Re: Patching Solaris 9 systems to "current"

On May 21, 5:41 am, Tim Bradshaw <tfb+goo...@xxxxxxxx> wrote:
On May 21, 3:53 am, ohaya <oh...@xxxxxxx> wrote:

Hi,

We have a number of Solaris 9 (SPARC) systems that were originally
deployed awhile ago, and I've been asked to bring the systems
"up-to-date" patch-wise.  The person who originally deployed/built these
systems is unavailable, so I got "stuck" with this task :(.

It's going to be a couple of weeks before I can get in to "see" the
systems, but I'm trying to prepare and gather information on this...

Almost certainly your best approach is just to smash the latest big
patch bundle onto them.  Don't bother trying to work out which patches
they already have and so on: those patches will just fail to apply and
do so very quickly.  Similarly, don't bother looking for patches which
patch packages you don't have, those will just fail to apply as well,
and fail very quickly.  I call this approach "blunderbus patching" and
it's fairly close to what Sun recommend in fact.

An alternative, and in some ways better approach is to do an upgrade
to the most recent 9 release, and then patch that.  Probably that is
not worth it now for 9 as the last release was ages ago, but it's
quite a good approach for 10.

The other question is how to do all this without excessive downtime
and with a decent backout.  The best approach to this, by far, is to
use Live Upgrade (LU).  To do this you create an alternative Boot
Environment, patch (or upgrade if you want) that BE while the system
is up, and then boot into the new BE.  If there is trouble you can
back out into the old BE with another reboot.  The outage becomes the
time for a reboot, with another reboot to back out.

The traditional way to make a new BE is to split mirrors (or have
additional disks to hand).  That either compromises redundancy or
requires extra disks.  However you can also, if your boot disks are
sliced right and big enough, do an LU between partitions on the boot
disks, which has the nice result that you do not compromise
redundancy.  Even if the disks are not currently sliced correctly to
allow this, you can arrange life using LU so that they will be sliced
correctly in future.  It's worth while considering this.

LU has some patch prerequisites, which can involve reboots and so on.
That kind of sucks, but many people manage without them (obviously you
would want to think about the support issues around that).

One slightly non-obvious thing about LU is that you always should
install the LU packages from the environment that you are upgrading
*to*.  For you this probably means that you should be using at least
the LU packages from the most recent Solaris 9 release (and any patch
to them).  However in fact you should probably just use the most
recent 10 LU packages (the 10u7 ones) which will work fine on 9
(because 9-10 is a valid upgrade), and probably are more sorted out
than any 9 LU packages (a lot of good work seems to have quietly gone
on around LU).

Obviously on top of this there is the whole question about having a
test environment and so on, but I'm sure you now that already :-)

There is fairly good information about LU out there, although I'm not
sure how much actual best-practice-type stuff exists.  If you're
interested, contact me (the address on this works) and I can probably
provide some pointers.

--tim

Tim,

Given the other replies on this thread, I have to ask if you were
serious with what you said in your 1st paragraph ("blunderbus
patching")? My apologies for having to ask, but I just want to make
sure that you weren't being "tongue-in-cheek", as that may be the only
option that we have :(.

Also, re. downtime, I'm getting the impression that that may not be a
problem (i.e., it looks like it'll be ok for some of the systems to be
down for a period of time), so we probably won't go the LiveUpdate
route.

Thanks,
Jim

.

Relevant Pages

  • Re: Patching Solaris 9 systems to "current"
    ... patch bundle onto them. ... and in some ways better approach is to do an upgrade ... time for a reboot, with another reboot to back out. ... additional disks to hand). ...
    (comp.unix.solaris)
  • Re: Model Update Plan
    ... !The meat of it is using product install to apply the upgrade and the ... !by the patch summaries. ... !The one query with the set of patches is XFC. ... I've not needed a separate reboot ...
    (comp.os.vms)
  • RE: Windows 2000 Sec rollup 2 patch -- Ouch!
    ... Well, after trying the patch on two servers, I'm 50/50 going on none. ... Upgrade of server #1 went fine, ... First the machine went into a repetitive reboot for about 3 times, ...
    (Bugtraq)
  • Re: ptf, pathces and mainteiners level ....
    ... > patch my system. ... > I know that first I'll upgrade to 4.3.3 and after i'll put all the fixes ... You will need to reboot for the fixes to take effect. ...
    (comp.unix.aix)
  • Re: SEAGATE ST336607LC firmware upgrade
    ... > how I can upgrade and make sure all disks have the same firmware ... My guess is that would make all disks show the same size. ... I couldn't find the LC version but there is patch available for the ...
    (comp.unix.solaris)