Patching of server with zfs and zones

PATCHING WITH ZFS AND ZONES

# zonename

If it is a physical server you should see:

# zonename

Global

If it is a zone server you should see the name of the server, like for example:

# zonename

sz0289

So if you do no NOT get “Global”, you’re logged in on a zone and therefore you should stop any further patch-actions on this server!!

Solaris 10 Zones will be updated automatically when patching the physical server because we use the update on attach procedure.

2. Check (remote) console access

This patch bundle has to be installed in single user mode. In order to do so (remote) console access is needed. Make sure you have (remote) console access before you start the installation of the patch bundle.

When connecting to an ALOM or RSC for remote console, the password of these remote console connections should be known. Check the remote console connection by logging in, before the actual patch installation procedure is started.

3. Root password

You need the root password for some steps in this document. Make sure that you have the correct password.

4. Backup system disk

Make sure you have an up-to-date backup of your system before you start patching. If possible, make sure the backup is readable.

Remember that if you must restore your system to the state prior to the patches a bootable Solaris CD might be needed, depending on your system recovery procedure.

5. Backup system files

6. Zones check

Check if your system is configured with zones. Make a note of the zone path(s), you need them later. You only have to record the paths of zones marked native. Brand solaris8 and solaris9 will not be updated within this procedure.

# zoneadm list –cv

ID    NAME      STATUS           PATH                   BRAND            IP

0      global       running             /                           native                shared

-       sz998        running             /sz998_sys           native               exclusive

-       sz999        running             /sz999_sys           solaris8             exclusive

 

7. Download patch bundle

8. Unzip patchbundle

9. Stop Patrol

10. Reboot non-global zones for checking

 Global :>zoneadm –z zonename reboot

This step can be done for all the zones simultaneously

Check the system and zones (Can it still be started after the reconfiguration reboot).

 

11. Stop all zones

Global :>zoneadm –z zonename halt

Check the status of all zones. It should now be installed, e.g.

#  zoneadm list –cv | grep –v global

ID    NAME      STATUS           PATH                   BRAND            IP

-       sz998        installed            /sz998_sys           native               shared

12. Initial reconfigure reboot

Login to the remote console. Make sure the root password is known, or set it if not.

# init 0

When the system is on the OK prompt. Type a ‘boot –r’ to start the reconfiguration reboot.

{2}ok  boot –r

Check the boot messages during startup

After the reboot, login to the system and run the devfsadm command and save output to a file:

# devfsadm –Cv > <file>

13. Start all zones

All zones need to be started, native and branded.

Check the status of all zones. It should now be installed, e.g.

# zoneadm list –cv | grep –v global

ID    NAME      STATUS           PATH                   BRAND            IP

-       sz998        installed            /sz998_sys           native               shared

# zoneadm –z <zonename> boot

# zoneadm list –cv | grep –v global

ID    NAME      STATUS           PATH                   BRAND            IP

-       sz998        running             /sz998_sys           native               exclusive

14. Stop all zones

All zones need to be stopped, native and branded.

Get a list of all zones with (output of zoneadm list will vary with different Solaris 10 installations)

# zoneadm list –cv | grep –v global

ID    NAME      STATUS           PATH                   BRAND            IP

-       sz998        running             /sz998_sys           native               shared

Global:>zoneadm –z zonename halt

Check the status of all zones. It should now be installed, e.g.

# zoneadm list –cv | grep –v global

ID    NAME      STATUS           PATH                   BRAND            IP

-       sz998        installed            /sz998_sys           native               shared

15. Detach native zones

All native zones should be detached before the patches are installed in the global zone. Zones branded solaris8 and solaris9 are not patched during this procedure and therefore do not need to be detached.

# zoneadm list –cv | grep –v global | grep native

-       sz998        installed            /sz998_sys           native               shared

When the zone is in the installed state, it can be detached with

# zoneadm –z <zonename> detach

Repeat this step for all native zones.

The state of the zones should now be listed as configured.

# zoneadm list –cv | grep –v global | grep native

-       sz998        configured        /sz998_sys           native               exclusive

16. Single User mode

The installation should be performed in single user mode:

Login to the remote console (make sure root password is known) and bring the system to the OK prompt. If possible use a logging feature of your terminal emulator to log the installation procedure to a file for the use of problem solving.

# init 0

Boot server to single user mode from boot prompt:

{2}ok  boot –s

Enter the root password to enter system maintenance mode when prompted.

17. Mount file systems

Zfs mount -a

18. Actual patch installation

The patch bundle can now be installed:

# cd /tmp/Solaris10Patches

# ./install_all_patches

19. Reconfigure boot after installation

Reboot the system after the patch installation

# init 0

Type boot –r when the system is on the OK prompt.

{2}ok  boot –r

Check the boot messages during startup

After the reboot, login to the system and run the devfsadm command and save the output to a file:

# devfsadm –Cv > <file>

20. Attach zones with update option to reflect new patch on to zones

After a successful installation of the patches in the global zone, all native zones need to be patched using a zone attach.

Check all native zones

# zoneadm list –cv | grep –v global | grep native
-       sz998        configured        /sz998_sys           native               shared

Attach all native zone(s) with:
# zoneadm –z zone1 attach –u >/var/tmp/zone1_update.log 2>&1 &
# zoneadm –z zone2 attach –u >/var/tmp/zone2_update.log 2>&1 &

# zoneadm –z zone3 attach –u >/var/tmp/zone3_update.log 2>&1 &

Wait for all the zoneadm commands to finish before continuing.

When all zoneadm commands have finished, check the log files for any errors.

After the attach, the zones should be in the installed state. Now the zones can be booted.

# zoneadm list –cv | grep –v global | grep native

-       sz998        installed            /sz998_sys           native               shared

# zoneadm –z <zonename> boot

When all is fine all zones should now be in the running state

# zoneadm list –cv | grep –v global | grep native

-       sz998        running             /sz998_sys           native               shared

21. Check the new patch level of the system

 

 

 

 

XSCF COMMANDS

XSCF:

XSCF : eXtended System Control Facility
List of servers

Abbreviations and definitions

• IOU : I/O Unit

The IOU includes PCI slots.

• PSB : Physical System Board

The PSB includes at least 1 CPUM, 1 MEMB and 1 IOU on M4000 or M5000 server.
A M4000 server includes 1 PSB (PSB#00) and a M5000 server includes 2 PSB(PSB#00 and PSB#01).

• XSB : Extended System Board

The PSB is configured either in Uni-XSB mode or Quad-XSB mode.
In uni-XSB mode, the XSB are named XSB#XX-0.
In quad-XSB mode, the XSB are named XSB#XX-0, XSB#XX-1, XSB#XX-2 and XSB#XX-3
XX represents the PSB number.

• LSB : Logical System Board

Before adding an XSB to a domain, it is necessary to assign a number of LSB in the DCL (corresponding to the domain).

• DCL : Domain Component List

Each domain has his own DCL. Each DCL contains 16 LSB.

• DCU : Domain Configuration Unit

• XCP : XSCF Control Package

User

• Default user account

The user is default only works on serial port.
There is no password but you must follow the instructions.

Login: default

Change the panel mode switch to Service and press return...

turn the key, press return

Leave it in that position for at least 5 seconds.  Change the panel mode switch to Locked, and .

wait 5 seconds
turn the key, press return

• Create a user

XSCF> adduser user-admin

XSCF> password user-admin

XSCF> setprivileges user-admin platadm useradm auditadm fieldeng mode

• Display list of users

XSCF> showuser -l

Network

• Script configuration

XSCF> setupplatform

• Manual Configuration

XSCF0 Configuration

• IP : 10.0.0.4
• Netmask : 255.255.255.0
• Gateway : 10.0.0.254
• xscf0 name : tatouky
• Domain name : tatouky.com
• IP of primary and secondary DNS : 10.0.0.100 10.0.0.101
• IP of primary and secondary NTP : 10.0.0.200 10.0.0.201

XSCF> setnetwork xscf#0-lan#0 -m 255.255.255.0 10.0.0.4

XSCF> setroute -c add -n 0.0.0.0 -m 0.0.0.0 -g 10.0.0.254 xscf#0-lan#0

XSCF> sethostname xscf#0 tatouky

XSCF> setnameserver -c add 10.0.0.100 10.0.0.101

XSCF> setntp -c add 10.0.0.200 10.0.0.201

XSCF> sethostname -d tatouky.com

Configuration of DSCP network ( communication between the XSCFU et the domains )

XSCF> setdscp -y -i 192.168.224.0 -m 255.255.255.0

Activate the ssh

XSCF> setssh -q -y -c enable

Apply the modifications

XSCF> applynetwork -y

and also

XSCF> setaltitude -s altitude=500

XSCF> settimezone -c settz -s Europe/Paris

XSCF> setservicetag -c enable

Reboot

XSCF> rebootxscf

• Show the network configuration

XSCF> showssh

XSCF> showhostname -a

XSCF> shownetwork -a

XSCF> showroute -a

XSCF> showntp -a

XSCF> shownameserver

Domaine

Components

FRU

• Display

XSCF> showfru -a sb              

Device  Location    XSB Mode        Memory Mirror Mode 

sb      00          Uni             no                 

sb      01          Uni             no 

XSCF> showfru sb 0

• Define

To Uni-XSB

  XSCF> setupfru -x 1 sb 0

To Quad-XSB

  XSCF> setupfru -x 4 sb 0

DCL

• Display

XSCF> showdcl -a -v

XSCF> showdcl -v -d 0

• Define a DCL number to a XSB

XSCF> setdcl -d 0 -a 0=00-0

The XSB 00-0 has the DCL number 0 on the domain 0.

• Suppress

XSCF> setdcl -d 0 -r 00

Board

• Display all boards

XSCF> showboards -a -v

• Add a board to a domain

XSCF> addboard -d 0 -c assign 00-0

We add the xsb 00-0 to the domain 0

• Suppress a board

XSCF> deleteboard -c unassign 00-0

Administration

domain

• Power on the domain 0

XSCF> poweron -y -d 0

• Power off the domain 0

XSCF> poweroff -y -d 0

• Connect on the console of the domain 0

XSCF> console -y -d 0

• Display connected users in console mode

XSCF> showconsolepath -a

• Défine autoboot function to a domain

XSCF> setdomainmode -y -d 0 -m diag=max

XSCF> setdomainmode -y -d 0 -m autoboot=off

XSCF> setdomainmode -y -d 0 -m secure=off

By default, the secure mode is define to “on” which is disabled the break signal.

• send a break

XSCF> sendbreak -d 0

Send break signal to DomainID 0?[y|n] :y

• Do a reset to a domain

XSCF> reset -d 0 xir

Option	Description
panic	send a reset with panic option
por	send a system reset
xir	send a CPU reset

Log, help and devices

• device

Display a resume of hardware configuration

XSCF> showhardconf -u

Display page by page

XSCF> showhardconf -M

Display the attached device to a domain( The OS must run on the domain )

XSCF> showdevices -d 0

It is necessary to configure the dscp and also to start the SMF services else the command returns the follow error message :
Can't get device information from DomainID 1.

Display the hardware with degraded status

XSCF> showstatus

MBU_B;

MEMB#0;

* MEM#0A; Status:Faulted;

XSCF> ioxadm -v list

Replace the FRU (FAN and PSU for M4000/M5000)

XSCF> replacefru

• Help

XSCF> man intro

• Log

XSCF> showlogs -v error

XSCF> showlogs -t

XSCF> showlogs power

Update thefirmware

The firmware update is contained on only one image who is named XCP. Le nom du fichier represente le type de serveur :

• IKXCPxxyy.tar.gz pour les serveurs M3000 (Ikkaku)
• FFXCPxxyy.tar.gz pour les serveurs M4000-M5000 (Form Factor)
• DCXCPxxyy.tar.gz pour les serveurs M8000-M9000 (Data Center)

Verify the firmware version

XSCF> version -c xcp -v -t

Use one of this 2 methods :

• Download by ftp

XSCF> getflashimage -u root ftp://10.0.0.254/FFXCP1081.tar.gz

• Download by a usb key

XSCF> getflashimage file:///media/usb_msd/FFXCP1081.tar.gz

Install the firmware

XSCF> flashupdate -c check -m xcp -s 1081

XSCF> flashupdate -c update -m xcp -s 1081

Reboot the xscf

XSCF> rebootxscf

Solaris 10

After you finish to install the Solaris 10 OS, you must check that this 3 SMF services is started.

svc:/platform/sun4u/dscp:default

svc:/platform/sun4u/sckmd:default

svc:/platform/sun4u/dcs:default

Verify with the command ifconfig -a that the interface sppp0 exists :

....

         sppp0: flags=10010008d1<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST,IPv4,FIXEDMTU> mtu 1500 index

         inet 192.168.224.3 --> 192.168.224.1 netmask ffffff00

         ether 0