Solaris 10 05/08 (Update 5) Patch Bundle

Last week, the Solaris 10 05/08 (Update 5) Patch Bundle was released on SunSolve.  The patch bundle provides another option to customers when deciding their patching strategy to maintain their Solaris systems.

What is the Solaris 10 05/08 Patch Bundle ?

The Solaris 10 05/08 Patch Bundle contains the equivalent set of patches contained in the Solaris 10 05/08 (Update 5) release image.

Why use the Solaris 10 05/08 Patch Bundle ?

The Solaris 10 05/08 Patch Bundle was created as a result of direct customer feedback after the Solaris 10 08/07 (Update 4) release.  New hardware may require a specific minimum Solaris 10 Update release such as the Solaris 10 05/08 (Update 5) release.  Some customers may wish to bring their other existing Solaris 10 systems up to the same patch level as the new hardware running Solaris 10 05/08.  The recommended way to do this is to upgrade the existing systems to the Solaris 10 05/08 release using either regular Solaris Upgrade or Solaris Live Upgrade.  But some customers may have policies in place which make it difficult to upgrade but OK to patch a system.  The Solaris 10 05/08 Patch Bundle facilitates such customers to bring their existing systems up to the equivalent patch level to the Solaris 10 05/08 (Update 5) Release.  In theory, this should mean that pre-existing functionality on all of the customers' systems should react the same, warts and all. This makes for a more homogeneous environment which may help lower support costs.

The Solaris 10 Update releases are very intensely tested by a wide variety of QA teams within Sun.  Therefore, the functionality contained in the patches within the Solaris 10 05/08 Patch Bundle have been intensely tested as a unit through the testing performed on the Solaris 10 05/08 (Update 5) release image.  Additional testing of the Solaris 10 05/08 Patch Bundle has also been performed by the Patch System Test team.  Therefore, the Solaris 10 05/08 Patch Bundle provides a well tested "baseline" option on which to standardize systems.

So while the patch bundle may deliver more change than some other patching strategies, that change has been well tested as a unit and hence may actually reduce the risk of introducing regressions when compared to "dim sum" patching (i.e. choosing an arbitrary combination of patches).  Note that intensive processes are also in place to ensure "dim sum" patching works, and it's rare to encounter a problem caused by "dim sum" patching.

How does the Patch Bundle differ from the Solaris 10 05/08 (Update 5) release image ?

The Solaris 10 05/08 (Update 5) release is a complete Solaris release image.  It contains new packages to support new features in the Solaris 10 05/08 (Update 5) release as well as all Solaris patches which were available when the Update was built.  The patches are pre-applied into the Solaris 10 05/08 release image.  This means that one doesn't have to spend time adding the patches using 'patchadd'.  On the flipside, since the patches are pre-applied into the release image, they cannot be backed out using 'patchrm'.  This isn't generally a problem as the Solaris Update release images are very intensely tested.  One can do a fresh install of the Solaris 10 05/08 (Update 5) release, or upgrade to it from an earlier Solaris release.

The Solaris 10 05/08 Patch Bundle contains the equivalent set of patches to the Solaris 10 05/08 (Update 5) release. The patch bundle does not include the new packages contained in the Solaris 10 05/08 (Update 5) release.  Therefore, new features in Update 5 which depend upon new packages introduced in that release will not be available in the patch bundle.  However, as discussed in a previous blog entry, any change to pre-existing code is delivered in a patch.  This includes features as well as bug fixes.  Therefore some feature enhancements will be available in the patch bundle.  ZFS, for example, is typically self-contained in patches and hence ZFS enhancements will typically be available via the patch bundle as well as via the Update release image. So will most Zones enhancements.  The patch bundle is simply a collection of patches with an install order file (patch_order) and an install script wrapper (installbundle.sh) around 'patchadd'.  Patches in the patch bundle can be backed out using 'patchrm', so long as the '-d' (no save) option wasn't used when applying the patch bundle.

There are a number of "special" or "script" patches included in each Solaris Update release.  These patches are used to correct issues in how patches are pre-applied into the Solaris Update release image and have no purpose whatsoever outside of the Solaris Update release process.  Therefore, these "special" or "script" patches are not released to SunSolve and are not included in the patch bundle.  See the Solaris 10 05/08 Patch Bundle README file for further information on these and other minor differences between the patch set pre-applied in the Solaris 10 05/08 release image and the patch set included in the Solaris 10 05/08 Patch Bundle.

Access 

The Solaris 10 05/08 Patch Bundle is available from the usual patch cluster location. 

Log onto Sunsolve, click on Patches and Updates, then Recommended Patch Clusters and scroll down the box under "Recommended Solaris Patch Clusters, J2SE and Java Enterprise System Clusters" to the Solaris 10 SPARC 05/08 Patch Bundle and Solaris 10 x86 05/08 Patch Bundle entries.  

The cluster is chunked to aid download.  There are 2 chunks for x86 and 3 chunks for SPARC. 

Follow the download instructions to the right of the scroll-down box or read the README file for any chunk.

As with all patch clusters, you need a valid support contract to download the cluster.   The following support contracts include access entitlement to Solaris patches and Patch Clusters (BTW: Software Update = patch), plus a wide range of additional support services:  Solaris Subscriptions, which includes Basic, Standard, Premium, and Solaris Everywhere Service Plans (compare here); Sun Software Service Plans, including Basic, Standard, Premium, and Premium Plus; Sun System Service Plans for Solaris, which includes Bronze, Silver, Gold, or Platinum options (compare here); or a Sun Spectrum Enterprise Service Plan.  See also http://www.sun.com/servicelist/ for country specific details.

Installation

Read the Patch Bundle README file for full installation instructions.

The patch bundle can be installed either on the active boot environment (i.e. the live system) or an inactive boot environment. 

Patching an inactive boot environment is recommended as, depending on the starting patch level of the target system, it may involve less system downtime as only a single reboot is required at the end to activate the boot environment. 

If you patch the active boot environment (i.e. the live system), then depending on the starting patch level of the target system, you may need to reboot an x86 system up to three times (twice at specific points during the installation process and once at the end) and a SPARC system up to two times (once after installing Kernel patch 118833-36 and once at the end).  See the patch bundle README for details.

The Solaris 10 05/08 Patch Bundle includes a new install script, installbundle.sh, which guides users through the installation process. 

The patches are ordered in such a way as to process any reboots required when patching an active boot environment as near the start of the installation process as possible.  This is to facilitate System Administrators by allowing them to get over the interim reboots early in the process and kick off the final patching sequence and let the process complete. 

The screen output and logfiles produced are also designed to be as clear and self-explanatory as possible, providing both overview and drill-down capabilities.

Approximate Installation Time 

How long it will take to install the Solaris 10 05/08 Patch Bundle will depend upon a number of factors:

  • The speed of the hardware and its I/O.
  • Which Solaris 10 release is installed on the target system and what patch level the system is at.  The higher the Solaris 10 Update release or patch level, the quicker the patch bundle will apply.
  • Whether Zones are installed on the system and which type of Zone.  Currently, the time to apply the cluster to each whole root non-global Zone will be approximately linear - i.e. multiple the install time by the number of whole root non-global Zones on the system.  Sparse root non-global Zones will be a little faster. (BTW: Sparse root non-global Zones is the recommended option when creating non-global Zones.)  As mentioned in a previous blog posting, there is a project in development to improve Zones patching performance.

For example, I installed the Solaris 10 x86 05/08 Patch Bundle on a v65x running the original Solaris 10 3/05 "FCS" (First Customer Shipment) release with no additional patch applied (worst case) and no non-global Zones.  I applied the patch bundle to the active boot environment.  Installation took a total of 3 hours and 58 minutes plus 3 reboots (see the Patch Bundle README for an explanation of the reboots when patching an active boot environment).

Conclusion

The Solaris 10 05/08 Patch Bundle will not suit everyone.  It is a large collection of patches and hence is slow to download and install.

As described in a previous blog posting, the Sun Alert patch clusters (available from the same location on SunSolve - see above) provide the minimum amount of change to address the most critical Solaris issues.  The Sun Alert cluster contains all available Solaris patch fixes for Security, Data Corruption, and System Availability issues. New versions of the Sun Alert cluster are posted whenever a new patch to fix a Sun Alert issue becomes available.  Customers should try to keep as current as possible with the contents of the Sun Alert clusters.

For customers who want to bring all their systems to the Solaris 10 05/08 (Update 5) release patch level, installing or upgrading to the Solaris 10 05/08 (Update 5) Release image remains the recommended option where feasible.  The Solaris 10 05/08 Patch Bundle was simply created in response to a demand from customers for an alternative option where upgrading was not feasible due to internal customer policies.

Since Solaris Update releases are intensely tested, the patch bundle provides a good quality patch "baseline" on which to standardize systems.

From customer feedback to date, the next Patch Bundle for the equivalent set of patches for Update 6 is likely to also be a complete set of patches from Solaris 10 3/05 "FCS" (First Customer Shipment - i.e. the original Solaris 10 release) and not an incremental bundle just containing the patch set delta between Updates 5 and 6 as I had previously suggested.  Feel free to post a comment with your preference.

Enjoy!

Comments:

My preference would be to have a complete patch set. While it would be space saving to apply this bundle and then use an incremental bundle, it would likely not be time saving. Replacing the entire bundle would be preferable in my opinion.

Posted by Alex Stade on June 09, 2008 at 06:56 AM IST #

Thanks Alex!

Complete 1 : Incremental 0

Any other opinions folks ?

As we say in Ireland, vote early, vote often! :)

Best Wishes,

Gerry.

Posted by Gerry Haskins on June 09, 2008 at 07:49 AM IST #

I agree with Alex, I would not be in favour of incremental releases. As i understand what you have said the space would be large, but it would be quicker if its more up-to-date.
Regards
Mal

Posted by Malcolm Robson on June 12, 2008 at 07:19 AM IST #

Is this equivalent to the EIS Solaris 10 05/08 Full bundle?

Posted by guest on June 16, 2008 at 09:04 AM IST #

Hi Malcolm!

No, the EIS Solaris 10 05/08 Full bundle is different, as follows:

EIS (as described elsewhere in this blog) stands for Enterprise Installation Standards. It's used as a basis for creating the pre-installed software images which new hardware ships with from the factory. It's also used by Sun Field Engineers when commissioning systems. It's more than just a set of patches, it's an installation checklist and resource compendium.

The EIS DVD is released monthly, hence the EIS release in May is entitled 05/08. EIS is produced by Sun's Services organization for Sun's Services organization. It's well produced, well maintained, and provides a good service to ensure that systems are installed and maintained to a high standard. The EIS DVD is not directly given to customers, rather it's used by Sun field engineers.

However, the monthly EIS patch set is available as a patch "baseline" option in Sun Connection Satellite 1.1.1 and xVM Ops Center 1.x.

The EIS patch set is based upon the Solaris Recommended Patch Cluster available from SunSolve (again described elsewhere in this blog), but EIS also includes about 150 other patches for products outside Solaris such as SunCluster, SunVTS, SSP, SMS, QFS, SAM-FS, together with patches that provide firmware updates.

The Solaris 10 5/08 Patch Bundle contains the equivalent set of patches to the Solaris 10 5/08 (Update 5) release image.

Unlike the EIS patch set, the Solaris 10 5/08 Patch Bundle only contains Solaris patches. The Solaris 10 5/08 Patch Bundle contains all the Solaris patches which were available at the time the Update release was being built, whereas the EIS patch set is based upon the Recommended Patch Cluster which is a relatively small subset containing the most critical Solaris patches.

Both the EIS patch set and the Solaris 10 5/08 Patch Bundle provide reasonable patch "baseline" options for customers. Using either in conjunction with trying to keep up to date with the asynchronously published Sun Alert cluster available from SunSolve (again, see my earlier blog entry on the Sun Alert cluster) is a reasonable patching strategy.

The EIS patch set provides the most important subset of patches based upon the Solaris Recommended Patch Cluster, whereas the Solaris 10 5/08 Patch Bundle provides the equivalent set of patches to the Solaris 10 5/08 (Update 5) release image, which is all the Solaris patches which were available when the Update was being built. Since each Update release is intensely tested as a unit, the Solaris 10 5/08 Patch Bundle provides an good alternative patch baseline.

As mentioned above, the EIS patch set isn't directly available to customers except through Sun Connection Satellite 1.1.1 or xVM Ops Center 1.x. xVM Ops Center 1.x also provides an option to patch up to the equivalent patch level to a Solaris Update release.

Posted by Gerry Haskins on June 17, 2008 at 05:00 AM IST #

In our firm we have used EIS (together with our Sun contacts) to create the equivalent of your new U5 (05/08) patch bundle in the past. It was as close as possible but never quite there. Therefore, we appreciate this new bundle very much, probably being one of the customers who requested that. We would like to continue augmenting that bundle with additional patches from the EIS DVD.

An open question is how soon such a bundle will be made available going forward. For U5, it seems it's about 2 months since RR (approx. April 10, I think). So far, we have assumed the equivalent EIS patch bundle would be available about a month after RR of a Solaris Update.

Now we will need to combine the Solaris Update bundle and some patches from EIS.

So, for U6, or any other release in the future, how long will we have to wait until the U6 patch bundle and the equivalent EIS patch set will be available?

Thanks
- Tom

Posted by TomF on June 26, 2008 at 06:18 AM IST #

Hi Tom!

For the initial U5 patch bundle, it took a bit longer to dot all i's and cross all t's as it was the first such bundle we've released (since the old Maintenance Update days of Solaris 9 and below).

For U6, we would hope it would be quicker - within about 1 month of release. There's a couple of logistical reasons for this which we'll look to iron out over time.

BTW: EIS is a good solution. I don't blog about it too much, as customers don't have direct access to EIS, as access is through Sun field personnel. But the EIS patch set is available as a patch "baseline" in xVM Ops Center. xVM Ops Center can also patch a system to the equivalent patch level to an Update release.

Posted by Gerry Haskins on June 26, 2008 at 11:37 AM IST #

Hi, Sitting here in Sydney at 2:45am installing the 05/08 bundle on a Sun T2000.
After 4hrs (our downtime interval) I am up to no. 214/476. This means I have about 5hrs to go!!
Your 4hr time is definitely not applicable to this box.
9hrs for a patchset!!!!! Come on....

Posted by Milt on August 05, 2008 at 08:05 PM IST #

Hi Milt!

I agree patching performance is poor. This is why in the next release of Solaris (i.e. the one after Solaris 10, not a Solaris 10 Update), we'll be moving to a new packaging architecture, Image Packaging System (IPS). See OpenSolaris for further details (pkg-discuss@opensolaris.org). The initial IPS version (which is still under development) is available in the OpenSolaris 2008.05 image.

Can you please let me know:

\* How long did it actually take to complete the 5/08 bundle installation ? The patches in the 5/08 Patch Bundle are ordered so as to apply the big Kernel patches (118833-36 and 127127-11) early in the install sequence.

\* What was the Kernel patch level on the system when you started - e.g. was 118833-36 already installed on the system or not ? If the system was running an early version of Solaris 10 without many patches applied, then the bundle will take more time to install.

\* Does the target system have Zones ? How many and are they sparse (recommended) or whole root zones ? We are working on a solution to improve zones patching performance (parallel Zones patching).

Posted by Gerry Haskins on August 06, 2008 at 04:37 AM IST #

Hi Gerry,
The patch set is not yet complete. I interrupted (I know, I know) after No 218 (121675-11) and the system came up OK. That took 4hr 20m.
118833-36 went in OK. 127127-11 is due at number 380, a fair way further down. I estimate about 4hrs to go. So we need another 4hr outage, this is a production machine, so the whole customer PR thing is in swing.

Kernel was at 118833-24 prior.

There are no zones on this system.

Posted by Milt on August 08, 2008 at 02:02 AM IST #

Thanks Milt!

Hmmm, I'm curious as to why it's taking so much longer on your system than it did mine. I patched a vanilla FCS system, so had even more patches to apply than you do. I'll try to follow up with you offline.

Best Wishes,

Gerry.

Posted by Gerry Haskins on August 08, 2008 at 10:02 AM IST #

I worked Milt's issue with him offline, and with Milt's permission, here's a summary:

It's important to upgrade the firmware on T1000/T2000s as the latest firmware results in significant performance improvements. For a list of current firmware patches, see http://www.sun.com/bigadmin/patches/

Here's extracts from my email exchange with Milt:

Hi Gerry,

Thanks to your mention of m/c firmware I did some investigation. Looks like we're way back level. So I am installing the latest 6.6.4 before I resume patchbundle tonight.

Hi Gerry,

Patch bundle installed OK. From 219 to end took just 2hrs. It could be the firmware helped. Don’t know. There are some really slow patches.

One patch No 285 took 35-40 min alone. It’s a postgresSQL patch with thousands of files. Would be a good idea to leave this type of patch out

of these large patchsets don’t you reckon.

At least provide a warning that some can take considerable time.

Would I have been better to run the Sun Recommended “Solaris 10” cluster?

Hi Milt!

See the relevant entries on my patch blog, http://blogs.sun.com/patch to decide which cluster is right for you.

See also the Big Admin patching hub, http://www.sun.com/bigadmin/patches/, especially http://www.sun.com/bigadmin/hubs/documentation/patch/patch-resource.jsp, and the Solaris 10 Patch Management Best Practices doc, http://www.sun.com/bigadmin/features/articles/patch_management.jsp

Certainly the Recommended or Sun Alert patch clusters would have been considerably faster to install and would have provided all the critical fixes addressing all Solaris Sun Alert issues - that is all Security, Data Corruption, and System Availability issues.

It's the Sun Alert cluster which I recommend customers keep up to date with, as it provides the least amount of change while addressing all Solaris Security, Data Corruption, and System Availability issues. (BTW: The "Recommended" Cluster is older, and is a bit of an historical artifact - I'm trying to merge it with the Sun Alert cluster to eliminate confusion.)

As described on http://blogs.sun.com/patch/entry/solaris_10_5_08_update and http://www.sun.com/bigadmin/features/articles/sol10patch.jsp provides the equivalent set of patches to that contained in the Solaris 10 5/08 (Update 5) release. Since the very large postgres patch you mention below is in Update 5, it's also in the 5/08 patch bundle. The Solaris 10 5/08 patch bundle is designed for customers whose business policies don't allow them to upgrade systems, but they want to bring their older systems up to the same patch level as newer systems running Update 5.

Note that some critical patches will have been released since 5/08, so it's still prudent to install the Sun Alert cluster on top of the 5/08 patch bundle. Since you'll already have most of the patches applied, this shouldn't take long.

The Sun Alert (and "Recommended") Patch Bundles are updated asynchronously as soon as a new patch revision which fixes a Sun Alert issue is released. You can keep abreast of Sun Alerts by subscribing to the Sun Alert report by logging on to SunSolve and going to http://sunsolve.sun.com/show.do?target=security/sec

Alternatively, if you don't have time to keep abreast of Sun Alert issues, simply install the latest Sun Alert cluster whenever you have a chance in your regular maintenance window.

Milt, is it OK if I publish the above as a blog comment as I believe other customers would find the information useful about upgrading the firmware to get better performance on a T2000 and also on how to decide which cluster to use ?

Best Wishes,

Gerry.

BTW: The slow install of patches which process large deletes files (and I believe the postgresSQL patch Milt mentions above is one of them) has now been significantly improved. The current revisions of most such patches now include the fix and CRs have been filed to fix the remainder. But since the Solaris 10 5/08 Patch Bundle reflects the PatchIDs included in the Solaris 10 5/08 (Update 5) release, those patch revisions still include the slow deletes file processing code.

Posted by Gerry Haskins on August 14, 2008 at 04:57 AM IST #

Now that Solaris 10 10/08 (U6) has been released, will this option be offered again for this update?

Posted by Todd Campbell on October 31, 2008 at 10:35 AM GMT #

Hi Todd!

Yes, we'll be releasing the Solaris 10 10/08 Patch Bundle as soon as we can. Should be before end of November. Sooner, if at all possible.

Best Wishes,

Gerry.

Posted by Gerry Haskins on October 31, 2008 at 11:20 AM GMT #

The original ETA for the U6 patch bundle is over. Any updates? We are are really waiting for it!

Posted by TomF on December 04, 2008 at 03:01 AM GMT #

Yes, we gave the go ahead to release on Tuesday. It should appear on SunSolve soon.

Posted by Gerry Haskins on December 04, 2008 at 09:48 AM GMT #

Surprisingly, I don't see many people noting that it's possible to use LU to patch to an alternate drive, reboot to the alternate drive, and done! You don't even need to uses Sun's LU setup\* -- you just have to setup the alt drive properly so that the different filesystems (var, opt, usr, zones, ...) are in relation to your alt root (/).

We sync the disks, & apply all the patches the day prior (last patch wave was ~230 patches with 3 kernel patches). And then day of, sync some log files, and reboot. : ) I of course will not complain when the parallel patching feature is added. : )

\* I should also note that you first need to install the latest LU patches on the primary drive for it to work properly.

Posted by sleepyweasel on February 13, 2009 at 12:34 PM GMT #

Hi Gerry,
I installed Solaris10 with 5/08 DVD and found Kernel patch was 127127-11 after installation. Does it mean we do not need to install 118833-36 kenel patch and 127127-11 superdeds 118833-36? I tried the recommended patch clusters from 13/Nov and 23/Feb. With either patch cluster 118833-36 failed to install. Readme suggests 118833-36 is required.Please clarify.

Nick

Posted by Nick Hong on March 05, 2009 at 04:45 PM GMT #

Hi Nick!

As noted in some of my blog postings and elsewhere, all available patches are pre-applied into the next Solaris Update. This helps ensure successive Solaris Updates are of increasing quality and also saves Sys Admins from having to install hundreds of patches to newly installed systems using 'patchadd' which would be very time consuming.

118833-36 is included in Solaris 10 5/08, pre-applied into the image, so there's no need to re-apply it using 'patchadd'.

When you install or upgrade to a Solaris Update release, you can see what patches are pre-applied into the Solaris Update image by running 'patchadd -p' or 'showrev -p'.

The Patch Clusters are designed to apply to any Solaris 10 release, from the original Solaris 10 3/05 "FCS" (First Customer Shipment) release right the way up to the latest Solaris 10 10/08 release.

Since you have installed Solaris 10 5/08, only patches in the Recommended Cluster which were released since the contents of the Solaris 10 5/08 release were finalized, will apply.

If you look at the patch logfiles, you should see a message when attempting to re-apply patches such as 118833-36 to the effect that it is already applied to the system. This is correct behavior.

Please see other postings in this blog and the Big Admin Patching Center, http://www.sun.com/bigadmin/patches/overview.jsp for further information on patching.

Best Wishes,

Gerry.

Posted by Gerry Haskins on March 06, 2009 at 02:32 AM GMT #

Hi Nick!

Just in case it's not 100% clear from my previous reply, 'patchadd' will automatically handle the case where some patches in a cluster have already been applied to a system and will simply "bounce" over them, reporting an "error" message that they've already been applied.

'patchadd' handles such cases efficiently, so there's little overhead added to the patching process.

Best Wishes,

Gerry.

Posted by Gerry Haskins on March 06, 2009 at 03:32 AM GMT #

Now that U7 (05/09) has been released yesterday (on time, thanks!) I have 3 questions:

1. When will the corresponding patch bundle be available?
2. When will the first sustaining kernel patch on top of U7 become available?
3. Which EIS release is scheduled to take U7 into account and include this first sustaining kernel patch? Maybe the June 09 release? What is the ETA for that release (Sun internally)?

Thanks
- Tom

Posted by TomF on April 30, 2009 at 01:40 AM IST #

Hi Tom!

Here are the answers to your questions:

1. We expect to have the Solaris 10 5/09 Patch Bundle available on SunSolve before the end of May. I do not have an exact date yet.

2. The Kernel patch included in Solaris 10 5/09 (Update 7) is due to be released on or before May 11th. I don't yet have a firm date for the first post-U7 sustaining Kernel patch as I believe it is currently being rescheduled.

3. The EIS releases are usually created towards the end of each month. So the May EIS release should include the U7 Kernel and I'd expect the June EIS release to include the first post-U7 sustaining Kernel.

Best Wishes,

Gerry.

Posted by Gerry Haskins on April 30, 2009 at 10:24 AM IST #

Any news on the U7 patch bundle? It's well beyond end of May and we need it really soon now ...

Thanks
- TomF

Posted by TomF on June 05, 2009 at 04:33 AM IST #

Hi all

Can anybody help me in this query..
I have downloaded Solaris 10 U5 (5 - CD pack ) form the SUN website. After I downloaded the first part I tried to mount the ISO by the below command.

# mount -F hsfs -o ro `lofiadm -a /export/home/emsadmin/sol-10-u5-ga-sparc-v1.iso` /cdrom

then when I did “ls -l /cdrom”, below is the list that we see (actually the contents of s0)
# ls -l
total 920
-r--r--r-- 2 root root 6557 Feb 28 2008 Copyright
-r--r--r-- 2 root root 460262 Feb 28 2008 JDS-THIRDPARTYLICENSEREADME
drwxr-xr-x 2 root bin 2048 Mar 25 2008 License/
drwxr-xr-x 7 root root 2048 Mar 25 2008 Solaris_10/
#

But when we burnt the same ISO on the CD and then mounted the CD onto the cdrom, below is the list that we see:
# ls -l
total 4
lrwxrwxrwx 1 root nobody 18 Jun 12 13:56 cdrom0 -> ./sol_10_508_sparc/
drwxr-xr-x 9 root nobody 512 Jun 12 13:56 sol_10_508_sparc/
# cd sol_10_508_sparc/
# ls -l
total 16
dr-xr-xr-x 2 root sys 2048 Mar 25 2008 s0/
drwxr-xr-x 18 root root 512 Mar 25 2008 s1/
drwxr-xr-x 2 root root 512 Mar 25 2008 s2/
drwxr-xr-x 2 root root 512 Mar 25 2008 s3/
drwxr-xr-x 2 root root 512 Mar 25 2008 s4/
drwxr-xr-x 2 root root 512 Mar 25 2008 s5/
drwxr-xr-x 2 root root 512 Mar 25 2008 s6/
#

So, We could see all the directories.

So why are we not able to see the same structure when we mount the ISO.

With Warm Regards,
Gaurav Mittal

Posted by Sibgath Khan on June 11, 2009 at 05:07 AM IST #

Hi Sibgath,

Your mount/lofiadm command is mounting the s0 slice of the cdrom which is the only hsfs filesystem on the disk and contains the solaris image.

However since it is a solaris bootable CD you need to think of it more like a hard disk than a basic CD.

The other slices are required to allow the cd to boot on different architectures and contain UFS bootable images.

This blueprint may be of interest to you to understand a bit more about solaris bootable CD's:
http://www.sun.com/blueprints/0301/BuildBoot.pdf

Best Wishes,
~Albert

Posted by Albert White on June 18, 2009 at 06:06 AM IST #

Problem Description: Let us know list of files that can grow in /var partition causing partition to fill nearly 100%. Files we have identified are as follows:
1) /var/log/anthology
2) /var/adm/lastlog
3) /var/adm/loginlog
4) /var/adm/spellhist
5) /var/adm/sulog
6) /var/adm/utmp
7) /var/adm/utmpx
8) /var/adm/wtmp
9) /var/adm/wtmpx
10) /var/cron/log
11) /var/adm/messages
12) /var/log/xferlog
Do let us know any admin recommended addition or deletion to above list.

Posted by Sibgath on June 18, 2009 at 10:06 AM IST #

Hi Sibgath!

You may wish to read up on logadm and look at /etc/logadm.conf

If you are using mailx, print, or cups then there are other logs files: /var/mail, /var/lp, and /var/adm/syslog\*

Please note that /var/sadm will also grow over time. Please see http://blogs.sun.com/patch/date/20090121

And if you have applications such as Application Server, they will write to /var/ as well ( large log files too ). Same goes for Apache and so on.

In general, it's best to allow sufficient space to enable /var to grow.

Posted by Gerry Haskins on June 23, 2009 at 04:34 PM IST #

Hi all,

Let us know which Solaris Process uses below list of files:
1) /var/adm/lastlog
2) /var/adm/loginlog
3) /var/adm/sulog
4) /var/adm/utmp
5) /var/adm/utmpx
6) /var/adm/wtmp
7) /var/adm/wtmpx
8) /var/cron/log
9) /var/log/xferlog
10) /var/log/authlog

Posted by Sibgath on July 10, 2009 at 12:27 AM IST #

Hi Sibgath!

Please use the 'man' command, e.g. 'man sulog'.

Best Wishes,

Gerry.

Posted by Gerry Haskins on July 10, 2009 at 09:01 AM IST #

We were trying to transfer some date from the client to the NFS Server. During the transfer of data the connectivity got lost. And the transfer command bailed out after some time.
After the command bailed out the NFS Server came up and the then we un-mounted and remounted. During remounting it gives below error. Attached is the time limes of the issue.
nfs mount: mount: /export/home/emsadmin/Gaurav/.MOUNT_SHARED_DIR: Permission denied
Started Move Command 11:07:48 # mv /appdata/g.tar /export/home/emsadmin/Gaurav/.MOUNT_SHARED_DIR/
Connectivity Lost on client 11:08:19
Move Command Failed 11:17:09 mv: cannot create /export/home/emsadmin/Gaurav/.MOUNT_SHARED_DIR/: Is a directory
Un mounted the Shared Partition 11:19:00 # umount –f /export/home/emsadmin/Gaurav/.MOUNT_SHARED_DIR/
Re mounted the Shared partition 11:30:36 # /usr/sbin/mount -F nfs -o rw,retry=3 10.193.1.116:/appdata/gaurav /export/home/emsadmin/Gaurav/.MOUNT_SHARED_DIR
Mounting Failed nfs mount: mount: /export/home/emsadmin/Gaurav/.MOUNT_SHARED_DIR: Permission denied

Posted by sibgath on August 03, 2009 at 06:28 AM IST #

Hi Sibgath,

This does not appear to be a patching issue. Please log a support call through the normal channels.

Best Wishes,

Gerry.

Posted by Gerry Haskins on August 04, 2009 at 03:38 AM IST #

Problem Description:
Is there a procedure/configuration to restrict the mail box (/var/mail/<userid>) size?
Also please share if there is any other way to control the size of the mail box?
May be a regular cleanup procedure/command to delete older mails etc?
Appreciate any help in this regard.

Posted by sibgath on October 12, 2009 at 05:38 AM IST #

Problem Description:
Need details about the following solaris files:
1) /var/adm/emerglog
a. What is this file for? And what is its significance?
b. What kindda data goes into this file?
c. Which solaris process/application/server uses this file? I believe its syslog but please confirm?
2) /var/sadm/install/contents
a. Is it recommend to clean this file? If yes, how?
3) /var/adm/.misc.log
a. What is this file for? And what is its significance?
b. What kindda data goes into this file?
c. Which solaris process/application/server uses this file?

Posted by sibgath on October 12, 2009 at 05:41 AM IST #

Hi Sibgath!

Since these are not patch specific questions, can I suggest that in future you post such questions to the appropriate Solaris fora on forums.sun.com ?

Best Wishes,

Gerry.

Posted by Gerry Haskins on October 12, 2009 at 06:06 AM IST #

Hi Sibgath
I would suggest using a more general forum for nfs/mail support.
/var/sadm/install/contents is the packaging database, and is maintained by the patcj/packagign tools, it should never be interfered with, as doing so can leave the system unable to administer packaging ( and patches as well ), it is simply a text file that contains an entry for every directory and file on the system with some associated metadata. it is private data and any manual changes can break the system in numerous ways.
Enda

Posted by Miriam Brace on October 12, 2009 at 06:25 AM IST #

Hi

Version of the putty right now we are using is: 0.58.
We downloaded latest putty and its version is: 0.60.

When we tried accessing server which has 141742-04 patch applied, we are getting the same behavior.
Error snippet: Sep 25 10:38:54 ems31 sshd[16079]: fatal: matching cipher is not supported: aes256-ct

Posted by sibgath on October 22, 2009 at 05:26 AM IST #

Hi Sibgath,

This does not appear to be a patching issue. Please log a support call through the normal channels.

Best Wishes,

Gerry.

Posted by Gerry Haskins on October 22, 2009 at 06:24 AM IST #

Hi
Please see
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270089-1&searchclause=sshd%2420%22matching%2420cipher%2420is%2420not%2420supported%22
this is due to CR 6850734
workaround is
Change the two config files /etc/ssh/ssh_config and /etc/ssh/sshd_config and add the following line:

Ciphers aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc

I would suggest going through support channels in future for these types of queries.

E nda
Enda

Posted by Enda O'Connor on October 22, 2009 at 12:00 PM IST #

<html><b>hi nice to see over whelming response here...................
hi my questions
<p>1)to apply bundle patch we run a ./installer file right? if at all the patching fails can we roll back the patches</p>
<p>2)if we have some patches already installed ...which are contained in the bundled patch..then when we try to install the bundle patch does it overrides the existing patches are skips ....does the applying of bundle patch will be successful in this case</p>
<p>3)can we roll back the patches in cluster patch....</p>
friends i need your support ...</b></html>

Posted by venkatadry on March 06, 2011 at 02:02 AM GMT #

Hi Venkatadry,

To answer your questions:

1) Rollback - The recommended way to provide a rollback option is to use Live Upgrade to apply the patches to an alternate boot environment. When you activate the alternate boot environment, if you don't like what you see, you can can simply and quickly rollback by booting back into the original boot environment. Alternatively, you can back out the patches by reversing the install order and feeding it to 'patchrm' but only do this once you have analysed the reason for the patch application failing. Otherwise, you could compound the problem.

2) Some patches already applied - Yes, this will work fine. 'patchadd' and the cluster install script handle this case gracefully and efficiently.

3) Seems to be the same question as 1) and has the same answer. Don't roll back until you've understood the reason for patch application failing. If, for example, the cause is running out of disk space, then rollback won't work until space is freed up as patch removal requires space to uncompress the backout files and write to the log files.

Posted by Gerry Haskins on March 15, 2011 at 04:26 AM GMT #

Hi,

I need to upgrade a V490 server running at u2 release, (patch level - 144488-06 ; recently patched) to u9 release. Is it supported/ single step LU create/upgrade as usual or do I have to bring the system to an earlier release like u5 before stepping to u9 ??

Also can i download the latest Recommended patch bundle and install the same to the upgraded ABE.

Javed.

Posted by guest on September 23, 2011 at 01:13 AM IST #

Hi Javed,

Apologies for my delay in responding.

Yes, you can upgrade directly from U2 to U9. Just follow the instruction in https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1004881.1

You should also apply the latest Solaris OS Recommended Patchset to the ABE.

Best Wishes,

Gerry.

Posted by guest on October 12, 2011 at 11:05 AM IST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

This blog is to inform customers about patching best practice, feature enhancements, and key issues. The views expressed on this blog are my own and do not necessarily reflect the views of Oracle. The Documents contained within this site may include statements about Oracle's product development plans. Many factors can materially affect these plans and the nature and timing of future product releases. Accordingly, this Information is provided to you solely for information only, is not a commitment to deliver any material code, or functionality, and SHOULD NOT BE RELIED UPON IN MAKING PURCHASING DECISIONS. The development, release, and timing of any features or functionality described remains at the sole discretion of Oracle. THIS INFORMATION MAY NOT BE INCORPORATED INTO ANY CONTRACTUAL AGREEMENT WITH ORACLE OR ITS SUBSIDIARIES OR AFFILIATES. ORACLE SPECIFICALLY DISCLAIMS ANY LIABILITY WITH RESPECT TO THIS INFORMATION. ~~~~~~~~~~~~ Gerry Haskins, Director, Software Lifecycle Engineer

Search

Categories
Archives
« April 2014
MonTueWedThuFriSatSun
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Today