Monday Mar 10, 2014

ORAchk Health Checks for the Oracle Stack (including Solaris)

Cross posting from my Solaris 11 Lifecycle blog, https://blogs.oracle.com/Solaris11Life/entry/orachk_health_checks_for_the  as this is applicable to Solaris 10 too:

My colleagues, Susan Miller and Erwann Chénedé, have been working with the nice people behind the ORAchk tool (formerly RACcheck) to add Solaris health checks to the tool.

ORAchk 2.2.4, containing the initial 8 Solaris health checks, is now available:

ORAchk includes EXAchks functionality and replaces the popular RACcheck tool, extending the coverage based on prioritization of top issues reported by users, to proactively scan for known problems within:

  • E-Business Suite Financials Accounts Payables
  • Oracle Database
  • Sun Systems

ORAchk features:

  • Proactively scans for the most impactful known problems across your entire system as well as various layers of your stack
  • Simplifies and streamlines how to investigate and analyze which known issues present a risk to you
  • Lightweight tool runs within your environment; no data will be sent to Oracle
  • High level reports show your system health risks with the ability to drill down into specific problems and understand their resolutions
  • Can be configured to send email notifications when it detects problems
  • Collection Manager, a companion Application Express web app, provides a single dashboard view of collections across your entire enterprise

ORAchk will expand in the future with more high impact checks in existing and additional product areas. If you have particular checks or product areas you would like to see covered, please post suggestions in the ORAchk community thread accessed from the support tab on the below document.

For more details about ORAchk see Document 1268927.1

Monday Jun 17, 2013

Nice Compare & Contrast of Solaris 10 and Solaris 11 Zones

My colleague, Jeff Victor, has a nice blog posting comparing and contrasting Solaris 10 and Solaris 11 Zones, which I think you may find interesting.

Monday Apr 22, 2013

Ooops, incorrect Recommended patchset uploaded April 21/22

Update: April 22, 2013, 17:10 PST: The issue is now fixed and the correct Solaris 10 SPARC Recommended patchset is now available from MOS.  I apologize again for any inconvenience caused.

---- 

Ooops!

Due to human error, the incorrect Recommended patchset for Solaris 10 SPARC was uploaded to MOS on April 21, at ca. 18:54 PST.  The April 20 2012 patchset was uploaded instead of the April 20 2013 patchset. 

The date is in the patchset README, so if you've downloaded the Solaris 10 SPARC Recommended patchset in the last 24 hours, please check that the date is not 2012.  If it is, please download the corrected version from MOS.

I apologize most sincerely for any inconvenience caused.

Best Wishes,

Gerry.

Friday Mar 22, 2013

Solaris 10 1/13 patchset released and latest Solaris 10 Kernel PatchIDs

Posting updated June 6, 2013, with new Solaris 10 Kernel PatchIDs 150400-xx (SPARC) and 150401-xx (x86):

As usual, we've released a patchset of all the patches contained in Solaris 10 1/13 (Update 11):

We've also included an important post-S10U11 patch - 150125-01 (SPARC) / 149637-02 (x86) - in this patchset, which fixes ZFS Bug 15809921.  See Doc 1535270.1.

This patchset can be applied to any existing Solaris 10 system to bring all pre-existing packages up to the same software level as Solaris 10 1/13.

It is not the same as upgrading to Solaris 10 1/13 (available here), as upgrading will additionally install any new packages delivered in the Update. 

I've also updated my Solaris 10 Kernel PatchID sequence posting with the latest Solaris 10 Kernel PatchIDs, namely: 

  • The Solaris 10 1/13 Kernel patch, 147147-26 (SPARC) / 147148-26 (x86)
  • Post Solaris 10 1/13 Kernel patches have the PatchIDs 148888-xx (SPARC) / 148889-xx (x86)

Please note that there are no more planned updates to Solaris 10, so these latest Kernel PatchIDs - 148888-xx (SPARC) / 148889-xx (x86) - will continue to be used for the foreseeable future.

Murphy's Law strikes again!

No sooner had I written that Solaris 10 Kernel PatchIDs 148888-xx (SPARC) and 148889-xx (x86) were here to stay for the foreseeable future, than the integration of the SR-IOV feature into rev-04 of these patches made it prudent to rejuvenate them. 

So from July 2013, the Solaris 10 Kernel PatchIDs will change to be 150400-xx (SPARC) and 150401-xx (x86).

Dare I tempt fate again by saying these Solaris 10 PatchIDs are likely to remain the same for the foreseeable future ?

I've also updated my Useful Patch Related Downloads posting with links to the Solaris 10 1/13, Jan 2013 CPU, and latest Recommended patchsets.

Friday Oct 19, 2012

October 2012 Security "Critical Patch Update" (CPU) information and downloads released

The October 2012 security "Critical Patch Update" information and downloads are now available from My Oracle Support (MOS).

See http://www.oracle.com/technetwork/topics/security/alerts-086861.html and in particular Document 1475188.1 on My Oracle Support (MOS), http://support.oracle.com, which includes security CVE mappings for Oracle Sun products.

For Solaris 11, Doc 1475188.1 points to the relevant SRUs containing the fixes for each issue.  SRU12.4 was released on the CPU date and contains the current cumulative security fixes for the Solaris 11 OS.

For Solaris 10, we take a copy of the Recommended Solaris OS patchset containing the relevant security fixes and rename it as the October CPU patchset on MOS.  See link provided from Doc 1475188.1

Doc 1475188.1 also contains references for Firmware, etc., and links to other useful security documentation, including information on Userland/FOSS vulnerabilities and fixes in https://blogs.oracle.com/sunsecurity/

Wednesday Jun 06, 2012

Free and Open Source Software (FOSS) in Solaris

My colleague Lukas Rovensky has started a blog, https://blogs.oracle.com/solarisfoss/ , on Free and Open Source Software (FOSS) included in Solaris, including what's covered by Oracle Premier Support, etc.

Thursday Dec 01, 2011

Solaris Crash Analysis Tool 5.3 now available

Hi Folks,

My good buddy and all round good guy, Jeff McMeekin, has asked me to let you know that Version 5.3 of the Solaris Crash Analysis Tool is now available to download.  This includes support for Solaris 11.

See http://blogs.oracle.com/solariscat/ for further details.

From my peer, Deb Smith:

We are very pleased to announce that Oracle Solaris Crash Analysis Tool, version 5.3 is now available on MOS.

With 5.3, functionally has been added to support Solaris 11, in addition to the previous Solaris versions (7,8,9,10) .

To download, login to My Oracle Support, https://support.oracle.com/ , and search for 13365310. Or if you prefer, from first principles: Click on Patches&Updates -> Select "Product or Family (Advanced Search)" and enter "Solaris Crash". Select the release as 5.3 and you will find list of patch numbers.

Thanks to many folks who helped to bring this about, with special Thanks to Keerthi Kondaka, John Harres, Dana Fagerstrom, Randy Tinkess, Ethan Rider, Fermina Quinones, Michael Bergeron, Monica Allison, Dolore Eccles, Teresa Chinn, Michele Van Doozer, Tracey Taylor, Beth Barrett, Steve Kent, Jeff McMeekin and Stefan Schneider.

Best Wishes,

Gerry.

Tuesday Nov 29, 2011

New Solaris 11 Customer Maintenance Lifecycle blog

Hi Folks,

On the basis that you can't have too much of a good thing, I've started a 2nd blog, the Solaris11Life blog , to enable me to blog about all aspects of the Solaris 11 Customer Maintenance Lifecycle, including policies, best practices, resource links, clarifications, and anything else which I hope you may find useful.

In my first post, I share my Solaris 11 Customer Maintenance Lifecycle presentation, which I gave at Oracle Open World and the recent Deutsche Oracle Anwendergruppe (DOAG) conference.

I'll be posting lots more there in the coming week as time allows, including secret handshake stuff on how to interpret IPS FMRI version strings.

In future, I'll post any Solaris 11 Customer Maintenance Lifecycle related material on the Solaris11Life blog, http://blogs.oracle.com/Solaris11Life , and any Solaris 10 or below material here on the Patch Corner blog, http://blogs.oracle.com/patch .

Best Wishes,

Gerry.

Tuesday Nov 08, 2011

Solaris 11 released, 2 days early

Today, we launch Solaris 11 in New York City.

Work on Solaris 11 started 7 years ago, as soon as Solaris 10 reached "code freeze".

About 6 years ago in a Solaris P-Team (Product Team) meeting, someone raised the repeatedly asked question as to when we planned to release Solaris 11.

A slightly exasperated Jeff Jackson said 11/11/11, half jokingly, half seriously.  It made sense.  It was in the right ballpark considering all the radical changes the architects wanted to make in Solaris 11.  And what better date to launch Solaris 11 ?

175 bi-weekly builds and two release candidate respins later, and we're releasing Solaris "Nevada" build snv_175b, officially known as Solaris 11.  But 2 days early.  Ooops!  I must admit to having been tempted to file a "Stopper" bug to cause enough of a smoke screeen to delay the release by two days.  But early is good.  So 11/9/2011 it is.

The Solaris 11 Tech Lead, David Comay, has posted some excuses - er, I mean "reasons" - on his blog as to why we're releasing 2 days early.  See http://blogs.oracle.com/solaris for further information.

Having arrived in New York Tuesday afternoon, I went to the 9/11 memorial to pay my respects. 

May I just say, well done New York!  Well done America! 

It's a truly excellent and moving memorial.  The sound of the water falling and the patterns it makes as it falls into the abyss in the center of the very footprint where the twin towers stood is poignant symbolism.  It's impossible not to be moved.

And the fact that all around the memorial is still a construction site, with all the sounds of rebuilding what was destroyed, is very apt indeed.

Evil will not triumph.  Good will overcome.

It puts our humble efforts in stark perspective.

I hope you enjoy Solaris 11.  It's our most radical Solaris release since SunOS 2.0.  Virtualization built in.  Cloud built in.  Architected for maintainability.  Scalability beyond your imagination (and mine!). 

I'll be presenting an updated version of my Solaris 11 Customer Maintenance Lifecycle presentation at the DOAG (Deutsche Oracle Anwender Gruppe) Conference in Nuremberg, Germany, next week.  I hope to meet some of you there.

I'll then post the presentation here on my blog.

Let the fun begin!  Enjoy!

Best Wishes,

Gerry.

Tuesday Oct 18, 2011

Solaris 9 transitioning to Extended Support

Just a quick heads-up that Solaris 9 will transition to Vintage support (old sun terminology) / Extended support (Oracle terminology) at the end of this month.

Solaris 9 patches released from November 1, 2011, will have Vintage/Extended access entitlement by default, which means that only customers with an Extended Support contract for Solaris will be able to access them.

Updates to the Recommended Solaris 9 OS Patchset will cease at that time.

Pre-existing Solaris 9 patches (and the final version of the Recommended Solaris 9 OS Patchset) will remain available under normal "OS" entitlement - i.e. they can be accessed without an Extended Support contract.

For more details, see:

Lifetime Support Policy brochure, especially pages 27 to 31

How Patches and Updates Entitlement Works, DocID 1269292.1

Best Wishes,

Gerry

Wednesday Oct 12, 2011

Live Upgrade document updated and simplified

I forgot to let you know, but a couple of months ago, my colleagues, Don O'Malley and Ed Clark updated the Oracle Solaris Live Upgrade (LU) document describing the pre-requisites for Live Upgrade.

The original document was pretty convoluted and required several cups of strong coffee to parse.  The updated version is a little easier to understand, even without caffeine.

Thanks also to Beth Barrett, Rick Ramsey, and Jon Bowman who helped make this happen.

Monday Sep 05, 2011

Applying arbitrary patches using Ops Center

I asked my colleague, Juergen Fleischer, to let me know how to apply arbitrary patches - i.e. any specific patches you want to apply - using Ops Center.

Here's his response on how to do it:

Create a Custom Profile by selecting the desired patches. The Profile can get used for Compliance Reports or standard jobs to install these patches.

Here are the steps:

1) Select Plan Management -> Update Profiles

2) Select Action "New Profile" and name it appropiate e.g. "Solaris Cluster 3.1 APR-2011"

3) Select all required patches e.g. 120500-27 for SPARC and/or 120501-27 for x86 and save the Profile:

4) Use the Profile for plain Jobs, Reports, etc.

That's all

Best Wishes,

Gerry.

Thursday Aug 11, 2011

Applying the latest Solaris patches using Ops Center Enterprise Manager

A couple of customers have claimed to me that it's not possible to apply all the latest available Solaris patches using Ops Center Enterprise Manager.  I've checked with my colleagues in Ops Center, and it most certainly is possible.  Here's one way to do it: 

There are multiple ways to perform this task ...

Here is one using the "Report" feature:

1) Select "Host Compliance Report"

2) Use the default setting "Security and Bug fixes" and select proposed target system or group of targets:

3) The Report will show all downrev packages (e.g 824 pkgs) and will allow you to submit a job, that's all that's needed.

Looking at the Job log we can see:

# tail /var/scn/update-agent/logs/resolve.log

add 40025552 (145497-01)

add 40025545 (144998-03)

add 40025534 (145501-01)

add 40025472 (118712-24)

add 40025471 (121734-13)

add 40025380 (118777-17)

add 40024414 (125060-07)

add 40022356 (119788-10)

add 40015326 (121081-08)

Total number of sorted operations : 197

So in total we would install 197 patches.

Best Wishes,

Gerry.

Saturday Jul 02, 2011

A Solaris Recommended Patchset to bind them all

I've long been of the opinion that there should be a single generic set of Solaris recommended patches which customers are consistently recommended to install in proactive maintenance windows for issue prevention. It's something I've been working towards for quite a while.

A collaborative effort between the Software Patch Services, Enterprise Installation Standards (EIS), Sun Risk Analysis System (SRAS) - now renamed Oracle Risk Analysis Services (ORAS) - and the Explominer team in the Oracle Solaris Technical Center (TSC), has achieved this goal with the creation of the Recommended Patchset for Solaris.  

Up until now, while the Solaris OS Recommended Patch Cluster was the core basis for Solaris patch recommendations, various teams tended to recommend their own favorite patches on top of this core set.  This wasn't just by whim.  Each team was looking at patching from a slightly different angle - for example various angles of proactive patching (issue prevention) versus reactive patching (issue correction).

The Recommended Patchset for Solaris is the result of the combined wisdom of the various teams.  It is designed for proactive patching (issue prevention).  The contents are generic and should be suitable for most customer configurations.  You should still read the README file and follow its instructions to ensure all of the patches included are appropriate to your specific environment.  You should test the patchset on a test system which closely mimics your production systems prior to deployment. 

You may still legitimately be asked by support to install additional patches to fix issues specific to your environment in reactive maintenance situations (issue correction).  But this should only be after due diligence to ensure that such patches are likely to fix the specific issue encountered.

The Recommended Patchset for Solaris is the new name for the Solaris OS Recommended Patch Cluster.  It's available from MOS (including 'wget'), EIS, Ops Center, etc.  We've changed the name to use the Oracle standard terminology "patchset".  I never liked the name Solaris Patch Cluster as there was a risk of it being confused with the Solaris Cluster product to which it bears no relation.  In due course other patch "clusters" and patch "bundles" are likely to transition to the name "patchset". 

The install script and code word needed to invoke it (which is contained in the README file) have been renamed to reflect the name change from "cluster" to "patchset". 

Customers who have installed the Solaris OS Recommended Patch Cluster may notice the additional patches included in the Recommended Patchset for Solaris the first time they install it.  After that, it'll be business as usual.  Many of these additional patches are already pre-applied into Solaris Update releases, so customers on later update releases should see little difference.

As before, the Recommended Patchset for Solaris will continue to be updated whenever a patch matching its inclusion criteria is released.  This can happen several times a month.  Just take the latest which matches your proactive maintenance window schedule. 

And as before, once a quarter, the Recommended Patchset for Solaris will be archived and renamed as the Critical Patch Update in line with standard Oracle practice.  (See previous blog postings.)

To create the Recommended Patchset for Solaris, we took the Solaris OS Recommended Patch Cluster and analyzed the additional Solaris patches which the Explominer team recommend be added on top of it for the monthly EIS patch baselines. Where those additional patches added real value - i.e. were of significant benefit to many customers - we added them to the recommended patch set.  Where they didn't add real value, we discarded them.  We then made sure that a system on which the resultant Recommended Patchset for Solaris was installed passed with a clean bill of health from the ORAS risk analysis audits.

So now, the Solaris OS patches in the EIS patch baselines will be the Recommended Patchset for Solaris with input from the Explominer and other teams included, and will be tested with ORAS.  These are the patch baselines available in Ops Center.  We have set up a panel of patch experts from the teams mentioned above to adjudicate on future potential additions to the Recommended Patchset for Solaris.

Previously, the criteria for including a patch in the Solaris OS Recommended Patch Cluster was quite strict: a patch had to address a Security, Data Corruption, or System Availability issue; be a patch utilities patch, or be required by the above.  In future, other patches which add real value for many customers may be included - for example, a patch for a commonly used driver which delivers significant performance improvements.  The goal remains the same - to include the most critical generic patches which we recommend customers install in proactive maintenance windows for issue prevention.

Additional patches outside of the patchset may still be required:

  • For other Oracle products - the Recommended Patchset for Solaris only includes Solaris Operating System patches.  Other products such as Oracle Solaris Cluster, Oracle Solaris Studio, Oracle Database, etc., may have their own patch recommendations.  The monthly EIS update includes patch sets for Oracle Solaris Cluster, SAMFS, QFS, and SunVTS in addition to the Recommended Patchset for Solaris.
  • For specific platforms - for example a Solaris driver patch if a particular network card is installed or where firmware updates are required
  • For specific configurations - for example if the system is connected to 3rd party storage solutions such as EMC Powerpath or Veritas
  • For specific issues in your configuration - for example, break/fix situations where an additional patch fixes the issue encountered

You can download the patchsets or view their Readmes directly, using the following links:

To downloads the patchsets (you must be logged into MOS):

https://updates.oracle.com/patch_cluster/10_Recommended.zip
https://updates.oracle.com/patch_cluster/10_x86_Recommended.zip

To download the patchset Readme files (no need to be logged into MOS):

https://updates.oracle.com/patch_cluster/10_Recommended.README
https://updates.oracle.com/patch_cluster/10_x86_Recommended.README

The above works for both flash and non-flash (html) MOS users.   Just substitute "9" for "10" to get the Solaris 9 Recommended patchsets and Readmes.

You can also download the patchsets using 'wget' for scripted access as normal.  (See previous blog postings.)  For example, the download filename for Recommended Patchset for Solaris 10 SPARC is still 10_Recommended.zip.

If, like me, you like to know how to do things from first principles, here's the way to construct the search on My Oracle Support:

For Flash compatible systems (full function MOS version):

  1. Login to My Oracle Support (MOS), https://support.oracle.com
  2. Click on the "Patches&Updates" tab
  3. Click on "Product or Family (Advanced Search)
  4. Type "Solaris Operating System" into the product search box
  5. Select the Releases you are interested in - e.g. Solaris 10 Operating System and Solaris 9 Operating System
  6. Select the Platforms you are interested in - e.g. Oracle Solaris on SPARC (64-bit) and Oracle Solaris on x86-64 (64-bit)
  7. Click on the "+" sign next at the end of the "Platforms" line to add additional search criteria
  8. Click of "Select Filter" and select "Type" from the drop-down menu
  9. Select "Patchset"
  10. Click "Search" 

For non-Flash users (html MOS version):

  1. Login to the html version of My Oracle Support, https://supporthtml.oracle.com
  2. Click on the "Patches & Updates" tab
  3. Click on the Advanced Search tab in the search box
  4. Type "Solaris Operating System" in the product search box 
  5. Select the Releases you are interested in - e.g. Solaris 10 Operating System and Solaris 9 Operating System
  6. Select the Platforms you are interested in - e.g. Oracle Solaris on SPARC (64-bit) and Oracle Solaris on x86-64 (64-bit)
  7. For Type, select "Patchset"
  8. Click Search

MOS remembers your previous selections and they'll be shown top of each drop down menu on subsequent invocations.  You can also save searches for future re-use.

I want to thank Don O'Malley, Ed Clark, Howard Mills and the EIS team, Juergen Schleich and the Explominer team, Dr. Rex Martin and the ORAS team, and Rob Hulme and Walter Fisch from the Oracle Technical Support Center (TSC) for all their work in making a single consistent Recommended Patchset for Solaris a reality.

As always, I'm interested to hear your feedback.

Best Wishes,

Gerry.

Tuesday Feb 15, 2011

Using My Oracle Support for Hardware Products

My colleagues in Services are running Best Practice Webinars on knowledge searching and how to find Firmware, Storage updates, and Oracle Solaris patchsets.

The next sessions for patching are this Thursday, Feb 18th, at 9AM MT (U.S. Mountain Time) and 5PM MT.  If you miss these, don't worry, there's more being hosted through to the end of April 2011.  See below.

Log into MOS and see https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&doctype=SYSTEMDOC&id=1282218.1 for details.

Here's the blurb:

Our new seminar series titled "Using My Oracle Support for Hardware Products" covers a variety of topics focused on using My Oracle Support to service your hardware products. The seminar series includes five Advisor Webcast topics for customers using Solaris or Sun Hardware. The topics are repeated throughout the schedule. The schedule  runs from 8 February through 28 April.  To see the schedule and to register for a session, please review Advisor Webcasts: My Oracle Support - Best Practices for Hardware Customers

    \* Best practice on knowledge searching and how to find Firmware, Storage updates, and Oracle Solaris patch sets
    \* Hardware Asset and Automated Service Request (ASR) Management
    \* Automatic Service Request from end to end
    \* Proactive Hardware Service Portal
    \* My Oracle Support - Hardware Service Request

Oracle support experts will be on hand to present these topics and answer questions about best practices in using My Oracle Support for servicing your supported hardware products.

Friday Jan 28, 2011

Resolving 'smpatch' / Update Manager issues

A number of customers have reported issues with 'smpatch' / Update Manager resulting from the recent migration to the My Oracle Support (MOS) infrastructure.

My colleagues BethB, PeterM, and EthanR have published Document 1288579.1 which explains what to do if you are unable to register systems & download patches via sconadm, smpatch, and Update Manager . This document is also accessible via the Oracle Sun OS Community page too.

I apologize most sincerely for any inconvenience caused.

Thursday Jan 13, 2011

List of new and up'rev'd packages in each Solaris 10 Update

Here are lists in .pdf (SPARC / x86) and OpenOffice (SPARC / x86) format of new and up'rev'd packages in each Solaris 10 Update release.

As you may know from my previous blog postings, Oracle Sun recommends customers to install or upgrade to the latest Solaris 10 Update in major maintenance windows. Based on a request from customers whose change control policies prevent them from upgrading, we've been producing Solaris Update Patch Bundles which bring pre-existing packages up to the same software level as the corresponding Solaris Update.  The difference is that the Patch Bundles don't provide new or up'rev'd packages introduced in the corresponding Solaris Update.

For customers considering use of the Solaris Update Patch Bundles, that raises the obvious question as to which packages are introduced or up'rev'd in each Solaris Update release.  The lists above answer that question.

Aside: As discussed in previous blog postings, all core Solaris OS packages are updated via patches.  The up'rev'd packages above refer to some 3rd party and community based apps included in Solaris (e.g. Mozilla Firefox, Thunderbird, etc.) which are updated via package updates (i.e. where one package version is removed and replaced with a later version).  This is to tie in better with the release strategy for such apps.

Many thanks to my colleague, Roisin Doran, for all her work in putting this together.

I'll ask Roisin to work with the Technical Writers to include updated versions of these lists in future Solaris 10 Update release documentation.

Tuesday Jan 11, 2011

Changes in security policies for the Sun product lines

A colleague of mine kindly forwarded this document detailing the changes and improvements in security policies for Sun product lines as a result of the integration into Oracle.  I hope you find it useful.

Monday Jan 10, 2011

Searching for Oracle Sun patches in My Oracle Support (MOS)

My colleague, Mike Brown, has published this knowledge article which you may wish to bookmark, pointing to frequently accessed Oracle Solaris patch deliverables, including the Recommended patch clusters, quarterly Critical Patch Updates (CPUs), Solaris Update Patch Bundles, patch utilitiy patches, patchdiag.xref, the checksums file, and the LU Zones Starter Patch Bundle.

Also, here's a cut-and-paste of my response to some comments posted regarding finding Oracle Sun patches on My Oracle Support (MOS) which I hope you'll find useful.

To get the Solaris patch clusters and patch bundles, use the "Product or Family (Advanced Search)" option on the "Patches & Updates" tab. Select:

  • Product is Solaris Operating System
  • Release is Solaris 10 Operating System
  • select "Type" instead of "Platform" and Type is "Patchset"

...and it'll return all Solaris 10 patch clusters and patch bundles. This includes the Solaris OS Recommended Patch Clusters, the Solaris Update Patch Bundles, the Solaris OS Critical Patch Updates (CPUs), Live Upgrade (LU) Zones Patch Bundle, etc.

You can add further search filters, e.g. Platform is Oracle Solaris on SPARC (64-bit), to further refine the results.

Using "Platform" is useful to eliminate the double-entries for 32-bit and 64-bit. These dual returns are a pet peeve of mine and I'm continuing to work with the MOS team to get this "fixed" in a future release. They are an historical artifact from Oracle DB platform porting and are not relevant to the Solaris OS.

Note that the alternative option for "Type" is "Patch", which can be used to search for individual patches.

Please note that you can see all revisions of a patch by searching with the format 119254-% . The "-" (dash) is required in the current version of MOS.

You can also search for words included in the Patch Synopsis by using the Description field. For example:

  • Product is Solaris Operating System
  • Release is Solaris 10 Operating System
  • Type is Patch
  • Platform is Oracle Solaris on SPARC (64-bit)
  • Description contains patch utilities

In the example above, the Description option searches for the phrase "patch utilities" in the Synopsis line of patches. This returns the Solaris 10 SPARC patch utility patches.

Since the synopsis line of patches is free format, some guesswork is involved in searching using this method. For example "patch utility" returns nothing. "IP" returns more than just TCP/IP related patches.

Alternatively, you can use "Classification", which can be set to "Security" to return Security patches.

Click on the "Updated" column in the search returns to get these listed from earliest to latest or vice versa.

Firmware updates are also available from My Oracle Support.

  • Click on "Produce or Family (Advanced Search)".
  • Select the hardware product you are interested in.   For example, type "x6" and select, Product is Sun Blade X6440 Server 
    Module.
  • Select the Release(s) you are interested in, e.g. Release is X6440 SW 2.2.0
  • Click Search.

My understanding is that MOS currently limits search results to 100 entries in the current version and again I'm discussing "fixing" this with the MOS team in a later release.

Searches can be edited and saved for re-use at a later date.  MOS also remembers selections you've made in previous sessions which is a useful feature.

A "Classification" of "Other Recommended" rather logically will give other non-security recommended patches included in the Solaris OS Recommended Patch Cluster. (In MOS terminology, "Security" and "Other Recommended" together are equivalent of the old Sun "Recommended" term.) But if you want to know exactly what's in the Solaris OS Recommended Patch Cluster, it's easier to simply look at the patch  list in the Cluster README.

As discussed in the http://blogs.sun.com/patch/entry/solaris_10_recommended_patching_strategy which I published last week, we're really trying to encourage customers to move away from selecting unique patch combinations and to instead use the Solaris OS patch clusters and patch bundles as the core of your patching strategy.

But there is still occasionally the need to search for individual patches to address specific issues.

If you are looking for individual patches to address a specific CR, then use "Patch Name, Number, or Sun CR ID" search option instead of "Product or Family (Advanced Search)". For example, enter Sun CR ID 6927931 and patch 119254-78 is returned which is the patch in which the CR is fixed. A CR which was fixed a long time ago, e.g. 6486471, will return all patch revisions which contain the fix, so you can decide whether you want to take the latest patch revision which fixes it or the earliest.

As I say, I'm continuing to work with the MOS team to enhance the customer experience further, but I hope you find the above tips helpful.

A colleague in MOS has kindly forwarded a link to a tutorial on the PowerView feature in MOS which you may find useful.

Best Wishes,

Gerry.

Thursday Jan 06, 2011

Solaris 10 Recommended Patching Strategy

Here's a document and a corresponding presentation I've written describing the Oracle Solaris 10 Recommended Patching Strategy. They contain a number of links to resources which I hope you will find useful.

As always, I look forward to your feedback.

BTW: If you have any queries about patching, why not post them on the Oracle Solaris Install, Booting, and Patching Community Forum.

Best Wishes,

Gerry.

Friday Dec 10, 2010

SunSolve to MOS transition this weekend

The SunSolve front page says it all:

The MSC and SunSolve Will Retire on December 10, 2010

Find out what you need to know about the migration to My Oracle Support.

Stay up-to-date on the latest details about the migration to My Oracle Support. Access the My Oracle Support Welcome Center for transition information, training, significant changes, and Frequently Asked Questions.

The information on the Welcome Center will be updated regularly as the transition approaches, so please be sure to revisit the page often to get the latest updates.

See my previous postings, Oracle Sun patches now available from MOS , and Test site available for SunSolve to MOS transition for details on how to download patches from My Oracle Support (MOS).

Please note that I am not leading this transition and I will be unable to help with issues regarding access entitlement.

If you encounter issues with My Oracle Support, then:

  1. If you can log into MOS, use the "Contact Us" link to file a Service Request
  2. If you can't log into MOS, call Oracle support
I wish you a successful transition.


Thursday Nov 18, 2010

Test site available for SunSolve to MOS transition changes

My SunSolve colleagues tell me that the ability to test sample scripted My Oracle Support (MOS) patch downloads is now available. 

If you use scripted patch downloads, e.g. using 'wget', I highly recommend you take this opportunity to test the necessary changes to the download syntax in advance of the transition from SunSolve to MOS which is currently scheduled for December 10.

The document detailing the 'wget' syntax changes relating to the upcoming transition from SunSolve to MOS, http://sunsolve.sun.com/search/document.do?assetkey=1-79-1199543.1-1, has been updated with the relevant instructions.  I suggest you bookmark that document and return to it regularly for updates.

Friday Oct 15, 2010

Using Live Upgrade in complex environments

One of my senior engineers, Enda O'Connor, has written a document on Patching Solaris using Advanced Live Upgrade Strategies for Zones and Clusters which I hope you will find useful.

Enjoy!

Solaris Updates and Patch Bundles in the picture

A colleague of mine, Ken Brucker, has drawn this picture showing the composition of Solaris Updates which you may find useful to visualize the process.  

See the relevant slides from the presentation on http://blogs.sun.com/patch/entry/updated_customer_patching_presentation_and for more detailed information.

Thursday Oct 14, 2010

Goodbye SunSolve, Helloooo MOS!

As Miriam Brace's recent blog post signals, it's nearly time to say goodbye to SunSolve as the transition to My Oracle Support (MOS) continues.

There's syntax changes for 'wget' users which are detailed on SunSolve and copied on ISP.  This document includes details on how to continue to access the patch metadata files 'patchdiag.xref' and 'checksums'.

As per my previous posting, Oracle Sun patches and patch clusters/bundles are already available from MOS.

Expect to hear more news on the migration, including timelines, in the near future.  SunSolve and Miriam's blog are good sources of up to date information.

Tuesday Oct 12, 2010

Oct 2010 Solaris OS CPU now available

The October 2010 Solaris OS CPU (Critical Patch Updates) containing all available Security, Data Corruption, and System Availability fixes are now available from My Oracle Support (MOS) and SunSolve.

See http://www.oracle.com/technetwork/topics/security/alerts-086861.html and in particular Document 1446032.1 on My Oracle Support (MOS), http://support.oracle.com, which includes CVE mappings for Oracle Sun products. 

To access the Solaris OS CPUs on MOS, login, select the "Patches & Updates" tab and in the "Patch Search" box, click on "Product or Family (Advanced Search)".  Select "Solaris Operating System" from the product drop down menu, select the Release(s) you are interested in, e.g. "Solaris 10 Operating System", select "Type" and "Patchset" from the drop down menus on the next line, and click "Search".  This will show all the available patch clusters and bundles for your search criteria.  The October 2010 CPUs have titles of the form "CPU OS Cluster 2010/10".

The Solaris OS CPUs are archived copies of the Solaris OS Recommended Patch Clusters.  See http://blogs.sun.com/patch/entry/solaris_critical_patch_updates_cpus for further details.

Best Wishes,

Gerry Haskins
Director, Software Patch Services

Monday Sep 27, 2010

Patching Strategy, Oracle Open World Presentation

Hi Folks,

Here's the presentation on Oracle Solaris Patching Strategy and Best Practices which Bob Netherton and I gave last week at Oracle Open World.

It was really great to meet so many customers.  If you have any patch related questions, please feel free to follow up with me.

Best Wishes,

Gerry Haskins
Director, Software Patch Services, Solaris Systems.

Saturday Sep 18, 2010

Solaris 10 9/10 (Update 9) Patch Bundle now available

The Solaris 10 9/10 (Update 9) Patch Bundles are now available from SunSolve and My Oracle Support (MOS).

These patch bundles provides the set of patch pre-applied into the corresponding Solaris 10 9/10 (Update 9) release image.  These patches provide all the Solaris 10 bug fixes which were available when the contents of the Solaris 10 9/10 release was finalized.

See http://blogs.sun.com/patch/entry/solaris_10_10_08_patch for further information on Solaris Update Patch Bundles.

See http://blogs.sun.com/patch/entry/oracle_sun_patches_now_available for information on how to access patch bundles on MOS.

Many thanks to the Patch System Test, Patch Operations and Distribution, and SunSolve teams for expediting the release of these patch bundles.

Tuesday Sep 14, 2010

I hope to see you at Oracle Open World

I'll be presenting on the Oracle Solaris Recommended Patch Strategy at Oracle Open World next week:

SESSION SCHEDULE INFORMATION

ID#: S316255
Title: Patching Best Practices for the Oracle Solaris Operating System
Track: Oracle Solaris
Date: 23-SEP-10
Time: 13:30 - 14:30
Venue: Moscone South
Room: Rm 301

I'll be at Oracle Open World Monday, September 20th, Wednesday, September 22nd, and Thursday, September 23rd.

I'd be delighted to meet you there.  If you'd like to meet me to discuss anything to do with patching, please email me at Gerry.Haskins@oracle.com

For those who can't make it to Oracle Open World, I'll post the presentation here after the event.  I'm also happy to talk to you by phone if you'd like to discuss anything about patching.

Best Wishes,

Gerry Haskins 
Director, Software Patch Services, Solaris Systems

Thursday Sep 09, 2010

Solaris 10 9/10 (Update 9) released

Solaris 10 9/10 (Update 9) has been released.  See here for information and here for the download (remember to accept the license agreement at the top).  There's also a podcast and a dedicated Solaris blog.

A number of technical articles have been released, including George Wilson's video overview of ZFS enhancements in Solaris 10 9/10.

As with all Solaris Updates, Solaris 10 9/10 contains all available bug fixes which were available at the time that its contents were finalized, pre-applied into the Solaris Update image. 

It also contains a significant number of feature enhancements as described in the above links.

The corresponding Solaris Update Patch Bundle is currently in test and I expect that it should be released in a similar timeframe to previous Updates.  See http://blogs.sun.com/patch/entry/solaris_10_10_08_patch  for information on Solaris Update Patch Bundles.

All standard patches in Update 9 have already been released to SunSolve and My Oracle Support (MOS).  I've updated the Solaris 10 Kernel PatchID Sequence entry below with the Kernel PatchIDs for Solaris 10 9/10 (Update 9).

As with previous Updates, there are a small number of "special" or "script" patches whose sole purpose is to correct issues in the pre-application of patches to the Solaris Update release image.  Since these patches have no purpose whatsoever outside of the Solaris Update build process, they are not released to SunSolve/MOS.   Newer "special" patches have PatchIDs of the format 800xxx to make them easily identifiable, but old "special"/"script" patches are identifable by the words "SPECIAL PATCH" and/or "script patch" in the patch synopsis.  See the SPARC and x86 patch lists. 

<pet peeve>

Please note it is incorrect to refer to Kernel Patch 142909-17 (SPARC) / 142910-17 (x86) as the "Update 9 Kernel patch".  It is the latest Kernel Patch included in Update 9, but this Kernel patch can equally be applied to all previous Solaris 10 releases.   Solaris Updates are built from patches (and a few new packages), patches are not built from Solaris Updates.

</pet peeve>

About

This blog is to inform customers about patching best practice, feature enhancements, and key issues. The views expressed on this blog are my own and do not necessarily reflect the views of Oracle. The Documents contained within this site may include statements about Oracle's product development plans. Many factors can materially affect these plans and the nature and timing of future product releases. Accordingly, this Information is provided to you solely for information only, is not a commitment to deliver any material code, or functionality, and SHOULD NOT BE RELIED UPON IN MAKING PURCHASING DECISIONS. The development, release, and timing of any features or functionality described remains at the sole discretion of Oracle. THIS INFORMATION MAY NOT BE INCORPORATED INTO ANY CONTRACTUAL AGREEMENT WITH ORACLE OR ITS SUBSIDIARIES OR AFFILIATES. ORACLE SPECIFICALLY DISCLAIMS ANY LIABILITY WITH RESPECT TO THIS INFORMATION. ~~~~~~~~~~~~ Gerry Haskins, Director, Software Lifecycle Engineer

Search

Categories
Archives
« April 2014
MonTueWedThuFriSatSun
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Today