Friday, December 27, 2013

Patching of server with zfs and zones



PATCHING WITH ZFS AND ZONES

# zonename

If it is a physical server you should see:

# zonename
Global

If it is a zone server you should see the name of the server, like for example:

# zonename
sz0289

So if you do no NOT get “Global”, you’re logged in on a zone and therefore you should stop any further patch-actions on this server!!

Solaris 10 Zones will be updated automatically when patching the physical server because we use the update on attach procedure.

2. Check (remote) console access


This patch bundle has to be installed in single user mode. In order to do so (remote) console access is needed. Make sure you have (remote) console access before you start the installation of the patch bundle.

When connecting to an ALOM or RSC for remote console, the password of these remote console connections should be known. Check the remote console connection by logging in, before the actual patch installation procedure is started.

3. Root password


You need the root password for some steps in this document. Make sure that you have the correct password.

4. Backup system disk


Make sure you have an up-to-date backup of your system before you start patching. If possible, make sure the backup is readable.

Remember that if you must restore your system to the state prior to the patches a bootable Solaris CD might be needed, depending on your system recovery procedure.

5. Backup system files


6. Zones check


Check if your system is configured with zones. Make a note of the zone path(s), you need them later. You only have to record the paths of zones marked native. Brand solaris8 and solaris9 will not be updated within this procedure.

# zoneadm list –cv
ID    NAME      STATUS           PATH                   BRAND            IP
0      global       running             /                           native                shared
-       sz998        running             /sz998_sys           native               exclusive
-       sz999        running             /sz999_sys           solaris8             exclusive

 

7. Download patch bundle


8. Unzip patchbundle

9. Stop Patrol

10. Reboot non-global zones for checking

 Global :>zoneadm –z zonename reboot
This step can be done for all the zones simultaneously
Check the system and zones (Can it still be started after the reconfiguration reboot).

 

11. Stop all zones


Global :>zoneadm –z zonename halt
Check the status of all zones. It should now be installed, e.g.
#  zoneadm list –cv | grep –v global
ID    NAME      STATUS           PATH                   BRAND            IP
-       sz998        installed            /sz998_sys           native               shared

12. Initial reconfigure reboot


Login to the remote console. Make sure the root password is known, or set it if not.

# init 0

When the system is on the OK prompt. Type a ‘boot –r’ to start the reconfiguration reboot.

{2}ok  boot –r

Check the boot messages during startup

After the reboot, login to the system and run the devfsadm command and save output to a file:

# devfsadm –Cv > <file>

13. Start all zones


All zones need to be started, native and branded.
Check the status of all zones. It should now be installed, e.g.
# zoneadm list –cv | grep –v global
ID    NAME      STATUS           PATH                   BRAND            IP
-       sz998        installed            /sz998_sys           native               shared
# zoneadm –z <zonename> boot
# zoneadm list –cv | grep –v global
ID    NAME      STATUS           PATH                   BRAND            IP
-       sz998        running             /sz998_sys           native               exclusive

14. Stop all zones


All zones need to be stopped, native and branded.
Get a list of all zones with (output of zoneadm list will vary with different Solaris 10 installations)

# zoneadm list –cv | grep –v global
ID    NAME      STATUS           PATH                   BRAND            IP
-       sz998        running             /sz998_sys           native               shared

Global:>zoneadm –z zonename halt
Check the status of all zones. It should now be installed, e.g.
# zoneadm list –cv | grep –v global
ID    NAME      STATUS           PATH                   BRAND            IP
-       sz998        installed            /sz998_sys           native               shared

15. Detach native zones


All native zones should be detached before the patches are installed in the global zone. Zones branded solaris8 and solaris9 are not patched during this procedure and therefore do not need to be detached.

# zoneadm list –cv | grep –v global | grep native
-       sz998        installed            /sz998_sys           native               shared


When the zone is in the installed state, it can be detached with

# zoneadm –z <zonename> detach

Repeat this step for all native zones.

The state of the zones should now be listed as configured.

# zoneadm list –cv | grep –v global | grep native
-       sz998        configured        /sz998_sys           native               exclusive

16. Single User mode


The installation should be performed in single user mode:

Login to the remote console (make sure root password is known) and bring the system to the OK prompt. If possible use a logging feature of your terminal emulator to log the installation procedure to a file for the use of problem solving.

# init 0

Boot server to single user mode from boot prompt:

{2}ok  boot –s

Enter the root password to enter system maintenance mode when prompted.

17. Mount file systems

Zfs mount -a


18. Actual patch installation


The patch bundle can now be installed:

# cd /tmp/Solaris10Patches
# ./install_all_patches

19. Reconfigure boot after installation

Reboot the system after the patch installation

# init 0

Type boot –r when the system is on the OK prompt.

{2}ok  boot –r

Check the boot messages during startup

After the reboot, login to the system and run the devfsadm command and save the output to a file:

# devfsadm –Cv > <file>

20. Attach zones with update option to reflect new patch on to zones


After a successful installation of the patches in the global zone, all native zones need to be patched using a zone attach.

Check all native zones
# zoneadm list –cv | grep –v global | grep native
-       sz998        configured        /sz998_sys           native               shared
Attach all native zone(s) with:
# zoneadm –z zone1 attach –u >/var/tmp/zone1_update.log 2>&1 &
# zoneadm –z zone2 attach –u >/var/tmp/zone2_update.log 2>&1 &
# zoneadm –z zone3 attach –u >/var/tmp/zone3_update.log 2>&1 &

Wait for all the zoneadm commands to finish before continuing.
When all zoneadm commands have finished, check the log files for any errors.


After the attach, the zones should be in the installed state. Now the zones can be booted.
# zoneadm list –cv | grep –v global | grep native
-       sz998        installed            /sz998_sys           native               shared

# zoneadm –z <zonename> boot

When all is fine all zones should now be in the running state
# zoneadm list –cv | grep –v global | grep native
-       sz998        running             /sz998_sys           native               shared

21. Check the new patch level of the system


 

 

 





 

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)