Re: Patching Solaris 9 systems to "current"
- From: "Richard B. Gilbert" <rgilbert88@xxxxxxxxxxx>
- Date: Thu, 21 May 2009 00:32:16 -0400
Michael Vilain wrote:
In article <7a4Rl.38344$BZ3.28511@xxxxxxxxxxxx>, ohaya <ohaya@xxxxxxx> wrote:
Richard B. Gilbert wrote:
Hi,This is the sort of situation that makes me cringe!
We have a number of Solaris 9 (SPARC) systems that were originally deployed awhile ago, and I've been asked to bring the systems "up-to-date" patch-wise. The person who originally deployed/built these systems is unavailable, so I got "stuck" with this task :(.
It's going to be a couple of weeks before I can get in to "see" the systems, but I'm trying to prepare and gather information on this...
From what I've been told, Solaris on all these systems was installed from a base image (FLAR), and then I think (again, I haven't actually had any "hands-on" time with these systems yet) the disk allocations were adjusted on some of the systems depending on what was going to be running on them.
Also, according to what I've been able to find out, that base image had "the latest patch cluster at the time" applied.
From what I can gather, the original deployment took place about 2 years ago :(.
And, finally, these systems don't have any internet access, so I'll have to burn whatever is needed to some CDs beforehand.
So, I'm looking for some advice as to what the best/safest approach to doing this might be.
I'm thinking that one of the first things that I want to do is to get onto each system and run "showprev -p", to verify that all the systems really are patched the same, and also to try to understand (and document) what has been applied.
Assuming that they all are patched identically, I'm wondering: What then?
Would it be best/safest to get a support case with Sun and ask for the last recommended patch cluster, and just install that?
Or, is there a "better way"?
The main thing I'm looking for is "safety", by which I mean minimizing the possibility of trashing any of these systems, since all of the people who were involved with the original deployment are apparently long gone :(.
Also, any other hints/suggestions on this matter?
Sorry if the questions in this post are a bit vague, but any suggestions/recommendations would be appreciated.
I'd *strongly* suggest that you make a backup of the system disk on each machine before applying ANY patches! If you fail to do this, you will regret it later!! If there IS a later!!!
Next, see if you can use one of the machines as a "patch server". Load all the patches onto your patch server and have the other machines grab them over the network. This should be faster than trying to read them from a CD. Multiple machines can be patching themselves at one time.
Martin Paul wrote a script called "Patch Check Advanced" or PCA. The script checks the machine to be patched against the master patch file and determines which patches are needed. It then downloads the necessary patches and installs them. I don't know if you can use it without internet access but you might want to look at it. If you can use it, it should save you a good deal of time and effort. Since you can't connect to the internet you will need to burn PCA to a CD along with the master patch file and the patches to be installed.
I was already cringing when I was asked to do this :)!!
As I said in my response to Greg, it looks likely that I may not be able to backup each (or even one) system. Of course, the people who are asking/assigning this aren't the ones who'll have to deal with things if something goes BOOM.
I was hoping you all would post something like "no problem, just run the patch cluster", but given the early responses, I'm going to have to see if I can force the issue (like: I won't do the installation unless you provide a means to backup each system before the patching). Not sure if that is going to fly though :(...
As Richard has said, get your resume in order. You're essentially going into this with no way to fix it if it doesn't work. And you're going in without knowing for sure if it will work by testing it on a duplicate system. I'd push back REAL HARD here, saying that you'll be glad to do this if you have some way to ensure it will work flawlessly. If they won't let you do it right, document all you can, including what will happen if it breaks. What happens if the upgrade breaks a machine? Can they live without it until you do the research needed to recreate it from scatch (the consequence of not doing a backup ahead of time). If they expect you to "just make it work", tell them to expect it to not work and get ready to deal with the consequences after you've been let go.
This is the 2nd untenable project that's been posted here in a month. What is it with managers now? Just because there are lots of people out of work doesn't mean you'll be able to find someone who can work magic.
Ask Dilbert about managers! ;-) ISTR that Dilbert is drawn from real life situations!
- Prev by Date: Re: Patching Solaris 9 systems to "current"
- Next by Date: Re: Patching Solaris 9 systems to "current"
- Previous by thread: Re: Patching Solaris 9 systems to "current"
- Next by thread: Re: Patching Solaris 9 systems to "current"