wikis.sun.com, Whats New in Patching
Patch Check Advanced (pca) generates lists of installed and missing patches for Sun Solaris systems and optionally downloads patches. It resolves dependencies between patches and installs them in correct order. It can be the only tool you ever need for patch management on a single machine or a complete network. Just one perl script, it doesn't need compilation nor installation, and it doesn't need root permissions to run. It works on all versions of Solaris, both SPARC and x86.
Solaris Zones Parallel Patching
Installing the Recommended Patch Cluster With Zones Parallel Patching
Solaris zone in mounted state
This table shows the behavior of packaging in a zone environment, with variances based on variable settings. (Based on the chart in "Bringing Your Application Into the Zone" document.)
SUNW_PKG_ALLZONES
false
SUNW_PKG_HOLLOW
false
SUNW_PKG_THISZONE
false
|
Add to gz, current lz and future lz |
Add to gz only, not to current or future lz |
|
|
SUNW_PKG_ALLZONES
true
SUNW_PKG_HOLLOW
false
SUNW_PKG_THISZONE
false
|
Add to gz, current lz and future lz |
|
|
|
SUNW_PKG_ALLZONES
true
SUNW_PKG_HOLLOW
true
SUNW_PKG_THISZONE
false
|
Add to gz Add to pkginfo db in current and future lz |
|
|
|
SUNW_PKG_ALLZONES
true
SUNW_PKG_HOLLOW
true
SUNW_PKG_THISZONE
true
|
Invalid option combination |
Invalid option combination |
Invalid option combination |
Invalid option combination |
SUNW_PKG_ALLZONES
false
SUNW_PKG_HOLLOW
true
SUNW_PKG_THISZONE
false
|
Invalid option combination |
Invalid option combination |
Invalid option combination |
Invalid option combination |
SUNW_PKG_ALLZONES
false
SUNW_PKG_HOLLOW
true
SUNW_PKG_THISZONE
true
|
Invalid option combination |
Invalid option combination |
Invalid option combination |
Invalid option combination |
SUNW_PKG_ALLZONES
false
SUNW_PKG_HOLLOW
false
SUNW_PKG_THISZONE
true
|
Add to gz only, not to current or future lz |
Add to gz only, not to current or future lz |
|
|
SUNW_PKG_ALLZONES
true
SUNW_PKG_HOLLOW
false
SUNW_PKG_THISZONE
true
|
Invalid option combination |
Invalid option combination |
Invalid option combination |
Invalid option combination |
|
Legend:
gz = global zone
lz = non-global zone
An "invalid option combination" means the package attribute settings do not make sense - not all possible combinations of settings for these three attributes are legal. They should be caught by pkgmk(1M) and the package should not be created.
An "operation not allowed" means the pkgadd command will output an error message and fail to add the packages based on the combination of command line options, package attribute settings, and the type of zone pkgadd is being run in.
Using Live Upgrade to patch a system with Zones on a ZFS boot file system
Current ZFS listing of file systems
ultra20:/> zfs list
NAME USED AVAIL REFER MOUNTPOINT
rpool 10.2G 136G 39K /rpool
rpool/ROOT 7.12G 136G 18K legacy
rpool/ROOT/09.03.22 7.12G 136G 6.08G /
rpool/ROOT/09.03.22/zones 1.04G 136G 21K /zones
rpool/ROOT/09.03.22/zones/zone1 1.04G 136G 1.04G /zones/zone1
rpool/dump 1.00G 136G 1.00G -
rpool/export 52.1M 136G 51.8M /export
rpool/export/home 258K 136G 258K /export/home
rpool/swap 2.00G 138G 16K -
The patch location
ultra20:/> ls /var/tmp/patch
118668-19 119247-35 121431-37 138372-06 141105-01
118669-19 120095-22 123896-10 140682-02
Create a new BE
ultra20:/> lucreate -n 09.03.28
Checking GRUB menu...
System has findroot enabled GRUB
Analyzing system configuration.
Comparing source boot environment <09.03.22> file systems with the file
system(s) you specified for the new boot environment. Determining which
file systems should be in the new boot environment.
Updating boot environment description database on all BEs.
Updating system configuration files.
Creating configuration for boot environment <09.03.28>.
Source boot environment is <09.03.22>.
Creating boot environment <09.03.28>.
Cloning file systems from boot environment <09.03.22> to create boot environment
<09.03.28>.
Creating snapshot for <rpool/ROOT/09.03.22> on <rpool/ROOT/09.03.22@09.03.28>.
Creating clone for <rpool/ROOT/09.03.22@09.03.28> on <rpool/ROOT/09.03.28>.
Setting canmount=noauto for </> in zone <global> on <rpool/ROOT/09.03.28>.
Creating snapshot for <rpool/ROOT/09.03.22/zones> on <rpool/ROOT/09.03.22/zones@09.03.28>.
Creating clone for <rpool/ROOT/09.03.22/zones@09.03.28> on <rpool/ROOT/09.03.28/zones>.
Setting canmount=noauto for </zones> in zone <global> on <rpool/ROOT/09.03.28/zones>.
Creating snapshot for <rpool/ROOT/09.03.22/zones/zone1> on <rpool/ROOT/09.03.22/zones/zone1@09.03.28>.
Creating clone for <rpool/ROOT/09.03.22/zones/zone1@09.03.28> on <rpool/ROOT/09.03.28/zones/zone1-09.03.28>.
Saving existing file </boot/grub/menu.lst> in top level dataset for BE <09.03.28> as <mount-point>//boot/grub/menu.lst.prev.
File </boot/grub/menu.lst> propagation successful
Copied GRUB menu from PBE to ABE
No entry for BE <09.03.28> in GRUB menu
Population of boot environment <09.03.28> successful.
Creation of boot environment <09.03.28> successful.
Verify the status of the BE
ultra20:/> lustatus
Boot Environment Is Active Active Can Copy
Name Complete Now On Reboot Delete Status
-------------------------- -------- ------ --------- ------ ----------
09.03.22 yes yes yes no -
09.03.28 yes no no yes -
ultra20:/> zoneadm list -cv
ID NAME STATUS PATH BRAND IP
0 global running / native shared
1 zone1 running /zones/zone1 native shared
Use the luupgrade command to patch the the new BE
ultra20:/> luupgrade -t -n 09.03.28 -s /var/tmp/patch
System has findroot enabled GRUB
No entry for BE <09.03.28> in GRUB menu
Validating the contents of the media .
The media contains 9 software patches that can be added.
All 9 patches will be added because you did not specify any specific patches to add.
Mounting the BE <09.03.28>.
Adding patches to the BE <09.03.28>.
Validating patches...
Loading patches installed on the system...
Done!
The following requested patches have packages not installed on the system
Package SUNWj5jmp from directory SUNWj5jmp in patch 118668-19 is not
installed on the system. Changes for package SUNWj5jmp will not be applied
to the system.
Checking patches that you specified for installation.
Done!
Approved patches will be installed in this order:
118668-19 118669-19 119247-35 120095-22 121431-37 123896-10 138372-06 140682-02
141105-01
Preparing checklist for non-global zone check...
Checking non-global zones...
This patch passes the non-global zone check.
118668-19 118669-19 119247-35 120095-22 121431-37 123896-10 138372-06 140682-02
141105-01
Summary for zones:
Zone zone1
Rejected patches:
None.
Patches that passed the dependency check:
118668-19 118669-19 119247-35 120095-22 121431-37 123896-10 138372-06 140682-02
141105-01
Patching global zone
Adding patches...
Checking installed patches...
Verifying sufficient filesystem capacity (dry run method)...
Installing patch packages...
Patch 118668-19 has been successfully installed.
See /a/var/sadm/patch/118668-19/log for details
Patch packages installed:
SUNWj5cfg
SUNWj5dev
SUNWj5dmo
SUNWj5man
SUNWj5rt
Done!
Patching non-global zones...
Patching zone zone1
Adding patches...
Checking installed patches...
Verifying sufficient filesystem capacity (dry run method)...
Installing patch packages...
Patch 118668-19 has been successfully installed.
See /a/var/sadm/patch/118668-19/log for details
...
Patching global zone
Adding patches...
Checking installed patches...
Verifying sufficient filesystem capacity (dry run method)...
Installing patch packages...
Patch 141105-01 has been successfully installed.
See /a/var/sadm/patch/141105-01/log for details
Patch packages installed:
SUNWzfsgu
Done!
Patching non-global zones...
Patching zone zone1
Adding patches...
Checking installed patches...
Verifying sufficient filesystem capacity (dry run method)...
Installing patch packages...
Patch 141105-01 has been successfully installed.
See /a/var/sadm/patch/141105-01/log for details
Patch packages installed:
SUNWzfsgu
Done!
Unmounting the BE <09.03.28>.
The patch add to the BE <09.03.28> completed.
Activate the BE
ultra20:/> luactivate -n 09.03.28
System has findroot enabled GRUB
Generating boot-sign, partition and slice information for PBE <09.03.22>
A Live Upgrade Sync operation will be performed on startup of boot
environment <09.03.28>.
Generating boot-sign for ABE <09.03.28>
Saving existing file </etc/bootsign> in top level dataset for BE
<09.03.28> as <mount-point>//etc/bootsign.prev.
Generating partition and slice information for ABE <09.03.28>
Copied boot menu from top level dataset.
Generating multiboot menu entries for PBE.
Generating multiboot menu entries for ABE.
Disabling splashimage
Re-enabling splashimage
No more bootadm entries. Deletion of bootadm entries is complete.
GRUB menu default setting is unaffected
Done eliding bootadm entries.
**********************************************************************
The target boot environment has been activated. It will be used when you
reboot. NOTE: You MUST NOT USE the reboot, halt, or uadmin commands. You
MUST USE either the init or the shutdown command when you reboot. If you
do not use either init or shutdown, the system will not boot using the
target BE.
**********************************************************************
In case of a failure while booting to the target BE, the following process
needs to be followed to fallback to the currently working boot environment:
1. Boot from Solaris failsafe or boot in single user mode from the Solaris
Install CD or Network.
2. Mount the Parent boot environment root slice to some directory (like
/mnt). You can use the following command to mount:
mount -Fzfs /dev/dsk/c1t0d0s0 /mnt
3. Run <luactivate> utility with out any arguments from the Parent boot
environment root slice, as shown below:
/mnt/sbin/luactivate
4. luactivate, activates the previous working boot environment and
indicates the result.
5. Exit Single User mode and reboot the machine.
**********************************************************************
Modifying boot archive service
Propagating findroot GRUB for menu conversion.
File </etc/lu/installgrub.findroot> propagation successful
File </etc/lu/stage1.findroot> propagation successful
File </etc/lu/stage2.findroot> propagation successful
File </etc/lu/GRUB_capability> propagation successful
Deleting stale GRUB loader from all BEs.
File </etc/lu/installgrub.latest> deletion successful
File </etc/lu/stage1.latest> deletion successful
File </etc/lu/stage2.latest> deletion successful
Activation of boot environment <09.03.28> successful.
Reboot the newly activated BE
ultra20:/> init 6
Log in and verify the system
login as: root
Using keyboard-interactive authentication.
Password:
Last login: Sat Mar 28 19:45:41 2009 from 192.168.1.44
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
good evenin' root
ultra20:/> lustatus
Boot Environment Is Active Active Can Copy
Name Complete Now On Reboot Delete Status
-------------------------- -------- ------ --------- ------ ----------
09.03.22 yes no no yes -
09.03.28 yes yes yes no -
ultra20:/> zfs list
NAME USED AVAIL REFER MOUNTPOINT
rpool 10.7G 135G 41K /rpool
rpool/ROOT 7.60G 135G 18K legacy
rpool/ROOT/09.03.22 14.5M 135G 6.08G /
rpool/ROOT/09.03.22/zones 4.47M 135G 21K /zones
rpool/ROOT/09.03.22/zones/zone1-09.03.22 4.46M 135G 1.04G /zones/zone1-09.03.22
rpool/ROOT/09.03.28 7.59G 135G 6.27G /
rpool/ROOT/09.03.28@09.03.28 259M - 6.08G -
rpool/ROOT/09.03.28/zones 1.06G 135G 21K /zones
rpool/ROOT/09.03.28/zones@09.03.28 19K - 21K -
rpool/ROOT/09.03.28/zones/zone1 1.06G 135G 1.04G /zones/zone1
rpool/ROOT/09.03.28/zones/zone1@09.03.28 18.7M - 1.04G -
rpool/dump 1.00G 135G 1.00G -
rpool/export 52.1M 135G 51.8M /export
rpool/export/home 258K 135G 258K /export/home
rpool/swap 2.00G 137G 16K -
After verifing the new BE you can remove the old BE
ultra20:/> ludelete -n 09.03.22
System has findroot enabled GRUB
Checking if last BE on any disk...
BE <09.03.22> is not the last BE on any disk.
Updating GRUB menu default setting
Changing GRUB menu default setting to <1>
Saving existing file in top level dataset for BE <09.03.28> as <mount-point>//boot/grub/menu.lst.prev.
File </etc/lu/GRUB_backup_menu> propagation successful
Successfully deleted entry from GRUB menu
Determining the devices to be marked free.
Updating boot environment configuration database.
Updating boot environment description database on all BEs.
Updating all boot environment configuration databases.
Boot environment <09.03.22> deleted.
