 will be an update
  14. --> Running transaction check
  15. ---> Package perl-Git.noarch 0:1.7.1-8.el6 will be updated
  16. ---> Package perl-Git.noarch 0:1.7.1-9.el6_9 will be an update
  17. --> Finished Dependency Resolution
  18. Dependencies Resolved
  19. =================================================================================================
  20. Package Arch Version Repository Size
  21. =================================================================================================
  22. Updating:
  23. git x86_64 1.7.1-9.el6_9 updates 4.6 M
  24. Updating for dependencies:
  25. perl-Git noarch 1.7.1-9.el6_9 updates 29 k
  26. Transaction Summary
  27. =================================================================================================
  28. Upgrade 2 Package(s)
  29. Total download size: 4.6 M
  30. Is this ok [y/N]: y
  31. Downloading Packages:
  32. Setting up and reading Presto delta metadata
  33. Processing delta metadata
  34. Package(s) data still to download: 4.6 M
  35. (1/2): git-1.7.1-9.el6_9.x86_64.rpm | 4.6 MB 00:00
  36. (2/2): perl-Git-1.7.1-9.el6_9.noarch.rpm | 29 kB 00:00
  37. -------------------------------------------------------------------------------------------------
  38. Total 5.8 MB/s | 4.6 MB 00:00
  39. Running rpm_check_debug
  40. Running Transaction Test
  41. Transaction Test Succeeded
  42. Running Transaction
  43. Updating : perl-Git-1.7.1-9.el6_9.noarch 1/4
  44. Updating : git-1.7.1-9.el6_9.x86_64 2/4
  45. Cleanup : perl-Git-1.7.1-8.el6.noarch 3/4
  46. Cleanup : git-1.7.1-8.el6.x86_64 4/4
  47. Verifying : git-1.7.1-9.el6_9.x86_64 1/4
  48. Verifying : perl-Git-1.7.1-9.el6_9.noarch 2/4
  49. Verifying : git-1.7.1-8.el6.x86_64 3/4
  50. Verifying : perl-Git-1.7.1-8.el6.noarch 4/4
  51. Updated:
  52. git.x86_64 0:1.7.1-9.el6_9
  53. Dependency Updated:
  54. perl-Git.noarch 0:1.7.1-9.el6_9
  55. Complete!

验证升级后的 git 版本.

  1. # yum list git
  2. Installed Packages
  3. git.x86_64 1.7.1-9.el6_9 @updates
  4. # rpm -q git
  5. git-1.7.1-9.el6_9.x86_64

现在我们成功升级这个软件包,可以对它进行回滚了。步骤如下。

使用 YUM history 命令回滚升级操作

首先,使用下面命令获取 yum 操作的 id。下面的输出很清晰地列出了所有需要的信息,例如操作 id、谁做的这个操作(用户名)、操作日期和时间、操作的动作(安装还是升级)、操作影响的包数量。

  1. # yum history
  2. # yum history list all
  3. Loaded plugins: fastestmirror, presto
  4. ID | Login user | Date and time | Action(s) | Altered
  5. -------------------------------------------------------------------------------
  6. 13 | root | 2017-08-18 13:30 | Update | 2
  7. 12 | root | 2017-08-10 07:46 | Install | 1
  8. 11 | root | 2017-07-28 17:10 | E, I, U | 28 EE
  9. 10 | root | 2017-04-21 09:16 | E, I, U | 162 EE
  10. 9 | root | 2017-02-09 17:09 | E, I, U | 20 EE
  11. 8 | root | 2017-02-02 10:45 | Install | 1
  12. 7 | root | 2016-12-15 06:48 | Update | 1
  13. 6 | root | 2016-12-15 06:43 | Install | 1
  14. 5 | root | 2016-12-02 10:28 | E, I, U | 23 EE
  15. 4 | root | 2016-10-28 05:37 | E, I, U | 13 EE
  16. 3 | root | 2016-10-18 12:53 | Install | 1
  17. 2 | root | 2016-09-30 10:28 | E, I, U | 31 EE
  18. 1 | root | 2016-07-26 11:40 | E, I, U | 160 EE

上面命令显示有两个包受到了影响,因为 git 还升级了它的依赖包 perl-Git。 运行下面命令来查看关于操作的详细信息。

  1. # yum history info 13
  2. Loaded plugins: fastestmirror, presto
  3. Transaction ID : 13
  4. Begin time : Fri Aug 18 13:30:52 2017
  5. Begin rpmdb : 420:f5c5f9184f44cf317de64d3a35199e894ad71188
  6. End time : 13:30:54 2017 (2 seconds)
  7. End rpmdb : 420:d04a95c25d4526ef87598f0dcaec66d3f99b98d4
  8. User : root
  9. Return-Code : Success
  10. Command Line : update git
  11. Transaction performed with:
  12. Installed rpm-4.8.0-55.el6.x86_64 @base
  13. Installed yum-3.2.29-81.el6.centos.noarch @base
  14. Installed yum-plugin-fastestmirror-1.1.30-40.el6.noarch @base
  15. Installed yum-presto-0.6.2-1.el6.noarch @anaconda-CentOS-201207061011.x86_64/6.3
  16. Packages Altered:
  17. Updated git-1.7.1-8.el6.x86_64 @base
  18. Update 1.7.1-9.el6_9.x86_64 @updates
  19. Updated perl-Git-1.7.1-8.el6.noarch @base
  20. Update 1.7.1-9.el6_9.noarch @updates
  21. history info

运行下面命令来回滚 git 包到上一个版本。

  1. # yum history undo 13
  2. Loaded plugins: fastestmirror, presto
  3. Undoing transaction 53, from Fri Aug 18 13:30:52 2017
  4. Updated git-1.7.1-8.el6.x86_64 @base
  5. Update 1.7.1-9.el6_9.x86_64 @updates
  6. Updated perl-Git-1.7.1-8.el6.noarch @base
  7. Update 1.7.1-9.el6_9.noarch @updates
  8. Loading mirror speeds from cached hostfile
  9. * base: repos.lax.quadranet.com
  10. * epel: fedora.mirrors.pair.com
  11. * extras: repo1.dal.innoscale.net
  12. * updates: mirror.vtti.vt.edu
  13. Resolving Dependencies
  14. --> Running transaction check
  15. ---> Package git.x86_64 0:1.7.1-8.el6 will be a downgrade
  16. ---> Package git.x86_64 0:1.7.1-9.el6_9 will be erased
  17. ---> Package perl-Git.noarch 0:1.7.1-8.el6 will be a downgrade
  18. ---> Package perl-Git.noarch 0:1.7.1-9.el6_9 will be erased
  19. --> Finished Dependency Resolution
  20. Dependencies Resolved
  21. =================================================================================================
  22. Package Arch Version Repository Size
  23. =================================================================================================
  24. Downgrading:
  25. git x86_64 1.7.1-8.el6 base 4.6 M
  26. perl-Git noarch 1.7.1-8.el6 base 29 k
  27. Transaction Summary
  28. =================================================================================================
  29. Downgrade 2 Package(s)
  30. Total download size: 4.6 M
  31. Is this ok [y/N]: y
  32. Downloading Packages:
  33. Setting up and reading Presto delta metadata
  34. Processing delta metadata
  35. Package(s) data still to download: 4.6 M
  36. (1/2): git-1.7.1-8.el6.x86_64.rpm | 4.6 MB 00:00
  37. (2/2): perl-Git-1.7.1-8.el6.noarch.rpm | 29 kB 00:00
  38. -------------------------------------------------------------------------------------------------
  39. Total 3.4 MB/s | 4.6 MB 00:01
  40. Running rpm_check_debug
  41. Running Transaction Test
  42. Transaction Test Succeeded
  43. Running Transaction
  44. Installing : perl-Git-1.7.1-8.el6.noarch 1/4
  45. Installing : git-1.7.1-8.el6.x86_64 2/4
  46. Cleanup : perl-Git-1.7.1-9.el6_9.noarch 3/4
  47. Cleanup : git-1.7.1-9.el6_9.x86_64 4/4
  48. Verifying : git-1.7.1-8.el6.x86_64 1/4
  49. Verifying : perl-Git-1.7.1-8.el6.noarch 2/4
  50. Verifying : git-1.7.1-9.el6_9.x86_64 3/4
  51. Verifying : perl-Git-1.7.1-9.el6_9.noarch 4/4
  52. Removed:
  53. git.x86_64 0:1.7.1-9.el6_9 perl-Git.noarch 0:1.7.1-9.el6_9
  54. Installed:
  55. git.x86_64 0:1.7.1-8.el6 perl-Git.noarch 0:1.7.1-8.el6
  56. Complete!

回滚后,使用下面命令来检查降级包的版本。

  1. # yum list git
  2. # rpm -q git
  3. git-1.7.1-8.el6.x86_64

使用YUM downgrade 命令回滚升级

此外,我们也可以使用 YUM downgrade 命令回滚升级。

  1. # yum downgrade git-1.7.1-8.el6 perl-Git-1.7.1-8.el6
  2. Loaded plugins: search-disabled-repos, security, ulninfo
  3. Setting up Downgrade Process
  4. Resolving Dependencies
  5. --> Running transaction check
  6. ---> Package git.x86_64 0:1.7.1-8.el6 will be a downgrade
  7. ---> Package git.x86_64 0:1.7.1-9.el6_9 will be erased
  8. ---> Package perl-Git.noarch 0:1.7.1-8.el6 will be a downgrade
  9. ---> Package perl-Git.noarch 0:1.7.1-9.el6_9 will be erased
  10. --> Finished Dependency Resolution
  11. Dependencies Resolved
  12. =================================================================================================
  13. Package Arch Version Repository Size
  14. =================================================================================================
  15. Downgrading:
  16. git x86_64 1.7.1-8.el6 base 4.6 M
  17. perl-Git noarch 1.7.1-8.el6 base 29 k
  18. Transaction Summary
  19. =================================================================================================
  20. Downgrade 2 Package(s)
  21. Total download size: 4.6 M
  22. Is this ok [y/N]: y
  23. Downloading Packages:
  24. (1/2): git-1.7.1-8.el6.x86_64.rpm | 4.6 MB 00:00
  25. (2/2): perl-Git-1.7.1-8.el6.noarch.rpm | 28 kB 00:00
  26. -------------------------------------------------------------------------------------------------
  27. Total 3.7 MB/s | 4.6 MB 00:01
  28. Running rpm_check_debug
  29. Running Transaction Test
  30. Transaction Test Succeeded
  31. Running Transaction
  32. Installing : perl-Git-1.7.1-8.el6.noarch 1/4
  33. Installing : git-1.7.1-8.el6.x86_64 2/4
  34. Cleanup : perl-Git-1.7.1-9.el6_9.noarch 3/4
  35. Cleanup : git-1.7.1-9.el6_9.x86_64 4/4
  36. Verifying : git-1.7.1-8.el6.x86_64 1/4
  37. Verifying : perl-Git-1.7.1-8.el6.noarch 2/4
  38. Verifying : git-1.7.1-9.el6_9.x86_64 3/4
  39. Verifying : perl-Git-1.7.1-9.el6_9.noarch 4/4
  40. Removed:
  41. git.x86_64 0:1.7.1-9.el6_9 perl-Git.noarch 0:1.7.1-9.el6_9
  42. Installed:
  43. git.x86_64 0:1.7.1-8.el6 perl-Git.noarch 0:1.7.1-8.el6
  44. Complete!

注意: 你也需要降级依赖包,否则它会删掉当前版本的依赖包而不是对依赖包做降级,因为 downgrade 命令无法处理依赖关系。

至于 Fedora 用户

命令是一样的,只需要将包管理器名称从 yum 改成 dnf 就行了。

  1. # dnf list git
  2. # dnf history
  3. # dnf history info
  4. # dnf history undo
  5. # dnf list git
  6. # dnf downgrade git-1.7.1-8.el6 perl-Git-1.7.1-8.el6

via: https://www.2daygeek.com/rollback-fallback-updates-downgrade-packages-centos-rhel-fedora/

作者:2daygeek 译者:lujun9972 校对:wxy

本文由 LCTT 原创编译,Linux中国 荣誉推出

发表评论