Friday Jan 11, 2008

Using EIS/Solaris Baselines in SunConnection Satellite and xVM Ops Center

Just a short note about an important feature of the Sun Connection Satellite and xVM Ops Center Software:

The Enterprise Installation Standards (EIS) team  is releasing monthly EIS-DVDs. Among other useful things they contain a baseline of patches for all current Solaris versions and OS-near Software products. These patch baselines are built on top of the Recommended Patch Cluster and aggregate feedback and experience from Sun Field Engineers and Solution Centers. They have gone through additional QA processes and are used to install Sun Server worldwide, before handing over them to our Customer.

Over the last years an increasing number of our large Customer world wide have used  these EIS patch baselines to maintain their server  on a regular schedule. This has been the core feature of the Traffic Light Patch management tool (TLP), which is now superseded by Sun Connection Satellite and soon xVM Ops Center.

These monthly patch baselines are now called Solaris Baselines and are available to all Customers with Sun Connection Satellite subscriptions and xVM Ops Center in the near future.They are part of the official Knowledge Base  which is leveraged by these products.

Using standards like Solaris baselines and automation tools like Sun Connection are building stones of a successful Patch Management Strategy !

 

Wednesday Dec 05, 2007

xVM Ops Center Early Adopter Training this week in Santa Clara

We just completed the first round of early adopter training in Santa
Clara this week. Another great job by Steve Stelting who taught the
class. Considering we put this together in just a couple of weeks I was
impressed with what he was able to deliver. I know the other attendees
were as well. Thanks to everyone in SysNet who provided content for us
and participated in the preparation and Q&A sessions.



For this early adopter class we picked some of the best from the field
including SE's from Scott Armour's sales team and David Teszler's
Systems Practice team. We brought in some of our Support (Tier 3) and
Sustaining engineers who currently support Sun Connection and N1SM from
a Solution Center perspective.  Also in attendance were some of our
best Support Services SSE's who do our Sun Connection installs. This
attendees provided a lot of great feedback, questions, etc. which we
will compile over the next couple of days. We will be doing similar
sessions in January in Burlington, MA and in EMEA prior to rolling out
training to a broader audience in February.



I thought I would share a comment from one of the SE's that attended
the training:





xVM Ops Center Cool improvements in OS provisioning vs. N1 SM



All,



Cool "news to me" ...  :-D



In the old N1 SM way, when you did an "n1sh create os {os_name} file
/path/to/solarisdvd.iso" the ISO image was lofi/loop mounted and copied
the contents of the DVD filesystem to /var/js/{distro_number}, when N1
SM started running the "create os" job.



The new xVM Ops Center way simply copies the /path/to/solarisdvd.iso to
/var/opt/SUNWscn/images/os/iso/DISTRO_{distro_number}_sol-10-u4-ga-sparc-dvd.iso
... so the operation is basically at "disk speed."   This approach
retains a copy of the original .iso file, which is used to create
"replica" boot servers on downstream "Proxy" servers for JumpStart
purposes...effectively as many Proxy/JS Boot servers as needed to
support a diverse network topology comprised of many subnets.   The
actual steps of mounting the ISO and copying the contents to
/var/js/{distro_id} are deferred until the first OS provisioning job is
executed.



This allows for the automatic creation of JumpStart boot servers in
each subnet, which is a huge advantage for a site with many subnets. 
In the N1 SM way we would have needed separate N1 SM servers in each
subnet and we would have had to create the OS and OS profiles on each
of them manually or through custom scripting.  Or we would have needed
to do funny things with DHCP helper and changed the provisioning IP on
the SM server and limited jobs to whichever subnet is currently
undergoing provisioning.  With xVMOC, the use of Proxies that act as JS
boot servers in each subnet ... and the fact that the JS miniroots are
copied to those JS boot servers, automatically is a HUGE improvement
over N1 SM.



There is also a positive side-effect of this design for demonstration
purposes...  It means we can create an OS, and an OS profile very
quickly and there is only a short "disk-speed" delay in copying the
.iso image.   We know that actual OS provisioning takes a while, so the
fact that it takes a bit longer the first time can easily be explained
away.  Also, we can deploy an OS image that has been previously
deployed, so there is no additional delay during the demo for the ISO
mount and copy to /var/js/{distro_number}.



I like it.



Also, JET is being used for the JS boot servers on the proxies.  And it
is possible to import JET modules and existing JET profiles as well as
to override individual JET parameters.   This is well beyond my
expectations.  We've been asking for this for seems like FOREVER.   Now
we have a solution for customers with pre-existing JET
infrastructures.   We can add the JET modules they need and we can
import their existing templates.  Then they can stop using their old
JET servers and rely on xVM OC JET capabilities going forward.    This
is the best we could have hoped for -- would be unrealistic to manage a
pre-existing JET environment in place...but as long as we can capture
the settings, we have a great path to import to xVM OC and then
continue to manage within xVM OC.

Thursday Nov 08, 2007

Registering Your Inventory in the Disconnected Mode

Registering Your Gear in the Disconnected Mode

This Tech Tip explains how to register your hardware and software, or gear, with the Sun
Connection Inventory Channel from within a disconnected or protected network where Internet,
or cross-intranet connections, are not allowed for security and compliance reasons.

Introduction

The procedure for registering your gear in a disconnected network is similar
to that for a connected network. The difference is that for a
disconnected network there is an extra step (or two extra steps for
the client CD) to download the Sun Connection Product Registration Manager to
run as a client application and collect the data. The client application can
be either downloaded to run on a laptop computer, or as a
Java Archive (JAR) file to be burned onto a CD-ROM disk as
described below.


  • The laptop would have the client loaded, be connected to the secure
    network to collect the data, and then be reconnected to a public
    network to communicate with Sun.

  • The client CD would be installed on a machine in the secure network
    to collect the data and be used to burn a data CD that would then be
    transferred to a machine on a public network to communicate with Sun.

Either of these options can enable gear registration on a secure network.


Note - To ensure that you always have the latest version of the application
with access to the most up-to-date features, you should download the Sun
Connection Product Registration Manager to run as a client application on a
laptop computer. (A web-based client application only persists for that “session,” so you
always have the most recent and up-to-date client application. Whereas, a JAR
client remains persistent so you must remember to periodically refresh the JAR
application within the public network.) However, the web-based client option will not
work in protected networks that require the vetting of data before it enters
or leaves. In this case, you will need to download the JAR
file onto a CD.

To Download the Sun Connection Product Registration Manager for Use With a Laptop Computer

  1. Access the Sun Connection Inventory Channel with a laptop or external computer.
  2. Click the Discover Now button from Step 2.

    The live version of the Sun Connection Product Registration Manager is displayed.


    Note - Once the Sun Connection Product Registration Manager is running on a laptop
    computer, it can be moved from network to network by physically changing
    the network connections.

  3. Physically disconnect the laptop from the Internet and connect it to your
    secure network.

    You are now ready to use the Sun Connection Product Registration Manager
    client.

To Download the Sun Connection Product Registration Manager as a JAR File for Use With a CD or DVD

  1. Access https://sunconnection.sun.com/RegistrationClient/regclient.jar with a laptop or external computer.
  2. Choose Save to disk in the popup menu and provide a convenient
    directory for the file.
  3. Copy the file onto portable media.
  4. (Optional) Perform any desired vetting or certification of the file.
  5. Install the media in a device on your secure network.
  6. Run the JAR file by one of the following methods:
    • Access it from your browser.

    • Issue the java —jar regclient.jar command in a terminal window.

    You are now ready to use the Sun Connection Product Registration Manager
    client.

To Discover Your Gear

Once you have the Sun Connection Product Registration Manager client running on
your protected network, you will use it to perform a discovery of
your Sun products. The discovery record will then be transferred to a
public network to be uploaded to Sun for registration.

  1. On the first screen of the Sun Connection Product Registration Manager client
    (Locate Product Data), select the Locate Products on Local Subnet: xxx.xxx.x radio
    button and click Next.

    Typically, with a protected network you will scan only the local subnet.


    When the discovery completes, a product registration screen with a list of
    your Sun products is displayed.

  2. Save the record of discovered gear by doing one of the following:
    • Click the Save As button and save the record of discovered gear to a
      convenient location on the laptop's hard drive. Then relocate your
      laptop computer to a public network to continue the registration
      process.

    • Click the Save As button to save the record of discovered gear to storage media.

      Once the record of discovered gear is cleared to leave the protected
      network, you can load the media onto a machine on a public network to
      continue the registration process.

    Note - All saved information is in a clearly manageable XML format and you
    can scrub any data you do not wish exposed (for example, host
    names) before that data leaves the protected network.


    Note - The remaining instructions are for the reconnected laptop computer or for another
    machine with the newly loaded media that contains the record of discovered
    gear.

  3. Access the Sun Connection Inventory Channel at https://sunconnection.sun.com/inventory/.

  4. Click the Discover Now button from Step 2.

    The live version of the Sun Connection Product Registration Manager is displayed.

  5. Click the Locate Products on Other Subnets, Specific Systems or Load Previously
    Saved Data button.

    A number of new check boxes are displayed on the screen.

  6. Select the File Name check box.
  7. Click the Browse button and complete the path to the media or
    hard drive location that has the record of discovered gear, and click
    Next.

  8. Click Next.

    The Enter Sun Online Account Information screen is displayed.

  9. Enter your Sun Online Account (SOA) information by completing the appropriate choice:
    • Click I already have a Sun Online Account. Then type your user name and password.

    • Click I don't have a Sun Online Account. Sign me up! Then use the wizard to establish an SOA.


  10. If you have multiple teams, select the team to which you want to register your gear.

  11. Click Next to log in and bring up a screen that allows
    you to register your gear with Sun.

    After logging in, the Sun Connection Product Registration Manager contacts Sun to
    retrieve the registration state of each of the pieces of gear in
    your list.

    1. Choose to register some or all of the products by selecting the
      check boxes in the far right column.
    2. (Optional) Enter any desired gear tag information in the Description column for a
      selected service tag.
    3. (Optional) Click Show me all data that will be uploaded to Sun connection.

      You can view the entire XML content that will be transmitted back
      to Sun.

    4. Click View Terms of Use and select the check box if you
      agree.
    5. Click Next to register your gear with Sun.

      A Registration Complete screen is displayed.


    That's it! Now you can use the Sun Connection Inventory Channel to view, organize, and manage your gear.



More Information

For more information about Sun Connection, go to the Sun Connection information hub.

To get an inside perspective of Sun Connection, Sun Management Center software,
Sun N1 Service Provisioning System, and Sun N1 System Manager, visit the
Sun Connection blog. Contributors to this blog include members of the Sun Connection Field Enablement
team. The goal of this blog is to share information with customers
who either have already implemented or will implement these products in the
future. The blog also provides important information about training and other key
enablement activities.



Discuss and comment on this resource in the BigAdmin Wiki

Tuesday Oct 09, 2007

Systems Management at CEC in Las Vegas

We have had a great turn out at the Sun Connection & Systems Management
demo booth in the CEC Pavilion. I am told we have been the busiest of
all of the exhibitors. We were packed on Sunday night with three deep.


Our first session breakout session, Sun Connection 2.0/xVM Ops Center
lead by Eran Steiner with help from Bob Lusk broke a record for that room with
147 attendees. Eran did a great job. We had people sitting on the floor
because all the seats were taken.

Dave Tong from our Connected Systems Network Engineering team created a cool video that talks about what we are doing for our next release of Sun Connection & N1 System Manager (merged product) and now names xVM OPS Center. More about that in our next blog. Here is Dave's submission to the CEC Technical Video Challenge:


http://www.youtube.com/watch?v=p7iVH2x-G-s




The following are all of the sessions we will be holding in addition to
the demo booth. I understand at least one of the is already full with
over 140 attendees registered:



Sun Connection 2.0 - Eran Steiner, Sun Microsystems, Inc. Monday
08-Oct-07
2:15 PM - 3:15 PM 
Bally's Hotel - Las Vegas 7



Patch Management: Facts, Fiction or Religion - Peter Charpentier, Sun
Microsystems, Inc.; Michelle Millar, Sun Microsystems   
Tuesday 
09-Oct-07 
1:00 PM - 2:00 PM
Paris Hotel - Versailles Room 3 & 4



Sun Connection 2.0 - Building out a massively scalable internet-ready
distributed management infrastructure for systems provisioning

updating, and reporting Jean-Dominique Sorace, Sun Microsystems,
Inc.; Nick Stephen, Sun Microsystems, Inc. Tuesday
09-Oct-07

3:30 PM - 4:30 PM
Bally's Hotel - Bronze Room 3



Sun Service Tags and Sun Connection Inventory Channel - what it can do
for you and how it adds value to the over all customer experience with
Sun - Dave Wood, Sun Microsystems Tuesday
10/09/2007
2:15 PM -3:15 PM



Thursday Sep 13, 2007

The Sun Connection Inventory Channel in a Nutshell

So you have a state-of-the-art enterprise data center that employs Sun products and serves clients across the country. Or, you have a mid-tier-sized business that uses a primary storage area network (SAN) and a remote storage location for backup. In either case, you have a number of Sun assets that need to be managed and maintained over time for the system to operate efficiently. Some things to consider are:

  • How to keep track of an ever-changing inventory
  • How to keep your inventory of hardware, firmware, and software up to date
  • How to maintain required licenses and renewals
  • How to easily share data about the system with other asset management tools
  • How to compare the system inventory with that of our vendor

Sun addresses these concerns with a lightweight inventory management tool, the Sun Connection Inventory Channel. This is a free web service for Sun customers to significantly decrease system management costs by automating
the IT inventory process. This allows you to focus more on the priorities of your business.

Some of the ways the Sun Connection Inventory Channel can help you are:

  • Register Sun software and system assets through an easy-to-use  browser interface at a single console with no setup required
  • Organize your assets based on location or business function and use inventory filters to view your product information
  • Generate reports on your products and export your product data to a variety of file formats for use with third party products

 The major elements to the Sun Connection Inventory Channel are:

  • Electronic labeling. The Sun Connection Inventory Channel uses digital identifiers called service tags to register Sun products. Service tags contain basic product information and can be embedded in the product software or firmware. You can download service tags for Solaris 8, 9, and 10. For more information, see the Service Tag FAQ
  • Discovery and registration. Product discovery and registration are done with a wizard-based tool at the Sun Connection Inventory Channel portal.
  • Managing your Sun assets. After discovery and registration, you can use the Sun Connection Inventory Channel to view, organize, manage, and generate standard reports from the data on your Sun products.

To get started, see the Sun Connection Inventory Channel portal. 

Friday Sep 07, 2007

Using Python API scripts with Sun Connection


Did you know that you can use Python API scripts to automate Sun Connection tasks?

There's a new article in BigAdmin, Getting Started With the Sun Connection Satellite Python API,
which describes how to install and configure the Sun Connection Python
API software. It also includes a pointer to sample API scripts for both
the Solaris OS and Linux.

To find more API documentation, including  classes, use the pydoc script. The
pydoc module is bundled with Python and the pydoc script is usually
installed at the same place where the python interpreter is located:

$ cat /usr/sfw/bin/pydoc
#!/usr/sfw/bin/python

import pydoc
pydoc.cli()

Use the pydoc command to get the information that you want.

For Solaris OS

$ pydoc /opt/SUNWuce/api/python/lib/PyOsApi/OsApi.py
$ pydoc /opt/SUNWuce/api/python/lib/PyOsApi/OsApiConstants.py
$ pydoc /opt/SUNWuce/api/python/lib/PyOsApi/OsApiExceptions.py
$ pydoc /opt/SUNWuce/api/python/lib/PyOsApi/DataStructures/OsApiDataStructures.py

For Linux OS

$ pydoc /opt/local/uce/api/python/lib/PyOsApi/OsApi.py
$ pydoc /opt/local/uce/api/python/lib/PyOsApi/OsApiConstants.py
$ pydoc /opt/local/uce/api/python/lib/PyOsApi/OsApiExceptions.py
$ pydoc /opt/local/uce/api/python/lib/PyOsApi/DataStructures/OsApiDataStructures.py

Example
For example, use this command to find the available API classes for the Solaris OS: 
# pydoc /opt/SUNWuce/api/python/lib/PyOsApi/OsApi.py

Tuesday Jul 24, 2007

Sun Connection and SunGDD

What is  SunGDD ? It is a project to help customer deliver the correct debug information back to Sun in case there are any bugs or issues. This is not Explorer. These scripts are product oriented and unique per product.

So SunGDD is now in the works to be released for Sun Connection 1.1 and 1.1.x. This is a screenshot of the help page:

This is the helpscreen
Usage: ./SUN-GDD_sun-connection-collect_noarch.sh [options]
Options:
  -collect                Collect Data
  -debugAgent             Enable Agent Debug
  -debugServer            Enable Server Debug
  -debugEngine            Enable Engine Debug
  -debugAll               Enable Debug for All
  -restoreAgent           Restore Agent Debug
  -restoreServer          Restore Server Debug
  -restoreEngine          Restore Engine Debug
  -restoreAll             Restore Debug for All
  -h or -help             Print this Information.

At least one option is mandatory or the script will just exit.


So the script will help to enable and restore debug levels of the product and then be able to collect all the needed logfiles, configuration files and other miscellaneous data that can help Sun with any kind of problem that may happen with the product.

Stay tuned for release date!!

Peter Charpentier
SysNet Field Enablement Team
 

Monday Jul 16, 2007

Marley's day at the dog park

Steve Wilson challenged us to put yourselves on YouTube. While I'm not ready to post videos of myself, I am ready to put my dog out there. This really happened, so it seems like a good place to start.

Marley and I were at the dog park a couple of weeks ago and I was chatting with Sue while our dogs played. When she learned that I work at Sun, she asked me about Sun Connection's Inventory Channel. She wanted the inside scoop. We talked for quite awhile and I thought that we'd covered everything. I was surprised when Sue tracked me down at work the next morning (impressive, since she hadn't written down my name or number) and set up an impromptu conference call with one of her co-workers. We went through everything that we talked about at the park, and more.

What is Sun Connection's Inventory Channel?
It's a new web-based service that you can use to register one or more of your eligible IT assets at the same time, and then use it to manage your registered inventory.

How does registration work?
If Sun Service Tags are embedded in your software, hardware, or storage devices, you can register them. Service tags are very lightweight and don't do anything on their own, you control the registration.
To register:

  1. Get the Product Registration Manager.
  2. Go to the Inventory Channel and click Discover Now to find out what's available for registration. You can define the scan parameters, such as scan your local subnet, or enter specific subnets, host names, or IP addresses.
  3. Log in to the Inventory Channel with your Sun Online Account ID and select the product or products you want to register, then click Next to complete the registration.
  4. View your registered assets in the Inventory Channel. If you want to track other information, edit the asset details.

That's it. Once registered, you can group the assets and then export the information in an XML, CSV, or PDF format. Just what the boss wants, without manually updating a spreadsheet ...and, it's free. No cost, nada!

Get more information here, or check out this screen cast to learn how to manage and organize your registered assets.
Want to see Marley in action? Check out his YouTube video.



See you at the park!
Marley and Laura

 

Monday Jul 02, 2007

Patch Management Whitepaper update

What is Patch Management? Why are people so afraid of talking about this and there are so many opinions regarding this topic. They vary from patch the latest all the time when it is available, never patch because it is dangerous, patch when vendor tells you or when something breaks.

So what is the reality? Is it dangerous? Will it create more downtime?

I cannot say that we have all the immediate answers, but I will explain some details and these are taken from the new version of the Patch Management Whitepaper that is being reworked and updated.

Patching first of all is not dangerous. It all comes down to the Process on how to handle it. Patching should be planned, qualified, tested, etc, etc.... It should follow very much like Release Management when developing Software. It is not that much different. So this means that any downtime should be planned, then it is ok of course. The test cycle should be complete also before going to the next level.

So an example of the process could be something like:
Analyze->Assess->Download->Schedule->Deploy (if approved)
Where  (if approved) is very important.

So in the paper we will talk about the link to ITIL and how that can help understanding the process and cycle. So stay tuned for the updated paper and more info will follow here :) Then to facilitate the whole Patch Management Process we have tools such as Sun Connection.

Wednesday Jun 27, 2007

Best Practices - Speedy downloads

For those of you who are experienced with Sun Connection, you know that first time you run a job to deploy a baseline - downloading can take a very long time, especially when you have 100-200 patches or RPMs.


This article will explain how to speed up those downloads!


Let's take a look at normal agent<->management server<->internet communication:
Step 1: Agent finds out it needs 200 patches, it then requests those one by one from the management server:
[Agent] --(Please give me patch A)--> [Management Server]            [Internet]


Step 2: If management server has this patch in cache - it provides it right away to the agent:
[Agent] <--(Here you go, patch A)-- [Management Server]            [Internet]


However, if the cache doesn't have those patches, either because it's the first time or because the cache was cleaned - that's when the slowness begins. The management server will tell the agent "Please wait!" and will go to the internet (either to Sun, RedHat or Suse) to download the requested patch:
[Agent] <--(Please wait! Error code 302)-- [Management Server] --(I need patch A)--> [Internet]


The agent, sadly but patiently says "ok, I'll just sleep for 30 seconds and try again..." while the Managment server is working to download the patch from the internet:
[Agent](sleeping 30 seconds)     [Management Server] <--(Downloading patch A)-- [Internet]


The problem is that many times it takes only a few seconds to download the patch, and then you waste the rest of the time waiting. So if you have 200 patches - waiting for nothing for about 25 seconds each time adds up quickly: 200\*25 = 5000 seconds, or about 1 hour and 30 minutes of wasting time!


The solution is quite simple: instead of waiting for 30 seconds, you can reduce the time the agent waits for the management server to about 5 seconds. Here's how:


The agent has a "uce.rc" file with default values, and a ".uce.rc" file with values that were customized by the user. The location of the relevant configuration file is:
$UCEDIR/agent/bin/uce.rc
$UCEDIR/agent/bin/.uce.rc


By default - Linux $UCEDIR is /opt/local/uce and Solaris $UCEDIR is /opt/SUNWuce/.
Never change the file "uce.rc". You would want to copy the relevant line from "uce.rc" and add it to ".uce.rc" and modify it there.
The relevant line is:
( all ) ( invisible.server.__general.knowledgebase_conflict_reconnect_interval, 30 );


You can easily copy this line with the following command:
# cd /opt/local/uce/agent/bin/
# grep knowledgebase_conflict_reconnect_interval uce.rc >> .uce.rc
Before performing this, make sure you don’t have this line already in .uce.rc.


Then, change the value in .uce.rc to:
( all ) ( invisible.server.__general.knowledgebase_conflict_reconnect_interval, 5 );


Then restart the agent - and you're done!



If you have any questions or suggestions for future best practices, please feel free to contact me at Eran.Steiner-AT-Sun-DOT-com.


Happy patching!


Eran Steiner
Field Enablement Team


 

Tuesday Jun 12, 2007

Sun Connection Inventory Channel Goes Live

The new Sun Connection Inventory Channel is up and running, enabling you to easily discover, register, and manage your Sun products. This is a pretty valuable service, whether you're trying to register a single installation of the Solaris OS, or trying to keep track of all the Sun products in a large network environment.

The whole process for working with the Inventory Channel looks something like this:

1. Set up your products to work with Service Tags.

Service Tags are a set of XML tags that store basic information about your Sun product and the environment in which they're installed. Some Sun products are currently enabled to work with Service Tags out of the box; other products require a patch or additional packages.

For more information about Service Tags, see the FAQ.

2.  Discover the Sun products in your environment.

Go to the Sun Connection Inventory Channel, and click the Discover Now button. The Inventory Channel registration client discovers the Sun products in your environment that are Service Tag enabled.

3. Register your Sun Products.

Once you discover the Sun products in your environment, upload your product information to Sun Connection to register your products.

4. Manage your Sun Products in Sun Connection.

After you register your products, you can perform a variety of management tasks through the Sun Connection web interface:

  • Organize your products in logical groups
  • Create product filters to zero in on particular products
  • Create PDF, XML, or comma-separated reports on your products
  • Track information updates on your products through RSS feeds
For a detailed review of this process, take a look at this animated tutorial


 

Thursday May 31, 2007

See Sun Connection in Action

Check out these demos to see Sun Connection's satellite deployment architecture at work.

Patching With Sun Connection – This 10 minute screen cast does a great job of showing you how to use Sun Connection to patch your Solaris OS system.

What Can Sun Connection Do? – This 40 minute screen cast goes into more detail about what Sun Connection can do. The demo includes centralized security patch analysis, system snapshot comparison and rollback, application deployment and configuration, and reports for your Solaris and Linux systems.

Learn More about Sun Connection.

Thursday May 17, 2007

Best Practices - Using Probes, Pre and Post actions

Sun Connection allows uploading scripts as local components. There are several types of local components, 3 of them are Probes, Pre action and Post action.

Pre action runs prior to deploying a package. It can be used to stop services, notify users on the machine etc.
Post actions are being executed after the package was deployed. They can be used to restart services, clean temporary files, extract any tar balls that were deployed etc.
Probes are a Boolean conditions – if the probe returns "Yes" – the job will continue. If it returns "No" – the job will stop. Probes are used to determine requirements for deployment: enough disk space in certain partitions, enough RAM, low CPU load, no users logged in etc.

In general, Probes, Pre and Post actions can be written in Shell, Python Perl etc. The only limitation is that the target machine needs to have this interpreter installed. When writing the script for those actions, always state the interpreter in the beginning, otherwise the execution will fail. For example, the first line would be:
#!/bin/sh

With regards to exit codes – it is the same for all the scripts:  exit with a value of "0" will indicate all went well, and exit with any other code would indicate a failure. For probes, exit 0 means condition is met, meaning - continue with the job.

One important thing about Probes is that unlike the other components, Probes actually run also in simulation mode. The reason for that is that in simulation you want to check if the environment is ready for the job. For that reason, be very careful when writing probes – make sure they don’t change anything in the environment as those changes will take place in simulation mode.

Few tips:
1) Always write the script and test it outside Sun Connection first. This will speed up debugging of errors
2) Always assume that the script can be executed twice, so before changing anything – check if it was changed already
3) When running those scripts, the standard output and standard error (stdout and stderr) will go to the log file. This log file can be viewed per machine through the console.
4) The log will be available only when the job is completed


If you have any questions or suggestions for future best practices, please feel free to contact me at Eran.Steiner-AT-Sun-DOT-com.

Happy patching!

Eran Steiner
Field Enablement Team

 

Monday Apr 30, 2007

Looking for a new way to patch your Solaris systems?

Have you tried using baselines?

Every month, Sun releases a collection of patches called baselines. You can use the baselines in Sun Connection's satellite deployment architecture to patch your connected systems. If you don't want to apply certain patches, you can create black lists and white lists to create custom patch sets.

Want to take a test drive first?

Run a simulation to test the patches on your managed hosts before applying them. When you run the simulation, you can check for dependencies and find out how long it'll take to install the patches.
 

Want to learn more?

Check out this new article about How to Use Sun Connection and Baselines to Patch the Solaris OS. Stay tuned ... Doug Schwabauer has an article coming soon about how to use a baseline pre-caching script with Sun Connection to patch your Solaris OS. 

To see the latest Sun Connection information, go to the Sun Connection hub on BigAdmin.

 

Want to stay current with the latest articles on BigAdmin? 

Sign up for the New Article RSS feed on BigAdmin.

 

Laura Hartman

Tech Writer, Sun Connection

Friday Apr 27, 2007

Best Practices – Performance improvement

Sun Connection automatically takes snapshots of the database every hour. This is done as a backup mechanism. However, in environments where a backup is performed regularly (i.e. daily or better) it is possible to disable this feature as it is an overlapping protection.
This will greatly improve the performance of the management server in environments with many machines, users and various operating systems.

Disabling database dumps in Sun Connection 1.1

Important Before disabling this feature, make sure you have the backup utility running at least once a day. The backup utility is located in:
$UCEDIR/install/backup.sh
Please refer to the Administrator guide for information on how to set this up.

All server components have "uce.rc" file with default values, and a ".uce.rc" file with values that were customized by the user. The location of the relevant configuration file is:
$UCEDIR/engine/bin/uce.rc
$UCEDIR/engine/bin/.uce.rc

By default - Linux $UCEDIR is /usr/local/uce/ and Solaris $UCEDIR is /opt/SUNWuce/.
Never change the file "uce.rc". You would want to copy the relevant line from "uce.rc" into ".uce.rc" and modify it there.
The relevant line is:
( all ) ( invisible.database.__general.save_engine_data_base_dump, true );

You can easily copy this line with the following command:
# cd /usr/local/uce/engine/bin/
# grep general.save_engine_data_base_dump uce.rc >> .uce.rc
Before performing this, make sure you don’t have this line already in .uce.rc.

Then, change the value in .uce.rc - change it to:
( all ) ( invisible.database.__general.save_engine_data_base_dump, false );

You would then want to restart the engine service:
If the management server is installed on a Solaris machine:
# svcadm disable SUNWuce/engine

Wait for the service to be offline:
# svcs –a | grep SUNWuce | grep engine
disabled 14:21:10 svc:/application/SUNWuce/engine:default

Restart the service:
# svcadm enable SUNWuce/engine

If the management server is installed on a Linux machine:
# /etc/init.d/uce_engine stop
# /etc/init.d/uce_engine start

Last, you may want to remove the current dumps. They are stored in $UCE_DIR/engine/bin/dumps/

If you have any questions or suggestions for future best practices, please feel free to contact me at Eran.Steiner-AT-Sun-DOT-com.

Happy patching!

Eran Steiner
Field Enablement Team

About

sunconnection

Search

Categories
Archives
« April 2015
SunMonTueWedThuFriSat
   
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
  
       
Today