Transactions and Rollback with RPM

When an upgrade works, you get a few more features or better performance. When an upgrade fails, you're in for a weekend of pain. Now, here's how to back off to the old version and keep the system up.

You should receive a listing like this:

# up2date --list-rollbacks
install time: Sun Jul 27 20:49:55 2003   tid:1059353395
	        [-] goo-1.0-1.0:

install time: Tue Jul 29 20:44:25 2003   tid:1059525865
	        [-] foo-1-2:

This command is handy even if you are not actually using up2date, because the rpm command does not provide a way of displaying such information.

To undo a transaction, use the --undo option, which undoes the last transaction that was installed. Simply type:

# up2date --undo

If you want to roll back multiple transactions, run this command multiple times. The ability to roll back from the GUI is not supported.

Auto-Rollback Patch

RPM normally delivers packages using a best effort strategy, meaning if one or more RPMs fails to install, the remaining RPMs in the transaction still are installed. This is a desirable behavior in some environments, but in others it would be much better if, instead, RPM automatically rolled back the failed transaction. Because I work in such an environment (telecommunications), I wrote a patch called the auto-rollback patch. This patch allows you to configure RPM such that if a transaction fails, RPM automatically rolls back the failed transaction. It does leave behind the failed RPM if it failed in its %post scriptlet; hopefully that soon will be fixed (patches anyone?).

If you would like to use this feature, you can download the patch (or RPMs that have the patch applied) from lee.k12.nc.us/~joden/misc/patches/rpm. Once you have a version of RPM installed with the auto-rollback patch, you need to configure RPM to use the auto-rollback feature. To do so, edit /etc/rpm/macros and add the following macro definition:

%_rollback_transaction_on_failure 1

After doing this, the next time you install/upgrade a set of RPMs and one fails to install, RPM automatically rolls back the failed transaction, except for the failing one if it failed in the %post scriptlet.

Conclusion

RPM transactional rollbacks provide an efficient way of undoing RPM upgrades. They also provide a solid building block upon which system update programs (such as up2date, yum and apt-get) can provide automated rollback functionality. However, transactional rollbacks are not for everyone. To quote Jeff Johnson, “the --rollback option...requires absolutely perfect system administration and is mostly mechanism, not policy.” Transactional rollbacks are an all-or-nothing affair. Care must be taken to ensure that all erasures are repackaged, as RPM's ability to roll back transactions is only as good as its source of repackaged packages. The administrator must ensure that extra space is allocated for the storage of the repackaged packages. Finally, RPM's transactional rollback feature is a work-in-progress. That said, RPM transactional rollbacks have come a long way from their beginnings. If you want to ensure that RPM updates to a system can be undone quickly, they may be exactly what the doctor ordered.

James Olin Oden (joden@lee.k12.nc.us) is a software engineer at Tekelec. He has administered UNIX-type systems and developed under them for over a decade. He also is the creator of Tech Tracker (tt.lee.k12.nc.us), a Web-based IT-tracking system.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Empty rpms when I use rpm -Uvh --test with transational rollback

Bryan's picture

When I have repackage_all_erasures on and then do a rpm -Uvh --test it creates empty .rpm files in the /var/spool/repackage area. Has anyone else noticed this? Not sure if this is a bug or a feature.
I just checked whether this affects what happens when I first do a rpm -Uvh --test foo.rpm and then actually do a rpm -Uvh. It doesn't seem to affect anything, the empty foo.rpm is replaced by the real foo.rpm in /var/spool/repackage.

Re: Transactions and Rollback with RPM

Anonymous's picture

Watch out for the situation where you already have rollback rpms in the repackage directory with the same name.
ie. upgrade prog-1.0-1 to 1.1-1 and create a prog-1.0-1.i386.rpm file in the rollback package directory. Perform an up2date --undo, which backs out version 1.1 and puts version 1.0 back. It leaves the rollback RPMS hanging around and if you don't delete them, your next upgrade of prog-1.0 will fail to generate the rollback packages with an error like.
--------------------------------------------------------------------
Warning: The following packages are being updated, but these packages
have already been repackaged and this is currently not supported.
Repackage support for this transaction has been disabled.
--------------------------------------------------------------------
And now you have no rollback available, but the previous rollback packages have been removed!!
So remember, manually remove your rollback packages after you have performed a rollback.

This is fixed, but I forget in which version...

James Olin Oden's picture

I fixed this in the HEAD of rpm about a your ago. That said, I don't know which official versions have this fix. Basically, the rollback needed to remove the repackaged packages that it used in the rollback. If your current version of RPM does not do this, I can probably produce a patch pretty quickly.

Finally, just so you know, the latest version of RPM will have several fixes for transactional rollbacks (all done by Jeff Johnson), and will have the latest autorollback patches in it. This will be the 4.4.3 release of rpm. There are many other fixes and features.

Cheers...james

Re: Transactions and Rollback with RPM

Pedro Algarvio's picture

Couldn't this rollback feature automaticly remove the rolled back package?

Anyone, a patch?

I would do it if I could....

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix