Using Live Upgrade To Apply Patches To Running Solaris 10 x86

The following is my procedure to patch a Sun x4540 booted on a ZFS filesystem with the 10_x86_Recommended_CPU_2012-01 patches from Oracle.

# uname -a
SunOS jumpstart 5.10 Generic_144489-17 i86pc i386 i86pcls
# lustatus

# zfs list
NAME USED AVAIL REFER MOUNTPOINT
rootpool 47.0G 867G 38K /rootpool
rootpool/ROOT 35.1G 867G 21K legacy
rootpool/ROOT/s10x_u9wos_14a 79.6M 867G 8.24G /
rootpool/ROOT/s10x_u9wos_20110822 26.2M 867G 13.9G /
rootpool/ROOT/s10x_u9wos_20110909 35.0G 867G 28.6G /
rootpool/ROOT/s10x_u9wos_20110909@s10x_u9wos_20110822 5.07G – 8.24G -
rootpool/ROOT/s10x_u9wos_20110909@s10x_u9wos_20110909 934M – 13.9G -
rootpool/dump 1.00G 867G 1.00G -
rootpool/export 8.73G 867G 4.63G /export
rootpool/export/home 4.11G 867G 4.11G /export/home
rootpool/swap 2.13G 868G 1.13G -
# lucreate -n s10x_u9wos_20120126
Checking GRUB menu…
System has findroot enabled GRUB
Analyzing system configuration.
Updating boot environment description database on all BEs.
Updating system configuration files.
Creating configuration for boot environment .
Source boot environment is .
Creating file systems on boot environment .
Populating file systems on boot environment .
Analyzing zones.
Duplicating ZFS datasets from PBE to ABE.
Creating snapshot for on .
Creating clone for on .
Mounting ABE .
Generating file list.
Finalizing ABE.
Fixing zonepaths in ABE.
Unmounting ABE .
Fixing properties on ZFS datasets in ABE.
Reverting state of zones in PBE .
Making boot environment bootable.
Updating bootenv.rc on ABE .
Saving existing file in top level dataset for BE as //boot/grub/menu.lst.prev.
Saving existing file in top level dataset for BE as //boot/grub/menu.lst.prev.
Saving existing file in top level dataset for BE as //boot/grub/menu.lst.prev.
File propagation successful
Copied GRUB menu from PBE to ABE
No entry for BE in GRUB menu
Population of boot environment successful.
Creation of boot environment successful.
# lustatus

# ludelete s10x_u9wos_20110822
System has findroot enabled GRUB
Checking if last BE on any disk…
BE is not the last BE on any disk.
Updating GRUB menu default setting
Changing GRUB menu default setting to
Saving existing file in top level dataset for BE as //boot/grub/menu.lst.prev.
File propagation successful
Successfully deleted entry from GRUB menu
Updating boot environment configuration database.
Updating boot environment description database on all BEs.
Updating all boot environment configuration databases.
# lustatus

There is no need to bring the running system to single-user mode when installing this patchset to an inactive Live Upgrade boot environment.

# pwd
/var/tmp/10_x86_Recommended_CPU_2012-01
# ls
10_x86_Recommended_CPU_2012-01.html LEGAL_LICENSE.TXT
10_x86_Recommended_CPU_2012-01.README patches
Copyright patch_order
installpatchset patchset.conf

# ./installpatchset -B s10x_u9wos_20120126
Correct passcode not confirmed.

usage: installpatchset [-d] [-h] [-R alt-root-path|-B alt-boot-env]
[--apply-prereq] –

[-d] – don’t save undo packages
[-h] – display this usage message
[-B alt-boot-env] – specify LU boot environment as target
[-R alt-root-path] – specify alternate root as target
[--apply-prereq] – apply prerequisite patches only
– – passcode required for script execution

This script will only execute when a specific passcode is provided as a command
line option. For further instructions regarding installation of this patch set,
please review the 10_x86_Recommended_CPU_2012-01.README file.

# ./installpatchset -B s10x_u9wos_20120126 –s10patchset
Installing this patch set to an alternate boot environment first requires the
live boot environment to have patch utilities and other prerequisite patches
at the same (or higher) patch revisions as those delivered by this patch set.

The required prerequisite patches can be applied to the live boot environment
by invoking this script with the ‘–apply-prereq’ option, ie.

# ./installpatchset -B s10x_u9wos_20120126 –apply-prereq –s10patchset
Installing this patch set to an alternate boot environment first requires the
live boot environment to have patch utilities and other prerequisite patches
at the same (or higher) patch revisions as those delivered by this patch set.

The required prerequisite patches can be applied to the live boot environment
by invoking this script with the ‘–apply-prereq’ option, ie.

./installpatchset –apply-prereq –s10patchset

This next blurb came from the 10_x86_Recommended_CPU_2012-01.README file.

Live Upgrade patch 121431-XX is included in the patches directory of the patchset, but this patch will not be applied during patchset installation. The decision to apply the Live Upgrade patch is left to the user, this is done to accommodate users who wish to independently manage the version of the Live Upgrade patch on their system. Where a user wishes to apply the Live Upgrade patch, this needs to be done manually with the patchadd command.

The following came from "Solaris Live Upgrade Software Patch Requirements [ID 1004881.1]"

Solaris 10

Solaris 10 8/07 (Update 4) or earlier:

To get full Live Upgrade functionality for Solaris 10 8/07 (Update 4) or earlier Solaris 10 Updates, please apply the “LU Starter Patchset Solaris 10 [SPARC|x86]”.

Solaris 10 5/08 (Update 5) or later:

SPARC:

119254-LR Install and Patch Utilities Patch
121430-57 Live Upgrade patch
121428-LR SUNWluzone required patches
138130-01 vold patch

x86:

119255-LR Install and Patch Utilities Patch
121431-58 Live Upgrade patch
121429-LR SUNWluzone required patches
138884-01 SunOS 5.10_x86: GRUB patch
138131-01 vold patch

I checked for the x86 patches and was deficient in only one, 119255-82 as compared with this patch bundle.

# patchadd -d 119255-82
Validating patches…

Loading patches installed on the system…

Done!

Loading patches requested to install.

Done!

Checking patches that you specified for installation.

Done!

Approved patches will be installed in this order:

119255-82

Checking installed patches…
Executing prepatch script…
Installing patch packages…

Patch 119255-82 has been successfully installed.
See /var/sadm/patch/119255-82/log for details
Executing postpatch script…

Patch packages installed:
SUNWinstall-patch-utils-root
SUNWpkgcmdsr
SUNWpkgcmdsu
SUNWswmt

# ./installpatchset -B s10x_u9wos_20120126 –apply-prereq –s10patchset

Setup .

CPU OS Patchset 2012/01 Solaris 10 x86 (2012.01.05)

Application of patches started : 2012.01.26 12:00:20

Applying 120901-03 ( 1 of 11) … skipped
Applying 121334-04 ( 2 of 11) … skipped
Applying 119255-82 ( 3 of 11) … success
Applying 119318-01 ( 4 of 11) … skipped
Applying 121297-01 ( 5 of 11) … skipped
Applying 138216-01 ( 6 of 11) … skipped
Applying 147062-01 ( 7 of 11) … success
Applying 146956-01 ( 8 of 11) … success
Applying 146055-05 ( 9 of 11) … success
Applying 142252-02 (10 of 11) … skipped
Applying 125556-11 (11 of 11) … success

Application of patches finished : 2012.01.26 12:00:47

Following patches were applied :
119255-82 147062-01 146956-01 146055-05 125556-11

Following patches were skipped :
Patches already applied
120901-03 119318-01 121297-01 138216-01 142252-02
121334-04

Installation of prerequisite patches to alternate boot environment complete.

Install log files written :
/.alt.s10x_u9wos_20120126/var/sadm/install_data/s10x_rec_patchset_short_2012.01.26_12.00.20.log
/.alt.s10x_u9wos_20120126/var/sadm/install_data/s10x_rec_patchset_verbose_2012.01.26_12.00.20.log
#

#  ./installpatchset -B s10x_u9wos_20120126 –s10patchset

Setup ……..
CPU OS Patchset 2012/01 Solaris 10 x86 (2012.01.05)

Application of patches started : 2012.01.30 10:09:18

Applying 120901-03 (  1 of 308) … skipped
Applying 121334-04 (  2 of 308) … skipped
Applying 119255-82 (  3 of 308) … skipped
Applying 119318-01 (  4 of 308) … skipped
Applying 121297-01 (  5 of 308) … skipped
Applying 138216-01 (  6 of 308) … skipped

[...stuff deleted...]

Applying 147435-01 (304 of 308) … success
Applying 147441-09 (305 of 308) … success
Applying 147702-01 (306 of 308) … success
Applying 147989-01 (307 of 308) … success
Applying 148064-01 (308 of 308) … success

Application of patches finished : 2012.01.30 10:28:12

[...list of patches that were applied, skipped, obsoleted, and not applicable...]

Installation of patch set to alternate boot environment complete.

Please remember to activate boot environment s10x_u9wos_20120126 with luactivate(1M)
before rebooting.

Install log files written :
  /.alt.s10x_u9wos_20120126/var/sadm/install_data/s10x_rec_patchset_short_2012.01.30_10.09.18.log
  /.alt.s10x_u9wos_20120126/var/sadm/install_data/s10x_rec_patchset_verbose_2012.01.30_10.09.18.log

The luactivate command will issue a message similar to the following and abort if an ABE (Active Boot Environment)  is not at the required patch level :

The Live Upgrade Patch revision is lower than required in boot environment. Apply Patch 121430-57 or later to boot environment in order to activate it.

If this occurs, determine the revision of Live Upgrade patch (121430 SPARC / 121431 x86) currently applied to the PBE, and then use the ‘luupgrade -t’ command to apply the same revision of the patch to the ABE

# luactivate s10x_u9wos_20120126
System has findroot enabled GRUB
Generating boot-sign, partition and slice information for PBE
A Live Upgrade Sync operation will be performed on startup of boot environment.

Generating boot-sign for ABE
Saving existing file in top level dataset for BE as //etc/bootsign.prev.
Generating partition and slice information for ABE
Copied boot menu from top level dataset.
Generating multiboot menu entries for PBE.
Generating multiboot menu entries for ABE.
Disabling splashimage
Re-enabling splashimage
No more bootadm entries. Deletion of bootadm entries is complete.
GRUB menu default setting is unaffected
Done eliding bootadm entries.

**********************************************************************

The target boot environment has been activated. It will be used when you
reboot. NOTE: You MUST NOT USE the reboot, halt, or uadmin commands. You
MUST USE either the init or the shutdown command when you reboot. If you
do not use either init or shutdown, the system will not boot using the
target BE.

**********************************************************************

In case of a failure while booting to the target BE, the following process
needs to be followed to fallback to the currently working boot environment:

1. Boot from the Solaris failsafe or boot in Single User mode from Solaris
Install CD or Network.

2. Mount the Parent boot environment root slice to some directory (like
/mnt). You can use the following commands in sequence to mount the BE:

zpool import rootpool
zfs inherit -r mountpoint rootpool/ROOT/s10x_u9wos_20110909
zfs set mountpoint= rootpool/ROOT/s10x_u9wos_20110909
zfs mount rootpool/ROOT/s10x_u9wos_20110909

3. Run utility with out any arguments from the Parent boot
environment root slice, as shown below:

/sbin/luactivate

4. luactivate, activates the previous working boot environment and
indicates the result.

5. Exit Single User mode and reboot the machine.

**********************************************************************

Modifying boot archive service
Propagating findroot GRUB for menu conversion.
File propagation successful
File propagation successful
File propagation successful
File propagation successful
Deleting stale GRUB loader from all BEs.
File deletion successful
File deletion successful
File deletion successful
Activation of boot environment successful.

# lustatus

Logged onto the console via the iLOM.

Rebooted from the console…………….

# init 6

# uname -a
SunOS jumpstart 5.10 Generic_147441-09 i86pc i386 i86pc
# lustatus

Renumbering device instances

With really large disk arrays, you can find instance numbers piling up very quickly, and worse, they can make path managers such as DynaPath, Power Path and Secure Path exceed their limits. This is especially true if you are deleting and re-adding devices. Fortunately, there is a relatively easy way to accomplish this task.

Instance numbers are simply an index or ID within the driver for that device. The driver creates an instance number for each hardware path where the device is found, for instance disks or LUNs. If there are 10 disks, then the instance numbers will start at 0 and increment as each new disk is discovered. Depending on the version and patches for HP-UX, missing numbers or gaps can start showing up. The good news is that the instances for a specific device type (disk, tape, lan, ext_bus, etc) can be renumbered with the only restriction that there can be no duplicates for a given device class. Note that for disks, the legacy names (called CTD names) use the "c" portion of the name to correspond to the ext_bus number.

It turns out that the instance number is only used by the driver and insf, and reported by ioscan. Therefore, you can edit the list of instance numbers and change them to different values, as long as there are no duplicates for a given device type. Here is the command to generate an ioinit listing:

# ioscan -f | \

grep -e INTERFACE -e DEVICE | \

grep -v target | \

awk ‘{print $3, $1, $2}’ > /infile

The output look like this:

0/0/0/0 lan 0

0/0/1/0 ext_bus 0

0/0/1/0.7.0 ctl 3

0/0/1/1 ext_bus 1

0/0/1/1.0.0 disk 0

0/0/1/1.2.0 disk 1

0/0/1/1.7.0 ctl 0

0/0/2/0 ext_bus 2

0/0/2/0.0.0 disk 28

0/0/2/0.2.0 disk 2

0/0/2/0.7.0 ctl 1

0/0/2/1 ext_bus 3

0/0/2/1.2.0 disk 3

0/0/2/1.7.0 ctl 2

So the fields are: hardware path, device class name and instance. To isolate all the disks:

# grep disk /infile

0/0/1/1.0.0 disk 0

0/0/1/1.2.0 disk 1

0/0/2/0.0.0 disk 28

0/0/2/0.2.0 disk 2

0/0/2/1.2.0 disk 3

And as you can see, disk 28 is out of sequence. You must retain the entire file and just edit the disk lines.

nes renumbered:

# grep disk /infile

0/0/1/1.0.0 disk 0

0/0/1/1.2.0 disk 1

0/0/2/0.0.0 disk 2

0/0/2/0.2.0 disk 3

0/0/2/1.2.0 disk 4

Important: the file (infile) must be stored in / or /etc as it may be needed when no filesystems are mounted.

To apply these changes (requires a reboot), use ioinit like this:

# /sbin/ioinit -f /infile -r

Ignore the lines which state that "Input is identical to kernel". The system will reboot and instance numbers reported by ioscan will be the new values. NOTE: changing disk instance numbers will not change the device file connections so existing LUNS and volume groups should remain unaffected.

If you have problems with the ioinit command reporting errors, you can use the two step approach. The first step is to rename the current ioconfig files (there are two: /stand/ioconfig and /etc/ioconfig) to something like ioconfig.sav and reboot:

# mv /stand/ioconfig /stand/ioconfig.sav

# mv /etc/ioconfig /etc/ioconfig.sav

# shutdown -ry 0

and the system will automatically stop after booting part way up at the ioinitrc stage. Type the two commands:

(in ioinitrc)# /sbin/ioinit -c

(in ioinitrc)# /sbin/ioinit -f /infile -r

The -c option initializes the ioconfig file and will remove any conflicts or problems when running the ioinit command previously. Then the new infile is merged into the ioconfig file and the system reboots. Note that this applies to HP-UX 11.23 and earlier. For 11.31, there are online procedures to renumber instances.

GZIP/GUNZIP with no extra storage

When you gzip (or compress) a file, the original plus the compressed copy will exist in the same filesystem until the compression is complete. Then the old file is removed, leaving the compressed version. The worst case for an uncompressible file is that twice the amount of space will be needed temporarily. For very large files such as a tar file of multiple directories and files will not be compressible in the current filesystem. From the man pages for gzip and compress, you will see that the target file is optional — which means that the program is also a filter and can be used with pipes and redirection. So the resultant gzipped (or gunzipped) file can be in another filesystem. Here is an example:

cat myBigFile | gzip >/var/tmp/mySmallerFile.gz

or

gzip < mtBigFile > /var/tmp/mySmallerFile.gz

Both examples take stdin, compress the stream of data and write the result to stdout. No additional disk storage is required as all conversion takes place in the stream through memory.

Another use of streaming gzip is copying a large directory using tar or fbackup, compressing the result and sending it over the network to another system. Here’s an example:

Breaking down each section, the tar output (-f) is missing which means stdout is the output and that is piped to gzip. From gzip, stdout is then piped to ssh (could also be remsh or rexec) where cat is used to read the stdin sent to ssh and stdout becomes the remote file. The remote file is named .tgz signifying a tar file that has been gzipped.

    cd /mydata

tar -cv * | gzip | ssh cat > /var/tmp/mydata.tgz

Assuming that the directories and files are compressible, the transfer over the network will be much quicker than with the uncompressed data.

Say Yes? Say No? Say what?

Anyone who has written an interactive script has had to ask a yes or no question. And then script gets changed to handle UPPERCASE and lowercase. And modified again to check for just 1 letter such as y or n… And pretty soon, the code looks fairly convoluted. Here’s a simple way to handle all 3 conditions (yes, no and other):

# Ask question:

echo "Is this correct (y/n)? \c"

read ANSWER
case ANSWER in

[Yy] | [Yy][Ee][Ss] )    echo "ANS is yes"

                ;;

[Nn] | [Nn][Oo] )     echo "Ans is no"

                ;;

            * )    echo "ANS is not yes or no"

                ;;

esac

So the code recognizes single letters y/n or Y/N, as well as the full word.

Now, the opposite of asking the yes or no question is to supply the answer. What? How do you automatically answer a question? The answer is yes. That’s right. yes is the answer. Check out: man yes This is a program to endlessly supply "y" or any string you need to give to a program that runs in cron or batch mode and there is no one to answer the question. The yes program runs forever (ctrl-c to terminate):

yes | head -3

y

y

y

yes no | head -3

no

no

no

An example for batch usage is fbackup. If fbackup encounters an error condition, it will hang forever waiting for the answer (do you want to continue, do you want to save…). Since the backup is unattended, answering no is very useful. So here is the technique:

yes no | fbackup -f /dev/rmt/0mm -i /

In this case, when fbackup encounters an error, all questions will be answered with "no".

Forcing Speed and Duplex of on-board network interface e1000g on T2000, T5120, and T5220 with ndd

By default the e1000g network interface is set to auto-negotiation enabled, 1Gbps full-duplex.

# ndd -set /dev/e1000g<instance> adv_autoneg_cap 0
# ndd -set /dev/e1000g<instance> force_speed_duplex <value>

I found this while reading the hardware platform guide for T5120. "force_speed_duplex" is not available for other types of network interfaces.