Using Solaris Live Upgrade (LU) to patch CPU patch cluster.Generally CPU OS patch cluster will take more time to complete the patching activity dependence on the running kernel patch level. Coz this server might patch very long back so it will increase server maintenance downtime. To avoid this situation SUN / Oracle has released new feature, that is called "LIVE UPGRADE (LU)" from Solaris 10 onward.
The main advantages of Live upgrade is minimizing the downtime of server outage and easy to rollback the changes. As well as we can patch the server with out booting server in to single user mode aka maintenance mode , because we are patching the server in alternate boot environment usually call as (ABE), also while create ABE it will take backup of OS as well, which will help you when rollback is demand.
--> Already I have posted for LU creation producer , please refer this LU Creation link for same.
Solaris Live Upgrade Procedure for Patching:
bash-3.2# lustatus
Boot Environment Is Active Active Can Copy
Name Complete Now On Reboot Delete Status
-------------------------- -------- ------ --------- ------ -----
s10x_u10wos_17b yes yes yes no -
SOL10-MARCH-2014 yes no no yes -
bash-3.2#
bash-3.2# ./installcluster --s10patchset -B SOL10-MARCH-2014
Installing this patch set to an alternate boot environment first requiresthe live boot environment to have patch utilities and other prerequisite patches at the same (or higher) patch revisions as those delivered by this patch set.
The required prerequisite patches can be applied to the live bootenvironment by invoking this script with the '--apply-prereq' option, ie.
./installcluster --apply-prereq --s10patchset
bash-3.2#
As per above output installing prerequisite patches:
bash-3.2# ./installcluster --apply-prereq --s10patchset
Setup ........................................
CPU OS Patchset 2013/04 Solaris 10 x86 (2013.03.29)
Application of patches started : 2014.03.05 01:43:24
Application of patches finished : 2014.03.05 01:43:25
Insufficient free swap available to complete installation of thispatch set.Additional free swap is required to proceed applying further patches.To increase the available free swap, either add new storage resources to swap pool, or reboot the system. This script may then be rerun to continue installation of the patch set.
Install log files written :
/var/sadm/install_data/s10x_rec_patchset_short_2014.03.05_01.43.24.log
/var/sadm/install_data/s10x_rec_patchset_verbose_2014.03.05_01.43.24.log
bash-3.2#
The prerequisite patches installation got failed due to insufficient swap size. Let me create swap space and start patching activity again.Check the current swap size and add more swap space:
1st creating 4GB zfs volume (emulated volume). Note - It is not a dataset
2nd adding swap volume size by swap -a command
3rd checking the size of whole swap space
bash-3.2# swap -l
swapfile dev swaplo blocks free
/dev/zvol/dsk/rpool/swap 181,1 8 1572856 1535752
bash-3.2#zfs create -v 4g rpool/swap1
bash-3.2#swap -a /dev/zvol/dsk/rpool/swap1
bash-3.2#swap -l
swapfile dev swaplo blocks free
/dev/zvol/dsk/rpool/swap 181,1 8 1572856 1533880
/dev/zvol/dsk/rpool/swap1 181,3 8 8388600 8388600
bash-3.2#
After added swap space now let me install prerequisite patches first then will go for OS patch bundle installation:bash-3.2#./installpatchset --apply-prereq --s10patchset
Setup .................................
CPU OS Patchset 2013/04 Solaris 10 x86 (2013.03.29)
Application of patches started : 2014.03.06 20:32:13
Applying 120901-03 ( 1 of 11) ... skipped
Applying 121334-04 ( 2 of 11) ... skipped
Applying 119255-88 ( 3 of 11) ... success
Applying 119318-01 ( 4 of 11) ... skipped
Applying 121297-01 ( 5 of 11) ... skipped
Applying 138216-01 ( 6 of 11) ... skipped
Applying 147062-01 ( 7 of 11) ... skipped
Applying 148337-01 ( 8 of 11) ... success
Applying 146055-07 ( 9 of 11) ... success
Applying 142252-02 (10 of 11) ... skipped
Applying 125556-12 (11 of 11) ... success
Application of patches finished : 2014.03.06 21:01:19
Following patches were applied :
119255-88 148337-01 146055-07 125556-12
Following patches were skipped :
Patches already applied
120901-03 119318-01 138216-01 147062-01 142252-02
121334-04 121297-01
Installation of prerequisite patches complete.
Install log files written :
/var/sadm/install_data/s10x_rec_patchset_short_2014.03.06_20.32.13.log
/var/sadm/install_data/s10x_rec_patchset_verbose_2014.03.06_20.32.13.log
bash-3.2#
bash-3.2# ./installpatchset --s10patchset -B SOL_2012Q1SOL10-MARCH-2014
Setup ........................................................
CPU OS Patchset 2013/04 Solaris 10 x86 (2013.03.29)
Application of patches started : 2014.03.06 21:25:52
Applying 120901-03 ( 1 of 332) ... skipped
Applying 121334-04 ( 2 of 332) ... skipped
Applying 119255-88 ( 3 of 332) ... success
Applying 119318-01 ( 4 of 332) ... skipped
Applying 121297-01 ( 5 of 332) ... skipped
Applying 138216-01 ( 6 of 332) ... skipped
Applying 147062-01 ( 7 of 332) ... skipped
Applying 148337-01 ( 8 of 332) ... success
Applying 121082-08 (326 of 332) ... success
Applying 149454-02 (327 of 332) ... success
Applying 149484-01 (328 of 332) ... success
Applying 149637-02 (329 of 332) ... success
Applying 150118-01 (330 of 332) ... success
Applying 150124-01 (331 of 332) ... success
Applying 150158-01 (332 of 332) ... success
Application of patches finished : 2014.03.07 08:51:42
Following patches were applied :
119255-88 122213-46 139290-02 146684-01 148564-05
148337-01 122260-06 141105-04 146695-02 148566-01
146055-07 122912-31 142934-05 146835-02 148626-01
125556-12 123614-02 143507-06 147160-01 148658-01
118668-43 124939-04 144527-02 147274-01 148769-01
118669-43 125138-46 143644-08 147435-01 148871-01
121119-19 125139-46 144910-03 147674-04 148889-01
119060-60 125333-23 145007-04 147716-04 148949-01
119214-27 125534-17 147218-02 147806-01 148955-01
119535-29 125720-52 145081-11 148003-01 148976-01
119758-24 125732-09 145201-12 148005-01 149109-01
119765-07 126120-02 145900-08 148007-01 149113-01
119784-25 126207-10 145930-08 148028-03 149150-01
119811-07 126547-04 146033-05 148082-02 149164-01
120461-20 127873-02 147443-01 148113-02 149166-01
119813-18 136883-03 147148-26 148136-01 121082-08
119901-15 137081-07 146233-20 148166-02 149454-02
119907-18 137098-02 146471-08 148170-02 149484-01
120544-30 137148-07 146490-06 148384-01 149637-02
120720-03 137322-02 146672-10 148404-01 150118-01
120740-08 138823-12 146680-01 148408-01 150124-01
120754-09 138827-12 146682-02 148424-01 150158-01
121096-03
Following patches were skipped :
Patches already applied
120901-03 120273-33 125216-04 138248-01 142530-01
121334-04 122641-06 125280-05 138633-01 142544-01
119318-01 127756-01 125726-02 138648-01 142912-01
121297-01 125504-02 125907-01 138650-01 142910-17
138216-01 125548-02 126364-08 138767-01 143126-02
147062-01 126424-03 126426-01 138853-01 143503-01
142252-02 120012-14 126441-01 138883-01 143514-02
140797-01 139521-02 126869-05 141017-01 143610-03
113000-07 119904-02 127128-11 139556-08 144501-19
117435-02 119964-24 127725-02 139616-01 143726-01
118344-14 119967-01 127764-01 139997-03 143732-01
118368-04 119987-03 128293-01 140102-01 143740-01
121264-01 120102-01 128311-01 140913-01 143913-01
123840-04 120202-06 128333-01 141033-01 143955-04
138218-01 120236-01 128339-01 142293-01 144048-01
140861-02 120285-07 128412-01 141445-09 144107-01
121454-02 121976-01 136715-01 141497-01 144189-02
121454-02 120536-17 136999-10 141549-01 144328-02
118855-36 120733-01 137001-08 141559-01 144456-01
118919-21 120831-06 137033-01 141587-01 144461-02
119064-01 121300-03 137094-01 141873-01 144493-01
119082-25 121429-15 137103-01 141901-01 144570-01
119116-35 121607-04 137116-01 142050-01 144751-01
119131-33 122655-05 138867-02 142059-01 144912-02
123612-05 122755-01 138884-01 142089-02 145020-01
119281-25 123004-04 137138-09 142235-01 145097-03
119283-01 123527-01 137283-01 142241-01 145121-01
140900-01 123591-12 137872-02 142248-01 145954-06
119314-43 123939-02 138088-01 142341-02 146335-01
124189-03 124326-01 138097-02 142395-01 146674-01
119539-19 124394-11 138182-01 142398-01 146955-03
120100-08 124398-02 138194-04 142429-02 147228-01
119547-08 124998-01 138246-01 142431-01 147379-01
119649-03 125076-01
Patches obsoleted by one or more patches already applied
118778-14 124205-05 120413-11 124458-02 139621-01
118844-20 122661-08 120415-27 124631-42 140160-03
119118-52 119956-04 121309-20 126366-16 140456-01
119247-36 120095-30 122471-03 138266-01 141533-04
124629-12 119369-04 124187-07 138362-01 143734-01
119253-32 120287-03 123631-03 138855-01 144326-01
119279-39 120293-02 123006-07 138877-01 144487-05
119316-19 120349-03 123896-22 139100-04 144557-03
120200-15 120411-33
Patches not applicable to packages on the system
121182-05 125671-04 138825-12 143318-03 147694-17
119549-14 137005-09 139292-02 143728-01 147695-17
121212-02
Patches canceled due to prepatch termination
147993-05
Installation of patch set to alternate boot environment complete.
Please remember to activate boot environment SOL10-MARCH-2014 with luactivate(1M)before rebooting.
Install log files written :
/.alt.SOL10-MARCH-2014/var/sadm/install_data/s10x_rec_patchset_short_2014.03.06_21.25.52.log
/.alt.SOL10-MARCH-2014/var/sadm/install_data/s10x_rec_patchset_verbose_2014.03.06_21.25.52.log
bash-3.2#
bash-3.2# zoneadm list -cv
ID NAME STATUS PATH BRAND IP
0 global running / native shared
2 tpt02 running /zonepool/tpt02 native excl
3 tpt01 running /zonepool/tpt01 native shared
bash-3.2# uname -a
SunOS techpanel 5.10 Generic_147441-01 i86pc i386 i86pc
bash-3.2# zlogin tpt02 uname -a
SunOS tpt02 5.10 Generic_147441-01 i86pc i386 i86pc
bash-3.2# zlogin tpt02 uname -a1
SunOS tpt01 5.10 Generic_147441-01 i86pc i386 i86pc
bash-3.2# luactivate lustatus
Boot Environment Is Active Active Can Copy
Name Complete Now On Reboot Delete Status
-------------------------- -------- ------ --------- ------ ----------
s10x_u10wos_17b yes yes yes no -
SOL10-MARCH-2014 yes no no yes -
bash-3.2#
Activating ABE SOL10-MARCH-2014:
bash-3.2# luactivate SOL10-MARCH-2014
System has findroot enabled GRUB
Generating boot-sign, partition and slice information for PBE
(s10x_u10wos_17b)Saving existing file (/etc/bootsign) in top level
dataset for BE (s10x_u10wos_17b)as (mount-point)//etc/bootsign.prev.
A Live Upgrade Sync operation will be performed on startup of boot
environment(SOL10-MARCH-2014).
Generating boot-sign for ABE (SOL10-MARCH-2014)
Saving existing file (/etc/bootsign) in top level dataset for BE (SOL10-MARCH-2014) as (mount-point)//etc/bootsign.prev.
Generating partition and slice information for ABE (SOL10-MARCH-2014)
Copied boot menu from top level dataset.
Generating multiboot menu entries for PBE.
Generating multiboot menu entries for ABE.
Disabling splashimage
Re-enabling splashimage
No more bootadm entries. Deletion of bootadm entries is complete.
GRUB menu default setting is unaffected
Done eliding bootadm entries.
**********************************************************************
The target boot environment has been activated. It will be used when you
reboot. NOTE: You MUST NOT USE the reboot, halt, or uadmin commands. You
MUST USE either the init or the shutdown command when you reboot. If you
do not use either init or shutdown, the system will not boot using the
target BE.
**********************************************************************
In case of a failure while booting to the target BE, the following
process needs to be followed to fallback to the currently working
boot environment:
1. Boot from the Solaris failsafe or boot in Single User mode from
Solaris Install CD or Network.
2. Mount the Parent boot environment root slice to some directory
(like /mnt). You can use the following commands in sequence to mount the BE:
zpool import rpool
zfs inherit -r mountpoint rpool/ROOT/s10x_u10wos_17b
zfs set mountpoint=(mountpointName) rpool/ROOT/s10x_u10wos_17b
zfs mount rpool/ROOT/s10x_u10wos_17b
3. Run (luactivate) utility with out any arguments from the Parent boot environment root slice, as shown below:
(mountpointName)/sbin/luactivate
4. luactivate, activates the previous working boot environment and indicates the result.
5. Exit Single User mode and reboot the machine.
**********************************************************************
Modifying boot archive service
Propagating findroot GRUB for menu conversion.
File (/etc/lu/installgrub.findroot) propagation successful
File (/etc/lu/stage1.findroot) propagation successful
File (/etc/lu/stage2.findroot) propagation successful
File (/etc/lu/GRUB_capability) propagation successful
Deleting stale GRUB loader from all BEs.
File (/etc/lu/installgrub.latest) deletion successful
File (/etc/lu/stage1.latest) deletion successful
File (/etc/lu/stage2.latest) deletion successful
Activation of boot environment (SOL10-MARCH-2014) successful.
bash-3.2#
bash-3.2# lustatus Boot Environment Is Active Active Can Copy Name Complete Now On Reboot Delete Status -------------------------- -------- ------ --------- ------ ---------- s10x_u10wos_17b yes yes no no - SOL10-MARCH-2014 yes no yes no - bash-3.2#Rebooting server to take effect ABE : Note - should not use reboot command instead we should use only "init 6" recommended command.
bash-3.2# init 6
propagating updated GRUB menu
Saving existing file in top level dataset for BE (SOL10-MARCH-2014)
as (mount-point)//boot/grub/menu.lst.prev.
File (/mount-point)(/SOL10-MARCH-2014) propagation successful
File propagation successful
File propagation successful
File propagation successful
bash-3.2#
bash-3.2# lustatus
Boot Environment Is Active Active Can Copy
Name Complete Now On Reboot Delete Status
-------------------------- -------- ------ --------- ------ ----------
s10x_u10wos_17b yes no no yes -
SOL10-MARCH-2014 yes yes yes no -
bash-3.2# uname -a
SunOS techpanel 5.10 Generic_148889-01 i86pc i386 i86pc
bash-3.2# zlogin tpt01 uname -a
SunOS tpt01 5.10 Generic_148889-01 i86pc i386 i86pc
bash-3.2# zlogin tpt01 uname -a2
SunOS tpt02 5.10 Generic_148889-01 i86pc i386 i86pc
bash-3.2#
That's all , we have completed our task successfully. Thanks for reading this article...
Hi,
ReplyDeleteThanks for sharing such good article! I have a doubt on this, Do i need to install the latest version of Live Upgrade packages SUNWlucfg SUNWlur SUNWluu before proceeding with lucreate and patching? Since in some of the article on google they mentioned to upgrade the Live Upgrade packages latest one before proceeding.
That is good practice to install latest LU always.
DeleteIt is really helpful article please read it too my blog Bitdefender threat scanner.
ReplyDelete