Solaris 10: Patching Solaris 10 on servers with non-global zones

Ramdev

I have started unixadminschool.com ( aka gurkulindia.com) in 2009 as my own personal reference blog, and later sometime i have realized that my leanings might be helpful for other unixadmins if I manage my knowledge-base in more user friendly format. And the result is today's' unixadminschool.com. You can connect me at - https://www.linkedin.com/in/unixadminschool/

Loading Facebook Comments ...

13 Responses

  1. Santosh says:

    Hi Ramdev,
    can you please help me providing the steps for Patching in real time?
    like i heard that initially we need to break the mirror?
    please provide me the steps before starting patch and during the patch and after patch..

    i attended 2 interviews they asked this question which i failed to answer.
    i tried to get this info from many ppl but no one gave me the solution.
    i hope you will guide me on this..

    thanks

  2. Yogesh.Raheja says:

    @Santosh, we have already posted a real time patching process which includes complete step by step approach. “http://gurkulindia.com/main/2011/09/general-procedure-for-kernel-patching-in-solaris/”. Hope you will find it very useful.

  3. Santosh says:

    Hi Yogesh,
    i gone through this post already.
    so is the patching process same for either kernel patch or any application patch?
    or any difference between them. Like files need to take backup, or any extra steps?
    if any small differences there let me know..
    and thanks a lot for the immediate response for my query…

  4. Santosh says:

    Hi Yogesh,
    can you let me know the difference between a Oracle Live upgrade and Patching?
    Is live upgrade is a tool or set of commands? where can i found the commands for these live upgrade?
    Help needed…

    Thanks,
    Santosh

  5. Yogesh Raheja says:

    @Santosh, In real terms for any Patch (OS/Security/apps) same process is used. But you will find kernel patching most of the times as it contains all the required OS patches. But yes the process will be same as mentioned above. The only difference is for individual patch you will use patchadd command and also you have to find out the patch dependencies as well.

  6. Yogesh Raheja says:

    @Santosh, Live upgrade is a method to do pathing/OS upgrades etc.. For more details you can see the below link “http://gurkulindia.com/main/2011/10/solaris-patching-using-live-upgrade/” Hope this will help you in making a concept.

  7. Santosh says:

    Yogesh, in that post initially you installed the Oracle Live Upgrade application, it means it’s a tool right?
    yogesh#pwd
    /a/Solaris_10/Tools/Installers

    yogesh#ls -l
    total 3
    -r-xr-xr-x 1 root root 457 Sep 1 2009 liveupgrade20
    -r-xr-xr-x 1 root root 554 Sep 1 2009 solarisn
    yogesh#

    yogesh#./liveupgrade20

    Sorry i am wrong..it’s just a doubt..

  8. Yogesh Raheja says:

    @Santosh, Its a package which is by default present while OS installation. Its recommended by SUN to upgrade the LU package to the highest version before proceeding with its usage. Dats the reason I have done the above steps for precautions.. Live upgrade is just a package which is by default present in the OS. You can just check it in your server , you will find it. Hope this will help you.

  9. sandeep says:

    Hi Yogesh/Ramdev,

    In my environment some of the servers are mirrored with ZFS. Could you guys have any document to patch ZFS root mirror ? If so please pass it to me.

  10. Yogesh Raheja says:

    @Sandeep, let me try that on my test m/c and then I will get back to you.

  11. sandeep says:

    Hi Yogesh,

    Im planning to patch the solaris9/10 servers which are on below patch level. Could you please let me know what is latest patch level for those. So that I can apply the latest patches.

    Solaris 9 9/04 — Generic_122300-46

    Solaris 9 9/04 — Generic_122300-57

    Solaris 9 9/04 — Generic_122300-55

    Solaris 9 9/04 — Generic_118558-38

    Solaris 9 9/04 — Generic_118558-39

    Solaris 10 8/07 — Generic_137137-09

    Solaris 10 10/09 — Generic_141444-09

    • Ramdev says:

      @Sandeep – To answer your question we should go back to the basic question why we need to apply a patch?

      As I discussed in some other comment “Basic purpose of Patching is to avoid any security or functional vulnerabilities either from the code of operating system or the code of related applications”.

      There are two common cases on the question “when we have to apply patches?”

      Case 1: SA realizes an issue on the server, raises a ticket to the vendor for support and then gets advice for specific patch update for the server. Finally, proceeds for patch update

      Case 2: SA performs proactive administration by checking all his environment if there is any other server similar to the problematic server that appeared in the case 1, and if found any then go for patch installation. In this case SA can take the call without vendor support because of the experience from case1.

      Back to your question:

      for general/kernel patches related to non-security issues : If your servers have no issues encountered then leave them as it is, and in case if you see some unexpected issues then raise the case to Oracle or otherwise find the problem history of your own environment and the resolution procedures. If there is any previous track record for the specific patch install then go ahead with the patch installation with appropriate procedures.

      For Security related Patches: Your company should have some security advisory team who continuously deals with technical vendors for any security vulnerabilities and if there is any alert then they will ask SA team to go for patch installation. If you think that you company doesn’t have such team, then you can keep watching at the site sunsolve.sun.com where the oracle releases all security updates and also lists the recommended patch list.

      Warning: Sometime installing patches without proper testing could cause application issues, so please be make sure test the patch on dev/test machines before going for installation on critical servers.

  1. December 2, 2011

    Ronald…

    […]gurkulindia.com » Solaris 10: Patching Solaris 10 on servers with non-global zones[…]…

Leave a Reply

Your email address will not be published.

[contact-form to='ramkumar.ramadevu@gmail.com' subject='New Learning Request Submitted'][contact-field label='Name' type='name' required='1'/][contact-field label='Email' type='email' required='1'/][contact-field label='Learning Request' type='textarea' required='1'/][contact-field label='Are you Looking for ' type='radio' required='1' options='Paid Training,Free Training'/][/contact-form]

What is your Learning Goal for Next Six Months ? Talk to us