Solaris Patching Live

Solaris OS patching has been moved far away from the traditional methods from Solaris 10 on-wards.We no need to bring down the server to single user mode if you are using live upgrade method during pathing and before choosing live upgrade ,make sure you are using ZFS as a root filesystem. For you information,from Solaris 11 onward, ZFS will be the default root filesystem. In other-words, if the system’s root filesystem is ZFS ,then you have to use live upgrade and no other way to do it.

This patching activity can be performed while server is in production since we are installing the patches on alternative boot environment.
Here I am sharing the experience my experience with Liveupgrade.W have to make sure that there is enough space left on the servers for OS patching in root FS.
The first step will be creating new boot environment for OS patching and i am giving new BE name as SOL_2017.

bash Global> lucreate -n SOL_2017
Checking GRUB menu...
System has findroot enabled GRUB
------------------------------------
----------------------------------------
Population of boot environment successful.
Creation of boot environment successful. 
Checking the boot environment status:
bash Global> lustatus
Boot Environment Is Active Active Can Copy 
Name Complete Now On Reboot Delete Status 
-------------------------- -------- ------ --------- ------ ----------
s10x_u8wos_08a yes yes yes no - 
SOL_2017 yes no no yes -

Here I am manually mounting the newly created boot environment

bash Global> lumount SOL_2017
/.alt.SOL_2017
bash Global> cd /.alt.SOL_2017/etc/ 
Here we have to make sure, that global zone should be in installed status .Otherwise Liveupgrade will through some error while patching.
bash Global> cat index 
#zones/index
# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# ident "@(#)zones-index 1.2 04/04/01 SMI"
#
# DO NOT EDIT: this file is automatically generated by zoneadm(1M)
# and zonecfg(1M). Any manual changes will be lost.
#
global:installed:/
locolzone-1:installed:/export/zones/locolzone-1-SOL_2017:05357c8b-6c5e-6453-8e33-f610720b7cc6
locolzone-2:installed:/export/zones/locolzone-2-SOL_2017:69077a91-e14c-6909-8dd2-d54897dc3dc7
locolzone-3:installed:/export/zones/locolzone-3-SOL_2017:c668ae3d-1a2c-4fb3-a2de-f1e05a2f9505
bash Global> cd
 Un-mounting the Alternate boot environment:
 bash Global> luumount SOL_2017

Just navigating to the patch cluster directory. This directory should be in 777 permission. Because while installing the patches system is not only using user “root”. There are some other users like “other” also be used for patching. So this directory should be readable to other users.

 bash Global>cd /var/tmp/2012Q1
 bash Global> ls -l
 total 3227479
 drwxr-xr-x 3 root root 11 Jan 5 22:55 10_x86_Recommended
 -rw-r--r-- 1 root root 1651212007 Apr 28 21:33 10_x86_Recommended_2012Q1.zip
 bash Global> cd 10_x86_Recommended
 bash Global> ls -l

Installing prerequest patchset:

 bash Global> ./installpatchset --apply-prereq --s10patchset
 Setup ..
 Recommended OS Patchset Solaris 10 x86 (2012.01.05)
 Application of patches started : 2012.04.28 22:11:20
 --------------------------------------
 --------------------------------

So prerequisite patches failed due to insufficient swap space.

bash Global> swap -l
 swapfile dev swaplo blocks free
 /dev/zvol/dsk/rpool/swap 181,1 8 4194296 4194296
 Ohh…it is failed due to insufficient swap space:
 bash Global> zfs create -V 5gb rpool/swap1
 bash Global> swap -a /dev/zvol/dsk/rpool/swap1

bash Global> swap -l
 swapfile dev swaplo blocks free
 /dev/zvol/dsk/rpool/swap 181,1 8 4194296 4194296
 /dev/zvol/dsk/rpool/swap1 181,3 8 10485752 10485752
bash Global>./installpatchset --apply-prereq --s10patchset
 Setup ..
 Recommended OS Patchset Solaris 10 x86 (2012.01.05)
 Application of patches started : 2012.04.28 22:16:07
 Applying 120901-03 ( 1 of 11) ... skipped
 Applying 121334-04 ( 2 of 11) ... skipped
 Applying 119255-82 ( 3 of 11) ... success
 ----------------------------
 ----------------------------
 Following patches were skipped :
 Patches already applied
 120901-03 121334-04 119318-01 121297-01 138216-01
 Installation of prerequisite patches complete.
 Install log files written :
 /var/sadm/install_data/s10x_rec_patchset_short_2012.04.28_22.16.07.log
 /var/sadm/install_data/s10x_rec_patchset_verbose_2012.04.28_22.16.07.log
 bash Global> ./installpatchset --s10patchset -B SOL_2017
 Setup ..
 Recommended OS Patchset Solaris 10 x86 (2012.01.05)
 Application of patches started : 2012.04.28 22:17:35
 Applying 120901-03 ( 1 of 308) ... skipped
 Applying 121334-04 ( 2 of 308) ... skipped
 Applying 119255-82 ( 3 of 308) ... success
 Applying 119318-01 ( 4 of 308) ... skipped
 Applying 121297-01 ( 5 of 308) ... skipped
 Applying 138216-01 ( 6 of 308) ... skipped
 Applying 147062-01 ( 7 of 308) ... success
 <<<<<<<<<<<<>>>>>>>>>>>>>>
 Applying 121119-16 ( 27 of 308) ... skipped
 Applying 118844-20 ( 28 of 308) ... skipped
 Applying 118855-36 ( 29 of 308) ... skipped
 Applying 118919-21 ( 30 of 308) ... skipped
 Applying 119060-59 ( 31 of 308) ... failed
 Application of patches finished : 2012.04.28 22:25:42
 Following patches were applied :
 119255-82 146956-01 142252-02 118668-34 118778-14
 147062-01 146055-05 125556-11 118669-34 140861-02
 Following patches were skipped :
 Patches already applied
 120901-03 138216-01 118344-14 138218-01 121119-16
 121334-04 140797-01 118368-04 121454-02 118855-36
 119318-01 113000-07 121264-01 121454-02 118919-21
 121297-01 117435-02 123840-04
 Patches obsoleted by one or more patches already applied
 118844-20
 Patches not applicable to packages on the system
 121182-05
 Following patch failed to apply :
 119060-59
 Aborting due to failure while applying patch 119060-59.
 Application of this patch should have succeeded - this failure is unexpected.
 Please assess cause of failure and verify system integrity before proceeding.
 Install log files written :
 /.alt.SOL_2017/var/sadm/install_data/s10x_rec_patchset_short_2012.04.28_22.17.35.log
 /.alt.SOL_2017/var/sadm/install_data/s10x_rec_patchset_verbose_2012.04.28_22.17.35.log
 /.alt.SOL_2017/var/sadm/install_data/s10x_rec_patchset_failed_2012.04.28_22.17.35.log
 /.alt.SOL_2017/var/sadm/install_data/_patchadd_2012.04.28_22.17.35.log
 /.alt.SOL_2017/var/sadm/install_data/_patchadd_subproc_2012.04.28_22.17.35.log
 After reading the logs, I found group called “other” is missing on one of the local zones.
 Error:
 -More--(87%)
 pkgadd: ERROR: unable to create package object </.alt.SOL_2017/usr/lib/amd64/pkgconfig>.
 --More--(89%)
 group name not found in group table(s)
 --More--(90%)
 pkgadd: ERROR: unable to create package object </.alt.SOL_2017/usr/lib/pkgconfig>.
 --More--(92%)
 group name not found in group table(s)
 --More--(93%)
 ERROR: attribute verification of </.alt.SOL_2017/usr/lib/amd64/pkgconfig> failed
 --More--(95%)
 group name not found in group table(s)
 --More--(96%)
 ERROR: attribute verification of </.alt.SOL_2017/usr/lib/pkgconfig> failed
 --More--(97%)
 group name not found in group table(s)
 After adding the group “other” to those missing localzones:
 Global> ./installpatchset --s10patchset -B SOL_2017
 Setup ..
 Recommended OS Patchset Solaris 10 x86 (2012.01.05)
 Application of patches started : 2012.04.28 22:44:42
 Applying 120901-03 ( 1 of 308) ... skipped
 Applying 121334-04 ( 2 of 308) ... skipped
 <<<<<<<<<<<<<>>>>>>>>>>>>>
 Applying 147379-01 (303 of 308) ... success
 Applying 147435-01 (304 of 308) ... success
 Applying 147441-09 (305 of 308) ... success
 Applying 147702-01 (306 of 308) ... success
 Applying 147989-01 (307 of 308) ... success
 Applying 148064-01 (308 of 308) ... success
 Application of patches finished : 2012.04.28 23:38:10
 Following patches were applied :
 119060-59 121429-15 138194-04 143646-16 145020-01
 <<<<<<<<<>>>>>>>>>>>
 120754-09 138097-02 143644-04 145007-02 148064-01
 121309-20
 Following patches were skipped :
 Patches already applied
 120901-03 119131-33 120720-02 128311-01 138853-01
 <<<<<<<<<>>>>>>>>>>>>>>>>>>>
 119082-25 120349-03 127764-01 138650-01 142530-01
 119116-35 121976-01 128293-01 138767-01 142544-01
 Patches obsoleted by one or more patches already applied
 118844-20 124205-05 122661-08 119369-04
 Patches not applicable to packages on the system
 121182-05 121212-02 125671-04 143728-01 145081-05
 120413-11 125138-31 137005-09 147218-01 145201-06
 120415-27 125139-31 138825-08

Installation of patch set to alternate boot environment complete.
 Please remember to activate boot environment SOL_2017 with luactivate(1M) before rebooting.
 Install log files written :
 /.alt.SOL_2017/var/sadm/install_data/s10x_rec_patchset_short_2012.04.28_22.44.42.log
 /.alt.SOL_2017/var/sadm/install_data/s10x_rec_patchset_verbose_2012.04.28_22.44.42.log
 bash Global>
 Post install:
 Run luactivate for SOL_2017 to activate the patched boot environment on system reboot.You should not use “reboot” command instead use “init 6” after activating the BE.
 # luactivate SOL_2017
 # init 6

Rollback:
If you want to rollback the patching, just activate the old BE using luactivate command and reboot.

#luactivate s10x_u8wos_08a

# init 6