how to manage oracle solaris 10 critical patch updates in ... · pdf filemanaging oracle...
TRANSCRIPT
Managing Oracle Solaris 10
Critical Patch Updates in CA
Patch Manager
Contents
Terminology ......................................................................................................................................... 3
Supported OS Release and Architecture ........................................................................................ 3
Supported content ............................................................................................................................. 3
Prerequisites ....................................................................................................................................... 4
Implementation .................................................................................................................................. 6
Installation Flow (Flow Chart) ........................................................................................................... 9
FAQ .................................................................................................................................................... 10
Reference links ................................................................................................................................ 11
Terminology Solaris is a UNIX operating system originally developed by Sun Microsystems. Oracle Solaris, as it is now
known, has been owned by Oracle Corporation since Oracle's acquisition of Sun in January 2010.
SPARC (from Scalable Processor Architecture) is a RISC instruction set (ISA) developed by Sun
Microsystems and introduced in mid-1987.
Patch: A patch contains a collection of files and directories. This collection replaces existing files and
directories that prevent proper execution of the software. Some patches contain product enhancements.
Package: The term package refers to the method of distributing software products and installing them in
systems. In its simplest form, a package is a collection of files and directories.
Critical Patch Updates (CPU) for Oracle Solaris is collection of security fixes. Critical Patch Update patches
are usually cumulative and installing these critical patch updates regularly keeps systems as secure,
integral, and highly available as possible. They are available to customers with valid support contracts.
They are released on the Tuesday closest to the 17th day of January, April, July and October.
Recommended Patchset for Oracle Solaris provides the minimum set of patches needed to address CPU
and Security Alert issues for Oracle Solaris. The patches contained in this patchset are considered the most
important and highly recommended patches for Solaris operating system. They provide the least amount of
change required to address known security, data corruption and availability issues.
Oracle Solaris Update Releases are full release images containing all available Oracle Solaris OS bug fixes,
as well as new features and support for new hardware. Patches are pre-applied into the release image.
Oracle Solaris Update Releases provide functionally rich, stable, and well-tested baselines on which to
standardize deployment.
Supported OS Release and Architecture CA Patch Manager Packages for Oracle Solaris supports the following OS releases and process
architecture.
Oracle Solaris 10 on SPARC architecture
Supported content
Oracle releases Critical Patch Updates on the Tuesday closest to the 17th day of January, April, July and
October. The package ‘Oracle Solaris 10 SPARC - Critical Patch Update - <Month> <Year>’ should be
available in CA Patch Manager in a week’s time from the vendor release date. Please note that this is
only an internal objective for the team.
Prerequisites
There are three prerequisites for deploying the ‘Oracle Solaris 10 SPARC - Critical Patch Update - <Month> <Year>’ package
1. IIS and ITCM Web Services must be installed on the corresponding Enterprise Servers (ES)/Domain
Managers (DM)/Scalability Servers (SS). Any server (ES/DM/SS) that has a Solaris agent pointing to it
(present or future) should have IIS and ITCM web services configured.
2. 'CA UPM Manual Download Function' patch in Patch Manager needs to be deployed to all servers
involved (all servers with Patch Manager installed or which could have Solaris agents pointing to them –
e.g., Scalability Servers, Domain Managers and Enterprise Servers. This is a generic package and only
needs to be deployed once.
Note: This step could be skipped if the patch has already been deployed earlier.
Once successfully installed, a virtual folder will appear under the Default Web Site in IIS called
‘manual_download’.
Also, a folder called “%UPM_HOME%\UPMdownloads” will be created on the Patch Manager server and all Scalability Servers (or Domain Manager/Enterprise Server machines) pushed to.
3. Manually download the required Critical Patch Update from the vendor site and place it in the folder
specified in the release notes of ‘Oracle Solaris 10 SPARC - Critical Patch Update - <Month> <Year>’ package.
Implementation Download the Critical Patch Update for Solaris 10 SPARC (for e.g. CPU of April 2014) from the Vendor’s site
https://support.oracle.com .
1. Accept and deploy the package ‘Oracle Solaris 10 SPARC - Critical Patch Update - April 2014’.
2. After the Critical Patch Update April 2014 for Solaris 10 is downloaded and unzipped, the agent will
boot in to the single user mode for the installation.
Note: On all the agents “wget” installation is mandatory as the agents download the Critical Patch
Update (CPU) from Scalability Server using wget. CPU will be downloaded and unpacked in
/var/spool, the minimum required space for CPU is approximately 5 GB in /var/spool. Note: As the Critical Patch Update for Solaris 10 SPARC is of more than 2GB in size, the older
versions of unzip may fail. The required version of unzip to unpack the files of more than 2GB is 6.00
and above.
https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&doctype=PROBLEM&id=10
20109.1
3. Live installation log will be displayed on the console.
4. Software detection post successful installation.
Note: The CA Patch Manager Solaris Critical Patch Update package does not support Zone systems.
Installation Flow (Flow Chart)
Reboot the agent in to the single user mode and installation of
the patch cluster
Download and Copy the Critical Patch Update for
Solaris 10 SPARC to the folder specified in the release notes on Scalability Server (Manual
Step)
Exit
Yes
No
Validate the prechecks
Update SD Job Out put
Copy the configuration files in to the required folders and start the
update process
Update Success
create the signature
Clean up and reboot the agent in to the multi user mode
Installation of the patch cluster in the single user mode
Reboot required
Exit
Yes
Yes
No
No
Deploy “Oracle Solaris 10 SPARC - Critical Patch
Update <MONTH> <YEAR>” on the agent
Start Pre-deployment Procedure
FAQ Q: What are Oracle Critical Patch Updates (CPUs)? A: Critical Patch Updates are collections of security fixes for Oracle products. They are available to customers with valid support contracts. http://www.oracle.com/technetwork/topics/security/alerts-086861.html Q: What is the release cycle for Oracle CPUs? A: Oracle CPUs are released on the Tuesday closest to the 17th day of January, April, July and October. Q: What is the publication goal for CA? A: CA Content Team is committed to publish the package to the customers in a week’s time from the
vendor release date. This, however, is only an internal objective for the team.
Q: Does Oracle have an FTP site to download patches?
A: No
Q: How do I access Critical Patch Updates for Oracle Solaris 10 SPARC? A: To access the CPUs,
Access the link https://support.oracle.com/CSP/ui/flash.html# In the patches and updates section search for “critical patch update for Solaris 10 SPARC” Download the required Critical Patch Update for Solaris 10 SPARC.
Q: Are there any prerequisites to deploy the “Oracle Solaris 10 SPARC - Critical Patch Update - <Month> <Year>” package? A: Yes.
1. “CA UPM Manual Download Function” package is required to be installed on the UPM Server. This package has been developed to handle dynamic download URLs by vendors like HP, Sun, IBM etc. http://www.ca.com/us/udm/upm/patch.aspx?uuid=1700ce5a-9444-466b-a692-fcbe5bdf8bde#section1
2. Critical Patch Update for Solaris 10 SPARC should be downloaded and copied in to the required folder specified in the release notes.
3. Installation of “wget” is mandatory on all the agents. 4. “unzip” version should be 6.0 or higher on all the agents.
Q. Where are the detailed logs to check for the CPU installation?
A: /var/sadm/install_data/
/opt/CA/CPU/SD/
Q. What about the single user mode patches?
A: As per the vendor’s recommendation and best practices, the installation of the patch cluster is initiated
in the single user mode.
Q. What about the required reboots?
A: Some patches need a reboot to complete the installation; the “Oracle Solaris 10 SPARC - Critical Patch
Update - <Month> <Year>” package has the required automation to take care of the intermediate reboots
that are required during the installation of the CPU. Post installation, a reconfiguration reboot will also be
done.
Reference links
Oracle Technology Network Patching Center
http://www.oracle.com/technetwork/systems/patches/overview/index.html
Oracle Solaris 10 Recommended Patching Strategy
http://www.oracle.com/technetwork/articles/servers-storage-admin/solaris-patching-strategy-
257476.pdf
Sun Patches and Updates Information Center https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1289614.1
How to find the Oracle Solaris Critical Patch Update (CPU) Patchsets, Recommended OS Patchsets for
Oracle Solaris https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1272947.1
White Paper - How to Upgrade and Patch with Oracle Solaris Live Upgrade
http://www.oracle.com/technetwork/server-storage/solaris10/solaris-live-upgrade-wp-167900.pdf
Critical Patch Updates, Security Alerts and Third Party Bulletin
http://www.oracle.com/technetwork/topics/security/alerts-086861.html