Print-friendly Version

Patching Solaris Using Sun xVM Ops Center 1.1

Shanthi Srinivasan, September 2008

This article describes the methods to patch Solaris Operating System using Sun xVM Ops Center 1.1.

Use the Sun xVM Ops Center 1.1 to patch the following Solaris OS versions on different platforms:

• x86 systems: Solaris 10

• SPARC systems: Solaris 8, 9 and 10

Introduction to Solaris Patches

Applying patches and updating your systems to the latest version is a complex and time-consuming process. Applying patches involves verifying patches before and after installation. It also involves methods to determine which patches are installed across the data center.

More time is required for installing patches and resolving any problems that might have been caused by the patch implementation. Sun tests patches extensively before releasing them, but every environment is unique. There are different patch conditions that exist for installing a patch.

The following are examples of how patching conditions can vary:

• Some patches need to be installed in a specific order or in conjunction with other patches.

• Some patches can be installed while the system is running and take effect immediately.

• Some patches become effective on system reboot.

• Some patches need to be installed in single user mode, possibly followed by a reboot.

• Some patches can only be installed if other patches are not installed or are removed.

Keeping track of all the conditions of patching gets complicated fast.

Sun provides Sun xVM Ops Center 1.1 as one of the solutions for patching and updating the Solaris OS.

Sun xVM Ops Center

Sun xVM Ops Center is a highly scalable data center automation tool that provides discovery, provisioning, updates, and management of physical and virtualized assets in the Linux and Solaris platforms on the x86 and SPARC environments. xVM Ops Center enables you to manage several systems simultaneously.

Using xVM Ops Center, you can perform the following functions:

• Discover and register your data center hardware and OS assets.

• Provision the OS on hardware assets.

• Update the Solaris and Linux operating systems.

• Manage and monitor hardware and OS assets.

• Generate compliance reports.

xVM Ops Center provides the Update module to manage and automate patching your assets.

For more information about Sun xVM Ops Center 1.1, see Sun xVM Information Exchange.

Update Module in xVM Ops Center

The Update module provides options to update your assets to latest patches, packages and incidents, and upload and manage local components. You can run different reports or create system catalogs to learn the exact state of the managed assets and then install the necessary patches and packages.

In Sun xVM Ops Center, you create jobs to automate processes such as installing patches, upgrading your components, and performing pre- and post-installation operations. You create update jobs to install the patches on a managed system. You can create a single job to run on one or multiple hosts.

To automate the patching process, you can schedule the update jobs to run in periodic intervals. For example, Sun releases Solaris baselines every month. You can schedule a job to install the monthly baselines to reduce the effort of creating patching plans.

You can simulate the patching job to resolve any dependencies for a patch. For example, if you need to install patch A, patch B should also be installed with patch A. In simulation mode, the required patches are downloaded and checked for sanity, but are not installed. The rules for patch compatibility are obtained from the knowledge base of the Sun hosted tier.

Supported Solaris OS Versions for Patching

You can use xVM Ops Center to patch the following Solaris OS versions:

• x86 systems: Solaris 10

• SPARC systems: Solaris 8, 9 and 10

Prerequisites for Patching Solaris OS

Before proceeding with an update job in the xVM Ops Center, check for the following prerequisites:

• xVM Ops Center Server (satellite) is connected to the Sun DataCenter.

• Sun Online Account username and password are provided while configuring the satellite to enable downloading of the patches.

• Managed assets are discovered and registered in xVM Ops Center.

• Update module is enabled for systems that require patching.

Patching the Solaris OS

You can use the following methods to patch the Solaris OS by using xVM Ops Center:

• Create baseline analysis reports and run compliance jobs

• Create host compliance reports and run compliance jobs

• Create custom update jobs to install patches

Baseline Analysis Reports

You can create baseline analysis reports based on the Solaris baselines. Depending on the results, you can create compliance jobs to install or uninstall a patch.

Solaris Baselines

A baseline is a dated collection of patches, patch meta data, and tools. Sun releases baselines for the Solaris OS on a monthly basis. When you install the patches of a baseline on a host, the host is considered compliant with that baseline. Using baselines enables you to easily check the patch level of your hosts. For example, to easily learn the patch level of your hosts, install some test hosts with a particular baseline. Test these hosts for a period of time to check if the patches in the baseline are stable enough to be used on your production hosts. If the testing reveals that the baseline is stable, you can install the same baseline that you tested on your production hosts.

You can modify a baseline to create a custom patch set by using black lists and white lists. A black list is a list of patch IDs that should not be installed on a managed host. A white list is a list of patch IDs that should be installed on a host.

Solaris baselines appear in the Components list in xVM Ops Center interface. The Solaris Baselines category contains a list of dated baselines.

Each dated baseline contains these three patch sets:

• Full: Includes the recommended patches for the specific Solaris OS version and the selected patches for other unbundled Sun products, such as Java 2 Platform, Standard Edition (J2SE platform), Sun Cluster software, and Solaris Volume Manager software.

• Recommended: Includes the Solaris OS recommended patches for the specific OS version.

• Security: Includes all the security patches, including the platform specific patches and patches for other Sun products, such as J2SE platform and Sun Cluster software. The Security baseline is not a subset of the Recommended baseline.

Note - The Full baseline often contains Solaris OS patches that are not included in the Recommended baseline. The Full baseline includes additional patches based on feedback from various customer support groups within Sun. All baselines include patches for a specific time. To install the Recommended and Security baselines, you either need to deploy two jobs, or run a job that includes multiple tasks.

Types of Baseline Analysis Report

While creating a baseline analysis report, you can select how the baseline analysis report needs to be generated.

• Run report against database: The report is run against the information that is available in the database for the host. The dependency checks for any patch installation are not carried out. Dependency checks are carried out only when you create a compliance job to install the patches. This report is generated faster than the report run against the host.

• Run report against actual agent: A simulated job is run against the selected hosts. The dependency checks are done for all patches and resolved, and the patches are downloaded to the host. This job takes more time to complete because it resolves any dependency issues and downloads the patches. This report takes more time to generate as it requires time to check dependencies and download the patches.

Creating Baseline Analysis Report

The Baseline Analysis Report provides information about the hosts that are compliant with a baseline OS.

Perform the following steps to create a Baseline Analysis Report:

1. Log in to the Sun xVM Ops Center interface.

2. Select UpdateChannel from the Updates menu.

   The UpdateChannel window appears.

3. Select Run Baseline Analysis Report from the Reports menu.

   The Baseline Analysis Report wizard appears. Complete the wizard steps to generate the report.

Viewing Baseline Analysis Report Results

Only the Baseline Analysis Report results are stored in the xVM Ops Center server.

Use the following procedure to view the report results:

1. Log in to the Sun xVM Ops Center interface.

2. Select UpdateChannel from the Updates menu.

   The UpdateChannel window appears.

3. Select View All Reports option from the Reports menu.

   The saved reports and results of all the Baseline Analysis Report are displayed.

4. In the Report Results section, select the required report and click View Results.

   The report summary and the analysis report for each selected host are listed.

5. From the list of reports, select the host for which you want to view the result.

   The report for the host is displayed. The report lists the patch number, the install or uninstall operation required, and the link to the patch information in the SunSolve web site.

6. To install the patches, click Run Compliance Job.

   The Create Job wizard appears.

   Complete the wizard steps to install or uninstall the patches.

See Baseline Analysis Report for more information.

Host Compliance Reports

This report provides information about the hosts that are compliant or noncompliant to security and bug-fix updates. Run this report after registering a managed host with xVM Ops Center. The host compliance report provides a complete list of patches that need to be installed on the managed host.

Use the following procedure to create a Host Compliance Report:

1. Log in to the Sun xVM Ops Center interface.

2. Select UpdateChannel from the Updates menu.

   The UpdateChannel window appears.

3. Select Host Compliance Report from the Reports menu.

   The Host Compliance Report creation wizard appears. Complete the wizard steps to generate the report.

4. If you have opted for a noncompliant patch report, click Install Patches in the report result to download and install the patches on the target host.

Customizing Update Jobs to Install Patches

You can customize the update job options such as profile, policy, run modes and failure policies. Profiles describe mandatory and optional components to install and the action to perform on a system. You can either create your own custom profiles or select the predefined profiles provided by xVM Ops Center. Use the predefined profiles such as Check Security, Check Systems and Check Withdrawn Patches to install or remove Solaris OS patches.

Policies define how a job should be performed and set the automation level of the job. Select the appropriate policies to handle the patch dependencies.

See Profiles and Policies in Sun xVM Information Exchange for more information.

Creating an Update Job

Create an update job to install a particular set of patches.

Use the following procedure to create an update job:

1. Log in to the Sun xVM Ops Center interface.

2. Select UpdateChannel from the Updates menu.

   The UpdateChannel window appears.

3. Choose New Jobs from the Jobs menu.

   The Create Job wizard appears.

4. Complete the wizard steps to create a customized update job for your system.

Depending on the policy, the update job proceeds to download and install the patches.

To view the status of an update job, select Job Summary from the Core Services menu in the xVM Ops Center interface. Look for more information about Job Management to manage update jobs.

Sun xVM Ops Center helps you to determine whether the systems are up to date, and choose the right patches to be applied to the systems. It automates the patching of Solaris OS, increases the availability and utilization of the systems and minimizes the downtime. These capabilities lead to better management of your data center.

For More Information

Here are additional resources.

Solaris OS Resources

• BigAdmin web applications and device lists:
  • Hardware Compatibility Lists for Solaris OS
  • Hardware Certification Test Suite
  • Solaris 10 Applications Library
  • Sun's Device Detection Tool
  • Installation Check Tool
  • Device and Third-party Solaris Device Driver Reference Lists
• BigAdmin Solaris technology resource centers:
  • Solaris Information Center
  • Solaris Patching Center
  • Solaris 10 Upgrade Resources for System Administrators
  • Solaris Containers (Zones)
  • Logical Domains (LDoms)
  • DTrace
  • ZFS
  • Predictive Self-Healing
  • Solaris 8 Vintage Support
• BigAdmin Solaris resource collections (which include community submissions):
  • Solaris resource collection
  • Solaris 10 resource collection
  • Solaris 9 resource collection
  • Solaris 8 resource collection
  • Solaris on x86 resource collection
• Discussions, such as the Solaris OS forums
• BigAdmin Operating System wiki page

Sun Virtualization Resources

• Sun Ops Center Information Exchange for Sun Ops Center 2.5
• Sun xVM Ops Center Information Exchange (for releases before Ops Center 2.5)
• Sun Virtualization web site
• Solaris Containers web site
• Information for system administrators on BigAdmin:
  • Virtualization Hardware Compatibility List
  • Virtualization Resource Center
  • Virtualization Resource Collection (includes third-party resources)
  • Sun Docs articles (on virtualization and other topics)
• BigAdmin Virtualization wiki page

General Sun Links

• Sun download site
• Sun training courses web site
• Discussions, such as Sun forums and the BigAdmin Discussions collection
• Product documentation at http://docs.sun.com and the Documentation Center
• Sun wikis, such as the Sun BluePrints wiki and the BigAdmin wiki
• Support:
  • Sun resources:
    • Register your Sun gear
    • Services
    • SunSolve Online
  • Community system administration experts

Unless otherwise licensed, code in all technical manuals herein (including articles, FAQs, samples) is provided under this License.