Like many others, i am a big fan of live upgrade when it comes to upgrading patching solaris. To patch solaris 10 update 10 or any other solaris 10 version. Jan 26, 2016 in the patch system test lab, we currently have solaris 10 systems with 7gb used in var and this will continue to grow over the lifetime of solaris 10. Oracle patches solaris 10 hole exploited by nsa spyware tool. Here a notes for solaris 10 patching update that can be used as reference. To minimize the cost, while maintaining a reasonable level of risk sun provides recommended patch clusters which is the most common patching solution for enterprise so called blind patching. Its recommended by sun to upgrade the lu package to the highest version before proceeding with its usage. And when we are doing it online, it involves much more than just running patchadd commands.
Solaris recommended patch clusters do not upgrade solaris to the next. Published on sep 10, 2015 system patching one of the important job responsibility for solaris administrator. This post is for the system admins who still wants to use the traditional method of patching for whatever reason they want to. But we have to make sure backup everything include create zfs snapshot and splitting zfs mirror for rollback plan. Sun have done some work in recent times with liveupgrade the last time i looked at it, a few years back now, it was rubbish. He will be surprised to find out how simple it can be to manage patching in solaris 10 when he meets our mysterious. The example system we will be using has svm based mirrored root. The patch set will complete installation in this session. I have spacewalk implemented in my environment to manage patches for all linux servers.
For you information,from solaris 11 onward,zfs will be the default root. I think a lot of the things i used to dislike about patching sun systems are on their way out. Jul 03, 2012 solaris os patching has been moved far away from the traditional methods from solaris 10 onwards. Oracle technical paperoracle solaris 10 recommended patching strategy 3 apply updates for thirdparty and homegrown software and hardware. If you think solaris patching is a complete nightmare, have a bit of spare time on your hands dont worry, you can still check emails etc and really want to get up speed on suns best practices for patching on solaris 10, then check out the free solaris 10 patching best practices ws2700s10 training course. The solaris 10 operating system solaris 10 os was originally released in march. While this strategy does address patching issues and compliance issues, it also. We no need to bring down the server to single user mode if you are using live upgrade method during pathing and b efore choosing live upgrade,make sure you are using zfs as a root filesystem. Patch management for solaris 10 server oracle community.
Nov 25, 2009 free solaris 10 patching best practices training. Apr 19, 2017 in other words, oracle patched the remote root hole now dubbed cve20173623 back in january 2012 for solaris 10, and solaris 11 is not affected. Heres a document and a corresponding presentation ive written describing the oracle solaris 10 recommended patching strategy. Solaris recommended patch clusters do not upgrade solaris to the next minor revision, for example from 0404 to 0408, you stay on the same revision as you was. If the server owner or applicationdb teams is requesting you to patch the solaris 11, you have to update the system using pkg commands. During the solaris 10 extended support period, the updates to the recommended patchsets will contain patches that require a solaris 10 extended support contract, so the solaris 10 recommended patchsets will also require a solaris 10 extended support contract during this period. This operation is much easier than solaris 10 os patch bundle installation. If you have any queries about patching, why not post them on the oracle solaris install, booting, and patching. Sep 16, 2011 general procedure for kernel patching in solaris. Because im excited about the approach sun is recommending. Therefore, new features in the release that depend on new packages introduced in a release are not available in the patch bundle.
Here a notes for solaris 10 patching update that can be used as reference and i hope it is useful. Now that some of the systems i have to regularly patch are solaris 10 ones, i have to get used to the new patch return codes which one can see when applying one of the suns recommended patchsets. Its free, so even in the current climate of slashed. In other words, you have to update the system instead of the patching it. Recovering space in var used for saved backout data. The patch bundle does not include the new packages contained in the oracle solaris 10 508 release. The solaris 10 811 update 10 patchset is now available from my oracle support. This book is for anyone who is responsible for administering one or more systems that run the oracle solaris operating system os.
If you havent already seen it, suns online learning center has a new course. Can someone guide me through correcting this problem. Solaris live upgrade consists of a set of tools that enable users to create an alternate boot environment that is a mirror copy of the current boot partition and then patch the newly created boot partition prior to making it. This document, security configuration benchmark for solaris 10 1106 through 10 09, was specifically designed to address the recommended security settings included in solaris 10 1106 update 3 through solaris 10 10 09 update 8 running on x86 or sparc platforms. My question is, 1should i halt all nonglobal zone before beginning the installation or i should leave them running and perform the install. Applets dying after installing patch cluster for solaris 10.
They contain a number of links to resources which i hope you will find useful. Install the current sun update connection client on the solaris 10 system that will. Sun used to say patch when you encounter issues, ive always disagreed with that. Target boot environment not identified as being solaris 10. An alternative maintenance regime that takes precedence over this strategy may be prescribed for specific systems. Jan 06, 2011 heres a document and a corresponding presentation ive written describing the oracle solaris 10 recommended patching strategy. We no need to bring down the server to single user mode if you are using live upgrade method during pathing and before choosing live upgrade,make sure you are using zfs as a root filesystem. Basic administration, with a chapter on managing solaris patches. Like many others, i am a big fan of live upgrade when it comes to upgradingpatching solaris. Recommended strategy a white paper sun microsystems, inc. Readme will contain special instructions regarding the patches and also its always good to read the kernellibrary patches readme file. Patch management involves applying solaris patches and software updates to a.
Archived quarterly as the oracle solaris 10 critical patch update. If thats not possible, then another idea was to install the few patches that can be unzipped and then reboot and try the unzip again. Sep 17, 2015 regarding to oracle security alert cve list, we need to apply solaris recommended bundle patch instead of apply one by one patch. Oracle solaris 10 with the release of the october 2018 solaris 10 extended support recommended patch set, you can now run solaris 10 in oracle cloud. The oracle solaris 10 patch utility patches are 119254% sparc and 119255 %. But cant i manage all solaris server from single point rather than logging into each and every server for applying the pactches. Some customers have adopted a policy of periodically applying the current recommended patch cluster to a system. Solaris live upgrade consists of a set of tools that enable users to create an alternate boot environment that is a mirror copy of the current boot partition and then patch the newly created boot partition prior to making it live. Solaris solaris 10 recommended patching strategy 2 recommended patching strategy for oracle solaris 10 the following is the recommended patching strategy for oracle solaris 10. Free solaris 10 patching best practices training cols tech.
Kindly let me know the best practices for managing the solaris server for patching. Note that bug fixes for some thirdparty or communitybased software delivered as part of oracle solaris may be provided through package upgrades rather than patches. We are getting multiple requests for solaris kernel patching procedure from many of your gurkul followers. Make sure you have the latest backup of the system and also the outputs of important configuration from the server like boot disk, total number of hard. Oracle enterprise manager ops center 11g them to patch.
The solaris 10 operating system solaris 10 os was originally released in march 2005 and has since undergone several updates. Oracle technical paperoracle solaris 10 recommended patching strategy 1 introduction this document provides an overview of the recommended patching strategy for the oracle solaris 10 operating system os. Jul 08, 20 there are many ways to apply patches on solaris. This section will focus on the recommended strategies proposed by sun microsystems and red hat. In the patch system test lab, we currently have solaris 10 systems with 7gb used in var and this will continue to grow over the lifetime of solaris 10. The recommended method of proactively applying patches is to use solaris live upgrade. I am trying to present the simple patching procedure when our disks are under solaris volume manager control, svm. I am new to solaris and i need some assistance on applying patches for solaris server in our environment. This article describes the process of applying a solaris recommended patch cluster, or patchset as it is now called. There are two type of repositories are available in oracle.
Solaris os patching has been moved far away from the traditional methods from solaris 10 onwards. Documents in the solaris 10 system administrator collection, for example, the system administration guide. This procedure applies only to solaris 10 servers that have no zones or boot environments configured. Oracle solaris patch update oracle content marketing.
As a first step, download the recommended patch cluster from the my oracle support mos site. For servers with solaris 10 os at, or near, update 1 106 or update 2 606, if nonglobal zones are already configured. Their cadence will typically be dictated by your business constraints. Today i am going to show you 2 things1 download patchset from oracle support and apply it on solaris 10 machine. Each oracle solaris 10 update release since oracle. If there is insufficient space in var of an existing system, the recommended solution is to extend the size of the var partition. Setup recommended os patchset solaris 10 sparc 2011. While this strategy does address patching issues and compliance issues, it also introduces more change to the system than is necessary. Chapter 21 managing solaris patches by using the patchadd. Seite 3, solaris patch management best practices, doag sig 201110.
Solaris 10 server patching linux administration blog. I had this problem with the jan 2009 solaris 10 sparc recommended patches and solved it by running unzip on my linux redhat box and then rcping the files over to my solaris box. Recommended patching strategy for oracle solaris 10. For you information,from solaris 11 onward,zfs will be the default root filesystem. Basic administration, with a chapter on managing solaris patches sun update connection enterprise document collection sun explorer document collection solaris 10 807 installation guide.
Patching solaris 10 on servers with nonglobal zones by ramdev published october 26, 2011 updated july 2, 2015 for servers with solaris 10 os at, or near, update 1 106 or update 2 606, if nonglobal zones are already configured and running, patching these servers at single user mode will encounter issues. Its similar to the solaris 89 patchset installation codes, but there are more codes added to the list. Recommended strategy documents in the solaris 10 system administrator collection, for example, the system administration guide. How to apply a solaris recommended patch cluster solaris. There are several strategies for handling patch management, some of which have been alluded to in previous sections. While this strategy does address all sun alert issues, it also introduces more changes to the system than is. Solaris 10 os patching using liveupgrade unixarena. Patching solaris 10 on servers with nonglobal zones. May 19, 2009 solaris 10 patch return codes may 19, 2009 by gleb reys 4 comments now that some of the systems i have to regularly patch are solaris 10 ones, i have to get used to the new patch return codes which one can see when applying one of the suns recommended patchsets. Ive written about this before, however now that sun has been bought by oracle i am curious if it changes other patching strategy, as it has adjusted my thoughts on it just a little bit from my previous stance. However, any change to the preexisting code is delivered in the patch bundle. Indeed, solaris 10 patches leverage this intensive testing twice. Solaris 10 recommended patching strategy oracle solaris blog.
The book covers a broad range of solaris system administration topics such as managing user accounts, diskless clients, booting a system, using the service management facility smf, and managing software and patches. I would like to patch the server by installing the recommended patch cluster from oracle solaris 10. I have solaris 10 sparc server with two nonglobal zoneone is whole zone and the other is sparse zone. Regarding to oracle security alert cve list, we need to apply solaris recommended bundle patch instead of apply one by one patch. The recommended patch clusters reflect the current version of all the patches required to address the sun alert issues. Sun update connection enterprise document collection. Oracles recommended patching strategy is covered in the document solaris patch management. Jan 10, 2008 indeed, solaris 10 patches leverage this intensive testing twice. Patching a live solaris 10 system with lu, zfs, and pca.
796 1388 621 93 507 791 1093 618 1421 60 1335 959 943 684 1342 1346 179 186 1054 107 196 936 199 265 790 710 1161 395 325 20 1223 326 216 1125 857