Thursday, March 22, 2018

Solaris11 - applying kernel package


To apply package on solaris 11

1. Set up right publisher
# pkg publisher

2. View/refresh the packages to be updates
# pkg list -u
# pkg info -r entire

3. Apply new packages
# pkg update --no-be-activate --be-name aBE_01222018 --accept

6. Activate your BE and reboot the machine
# beadm activate aBE_01222018
# reboot

===================================
cp -p /etc/hosts /etc/hosts.`date '+BK_%m-%d-%Y'`
cp -p /etc/nsswitch.conf /etc/nsswitch.conf.`date '+BK_%m-%d-%Y'`
cp  /etc/mail/sendmail.cf /etc/mail/sendmail.cf.`date '+BK_%m-%d-%Y'`
cp /etc/mail/submit.cf /etc/mail/submit.cf.`date '+BK_%m-%d-%Y'`
df -h >/var/tmp/df.out.`date '+BK_%m-%d-%Y'`
zfs list >/var/tmp/myzfs.out.`date '+BK_%m-%d-%Y'`
zpool list> /var/tmp/zpool.list.`date '+BK_%m-%d-%Y'`
zpool status >/var/tmp/zpool.status.`date '+BK_%m-%d-%Y'`
cat /etc/lu/ICF.1>/var/tmp/ICF1.bk.`date '+BK_%m-%d-%Y'`
cat /etc/lu/ICF.2>/var/tmp/ICF2.bk.`date '+BK_%m-%d-%Y'`
cd /var/adm; rm pacct.* auditlog.0 auditlog.1
cd /var/tmp; rm -fr DCE* SPX* TCP* US* RAW* NMP* net* ISPX* VI* BEQ* DEC* ITCP*
cd /var/audit; /usr/local/bin/purge_audit.sh; cd /var/tmp
 

ipfilter set up

pass out quick on net0 to net2:192.168.10.1 from 192.168.10.74 to 172.26.255.0/24
pass out quick on net0 to net2:192.168.10.1 from 192.168.10.74 to 172.26.253.0/24
block in proto tcp/udp from any to any port = 23
block in proto tcp/udp from any to any port = 21
block out log quick all with opt lsrr
block out log quick all with opt ssrr
block in log quick all with opt lsrr
block in log quick all with opt ssrr


===================================

Oracle Solaris IPS REPOSITORY
-----------------------------
A. Creating local repo
Note:   You can create your repo by using https://pkg.oracle.com/solaris/support
or
Set up your own local repo.
Download the packages and prepare your env.

a. Create repo location
# zfs set mountpoint=/opt/OS_Repo OS-Repo/FS_OS_Repo
# zfs get atime OS-Repo/FS_OS_Repo
# zfs set atime=off OS-Repo/FS_OS_Repo
# zfs get atime OS-Repo/FS_OS_Repo

b. Use the iso image or packages to build repo
Mount the ISO image as a filesystem.
$ mount -F hsfs <full_path_to>/sol-11_3_srunum_bldnum_respinnum-incr-repo.iso /mnt
or
Unzip the packages
# unzip -q p26339315_1100_Solaris86-64_1of4.zip
# unzip -q p26339315_1100_Solaris86-64_2of4.zip
# unzip -q p26339315_1100_Solaris86-64_3of4.zip
# unzip -q p26339315_1100_Solaris86-64_4of4.zip

c. Sync new package against the repo
# rsync -aP /opt/OS_Repo/Patch-Images/Oct-2017/publisher /opt/OS_Repo/

d. 4. Rebuild the index
# pkgrepo rebuild -s /opt/OS_Repo

# pkgrepo -s /opt/OS_Repo info
# pkgrepo list -s /opt/OS_Repo | grep entire
# pkgrepo -s /opt/OS_Repo/list entire
# pkg list -af entire

# pkg list entire
# pkg refresh --full

-----------------------------------
# pkg unset-publisher solaris
# pkg publisher
# pkg set-publisher -G '*' -g file:///opt/OS_Repo/ solaris
# pkg plublisher
# pkg info -r entire
# svcs -a | grep -i pkg/publisher

[ SYNC the extracted packages
tar cfE - S11_Repo_Files | ( cd /var/tmp/repo-bkup/ ; tar xfBp - )
]

# pkg update -nv
# pkg list -u

# pkg info -r entire

5. Apply new packages
# pkg update --no-be-activate --be-name alt03292017 --accept

6. Activate your BE and reboot the machine
# beadm activate aBE_01222018
# reboot

==================================================

B. Applying patch - upgrade
1. Make sure you have repo set up
# pkg publisher

a. if not set, set it
If an existing repository is not set, add the repository to the system.

Specify a New Publisher

$ pkg set-publisher -P -g http://pkg.example.com/release/ solaris
Here,
solaris -> new publisher
origin URI specified with -g option and
sets the publisher to be first in the search order.
The -P option or the --search-first option to set the specified publisher first in the search order.

# pkg set-publisher -g file:///full_path_to_existing_s11_3_repo solaris
# pkg set-publisher -g http://192.168.10.64 solaris

Replace existing and set a new publisher
# pkg publisher
PUBLISHER                   TYPE     STATUS P LOCATION
solaris                     origin   online F http://192.168.10.64/

Command to change
# pkg set-publisher -G '*' -g  http://192.168.10.64 solaris

root@ssoa-db-v06:~# pkg publisher
PUBLISHER                   TYPE     STATUS P LOCATION
solaris                     origin   online F http://192.168.10.64/

Adding and Changing Publisher Mirrors

# pkg set-publisher -m http://pkg.example.com/ solaris
-m  -> adds a URI as a mirror for the specified publisher.
Note: You cannot access the content in a mirror repository unless the same
version of the same package also exists in an origin repository for that same publisher.


Configuring Publisher Keys and Certificates
$ pkg set-publisher -k /root/creds/example.key -c /root/creds/example.cert \
--approve-ca-cert /tmp/example_file.pem isvpub

-k -> to specify the client SSL key.
-c -> to specify the client SSL certificate.
--approve-ca-cert -> Use this option to add the specified certificate as a CA certificate that is trusted.


Enabling and Disabling Publishers

# pkg set-publisher --enable --search-before devtool isvpub

A newly added publisher is enabled by default.
The following command enables the isvpub publisher and sets it ahead of the devtool publisher in the search order.
If only one publisher is enabled, that publisher cannot be disabled.
Use the --disable option to disable a publisher. You can disable a publisher if origin is temporarily unreachable.



2. Check the version installed on your system.
# pkg list entire
NAME (PUBLISHER)             VERSION                    IFO
entire                       0.5.11-0.175.3.22.0.3.0    i--

In the version output, 0.5.11-0.175.3.22.0.3.0 indicates Solaris 11.3, SRU version 22, build 3, and no respin.

version format is
MOS and BugDB:
5-digit Release.Update.SRU.Build.Respin: 

Note that "srunum" represents the number of this SRU
(for example, sru 11), "bldnum" represents the SRU build (for example,
build 2) and "respinnum" represents the respin number (0 if none):


2. Verify your have right publisher set up. If not change it.
# pkg

# pkgrepo -s /opt/OS_Repo info
PUBLISHER PACKAGES STATUS           UPDATED
solaris   6230     online           2017-07-25T19:42:10.668045Z


# beadm list
BE               Flags Mountpoint Space  Policy Created
--               ----- ---------- -----  ------ -------
alt09192016      -     -          96.07M static 2016-09-19 15:23
pBE_BK12142016   -     -          97.40M static 2016-12-14 09:48
solaris          -     -          89.33M static 2016-07-28 11:20
solaris-1        NR    /          57.72G static 2016-12-14 11:19
solaris-backup-1 -     -          96.12M static 2016-12-12 08:39


3. Once you verify, create a new boot environment.
a. Use -u flag to list the only packages that are newer version.
# pkg list -u

b. Run pkg info  -r entire to list the latest version available on repo.
# pkg info -r entire

c. if you see old version while running on client system, update again.
# pkg list -u

d. use the pkg update with -nv flag, for a Dry Run test. it will not update the system.
# pkg update -nv

d. Create a new boot environment and apply the update.
# pkg update --no-be-activate --be-name aBE_01222018 --accept

# pkg update --no-be-activate --be-name pBE_10202017 --accept
            Packages to remove:  26
           Packages to install:  13
            Packages to update: 257
           Mediators to change:   1
       Create boot environment: Yes
     Activate boot environment:  No
Create backup boot environment:  No

DOWNLOAD                                PKGS         FILES    XFER (MB)   SPEED
Completed                            296/296   12403/12403  596.6/596.6  2.7M/s

PHASE                                          ITEMS
Removing old actions                       7248/7248
Installing new actions                     6169/6169
Updating modified actions                10604/10604
Updating package state database                 Done
Updating package cache                       283/283
Updating image state                            Done
Creating fast lookup database                   Done
Updating package cache                           1/1

A clone of alt05192017 exists and has been updated.  To set the
new BE as the active one on next boot, execute the following
command as a privileged user and reboot when ready to switch to
the updated BE:

beadm activate pBE_07202017

Updating package cache                           1/1

---------------------------------------------------------------------------
NOTE: Please review release notes posted at:

https://support.oracle.com/rs?type=doc&id=2045311.1
---------------------------------------------------------------------------

#

# pkg info entire
FMRI: pkg://solaris/entire@0.5.11,5.11-0.175.3.14.0.6.0:20161110T164958Z

# pkg info -r entire
FMRI: pkg://solaris/entire@0.5.11,5.11-0.175.3.22.0.3.0:20170629T161458Z

# beadm list
BE               Flags Mountpoint Space  Policy Created
--               ----- ---------- -----  ------ -------
aBE07202017      -     -          2.63G  static 2017-07-31 15:33
alt09192016      -     -          96.07M static 2016-09-19 15:23
pBE_BK12142016   -     -          97.40M static 2016-12-14 09:48
solaris          -     -          89.33M static 2016-07-28 11:20
solaris-1        NR    /          57.72G static 2016-12-14 11:19
solaris-backup-1 -     -          96.12M static 2016-12-12 08:39
#

# mkdir /alt
# beadm mount aBE07202017 /alt
# beadm rename aBE07202017 aBE_07202017
# beadm list
BE               Flags Mountpoint Space  Policy Created
--               ----- ---------- -----  ------ -------
aBE_07202017     -     -          2.63G  static 2017-07-31 15:33
alt09192016      -     -          96.07M static 2016-09-19 15:23
pBE_BK12142016   -     -          97.40M static 2016-12-14 09:48
solaris          -     -          89.33M static 2016-07-28 11:20
solaris-1        NR    /          57.72G static 2016-12-14 11:19
solaris-backup-1 -     -          96.12M static 2016-12-12 08:39
# beadm activate aBE_07202017
# beadm list
BE               Flags Mountpoint Space  Policy Created
--               ----- ---------- -----  ------ -------
aBE_07202017     R     -          61.98G static 2017-07-31 15:33
alt09192016      -     -          96.07M static 2016-09-19 15:23
pBE_BK12142016   -     -          97.40M static 2016-12-14 09:48
solaris          -     -          89.33M static 2016-07-28 11:20
solaris-1        N     /          2.30M  static 2016-12-14 11:19
solaris-backup-1 -     -          96.12M static 2016-12-12 08:39
# virtinfo -a
#

Removing a Publisher

Use the pkg unset-publisher command to remove a publisher.
# pkg publisher
# pkg unset-publisher solaris

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Oct 2017

# beadm list
# pkg publisher
# pkg set-publisher -G '*' -g http://214.38.139.236 solaris
# pkg update --no-be-activate --be-name pBE_10202017 --accept
# pkg list entire
FMRI: pkg://solaris/entire@0.5.11,5.11-0.175.3.25.0.3.0:20170929T211433Z
# pkg info entire
FMRI: pkg://solaris/entire@0.5.11,5.11-0.175.3.19.0.5.0:20170407T231931Z

# beadm list
# beadm activate pBE_10202017
# beadm list

==========================================

C. Troubleshooting

-----------------------------------------------

Troubleshooting

1. Extract your packages
# unzip p27283240_1100_SOLARIS64_1of5.zip
# unzip p27283240_1100_SOLARIS64_2of5.zip
# unzip p27283240_1100_SOLARIS64_3of5.zip
# unzip p27283240_1100_SOLARIS64_4of5.zip
# unzip p27283240_1100_SOLARIS64_5of5.zip

2. Sync your packages against your repo.
# rsync -aP /opt/OS_Repo/Patch-Images/Jan-2018/publisher /opt/OS_Repo/

3. Rebuild the index
# pkgrepo rebuild -s /opt/OS_Repo/

4. List current package version
# pkg list entire
entire                          0.5.11-0.175.3.25.0.3.0    i--
# pkg info entire
FMRI: pkg://solaris/entire@0.5.11,5.11-0.175.3.25.0.3.0:20170929T211433Z

5. List the available package version on repo
# pkg info -r entire
FMRI: pkg://solaris/entire@0.5.11,5.11-0.175.3.25.0.3.0:20170929T211433Z

# pkgrepo -s /opt/OS_Repo info
solaris   6362     online           2018-01-23T19:19:53.861572Z

6. List all package version available on repo.
# pkgrepo list -s /opt/OS_Repo | grep entire
solaris   entire                                          0.5.11,5.11-0.175.3.28.0.4.0:20180105T170943Z
solaris   entire                                          0.5.11,5.11-0.175.3.25.0.3.0:20170929T211433Z
solaris   entire                                          0.5.11,5.11-0.175.3.19.0.5.0:20170407T231931Z
solaris   entire                                          0.5.11,5.11-0.175.3.14.0.6.0:20161110T164958Z
solaris   entire                                          0.5.11,5.11-0.175.3.1.0.5.0:20151006T140051Z

# pkg list -af entire
# pkg list -u
pkg: no packages have newer versions available

Note: Some reason, I am not geting updated repo to install. Installation says no new packages are available.
But I have already synced the new packages.

Troubleshooting steps.
7. List available and unset (remove) them.
# pkg publisher
PUBLISHER                   TYPE     STATUS P LOCATION
solaris                     origin   online F file:///opt/OS_Repo/11.3/
puppetlabs.com              origin   online F file:///var/tmp/puppet-agent%401.10.5%2C5.11-1.sparc.p5p/

# pkg unset-publisher solaris
Updating package cache                           1/1

# pkg unset-publisher puppetlabs.com
Updating package cache                           1/1

8. Check the property of repo server
# svcprop pkg/server
.....
pkg/inst_root astring /opt/OS_Repo/11.3/
.....
restarter_actions/enable_complete time 1509666826.309413000

Note: pkg/inst_root is set to /opt/OS_Repo/11.3 while its supposed to be /opt/OS_Repo
Now, we are going to change it.

# ls -l /opt/OS_Repo/
total 35
drwxr-xr-x   3 root     root           8 Nov  1 22:38 11.3
-rw-r--r--   1 root     root        3440 Apr 10  2017 COPYRIGHT
-rw-r--r--   1 root     root        1626 Apr 10  2017 NOTICES
drwxr-xr-x   4 root     root           4 Jan 23 10:37 Patch-Images
-rwxr-xr-x   1 root     root        3097 Apr 10  2017 README-repo-iso.txt
-rw-r--r--   1 root     root         389 Apr 10  2017 pkg5.repository
drwxr-xr-x   3 root     root           3 Jan 23 10:47 publisher
-rw-r--r--   1 root     root         704 Apr 10  2017 readme.txt

root@ssbx-mg-v201:~# cd /opt/OS_Repo/11.3/
# ls
COPYRIGHT            NOTICES              README-repo-iso.txt  pkg5.repository      publisher            readme.txt

# svccfg -s pkg/server setprop pkg/inst_root=/opt/OS_Repo
# pkg publisher
PUBLISHER                   TYPE     STATUS P LOCATION
# svcadm refresh pkg/server
# svcadm restart pkg/server

9. Now, set the publisher
# pkg set-publisher -G '*' -g file:///opt/OS_Repo/ solaris
# pkg publisher
PUBLISHER                   TYPE     STATUS P LOCATION
solaris                     origin   online F file:///opt/OS_Repo/

10. You should be able to see the update. Verify the version available on the repo.
# pkg list -u
NAME (PUBLISHER)                                  VERSION                    IFO
audio/audio-utilities                             0.5.11-0.175.3.20.0.3.0    i--
consolidation/X/X-incorporation                   0.5.11-0.175.3.24.0.3.1539 i--
..................................
x11/server/xephyr                                 1.14.5-0.175.3.24.0.3.1539 i--
x11/server/xorg                                   1.14.5-0.175.3.24.0.3.1539 i--
x11/server/xvnc                                   1.1.0-0.175.3.24.0.3.1539  i--

# pkg list entire
NAME (PUBLISHER)                                  VERSION                    IFO
entire                                            0.5.11-0.175.3.25.0.3.0    i--
# pkg info -r entire
FMRI: pkg://solaris/entire@0.5.11,5.11-0.175.3.28.0.4.0:20180105T170943Z

# pkg info entire
FMRI: pkg://solaris/entire@0.5.11,5.11-0.175.3.25.0.3.0:20170929T211433Z

-----------------------------------------------
2. Add an additional origin to the existing solaris publisher.

$ pkg set-publisher -g file:///mnt solaris

3. Perform the update of the packages.
$ pkg update

Rebuild the search indexes for the repository.
# pkgrepo rebuild -s <full_path_to_existing_s11_3_repo>

If the repository is managed by pkgserv, restart the appropriate service.
# svcadm restart svc:/application/pkg/server:<your_repo_instance>

# pkg list -u

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^


# chmod u+x install-repo.ksh
# zfs snapshot OS-Repo/FS_OS_Repo@07242017
# zfs list -t snapshot
NAME                                               USED  AVAIL  REFER  MOUNTPOINT
OS-Repo/FS_OS_Repo@07242017                           0      -  27.7G  -

# ./install-repo.ksh -d /opt/OS_Repo -v -c
Using sol-11_3-repo download.
IPS repository exists at destination /opt/OS_Repo
Current version: 0.175.3.19.0.5.0
Do you want to add to this repository? (y/n)[n]: y

Comparing checksums of downloaded files...done. Checksums match.

Uncompressing sol-11_3-repo_1of5.zip...done.
Uncompressing sol-11_3-repo_2of5.zip...done.
Uncompressing sol-11_3-repo_3of5.zip...done.
Uncompressing sol-11_3-repo_4of5.zip...done.
Uncompressing sol-11_3-repo_5of5.zip...done.
Repository can be found in /opt/OS_Repo.
Initiating repository rebuild.
Initiating repository verification.
You have new mail in /var/mail/root
#

======================================


root@srep-mg-v20:/opt/OS_Repo/Patch-Images/Oct-2017# pkgrepo -s /opt/OS_Repo list entire
PUBLISHER NAME                                          O VERSION
solaris   entire                                          0.5.11,5.11-0.175.3.25.0.3.0:20170929T211433Z

# pkg list -af entire
NAME (PUBLISHER)                                  VERSION                    IFO
entire                                            0.5.11-0.175.3.25.0.3.0    ---
entire                                            0.5.11-0.175.3.22.0.3.0    i--

# rsync -aP /opt/OS_Repo/Patch-Images/Oct-2017/publisher /opt/OS_Repo
# pkg refresh --full
# pkg info entire
FMRI: pkg://solaris/entire@0.5.11,5.11-0.175.3.22.0.3.0:20170629T161458Z
# pkg info -r entire
FMRI: pkg://solaris/entire@0.5.11,5.11-0.175.3.25.0.3.0:20170929T211433Z

# pkg publisher
PUBLISHER                   TYPE     STATUS P LOCATION
solaris                     origin   online F file:///opt/OS_Repo/

# svcprop svc:/application/pkg/system-repository:default | grep config/host
config/host astring 127.0.0.1

# pkg rebuild-index
Building new search index                    927/927

root@srep-mg-v01:/opt/OS_Repo/publisher/solaris/index# pkgrepo -s /opt/OS_Repo list | more

root@srep-mg-v01:/opt/OS_Repo/publisher/solaris/index# pkgrepo info -s /opt/OS_Repo
PUBLISHER PACKAGES STATUS           UPDATED
solaris   6275     online           2017-11-14T19:43:29.452989Z

# pkg mediator ssh

# pkg publisher
PUBLISHER                   TYPE     STATUS P LOCATION
solaris                     origin   online F file:///opt/OS_Repo/

# cd /opt/OS_Repo/publisher/solaris/index
# pkg search -l diagnostic/tcpdump
# pkgrepo refresh -s /opt/OS_Repo
# pkg info entire
FMRI: pkg://solaris/entire@0.5.11,5.11-0.175.3.22.0.3.0:20170629T161458Z
# pkg info -r entire
FMRI: pkg://solaris/entire@0.5.11,5.11-0.175.3.25.0.3.0:20170929T211433Z
# pkg refresh --full
# pkg info -r entire
FMRI: pkg://solaris/entire@0.5.11,5.11-0.175.3.25.0.3.0:20170929T211433Z

Go to client, and update the index ...

# pkg info entire
FMRI: pkg://solaris/entire@0.5.11,5.11-0.175.3.22.0.3.0:20170629T161458Z
# pkg info -r entire
FMRI: pkg://solaris/entire@0.5.11,5.11-0.175.3.22.0.3.0:20170629T161458Z

# pkg list -u

Some ideas came from,
http://www.unixarena.com/2014/08/solaris-11-ips-repository-issues-and-fixes.html


if repo is not available to client machine, here is the steps to fix.

# pkg publisher
PUBLISHER                   TYPE     STATUS P LOCATION
solaris                     origin   online F file:///opt/OS_Repo/

# pkgrepo info -s /opt/OS_Repo
PUBLISHER PACKAGES STATUS           UPDATED
solaris   6362     online           2018-01-23T19:19:53.861572Z
# svcs -a | grep application/pkg/server
disabled       18:52:01 svc:/application/pkg/server:default
# svcs -a | grep application/pkg/server
maintenance    10:31:46 svc:/application/pkg/server:default
# svcadm restart application/pkg/server
# svcs -a | grep application/pkg/server
maintenance    10:31:46 svc:/application/pkg/server:default
You have new mail in /var/mail/root
# svcs -a | grep application/pkg/server
maintenance    10:31:46 svc:/application/pkg/server:default
# svccfg -s pkg/inst_root application/pkg/server
svccfg: Pattern 'pkg/inst_root' doesn't match any instances or services
# svcprop -p pkg/inst_root application/pkg/server
/var/pkgrepo
# svccfg -s application/pkg/server setprop pkg/inst_root=/opt/OS_Repo
# svcprop -p pkg/inst_root application/pkg/server
/opt/OS_Repo
# svccfg -s application/pkg/server setprop /pkg/readonly=true
svccfg: Invalid property group name "".
# svccfg -s application/pkg/server setprop pkg/readonly=true
# svcadm refresh application/pkg/server
# svcadm restart application/pkg/server
# svcs -a | grep pkg/server
maintenance    10:31:46 svc:/application/pkg/server:default
# svcs -d svc:/application/pkg/server:default
STATE          STIME    FMRI
disabled       18:52:00 svc:/system/filesystem/autofs:default
online         18:52:38 svc:/milestone/network:default
online         18:52:41 svc:/system/filesystem/local:default
online         18:52:42 svc:/network/ntp:default
# svcs -D svc:/application/pkg/server:default
STATE          STIME    FMRI
disabled       18:52:01 svc:/application/pkg/depot:default
# svcadm enable  svc:/application/pkg/depot:default
# svcs -D svc:/application/pkg/server:default
STATE          STIME    FMRI
offline        10:40:22 svc:/application/pkg/depot:default
# svcs -D svc:/application/pkg/server:default
STATE          STIME    FMRI
offline        10:40:22 svc:/application/pkg/depot:default
#

# ls -ld /opt/OS_Repo/
drwxr-xr-x   6 root     root          11 Jan 24 10:10 /opt/OS_Repo/
# svcadm clear pkg/server
# svcs -a | grep pkg/server
online         10:43:40 svc:/application/pkg/server:default
#




No comments:

Post a Comment