Monday, 15 October 2012

Solaris Patching Procedure



What is patch?
A patch fixes problems that prevent the proper execution of software. It is a collection of files and directories that replaces or updates existing files/binaries and directories.
Types of patches:
  • Standard Patches: Patches that fix problems with the Solaris OS and other SUN Hardware and Software products
  • Recommended Patches: Solaris OS patches that fix problems that might occur on a large percentage of systems. These include recommended security patches.
  • Firmware and PROM patches
  • Patch clusters: A groups of standard, recommended, security, or Y2K patches that have been bundled into a single archive for easy downloading and installation.

Ex: 105050-01           







 
             Patch number       revision number
More patch definations:
Patches are categorized into the following types:
  • Critical: An E-Business Suite patch which is necessary for smooth functioning of the application. Critical patches should be installed immediately. Critical patches are always recommended.
  • General: A patch which is not in any other classification, typically these are one-off patches which solve a specific business issue for a customer.
  • Recommended: Any Critical, Security, Legislative and Recommended patches. It is highly recommended that users apply all recommended patches. .
  • Security: Patches that address security vulnerabilities in a product.
  • Legislative: These patches are necessary for accurate calculation of values which might have changed over time in the application (for example, tax tables for the new year, or withholding calculations for salaries).
  • Superseded: A patch that has been replaced by a more recent patch. The Superseded region lists the superseded patch and the replacement patch. You should use the replacement patch. 
    Note: You can search for a superseded patch if you know the bug number or patch ID. In addition, a product search will find a superseded patch.
  • Obsolete: A patch that has been retired. Use the patch listed under Replacement Options.
    Note: You can search for an obsolete patch if you know the bug number or patch ID. Product searches do not find obsolete patches.
What is IDR (inter Diagnostic or relief)?
These are the customized patches provided by oracle (Formally Sun Microsystems), and also it is a temporary workaround solution for the issues but not a permanent fixes. These patches start with IDR.
Ex: IDR1153429-01
What is T-Patch?
T-patch is a Test Patch, and Oracle will provide T-patch when the organization having high priority issues with any specific bug and needs quick resolution.
General Procedure for Patching
  1. We need to prepare patch document procedure with back-out plan, and needs to get the approval by change management. Once we get the approval, we can start our change in scheduled window
  2. Before going to take the patch, first we need to take the backup of critical file systems like
    • /etc/system
    • /etc/vfstab
    • /etc/mnttab
    • df –h
    • echo|format
    • uptime

  1. Check the existing patch version using
#showrev –p
Or
#patchadd –p
Or
#uname –a [if it is kernel patch]
  1. Check /var/tmp directory space for our required patch
NOTE: In general we used to get patch problems by permissions issue. Hence we need to install the patches from /var/tmp [it contains 777 permission with stiky bit]. If in case of cluster patch we need more space to copy and run that patch. Here we can copy and run from any other directory, but make sure that directory permission should be 777
  1. Download the patch from https://support.oracle.com by selecting  HTML(New) option (or) supporthtml.oracle.com in “patches&update” tab by selecting “product, release,patchset” to our desktop and upload it into the /var/tmp directory.
NOTE: Before downloading our patch from MOS, we need to check our platform bit version by using
#isainfo -b
  1. Before going to patch installation, we must read the “ReadMe.txt” file for more details
  2. If system is in root mirroring, needs to detach one sub-mirror and then reboot the system into single user mode for patching
#shutdown –y –g0 –i1
  1. Now we can patch the system by using patchadd command
#patchadd 119202-46
  1. Once patch installation has completed, down the server into OBP prompt, and run reconfiguration reboot
#init 0
Ok>boot –r
  1. Once system comes back to desired run-level, needs to compare all backed-up files with new files.
  2. Check the “uptime” values, if it is more, then needs to check CPU utilization, if it is >60%
Put the server in observation for 3 days, if it’s not come down, needs to remove the patch by using
#patchrm 119202-46
 
         Patch logs: /var/sadm/install_data/solaris_10_recommended_log
                     Patch errors:
0
No error
1
Usage error
2
Attempt to apply a patch that's already been applied
6
Patch is obsolete
8
Attempting to patch a package that is not installed


Posted by at

No comments:

Post a Comment

Note: only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)