CLUSTER_README NAME : Solaris 10 SPARC Recommended Patch ClusterDATE : Sep/17/10 File Name : 10_RecommendedSep10_Part1.zip File Size : 937,397,864 bytesFile Name : 10_RecommendedSep10_Part2.zip File Size : 809,971,730 bytes INTENT: NOTE: From 2010.06.01 the patch inclusion criteria for the Recommended Cluster have changed. Previously the Recommended Cluster included the latest revision of any Solaris Operating System patch that addresses a Sun Alert issue. The Recommended Clustercontent is now based on the 2010.05.31 Recommended Cluster (the final patch clusterfrom prior to this change), and going forward will be updated according to the new patch inclusion criteria given below. For further information about this change, please see: http://blogs.sun.com/patch/entry/merging_the_solaris_recommended_and The Recommended OS Cluster Solaris 10 SPARC provides the minimum set of patches needed to address Sun Alert issues for Solaris 10 for sparc. The patches contained in this patch cluster are considered the most important and highly recommended patches forSolaris 10. They provide the minimum amount of change required to address known Security, Data Corruption, and Availability issues. The Recommended Cluster comprises: 1. The latest revision of the patch and package utility patches that en sure correct patching operations. 2. The minimum revision of Solaris Operating System patches which ad dress Sun Alert issues. These are patches which fix Security, Data Corruption, or Availability issues. 3. Any patch that is required to correctly install the above patches. When new patches are released that meet the above criteria, the patch cluster is updated. If a patch is withdrawn from release due to problems, the patch cluster is also up dated. The withdrawn patches are removed from the patch cluster. The patch cluster can be installed to a system running Solaris 10 3/05 ("FCS") or a laterSolaris 10 Update release. Depending on the cu rrent patch level of the target system, installation of the patch clustercan involve applying a number of complex Solaris 10 patches. These complex patches may require the user to follow specific install instructions listed in the Special Install
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
DATE : Sep/17/10File Name : 10_RecommendedSep10_Part1.zip
File Size : 937,397,864 bytes
File Name : 10_RecommendedSep10_Part2.zip
File Size : 809,971,730 bytes
INTENT:
NOTE: From 2010.06.01 the patch inclusion criteria for the Recommended Cluster have
changed. Previously the Recommended Cluster included the latest revision of any Solaris
Operating System patch that addresses a Sun Alert issue. The Recommended Cluster content is now based on the 2010.05.31 Recommended Cluster (the final patch cluster
from prior to this change), and going forward will be updated according to the new patch
inclusion criteria given below. For further information about this change, please see:
The Recommended OS Cluster Solaris 10 SPARC provides the minimum set of patchesneeded to address Sun Alert issues for Solaris 10 for sparc. The patches contained in this
patch cluster are considered the most important and highly recommended patches for
Solaris 10. They provide the minimum amount of change required to address knownSecurity, Data Corruption, and Availability issues.
The Recommended Cluster comprises:
1. The latest revision of the patch and package utility patches that ensure correct patching
operations.
2. The minimum revision of Solaris Operating System patches which address Sun Alert
issues. These are patches which fix Security, Data Corruption, or Availability issues.
3. Any patch that is required to correctly install the above patches.
When new patches are released that meet the above criteria, the patch cluster is updated.If a patch is withdrawn from release due to problems, the patch cluster is also updated.
The withdrawn patches are removed from the patch cluster.
The patch cluster can be installed to a system running Solaris 10 3/05 ("FCS") or a later
Solaris 10 Update release.
Depending on the current patch level of the target system, installation of the patch cluster can involve applying a number of complex Solaris 10 patches. These complex patches
may require the user to follow specific install instructions listed in the Special Install
Instructions section of the patches' README files, particularly if the patches are applied
to the active boot environment of a system. The key issues are also described below in
this README file.
The matter of applying complex patches is primarily a concern for systems which are
running an early Solaris 10 Update release and have not recently been patched. To avoidapplying complex patches, and to get full new feature functionality, it is recommended to
install or upgrade these systems using the latest Solaris 10 Update release install media.
Following an install or upgrade operation, it is recommended to install this patch cluster to ensure the system has all current patches which address Sun Alert issues applied,
including those patches released after the latest Solaris 10 Update release content was
finalised.
This CLUSTER_README contains important information. Please read this README
before installing this patch cluster.
PATCH CLUSTER DESCRIPTION:
This patch cluster is provided as two zip files. The files are named as:
10_RecommendedSep10_Part1.zip
10_RecommendedSep10_Part2.zip
Once the zipped files have been downloaded, they should be extracted. For example, to
extract this patch cluster in the current working directory, run:
If this patch cluster is installed to the active boot environment, then depending on thestarting patch level of the system, complete installation of the patch cluster may require
up to two installation phases with intervening reboots. For further information, refer to
section 'III. Installing this Patch Cluster to the Active Boot Environment' below.
If this patch cluster is installed to an inactive boot environment, then the need for
multiple reboots and some special instructions can be avoided.
*************** PASSCODE **************
The install script will only execute when the passcode specified in the README file is
provided as a command line option. This is a safety mechanism to ensure you have read
this README. You must follow the Special Install Instructions for key patches such asthose highlighted in this README. It is also strongly recommended to read the Special
Install Instructions section of the README of patches included in this patch cluster to
check for any special install instructions which may apply to your specific system
configuration.
PASSCODE: s10cluster
PATCHES INCLUDED:
Note that the patch list order below reflects the patch install order.
120900-04 SunOS 5.10: libzonecfg Patch
121133-02 SunOS 5.10: zones library and zones utility patch119254-76 SunOS 5.10: Install and Patch Utilities Patch
144325-01 Obsoleted by: 144325-02 SunOS 5.10: Resource Management User InterfacePatch
145006-02 SunOS 5.10: Webmin patch
145124-01 SunOS 5.10: usermgmt patch
Extra Patches:
The patch cluster contains the following patches which are themselves obsolete by other
patches in the patch cluster. These patches are required to ensure correct installation of
the patch cluster on Solaris 10 11/06 and earlier Solaris 10 Update releases. The obsolete
patches will only be applied to those systems where they are necessary, they will not beapplied if the system is already at a higher patch level.
Patchid Reason
122660-10: Obsolete patch required by 125547-02. 125547-02 is the zoneadmindirect dependency patch, which is needed to resolve an issue
applying kernel patch 120011-14 on a system with zones support. SeeCR 6471974.
124204-04: Obsolete patch required by 122660-10.
118731-01: Obsolete patch required by 124204-04.
The patch cluster contains the following patches for Unbundled Software Products (ie.
add on products that are not part of a default Solaris 10 installation). Patches for Unbundled Products are included in the patch cluster only if their use is required to avoid
critical OS problems. These patches will only be applied to systems where the associatedUnbundled Product is installed.
Patchid Reason
121181-03: Patch is required to avoid panic caused by bad interaction betweenSun Trunking and GigaSwift Ethernet drivers. See SunAlert 200701.
IMPORTANT NOTES AND WARNINGS:
KNOWN ISSUES:
When installing the patch cluster to an inactive boot environment, the install script mayabort with the following message:
ERROR: Failed to determine zone configuration for target boot environment.Please verify configuration with zoneadm(1M).
This will occur when /etc/zones/index in the inactive boot environment has an incorrect
setting for the state for the global zone. The correct setting is 'installed', however this can
Output from the grep command indicates that the issue exists.
To resolve this issue, first make a backup copy of /etc/zones/index in the inactive boot
environment, then manually edit /etc/zones/index in the inactive boot environment and
set the global zone state to 'installed'.
PATCH CLUSTER SIZE:
This patch cluster is delivered as two zip files. The combined size of these files isapproximately 1.9G. In uncompressed form, the size of the patch cluster is approximately
4.2 GB.
FILESYSTEM FREE SPACE REQUIREMENTS:
It is difficult to give a precise estimate of how much free disk space is required to install
the patch cluster. The amount of free space required depends on many factors. The
following factors all increase the amount of space needed:
- The release of Solaris 10 onto which the patch cluster is being installed.A Solaris 10 3/05 ("FCS") system will require considerably more free space than asystem running the latest Solaris 10 Update release.
- Whether zones are installed or not.The nature of the zones is important. Each whole root non-global zone will require
approximately the same amount of free space as the global zone, while each sparse root
non-global zone will require much less space on the filesystems where the zone resides.
- Whether the patch cluster is installed with the "save" feature disabled.
It is strongly recommended to use the default "save" feature when installing the patch
cluster even though this requires more disk space. It allows the patches that are appliedto be removed in case any issues are found post installation. Disabling the "save" feature
with the "-d" flag (described below) will reduce the amount of disk space needed,
however this is not the recommended way of installing the patch cluster.
As a guide, the free space required to install this patch cluster using the default "save"
feature to an unpatched Solaris 10 FCS system with the entire distribution plus OEM
support metacluster is approximately 2.1G. Each whole root non-global zone would need
approximately the same amount of space free in the filesystem that contains the zone's
root.
The install script will check that sufficient space is free before applying each patch. The
script will stop if it estimates there is not enough free space available, and will provide
instructions on how to override space checking should the user wish to continue patchcluster installation anyway.
The backout data for patches applied using patchadd's default save mode is stored under the /var/sadm/pkg directory in the target system. The amount of backout data stored
builds up as more patches are applied to the system. If the filesystem on which the
'Solaris[TM]: Recovering Space Used for Saved Backout Data from Patches' describes anumber of options for increasing the amount of free space available. This document is
SYSTEMS WITH LIMITED DISK SPACE SHOULD *NOT* INSTALL
PATCHES:
Whether you use the default "save" feature to store backout data or not, the patch
application process still requires disk space for installation and administrative tasks. Thedisk space is needed in filesystems where patches deliver payload. The exact amount of
space depends on the system's architecture, the software packages already installed, and
the difference in size of the patched objects.
In case a problem occurs, ensure a recent full system backup is available.
SAVE AND BACKOUT OPTIONS:
By default, the install script uses the patchadd command's default save mode to save acopy of the objects being patched. This is the recommended option. Patches can only be
removed and the original objects restored if the default "save" feature is used when
installing this patch cluster.
You can override the "save" feature by using the "-d" flag when executing the install
script. Using the "-d" flag means that you will not be able to backout the patches. This
would be problematic if ever there was a need to remove a patch, therefore use of the "-d"flag is not the recommended option.
Newly created non-global zones can fail to boot for a short period (~5 minutes)
immediately after having been installed. This problem only affects systems running
Solaris 10 5/09 (Update 7) or earlier Solaris 10 Update releases, where this patch cluster has been installed and patch 121428-13 (or higher) has *not* been applied. Note patch
121428-13 (or higher) does not meet the criteria for inclusion in this patch cluster.
Resolution is to wait for a sufficient period before booting a newly created zone, or toapply patch 121428-13 (or higher) before creating new non-global zones.
SPECIAL INSTALL INSTRUCTIONS:
As with any patch individually applied, there might be additional Special Install
Instructions. These instructions are documented in the individual patch README file.To determine if any additional installation steps are necessary, it is recommended to read
each patch README before installing this patchcluster.
A PATCH MAY NOT BE APPLIED:
Some of the patches in the patch cluster will not apply on particular systems. Thefollowing are examples of when a patch might not apply. These situations are nominal
and are not a cause for concern.
The patch may be one of the obsolete or Unbundled Software Product patches listed inthe "PATCHES INCLUDED" section.
The patch might patch packages that:
- Are only installed on specific hardware.
- Were introduced in a later Solaris Update release than the release installed on the target
system.
- Are not present in the installation Software Group (metacluster) that was installed on
the target system.
- Have been deliberately removed from the target system during system hardening.
The patchadd command recognises packages that already have a patch applied and will
only apply a patch to those packages which aren't already patched. Therefore, if a patch patches several packages and only some of them are present on the target system, then
those packages present are patched. If other packages are installed on the system at a later
date, then patches for those packages need to be reapplied.
Backing out older revisions of patches provided in the patch cluster is not required for the
newer revision to be applied. If the patch cluster is installed using the default "save"
feature, then the patchadd command will save off the preexisting objects. If a patch issubsequently removed, the objects will be restored to the prior patch level.
INSTALL INSTRUCTIONS:
This patch cluster can be installed on the active boot environment, or to an inactive bootenvironment using either the "-B" Live Upgrade option, or the "-R" alternate root option.
The "-R" alternate root option can be used to patch alternate boot environments that have
been created manually and not necessarily via Live Upgrade.
Patching an inactive boot environment is recommended, because the downtime
associated with patching is reduced and there's a simple fallback option if needed: reboot
back into the original boot environment. Patching an inactive boot environment removes
the need to follow a significant number of Special Install Instructions that would berequired if you patched the active boot environment.
If the patch cluster is installed to an inactive boot environment then some patches may
need to be applied to the active boot environment initially. For example, the same
revision (or higher) of the patch utilities patch contained in this patch cluster will need to
be applied to the active boot environment before the patch cluster can be applied to analternate boot environment. See
"--apply-prereq" flag in the "PATCH CLUSTER INSTALLATION INSTRUCTIONS"
section.
Specific details for the three install contexts are given in the following sections. Generalinstallation instructions applicable to all contexts are given in the "PATCH CLUSTER INSTALLATION INSTRUCTIONS" section.
I. Installing this Patch Cluster to a Live Upgrade Boot Environment
Before installing this patch cluster to an inactive Live Upgrade boot environment, it is
important those patches necessary to ensure the correct functioning of Live Upgrade areapplied to the required boot environments.
If the intent is use of Live Upgrade on a system that has non-global zones on UFSfilesystems and is running Solaris 10 8/07 (Update 4) or an earlier Solaris 10 Update
release, then it is recommended to install the Solaris 10 Live Upgrade Zones Starter Patch
Bundle. Installing the LU Zones Starter Patch Bundle will provide these systems with alevel of functionality sufficient to enable use of Live Upgrade without the need to apply
further patches to the active boot environment. The LU Zones Starter Patch Bundle is
available from the patch cluster download location on SunSolve.
It is generally recommended to review document 206844 before installing this patch
cluster to an inactive Live Upgrade boot environment. The document provides the mostcurrent information on those patches necessary to ensure the correct functioning of Live
Upgrade on various different system configurations.
When installing this patch cluster to an inactive boot environment, the install script maystop and notify the user of the need to invoke the script with the "--apply-prereq" flag to
ensure appropriate levels of various patches (including the patch utility patches) are
applied to the running system. The patch cluster will not install to an inactive boot
environment if the running system does not have these patches applied.
There is no need to bring the running system to single-user mode when installing this patch cluster to an inactive boot environment.
A discussion of how to use Live Upgrade to create and manage boot environments is
outside the scope of this document. The install script accompanying this patch cluster willnot create Live Upgrade boot environments. For information on how to use Live Upgrade
please see document "Solaris 10 Installation Guide: Solaris Live Upgrade and Upgrade
Planning.", available from:
http://docs.sun.com/app/docs/doc/820-0178
The following command installs this patch cluster to an inactive boot environment that
II. Installing this Patch Cluster to an Alternate Root
This patch cluster can be installed to an arbitrary alternate root. This mode of installation
is not recommended for general users, it is provided for advanced users who recognisesituations where this mode of installation is beneficial, and have a thorough
understanding of the additional complexities involved in setting up the alternate root.
When installing this patch cluster to an alternate root, the install script may stop and
notify the user of the need to invoke the script with the "--apply-prereq" flag to ensure
appropriate levels of various patches (including the patch utility patches) are applied to
the running system. The patch cluster will not install to an alternate root if the runningsystem does not have these patches applied.
There is no need to bring the running system to single-user mode when installing this
patch cluster to an alternate root.
The following command installs this patch cluster to an alternate root:
./installcluster -R <alternate_root_path>
For example, if an alternate boot environment has its root and all subordinate file systemsmounted under /mnt/altroot, the following command would be run:
# ./installcluster -R /mnt/altroot
III. Installing this Patch Cluster to the Active Boot Environment
Patching an inactive boot environment using either the "-B" Live Upgrade option, or the"-R" alternate root option is recommended over patching the active boot environment.
The following special warnings apply if this patch cluster is applied to the active boot
environment:
1. SINGLE USER MODEThe installation should be performed in single-user mode (run level S).
Depending on system configuration, it may be necessary to mount local filesystems before installing this patch cluster (for example, if a system configuration has zone roots
on a local filesystem that is not mounted in single-user mode). In most cases, onlining the
filesystem/local service will be sufficient to ensure the required filesystems are mounted.
This can be accomplished by running the following command:
Note that the install script may abort during the setup phase with an indefinite error
message if the required filesystems are not mounted. The exact error messaging can vary
from one system configuration to another - for illustrative purposes one example of suchmessaging follows:
# ./installcluster --s10cluster
Setup .zoneadm: /export/zones/z1s: No such file or directory could not verify zonepath
/export/zones/z1s because of the above errors.
zoneadm: zone z1s failed to verify
ERROR: Zone verification failed : unable to mount zone 'z1s'.
#
Should this problem occur, ensure local filesystems are mounted then reinvoke the installscript.
2. REBOOTS
Some patches specify in their README file that an immediate reboot or reconfiguration
reboot ('reboot -- -r') is required when they are applied to an active boot environment.
Generally, it is possible to complete patching operations before initiating the reboot, butnormal operations should not be resumed until the reboot is performed. In the rare case
where it is not possible to continue patching operations, the specific patches involved willcontain logic that prevents further patching operations until a reboot is performed. For further information, please see SunSolve document 249046 'Definitive interpretation of
the "rebootimmediate" and "reconfigimmediate" patch flags', available from:
The install script will stop installation of the patch cluster when an interim reboot is
required, and notify the user that a reboot is needed. The install script should bereinvoked after the reboot and patch cluster installation will resume. See "PATCH
CLUSTER INSTALLATION INSTRUCTIONS" for details of the messages that are
displayed. The factors that determine how many reboots are necessary are described below.
Depending on the starting patch level of the target system, up to two reboots are needed.If the active boot environment is running a kernel at a patch level below 118833-36, the
install script needs to be invoked TWO times, with a reboot after each invocation.
A reboot is necessary after applying patch 118833-36 because the patchadd command is
disabled and no further patches can be applied until the system is rebooted. This is a
safety device which is necessary due to the complexity of installing the code changesdelivered in kernel patch 118833-36 to an active boot environment.
Kernel patch 118833-36 is the kernel patch released shortly after the Solaris 10 11/06release (Solaris 10 Update 3). This patch delivers a significant amount of code change.
Some manual steps might be required in order to safely apply this patch. Please carefully
review the Special Install Instructions in the 118833-36 patch README.
Final reboot:
A reboot is required at the end of the patch cluster installation to ensure all changes are
activated.
3. ZONES MUST BE HALTED
If the active boot environment is running a kernel at a patch level of 118833-36 or above,all native non-global zones need to be halted before the patch cluster can be installed (in
the output of 'zoneadm list -cv,' halted zones are shown as being in the 'installed' state).
4. PATCHES UTILISING DEFERRED ACTIVATION PATCHING
The deferred activation patches included in the patch cluster are listed below:
Patch Details
120011-14: Solaris 10 8/07 (Update 4) kernel patch.127127-11: Solaris 10 5/08 (Update 5) kernel patch.
137137-09: Solaris 10 10/08 (Update 6) kernel patch.139555-08: Solaris 10 5/09 (Update 7) kernel patch.141444-09: Solaris 10 10/09 (Update 8) kernel patch.
142909-17: Solaris 10 9/10 (Update 9) kernel patch.
Please carefully review the Special Install Instructions in the README files of these
patches.
Deferred activation patching was introduced in the patch utilities during the course of theSolaris 10 8/07 release as a way of ensuring system consistency while patching an active
boot environment. Patches that need to be applied in deferred activation patching mode
will have the SUNW_PATCH_SAFE_MODE parameter set to true in their pkginfo files.Deferred activation patching utilizes loopback mounts (lofs) to mask the patched objects
until a reboot is performed.
Deferred activation patching is designed to enable subsequent patches to be applied before the reboot is initiated. If any subsequent patch directly or indirectly requires a
patch applied in deferred activation patching mode, the patch will also automatically be
applied in deferred activation patching mode by the patchadd command. Objects updated
using deferred activation patching will be activated upon reboot of the system.
A reboot is required after applying deferred activation patches, to activate the changes.
PATCH CLUSTER INSTALLATION INSTRUCTIONS:
1. Make sure the patch cluster has been expanded. See "PATCH CLUSTER
DESCRIPTION" section for more details.
2. Decide if you want to save backout data so that patches can be removed at a later date.
By default, the install script uses the patchadd command's default save mode to save a
copy of the objects being patched. This is the recommended option. Patches can only be
removed and the original objects restored if the default "save" feature is used when
installing this patch cluster.
You can override the "save" feature by using the "-d" flag when executing the install
script. Using the "-d" flag means that you will not be able to backout the patches. Thiswould be problematic if ever there was a need to remove a patch, therefore use of the "-d"
flag is not the recommended option.
3. Issue the following commands to Stop the voice system:
stop_vs
stop_wait
If local oracle is installed, issue the following commands to stop oracle:orastat
stop_ora oracle
Save the configuration of the current system to a single XML file.
save_conf
Flush all data from all UFS file systems to the disk before continuing:
If the patch cluster is installed on the active boot environment, the system may require
one or more interim reboots before completing installation. If a message similar to thefollowing is seen during installation, reboot the system and reinvoke the install script.
"The installation of this patch set has halted after applying patch 118833-36.
The machine must now be rebooted before further patches can be applied. Please rebootthe machine and rerun this script. For further details, see patch set README file."
Once the system is rebooted and the install script is reinvoked, installation of the patchcluster will continue.
6. If an unexpected error is encountered during the installation of this patch cluster, theinstall script will abort. Should this occur, the error must be investigated and the issue
resolved before proceeding further. More details about the causes of failure can be found
in the log files. The following log files are created during installation of the patch cluster:
This log file contains all patchadd output generated during the installation of the patch
cluster.
The individual patch log files can also be inspected under
/var/sadm/patch/<PatchID>/log.
If the patch cluster is installed either with the "-B" Live Upgrade option, or the "-R"
alternate root option, log files will reside in the inactive boot environment.
7. Reboot the system.
If this patch cluster is installed to an inactive boot environment using either the "-B" Live
Upgrade option or the "-R" alternate root option, then a reboot will be needed to activate
the inactive boot environment.
If the "-B" Live Upgrade option is used, then the luactivate command will need to be run,and either an init(1M) or a shutdown(1M) will be needed to complete activation of the boot environment. A reboot(1M) will not complete activation of a boot environment
following an luactivate.
If the "-R" alternate root option is used, it may be necessary to rebuild the boot archive in
the alternate root before booting the alternate root. The "-R" option can be used to patch
an alternate root in many different contexts however, and whether the boot archive
rebuild step is necessary, not necessary, or even undesirable very much depends on user intent and the circumstances of each individual case. For this reason, the install script
does not rebuild the boot archive. The decision and responsibility for rebuilding the boot
archive is left to the user. Rebuilding the boot archive in an alternate root can beaccomplished by running the following command:
Normal operations should not be resumed until the reboot is performed. Depending on
the starting patch level of the target system, interim reboots may also be required. The
install script will stop installation of the patch cluster when a reboot is required, andnotify the user that a reboot is needed. The install script should be reinvoked following an
interim reboot.
CLUSTER UNINSTALLATION INSTRUCTIONS:
1. The uninstall of the patch cluster should be performed in single-user mode (run levelS).
2. To remove the patch cluster execute the script "rm_cluster" in the patch cluster
directory.
3. If removing patches from an active boot environment, a reconfiguration reboot ('reboot
-- -r') is needed to deactivate certain objects which have been patched, such as the Kernel.
Some of these patches specify that a reboot must occur immediately after the patch isuninstalled on an active boot environment.
4. Atleast two reconfiguration reboots are necessary because no more patches can be
removed until the system is rebooted. All subsequent patches in this patch cluster will
fail to uninstall until the system is rebooted. To complete the patch cluster uninstallation,
perform a reconfiguration reboot of the system and then invoke rm_cluster script again.