By Gerry Haskins-Oracle on Jun 10, 2015
Here's an updated version of patching best practice presentation, PatchingBestPractice.pdf.
You can still find more verbose earlier versions in prior postings.
I hope to see you next week at Oracle OpenWorld in San Francisco.
Pete Dennis, Isaac Rosenfeld, and I will be giving a presentation on the Solaris 11 Customer Maintenance Lifecycle, which will provide an introduction to how we expect customers to maintain Solaris 11 systems, comparing and contrasting it to the Solaris 10 experience.
I believe the compelling advantages of ZFS Root Snapshots and Image Packaging System (IPS) have the potential to dramatically improve our customers' maintenance experience.
I'm sure you, like me, will be delighted to hear that there will be no patches and no patching in Solaris 11. Neither is there a need to use technologies like Live Upgrade to provide a safety net - it's all baked into core Solaris 11 for you.
It's my intention to provide customers with much more up front guidance on how best to maintain Solaris 11, so customers don't need to figure out their maintenance strategy from scratch.
But we also remain committed to providing the flexibility to meet individual customer's needs and special circumstances.
So if you're at OpenWorld, please come along and hear Pete, Isaac, and I introduce you to the Solaris 11 maintenance lifecycle:
3:30pm, Tuesday, Oct 4th
Moscone South, Room 200
Pete Dennis and I will also be presenting at the Deutsche Oracle Anwendergruppe (DOAG) conference in Nürnberg in November 15-17, so if we don't see you at OpenWorld, we hope to see you there.
I really want to get your feedback on our current plans - what you like, what you don't like, and what we can improve. So come along and let me know.
My colleagues in Services are running Best Practice Webinars on knowledge searching and how to find Firmware, Storage updates, and Oracle Solaris patchsets.
The next sessions for patching are this Thursday, Feb 18th, at 9AM MT (U.S. Mountain Time) and 5PM MT. If you miss these, don't worry, there's more being hosted through to the end of April 2011. See below.
Log into MOS and see
https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&doctype=SYSTEMDOC&id=1282218.1 for details.
Here's the blurb:
As you may know from my previous blog postings, Oracle Sun recommends customers to install or upgrade to the latest Solaris 10 Update in major maintenance windows. Based on a request from customers whose change control policies prevent them from upgrading, we've been producing Solaris Update Patch Bundles which bring pre-existing packages up to the same software level as the corresponding Solaris Update. The difference is that the Patch Bundles don't provide new or up'rev'd packages introduced in the corresponding Solaris Update.
For customers considering use of the Solaris Update Patch Bundles, that raises the obvious question as to which packages are introduced or up'rev'd in each Solaris Update release. The lists above answer that question.
Aside: As discussed in previous blog postings, all core Solaris OS packages are updated via patches. The up'rev'd packages above refer to some 3rd party and community based apps included in Solaris (e.g. Mozilla Firefox, Thunderbird, etc.) which are updated via package updates (i.e. where one package version is removed and replaced with a later version). This is to tie in better with the release strategy for such apps.
Many thanks to my colleague, Roisin Doran, for all her work in putting this together.
I'll ask Roisin to work with the Technical Writers to include updated versions of these lists in future Solaris 10 Update release documentation.
Here's a document and a corresponding presentation I've written describing the Oracle Solaris 10 Recommended Patching Strategy. They contain a number of links to resources which I hope you will find useful.
As always, I look forward to your feedback.
BTW: If you have any queries about patching, why not post them on the Oracle Solaris Install, Booting, and Patching Community Forum.
Here's the presentation on Oracle Solaris Patching Strategy and Best Practices which Bob Netherton and I gave last week at Oracle Open World.
It was really great to meet so many customers. If you have any patch related questions, please feel free to follow up with me.
Director, Software Patch Services, Solaris Systems.
I'll be presenting on the Oracle Solaris Recommended Patch Strategy at Oracle Open World next week:
SESSION SCHEDULE INFORMATION
Title: Patching Best Practices for the Oracle Solaris Operating System
Track: Oracle Solaris
Time: 13:30 - 14:30
Venue: Moscone South
Room: Rm 301
I'll be at Oracle Open World Monday, September 20th, Wednesday, September 22nd, and Thursday, September 23rd.
I'd be delighted to meet you there. If you'd like to meet me to discuss anything to do with patching, please email me at Gerry.Haskins@oracle.com
For those who can't make it to Oracle Open World, I'll post the presentation here after the event. I'm also happy to talk to you by phone if you'd like to discuss anything about patching.
Director, Software Patch Services, Solaris Systems
I've updated my Patching Presentation for customers, see http://blogs.sun.com/patch/entry/patch_presentation_for_customers
I hope you find it useful.
Also, I forgot to blog about an enhancement we made in March 2010 to the Solaris Update Patch Bundles. The Solaris Update Patch Bundles now add a line to /etc/release when they are installed to make it easier to determine that they've been applied - i.e. that all pre-existing packages on the system have been patched up to the same software level as the corresponding Solaris Update.
On a related note, Oracle 11gR2 requires customers to have Solaris 10 10/08 (Update 6) installed. From Version 18.104.22.168 it will accept the corresponding Solaris Update Patch Bundle as being sufficient to meet this requirement. The modification of /etc/release by the Solaris Update Patch Bundle is partially to help support this.
It's Oracle standard practice to release quarterly Critical Patch Updates (CPUs) containing security fixes. These scheduled releases enable customers to plan maintenance windows.
Solaris now conforms to this practice and Solaris OS CPUs are now available.
The Solaris OS CPU is an archived snapshot of the Solaris OS Recommended Patch Cluster.
Please note that the Solaris OS bug fixing processes have not changed. Security and other bugs continue to be fixed as soon as possible, patches containing such fixes for the Solaris OS will continue to be released as quickly as possible, and they will continue to be included in the Recommended Solaris OS Patch Clusters as soon as they become available.
The Solaris OS CPU simply provides another, archived, patch collation option for customers.
See http://www.oracle.com/technetwork/topics/security/alerts-086861.html and in particular Document 1446032.1 on My Oracle Support (MOS), http://support.oracle.com, which includes CVE mappings for Oracle Sun products.
I'm delighted to announce the availability of 10 new free online patch training modules.
This is the result of a lot of work from those nice people in Sun Learning Services, the Install Revenue Product Engineering (RPE, a.k.a. Sustaining) team, and my own folk.
The modules concentrate on using Live Upgrade for patching, as well as providing background on Deferred Activation Patching, Kernel patches, and other useful information.
You can access the modules as follows:
I think even experienced Sys Admins will find the modules useful in clarifying patching best practices and providing context and background information on the evolution of patching technology and best practices in Solaris 10.
If you don't like the online course format, or if you want a reference document to refer back to after taking the course, please see the attached .pdf.
Best Wishes,Gerry Haskins, Director, Software Patch Services
Ever wanted to run something past a patching expert ?
Want to pick the brains of your peers in other companies ?
Lobby to get a patching enhancement implemented ?
Debate what is an appropriate patching strategy and associated best practices ?
Ask other customers if they are seeing the same issues you are ?
Your wait is over. There are new Patch Forums available to customers with support contracts on http://forums.sun.com.
If you haven't accessed the private contract customer forums on forums.sun.com before, I'm told there's a bit of a "secret-handshake" procedure you must follow for your initial login:
Please note that the above process need only be followed once, in order to register your "Screen Name" for access to the private contract customer forums on forums.sun.com
For all future access, you may go directly to the Patch Forums and login via the "Login" link on the top right of the screen to see the Patch Forum content.
You can use the "Let's talk patching!" Community Forum to discuss Patching Strategy and Best Practices with peers and Sun folk, including potential enhancements to improve your patching experience. It is important to note that this is not an official Support channel. To ensure optimal support, you must continue to raise Service Requests for specific patching issues through the normal support channels, although you may use the Patch Issues sub-forum to see if others have experienced similar issues and know of workarounds or available fixes. As with other forums of this nature, Sun does not guarantee to answer all questions posted. We'd like your feedback on how you would like to see this forum evolve and keep the questions coming so we can better serve your patching needs!
There are two sub-forums available:
Discussions on patching strategies, best practices, news, and potential enhancements to improve your patching experience.
Please note that this is not an official Support channel. To ensure optimal support, you must continue to raise Service Requests for specific patching issues through the normal support channels, although you may use the Patch Issues sub-forum to see if others have experienced similar issues and know of workarounds or available fixes.
I hope you find these forums useful!
They are designed to facilitate dialogue between you and other customers and with Sun subject matter experts to help improve your patching experience.
Best Wishes,Gerry Haskins
Please see the Patch Management Best Practices guide which my colleague, Enda O'Connor, has published on the BigAdmin Patching Hub. I hope you'll find it useful.
Enda is a senior engineer in Patch System Test and he is far more technical than I am.
Enda has more practical experience of patching Solaris 10 Zones environments than anyone else in Sun.
This blog is to inform customers about patching best practice, feature enhancements, and key issues. The views expressed on this blog are my own and do not necessarily reflect the views of Oracle. The Documents contained within this site may include statements about Oracle's product development plans. Many factors can materially affect these plans and the nature and timing of future product releases. Accordingly, this Information is provided to you solely for information only, is not a commitment to deliver any material code, or functionality, and SHOULD NOT BE RELIED UPON IN MAKING PURCHASING DECISIONS. The development, release, and timing of any features or functionality described remains at the sole discretion of Oracle. THIS INFORMATION MAY NOT BE INCORPORATED INTO ANY CONTRACTUAL AGREEMENT WITH ORACLE OR ITS SUBSIDIARIES OR AFFILIATES. ORACLE SPECIFICALLY DISCLAIMS ANY LIABILITY WITH RESPECT TO THIS INFORMATION. ~~~~~~~~~~~~ Gerry Haskins, Director, Software Lifecycle Engineer