Solaris OS patching has been moved far away from the traditional methods from Solaris 10 on-wards.We no need to bring down the server to single user mode if you are using live upgrade method during pathing and before choosing live upgrade ,make sure you are using ZFS as a root filesystem.For you information,from Solaris 11 onward,ZFS will be the default root filesystem. In other-words, if the system’s root filesystem is ZFS ,then you have to use liveupgrade and no other way to do it.
This patching activity can be performed while server is in production since we are installing the patches on alternative boot environment.
This patching activity can be performed while server is in production since we are installing the patches on alternative boot environment.
Here I am sharing the experience my experience with Liveupgrade.W have to make sure that there is enough space left on the servers for OS patching in root FS.
The first step will be creating new boot environment for OS patching and i am giving new BE name as SOL_2012Q1.
bash Global> lucreate -n SOL_2012Q1
Checking GRUB menu...
System has findroot enabled GRUB
Analyzing system configuration.
Comparing source boot environment file systems with the
file system(s) you specified for the new boot environment. Determining
which file systems should be in the new boot environment.
Updating boot environment description database on all BEs.
Updating system configuration files.
Creating configuration for boot environment .
Source boot environment is .
Creating boot environment .
Cloning file systems from boot environment to create boot environment .
Creating snapshot for on .
Creating clone for on .
Setting canmount=noauto for </> in zone on .
Creating snapshot for on .
Creating clone for on .
Setting canmount=noauto for
in zone on .
Creating snapshot for on .
Creating clone for on .
Creating snapshot for on .
Creating clone for on .
Creating snapshot for on .
Creating clone for on .
WARNING: split filesystem </> file system type cannot inherit
mount point options <-> from parent filesystem </> file
type <-> because the two file systems have different types.
Saving existing file in top level dataset for BE as //boot/grub/menu.lst.prev.
Saving existing file in top level dataset for BE as //boot/grub/menu.lst.prev.
File propagation successful
Copied GRUB menu from PBE to ABE
No entry for BE in GRUB menu
Population of boot environment successful.
Creation of boot environment successful.
Checking the boot environment status:
bash Global> lustatus
Boot Environment Is Active Active Can Copy
Name Complete Now On Reboot Delete Status
-------------------------- -------- ------ --------- ------ ----------
s10x_u8wos_08a yes yes yes no -
SOL_2012Q1 yes no no yes -
Here I am manually mounting the newly created boot environment
bash Global> lumount SOL_2012Q1
/.alt.SOL_2012Q1
bash Global> cd /.alt.SOL_2012Q1/etc/
Here we have to make sure, that global zone should be in installed status .Otherwise Liveupgrade will through some error while patching.
bash Global> cat index
#zones/index
# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# ident "@(#)zones-index 1.2 04/04/01 SMI"
#
# DO NOT EDIT: this file is automatically generated by zoneadm(1M)
# and zonecfg(1M). Any manual changes will be lost.
#
global:installed:/
locolzone-1:installed:/export/zones/locolzone-1-SOL_2012Q1:05357c8b-6c5e-6453-8e33-f610720b7cc6
locolzone-2:installed:/export/zones/locolzone-2-SOL_2012Q1:69077a91-e14c-6909-8dd2-d54897dc3dc7
locolzone-3:installed:/export/zones/locolzone-3-SOL_2012Q1:c668ae3d-1a2c-4fb3-a2de-f1e05a2f9505
bash Global> cd
Un-mounting the Alternate boot environment:
bash Global> luumount SOL_2012Q1
Just navigating to the patch cluster directory. This directory should be in 777 permission. Because while installing the patches system is not only using user “root”. There are some other users like “other” also be used for patching. So this directory should be readable to other users.
bash Global>cd /var/tmp/2012Q1
bash Global> ls -l
total 3227479
drwxr-xr-x 3 root root 11 Jan 5 22:55 10_x86_Recommended
-rw-r--r-- 1 root root 1651212007 Apr 28 21:33 10_x86_Recommended_2012Q1.zip
bash Global> cd 10_x86_Recommended
bash Global> ls -l
total 593
-r--r--r-- 1 root root 56419 Jan 5 22:50 10_x86_Recommended.README
-r--r--r-- 1 root root 98586 Jan 5 22:50 10_x86_Recommended.html
-r--r--r-- 1 root root 7625 Jan 5 22:50 Copyright
-r--r--r-- 1 root root 18775 Jan 5 22:50 LEGAL_LICENSE.TXT
lrwxrwxrwx 1 root root 15 Apr 28 21:51 installcluster -> installpatchset
-r-xr-xr-x 1 root root 99565 Jan 5 22:50 installpatchset
-r--r--r-- 1 root root 3080 Jan 5 22:50 patch_order
drwxr-xr-x 310 root root 311 Jan 5 22:50 patches
-r--r--r-- 1 root root 4808 Jan 5 22:50 patchset.conf
Installing prerequest patchset:
bash Global> ./installpatchset --apply-prereq --s10patchset
Setup ..
Recommended OS Patchset Solaris 10 x86 (2012.01.05)
Application of patches started : 2012.04.28 22:11:20
Application of patches finished : 2012.04.28 22:11:20
Insufficient free swap available to complete installation of this patch set.
Additional free swap is required to proceed applying further patches. To
increase the available free swap, either add new storage resources to swap
pool, or reboot the system. This script may then be rerun to continue
installation of the patch set.
Install log files written :
/var/sadm/install_data/s10x_rec_patchset_short_2012.04.28_22.11.20.log
/var/sadm/install_data/s10x_rec_patchset_verbose_2012.04.28_22.11.20.log
So prerequisite patches failed due to insufficient swap space.
bash Global> swap -l
swapfile dev swaplo blocks free
/dev/zvol/dsk/rpool/swap 181,1 8 4194296 4194296
Ohh…it is failed due to insufficient swap space:
bash Global> zfs create -V 5gb rpool/swap1
bash Global> swap -a /dev/zvol/dsk/rpool/swap1
bash Global> swap -l
swapfile dev swaplo blocks free
/dev/zvol/dsk/rpool/swap 181,1 8 4194296 4194296
/dev/zvol/dsk/rpool/swap1 181,3 8 10485752 10485752
bash Global>./installpatchset --apply-prereq --s10patchset
Setup ..
Recommended OS Patchset Solaris 10 x86 (2012.01.05)
Application of patches started : 2012.04.28 22:16:07
Applying 120901-03 ( 1 of 11) ... skipped
Applying 121334-04 ( 2 of 11) ... skipped
Applying 119255-82 ( 3 of 11) ... success
Applying 119318-01 ( 4 of 11) ... skipped
Applying 121297-01 ( 5 of 11) ... skipped
Applying 138216-01 ( 6 of 11) ... skipped
Applying 147062-01 ( 7 of 11) ... success
Applying 146956-01 ( 8 of 11) ... success
Applying 146055-05 ( 9 of 11) ... success
Applying 142252-02 (10 of 11) ... success
Applying 125556-11 (11 of 11) ... success
Application of patches finished : 2012.04.28 22:17:14
Following patches were applied :
119255-82 146956-01 146055-05 142252-02 125556-11
147062-01
Following patches were skipped :
Patches already applied
120901-03 121334-04 119318-01 121297-01 138216-01
Installation of prerequisite patches complete.
Install log files written :
/var/sadm/install_data/s10x_rec_patchset_short_2012.04.28_22.16.07.log
/var/sadm/install_data/s10x_rec_patchset_verbose_2012.04.28_22.16.07.log
bash Global> ./installpatchset --s10patchset -B SOL_2012Q1
Setup ..
Recommended OS Patchset Solaris 10 x86 (2012.01.05)
Application of patches started : 2012.04.28 22:17:35
Applying 120901-03 ( 1 of 308) ... skipped
Applying 121334-04 ( 2 of 308) ... skipped
Applying 119255-82 ( 3 of 308) ... success
Applying 119318-01 ( 4 of 308) ... skipped
Applying 121297-01 ( 5 of 308) ... skipped
Applying 138216-01 ( 6 of 308) ... skipped
Applying 147062-01 ( 7 of 308) ... success
<<<<<<<<<<<<>>>>>>>>>>>>>>
Applying 121119-16 ( 27 of 308) ... skipped
Applying 118844-20 ( 28 of 308) ... skipped
Applying 118855-36 ( 29 of 308) ... skipped
Applying 118919-21 ( 30 of 308) ... skipped
Applying 119060-59 ( 31 of 308) ... failed
Application of patches finished : 2012.04.28 22:25:42
Following patches were applied :
119255-82 146956-01 142252-02 118668-34 118778-14
147062-01 146055-05 125556-11 118669-34 140861-02
Following patches were skipped :
Patches already applied
120901-03 138216-01 118344-14 138218-01 121119-16
121334-04 140797-01 118368-04 121454-02 118855-36
119318-01 113000-07 121264-01 121454-02 118919-21
121297-01 117435-02 123840-04
Patches obsoleted by one or more patches already applied
118844-20
Patches not applicable to packages on the system
121182-05
Following patch failed to apply :
119060-59
Aborting due to failure while applying patch 119060-59.
Application of this patch should have succeeded - this failure is unexpected.
Please assess cause of failure and verify system integrity before proceeding.
Install log files written :
/.alt.SOL_2012Q1/var/sadm/install_data/s10x_rec_patchset_short_2012.04.28_22.17.35.log
/.alt.SOL_2012Q1/var/sadm/install_data/s10x_rec_patchset_verbose_2012.04.28_22.17.35.log
/.alt.SOL_2012Q1/var/sadm/install_data/s10x_rec_patchset_failed_2012.04.28_22.17.35.log
/.alt.SOL_2012Q1/var/sadm/install_data/_patchadd_2012.04.28_22.17.35.log
/.alt.SOL_2012Q1/var/sadm/install_data/_patchadd_subproc_2012.04.28_22.17.35.log
After reading the logs, I found group called “other” is missing on one of the local zones.
Error:
-More--(87%)
pkgadd: ERROR: unable to create package object </.alt.SOL_2012Q1/usr/lib/amd64/pkgconfig>.
--More--(89%)
group name not found in group table(s)
--More--(90%)
pkgadd: ERROR: unable to create package object </.alt.SOL_2012Q1/usr/lib/pkgconfig>.
--More--(92%)
group name not found in group table(s)
--More--(93%)
ERROR: attribute verification of </.alt.SOL_2012Q1/usr/lib/amd64/pkgconfig> failed
--More--(95%)
group name not found in group table(s)
--More--(96%)
ERROR: attribute verification of </.alt.SOL_2012Q1/usr/lib/pkgconfig> failed
--More--(97%)
group name not found in group table(s)
After adding the group “other” to those missing localzones:
Global> ./installpatchset --s10patchset -B SOL_2012Q1
Setup ..
Recommended OS Patchset Solaris 10 x86 (2012.01.05)
Application of patches started : 2012.04.28 22:44:42
Applying 120901-03 ( 1 of 308) ... skipped
Applying 121334-04 ( 2 of 308) ... skipped
<<<<<<<<<<<<<>>>>>>>>>>>>>
Applying 147379-01 (303 of 308) ... success
Applying 147435-01 (304 of 308) ... success
Applying 147441-09 (305 of 308) ... success
Applying 147702-01 (306 of 308) ... success
Applying 147989-01 (307 of 308) ... success
Applying 148064-01 (308 of 308) ... success
Application of patches finished : 2012.04.28 23:38:10
Following patches were applied :
119060-59 121429-15 138194-04 143646-16 145020-01
<<<<<<<<<>>>>>>>>>>>
120754-09 138097-02 143644-04 145007-02 148064-01
121309-20
Following patches were skipped :
Patches already applied
120901-03 119131-33 120720-02 128311-01 138853-01
<<<<<<<<<>>>>>>>>>>>>>>>>>>>
119082-25 120349-03 127764-01 138650-01 142530-01
119116-35 121976-01 128293-01 138767-01 142544-01
Patches obsoleted by one or more patches already applied
118844-20 124205-05 122661-08 119369-04
Patches not applicable to packages on the system
121182-05 121212-02 125671-04 143728-01 145081-05
120413-11 125138-31 137005-09 147218-01 145201-06
120415-27 125139-31 138825-08
Installation of patch set to alternate boot environment complete.
Please remember to activate boot environment SOL_2012Q1 with luactivate(1M) before rebooting.
Install log files written :
/.alt.SOL_2012Q1/var/sadm/install_data/s10x_rec_patchset_short_2012.04.28_22.44.42.log
/.alt.SOL_2012Q1/var/sadm/install_data/s10x_rec_patchset_verbose_2012.04.28_22.44.42.log
bash Global>
Post install:
Run luactivate for SOL_2012Q1 to activate the patched boot environment on system reboot.You should not use “reboot” command instead use “init 6” after activating the BE.
# luactivate SOL_2012Q1
# init 6
Rollback:
If you want to rollback the patching, just activate the old BE using luactivate command and reboot.
#luactivate s10x_u8wos_08a
# init 6
You can keep old boot environment for one or two weeks .If there is no issue after OS patching you can remove the boot environment using ludelete command.
Thank you for reading this article.Please leave a comment if you have any doubt on this.I will get back to you.
Thank you for reading this article.Please leave a comment if you have any doubt on this.I will get back to you.