Linux系统运维日志

为服务器打补丁是 Linux 系统管理员的一项重要任务，为的是让系统更加稳定，性能更加优化。厂商经常会发布一些安全/高危的补丁包，相关软件需要升级以防范潜在的安全风险。

Yum （Yellowdog Update Modified） 是 CentOS 和 RedHat 系统上用的 RPM 包管理工具，yum history 命令允许系统管理员将系统回滚到上一个状态，但由于某些限制，回滚不是在所有情况下都能成功，有时 yum 命令可能什么都不做，有时可能会删掉一些其他的包。

我建议你在升级之前还是要做一个完整的系统备份，而 yum history 并不能用来替代系统备份的。系统备份能让你将系统还原到任意时候的节点状态。

某些情况下，安装的应用程序在升级了补丁之后不能正常工作或者出现一些错误（可能是由于库不兼容或者软件包升级导致的），那该怎么办呢？

与应用开发团队沟通，并找出导致库和软件包的问题所在，然后使用 yum history 命令进行回滚。

注意：

• 它不支持回滚 selinux，selinux-policy-*，kernel，glibc （以及依赖 glibc 的包，比如 gcc）。
• 不建议将系统降级到更低的版本（比如 CentOS 6.9 降到 CentOS 6.8），这会导致系统处于不稳定的状态
  让我们先来看看系统上有哪些包可以升级，然后挑选出一些包来做实验。

#yum update
Loaded plugins: fastestmirror, security
Setting up UpdateProcess
Loading mirror speeds from cached hostfile
epel/metalink |12 kB 00:00
* epel: mirror.csclub.uwaterloo.ca
base |3.7 kB 00:00
dockerrepo |2.9 kB 00:00
draios |2.9 kB 00:00
draios/primary_db |13 kB 00:00
epel |4.3 kB 00:00
epel/primary_db |5.9 MB 00:00
extras |3.4 kB 00:00
updates |3.4 kB 00:00
updates/primary_db |2.5 MB 00:00
ResolvingDependencies
-->Running transaction check
--->Packagegit.x86_64 0:1.7.1-8.el6 will be updated
--->Packagegit.x86_64 0:1.7.1-9.el6_9 will be an update
--->Package httpd.x86_64 0:2.2.15-60.el6.centos.4 will be updated
--->Package httpd.x86_64 0:2.2.15-60.el6.centos.5 will be an update
--->Package httpd-tools.x86_64 0:2.2.15-60.el6.centos.4 will be updated
--->Package httpd-tools.x86_64 0:2.2.15-60.el6.centos.5 will be an update
--->Package perl-Git.noarch 0:1.7.1-8.el6 will be updated
--->Package perl-Git.noarch 0:1.7.1-9.el6_9 will be an update
-->FinishedDependencyResolution
DependenciesResolved
=================================================================================================
PackageArchVersionRepositorySize
=================================================================================================
Updating:
git x86_64 1.7.1-9.el6_9 updates 4.6 M
httpd x86_64 2.2.15-60.el6.centos.5 updates 836 k
httpd-tools x86_64 2.2.15-60.el6.centos.5 updates 80 k
perl-Git noarch 1.7.1-9.el6_9 updates 29 k
TransactionSummary
=================================================================================================
Upgrade4Package(s)
Total download size:5.5 M
Isthis ok [y/N]: n

你会发现 git 包可以被升级，那我们就用它来实验吧。运行下面命令获得软件包的版本信息（当前安装的版本和可以升级的版本）。

#yumlistgit
Loaded plugins: fastestmirror, security
Setting up UpdateProcess
Loading mirror speeds from cached hostfile
* epel: mirror.csclub.uwaterloo.ca
InstalledPackages
git.x86_64 1.7.1-8.el6@base
AvailablePackages
git.x86_64 1.7.1-9.el6_9 updates

运行下面命令来将 git 从 1.7.1-8 升级到 1.7.1-9。

#yum update git
Loaded plugins: fastestmirror, presto
Setting up UpdateProcess
Loading mirror speeds from cached hostfile
* base: repos.lax.quadranet.com
* epel: Fedora.mirrors.pair.com
* extras: mirrors.seas.harvard.edu
* updates: mirror.sesp.northwestern.edu
ResolvingDependencies
-->Running transaction check
--->Packagegit.x86_64 0:1.7.1-8.el6 will be updated
-->ProcessingDependency:git=1.7.1-8.el6forpackage: perl-Git-1.7.1-8.el6.noarch
--->Packagegit.x86_64 0:1.7.1-9.el6_9 will be an update
-->Running transaction check
--->Package perl-Git.noarch 0:1.7.1-8.el6 will be updated
--->Package perl-Git.noarch 0:1.7.1-9.el6_9 will be an update
-->FinishedDependencyResolution
DependenciesResolved
=================================================================================================
PackageArchVersionRepositorySize
=================================================================================================
Updating:
git x86_64 1.7.1-9.el6_9 updates 4.6 M
Updatingfor dependencies:
perl-Git noarch 1.7.1-9.el6_9 updates 29 k
TransactionSummary
=================================================================================================
Upgrade2Package(s)
Total download size:4.6 M
Isthis ok [y/N]: y
DownloadingPackages:
Setting up and reading Presto delta metadata
Processing delta metadata
Package(s) data still to download:4.6 M
(1/2):git-1.7.1-9.el6_9.x86_64.rpm |4.6 MB 00:00
(2/2): perl-Git-1.7.1-9.el6_9.noarch.rpm |29 kB 00:00
-------------------------------------------------------------------------------------------------
Total5.8 MB/s |4.6 MB 00:00
Running rpm_check_debug
RunningTransactionTest
TransactionTestSucceeded
RunningTransaction
Updating: perl-Git-1.7.1-9.el6_9.noarch1/4
Updating:git-1.7.1-9.el6_9.x86_64 2/4
Cleanup: perl-Git-1.7.1-8.el6.noarch3/4
Cleanup:git-1.7.1-8.el6.x86_64 4/4
Verifying:git-1.7.1-9.el6_9.x86_64 1/4
Verifying: perl-Git-1.7.1-9.el6_9.noarch2/4
Verifying:git-1.7.1-8.el6.x86_64 3/4
Verifying: perl-Git-1.7.1-8.el6.noarch4/4
Updated:
git.x86_64 0:1.7.1-9.el6_9
DependencyUpdated:
perl-Git.noarch 0:1.7.1-9.el6_9
Complete!

验证升级后的 git 版本.

#yumlistgit
InstalledPackages
git.x86_64 1.7.1-9.el6_9@updates
或
# rpm -q git
git-1.7.1-9.el6_9.x86_64

现在我们成功升级这个软件包，可以对它进行回滚了。步骤如下。

使用 YUM history 命令回滚升级操作

首先，使用下面命令获取 yum 操作的 id。下面的输出很清晰地列出了所有需要的信息，例如操作 id、谁做的这个操作（用户名）、操作日期和时间、操作的动作（安装还是升级）、操作影响的包数量。

#yum history
或
#yum history list all
Loaded plugins: fastestmirror, presto
ID |Login user |Dateandtime|Action(s)|Altered
-------------------------------------------------------------------------------
13| root |2017-08-1813:30|Update|2
12| root |2017-08-1007:46|Install|1
11| root |2017-07-2817:10| E, I, U |28 EE
10| root |2017-04-2109:16| E, I, U |162 EE
9| root |2017-02-0917:09| E, I, U |20 EE
8| root |2017-02-0210:45|Install|1
7| root |2016-12-1506:48|Update|1
6| root |2016-12-1506:43|Install|1
5| root |2016-12-0210:28| E, I, U |23 EE
4| root |2016-10-2805:37| E, I, U |13 EE
3| root |2016-10-1812:53|Install|1
2| root |2016-09-3010:28| E, I, U |31 EE
1| root |2016-07-2611:40| E, I, U |160 EE

上面命令显示有两个包受到了影响，因为 git 还升级了它的依赖包 perl-Git。 运行下面命令来查看关于操作的详细信息。

#yum history info13
Loaded plugins: fastestmirror, presto
Transaction ID :13
Begintime:FriAug1813:30:522017
Begin rpmdb :420:f5c5f9184f44cf317de64d3a35199e894ad71188
Endtime:13:30:542017(2 seconds)
End rpmdb :420:d04a95c25d4526ef87598f0dcaec66d3f99b98d4
User: root
Return-Code:Success
CommandLine: update git
Transaction performed with:
Installed rpm-4.8.0-55.el6.x86_64 @base
Installedyum-3.2.29-81.el6.centos.noarch @base
Installedyum-plugin-fastestmirror-1.1.30-40.el6.noarch@base
Installedyum-presto-0.6.2-1.el6.noarch@anaconda-CentOS-201207061011.x86_64/6.3
PackagesAltered:
Updatedgit-1.7.1-8.el6.x86_64 @base
Update1.7.1-9.el6_9.x86_64 @updates
Updated perl-Git-1.7.1-8.el6.noarch@base
Update1.7.1-9.el6_9.noarch@updates
history info

运行下面命令来回滚 git 包到上一个版本。

#yum history undo 13
Loaded plugins: fastestmirror, presto
Undoing transaction 53,fromFriAug1813:30:522017
Updatedgit-1.7.1-8.el6.x86_64 @base
Update1.7.1-9.el6_9.x86_64 @updates
Updated perl-Git-1.7.1-8.el6.noarch@base
Update1.7.1-9.el6_9.noarch@updates
Loading mirror speeds from cached hostfile
* base: repos.lax.quadranet.com
* epel: fedora.mirrors.pair.com
* extras: repo1.dal.innoscale.net
* updates: mirror.vtti.vt.edu
ResolvingDependencies
-->Running transaction check
--->Packagegit.x86_64 0:1.7.1-8.el6 will be a downgrade
--->Packagegit.x86_64 0:1.7.1-9.el6_9 will be erased
--->Package perl-Git.noarch 0:1.7.1-8.el6 will be a downgrade
--->Package perl-Git.noarch 0:1.7.1-9.el6_9 will be erased
-->FinishedDependencyResolution
DependenciesResolved
=================================================================================================
PackageArchVersionRepositorySize
=================================================================================================
Downgrading:
git x86_64 1.7.1-8.el6 base 4.6 M
perl-Git noarch 1.7.1-8.el6 base 29 k
TransactionSummary
=================================================================================================
Downgrade2Package(s)
Total download size:4.6 M
Isthis ok [y/N]: y
DownloadingPackages:
Setting up and reading Presto delta metadata
Processing delta metadata
Package(s) data still to download:4.6 M
(1/2):git-1.7.1-8.el6.x86_64.rpm |4.6 MB 00:00
(2/2): perl-Git-1.7.1-8.el6.noarch.rpm |29 kB 00:00
-------------------------------------------------------------------------------------------------
Total3.4 MB/s |4.6 MB 00:01
Running rpm_check_debug
RunningTransactionTest
TransactionTestSucceeded
RunningTransaction
Installing: perl-Git-1.7.1-8.el6.noarch1/4
Installing:git-1.7.1-8.el6.x86_64 2/4
Cleanup: perl-Git-1.7.1-9.el6_9.noarch3/4
Cleanup:git-1.7.1-9.el6_9.x86_64 4/4
Verifying:git-1.7.1-8.el6.x86_64 1/4
Verifying: perl-Git-1.7.1-8.el6.noarch2/4
Verifying:git-1.7.1-9.el6_9.x86_64 3/4
Verifying: perl-Git-1.7.1-9.el6_9.noarch4/4
Removed:
git.x86_64 0:1.7.1-9.el6_9 perl-Git.noarch 0:1.7.1-9.el6_9
Installed:
git.x86_64 0:1.7.1-8.el6 perl-Git.noarch 0:1.7.1-8.el6
Complete!

回滚后，使用下面命令来检查降级包的版本。

#yumlistgit
或
# rpm -q git
git-1.7.1-8.el6.x86_64

使用YUM downgrade 命令回滚升级

此外，我们也可以使用 YUM downgrade 命令回滚升级。

#yum downgrade git-1.7.1-8.el6 perl-Git-1.7.1-8.el6
Loaded plugins: search-disabled-repos, security, ulninfo
Setting up DowngradeProcess
ResolvingDependencies
-->Running transaction check
--->Packagegit.x86_64 0:1.7.1-8.el6 will be a downgrade
--->Packagegit.x86_64 0:1.7.1-9.el6_9 will be erased
--->Package perl-Git.noarch 0:1.7.1-8.el6 will be a downgrade
--->Package perl-Git.noarch 0:1.7.1-9.el6_9 will be erased
-->FinishedDependencyResolution
DependenciesResolved
=================================================================================================
PackageArchVersionRepositorySize
=================================================================================================
Downgrading:
git x86_64 1.7.1-8.el6 base 4.6 M
perl-Git noarch 1.7.1-8.el6 base 29 k
TransactionSummary
=================================================================================================
Downgrade2Package(s)
Total download size:4.6 M
Isthis ok [y/N]: y
DownloadingPackages:
(1/2):git-1.7.1-8.el6.x86_64.rpm |4.6 MB 00:00
(2/2): perl-Git-1.7.1-8.el6.noarch.rpm |28 kB 00:00
-------------------------------------------------------------------------------------------------
Total3.7 MB/s |4.6 MB 00:01
Running rpm_check_debug
RunningTransactionTest
TransactionTestSucceeded
RunningTransaction
Installing: perl-Git-1.7.1-8.el6.noarch1/4
Installing:git-1.7.1-8.el6.x86_64 2/4
Cleanup: perl-Git-1.7.1-9.el6_9.noarch3/4
Cleanup:git-1.7.1-9.el6_9.x86_64 4/4
Verifying:git-1.7.1-8.el6.x86_64 1/4
Verifying: perl-Git-1.7.1-8.el6.noarch2/4
Verifying:git-1.7.1-9.el6_9.x86_64 3/4
Verifying: perl-Git-1.7.1-9.el6_9.noarch4/4
Removed:
git.x86_64 0:1.7.1-9.el6_9 perl-Git.noarch 0:1.7.1-9.el6_9
Installed:
git.x86_64 0:1.7.1-8.el6 perl-Git.noarch 0:1.7.1-8.el6
Complete!

注意： 你也需要降级依赖包，否则它会删掉当前版本的依赖包而不是对依赖包做降级，因为 downgrade 命令无法处理依赖关系。

至于 Fedora 用户

命令是一样的，只需要将包管理器名称从 yum 改成 dnf 就行了。

# dnf listgit
# dnf history
# dnf history info
# dnf history undo
# dnf listgit
# dnf downgrade git-1.7.1-8.el6 perl-Git-1.7.1-8.el6