Managing Oracle Solaris 10

Critical Patch Updates in CA

Patch Manager

Contents

Terminology ......................................................................................................................................... 3

Supported OS Release and Architecture ........................................................................................ 3

Supported content ............................................................................................................................. 3

Prerequisites ....................................................................................................................................... 4

Implementation .................................................................................................................................. 6

Installation Flow (Flow Chart) ........................................................................................................... 9

FAQ .................................................................................................................................................... 10

Reference links ................................................................................................................................ 11

Terminology Solaris is a UNIX operating system originally developed by Sun Microsystems. Oracle Solaris, as it is now

known, has been owned by Oracle Corporation since Oracle's acquisition of Sun in January 2010.

SPARC (from Scalable Processor Architecture) is a RISC instruction set (ISA) developed by Sun

Microsystems and introduced in mid-1987.

Patch: A patch contains a collection of files and directories. This collection replaces existing files and

directories that prevent proper execution of the software. Some patches contain product enhancements.

Package: The term package refers to the method of distributing software products and installing them in

systems. In its simplest form, a package is a collection of files and directories.

Critical Patch Updates (CPU) for Oracle Solaris is collection of security fixes. Critical Patch Update patches

are usually cumulative and installing these critical patch updates regularly keeps systems as secure,

integral, and highly available as possible. They are available to customers with valid support contracts.

They are released on the Tuesday closest to the 17th day of January, April, July and October.

Recommended Patchset for Oracle Solaris provides the minimum set of patches needed to address CPU

and Security Alert issues for Oracle Solaris. The patches contained in this patchset are considered the most

important and highly recommended patches for Solaris operating system. They provide the least amount of

change required to address known security, data corruption and availability issues.

Oracle Solaris Update Releases are full release images containing all available Oracle Solaris OS bug fixes,

as well as new features and support for new hardware. Patches are pre-applied into the release image.

Oracle Solaris Update Releases provide functionally rich, stable, and well-tested baselines on which to

standardize deployment.

Supported OS Release and Architecture CA Patch Manager Packages for Oracle Solaris supports the following OS releases and process

architecture.

Oracle Solaris 10 on SPARC architecture

Supported content

Oracle releases Critical Patch Updates on the Tuesday closest to the 17th day of January, April, July and

October. The package ‘Oracle Solaris 10 SPARC - Critical Patch Update - <Month> <Year>’ should be

available in CA Patch Manager in a week’s time from the vendor release date. Please note that this is

only an internal objective for the team.

Prerequisites

There are three prerequisites for deploying the ‘Oracle Solaris 10 SPARC - Critical Patch Update - <Month> <Year>’ package

1. IIS and ITCM Web Services must be installed on the corresponding Enterprise Servers (ES)/Domain

Managers (DM)/Scalability Servers (SS). Any server (ES/DM/SS) that has a Solaris agent pointing to it

(present or future) should have IIS and ITCM web services configured.

2. 'CA UPM Manual Download Function' patch in Patch Manager needs to be deployed to all servers

involved (all servers with Patch Manager installed or which could have Solaris agents pointing to them –

e.g., Scalability Servers, Domain Managers and Enterprise Servers. This is a generic package and only

needs to be deployed once.

Note: This step could be skipped if the patch has already been deployed earlier.

Once successfully installed, a virtual folder will appear under the Default Web Site in IIS called

‘manual_download’.

Also, a folder called “%UPM_HOME%\UPMdownloads” will be created on the Patch Manager server and all Scalability Servers (or Domain Manager/Enterprise Server machines) pushed to.

3. Manually download the required Critical Patch Update from the vendor site and place it in the folder

specified in the release notes of ‘Oracle Solaris 10 SPARC - Critical Patch Update - <Month> <Year>’ package.

Implementation Download the Critical Patch Update for Solaris 10 SPARC (for e.g. CPU of April 2014) from the Vendor’s site

https://support.oracle.com .

1. Accept and deploy the package ‘Oracle Solaris 10 SPARC - Critical Patch Update - April 2014’.

2. After the Critical Patch Update April 2014 for Solaris 10 is downloaded and unzipped, the agent will

boot in to the single user mode for the installation.

Note: On all the agents “wget” installation is mandatory as the agents download the Critical Patch

Update (CPU) from Scalability Server using wget. CPU will be downloaded and unpacked in

/var/spool, the minimum required space for CPU is approximately 5 GB in /var/spool. Note: As the Critical Patch Update for Solaris 10 SPARC is of more than 2GB in size, the older

versions of unzip may fail. The required version of unzip to unpack the files of more than 2GB is 6.00

and above.

https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&doctype=PROBLEM&id=10

20109.1

3. Live installation log will be displayed on the console.

4. Software detection post successful installation.

Note: The CA Patch Manager Solaris Critical Patch Update package does not support Zone systems.

Installation Flow (Flow Chart)

Reboot the agent in to the single user mode and installation of

the patch cluster

Download and Copy the Critical Patch Update for

Solaris 10 SPARC to the folder specified in the release notes on Scalability Server (Manual

Step)

Exit

Yes

No

Validate the prechecks

Update SD Job Out put

Copy the configuration files in to the required folders and start the

update process

Update Success

create the signature

Clean up and reboot the agent in to the multi user mode

Installation of the patch cluster in the single user mode

Reboot required

Exit

Yes

Yes

No

No

Deploy “Oracle Solaris 10 SPARC - Critical Patch

Update <MONTH> <YEAR>” on the agent

Start Pre-deployment Procedure

FAQ Q: What are Oracle Critical Patch Updates (CPUs)? A: Critical Patch Updates are collections of security fixes for Oracle products. They are available to customers with valid support contracts. http://www.oracle.com/technetwork/topics/security/alerts-086861.html Q: What is the release cycle for Oracle CPUs? A: Oracle CPUs are released on the Tuesday closest to the 17th day of January, April, July and October. Q: What is the publication goal for CA? A: CA Content Team is committed to publish the package to the customers in a week’s time from the

vendor release date. This, however, is only an internal objective for the team.

Q: Does Oracle have an FTP site to download patches?

A: No

Q: How do I access Critical Patch Updates for Oracle Solaris 10 SPARC? A: To access the CPUs,

Access the link https://support.oracle.com/CSP/ui/flash.html# In the patches and updates section search for “critical patch update for Solaris 10 SPARC” Download the required Critical Patch Update for Solaris 10 SPARC.

Q: Are there any prerequisites to deploy the “Oracle Solaris 10 SPARC - Critical Patch Update - <Month> <Year>” package? A: Yes.

1. “CA UPM Manual Download Function” package is required to be installed on the UPM Server. This package has been developed to handle dynamic download URLs by vendors like HP, Sun, IBM etc. http://www.ca.com/us/udm/upm/patch.aspx?uuid=1700ce5a-9444-466b-a692-fcbe5bdf8bde#section1

2. Critical Patch Update for Solaris 10 SPARC should be downloaded and copied in to the required folder specified in the release notes.

3. Installation of “wget” is mandatory on all the agents. 4. “unzip” version should be 6.0 or higher on all the agents.

Q. Where are the detailed logs to check for the CPU installation?

A: /var/sadm/install_data/

/opt/CA/CPU/SD/

Q. What about the single user mode patches?

A: As per the vendor’s recommendation and best practices, the installation of the patch cluster is initiated

in the single user mode.

Q. What about the required reboots?

A: Some patches need a reboot to complete the installation; the “Oracle Solaris 10 SPARC - Critical Patch

Update - <Month> <Year>” package has the required automation to take care of the intermediate reboots

that are required during the installation of the CPU. Post installation, a reconfiguration reboot will also be

done.

Reference links

Oracle Technology Network Patching Center

http://www.oracle.com/technetwork/systems/patches/overview/index.html

Oracle Solaris 10 Recommended Patching Strategy

http://www.oracle.com/technetwork/articles/servers-storage-admin/solaris-patching-strategy-

257476.pdf

Sun Patches and Updates Information Center https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1289614.1

How to find the Oracle Solaris Critical Patch Update (CPU) Patchsets, Recommended OS Patchsets for

Oracle Solaris https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1272947.1

White Paper - How to Upgrade and Patch with Oracle Solaris Live Upgrade

http://www.oracle.com/technetwork/server-storage/solaris10/solaris-live-upgrade-wp-167900.pdf

Critical Patch Updates, Security Alerts and Third Party Bulletin

http://www.oracle.com/technetwork/topics/security/alerts-086861.html