This chapter provides instructions for installing and removing patches from the DIGITAL UNIX operating system, the Available Server Environment (ASE), and the TruCluster Software products (TCR).
The following list summarizes the steps necessary to install patches on your system. The referenced sections provide the full details. Compaq recommends that you familiarize yourself with these steps before attempting to install DIGITAL UNIX, ASE, or TCR patch kits.
Prepare your system for patch installation (see Section 3.2).
Make the patch distribution available to your system (see Section 3.3).
Load any new patch tools provided with the new patch distribution (see Section 3.4).
Set the patch baseline in multiuser mode, if system files have been changed manually (see Section 3.6).
Perform patch preinstallation check in multiuser mode (see Section 3.5).
Install patches in single-user mode (see Section 3.7).
Rebuild the kernel and reboot the system.
Before using the latest DIGITAL UNIX, ASE, or TCR patch distribution, make sure that your system meets the required criteria and that you perform certain preinstallation tasks, as described in the following sections.
You must have the appropriate versions of DIGITAL UNIX, ASE, and TCR installed on your system to install patch kits. There are separate patch kits for each version of the DIGITAL UNIX, ASE, and TCR products. The patch kits will not install on any other version of those products. For example, the DIGITAL UNIX 4.0D patch kit will only install on DIGITAL UNIX Version 4.0D.
It is recommended that you backup your
/,
/usr, and
/var
file systems prior to installing
patches or baselining your system.
Refer to the Patch Summary and Release Notes for the required storage space.
DIGITAL UNIX, ASE, and TCR patches are available from the Compaq Services Web page or the DIGITAL UNIX Patch CD-ROM. Once you have obtained the patch distributions use the following instructions to make the patch kits available to the system targeted for update:
Ensure the installation prerequisites described in Section 3.2 are met.
If you are using patch tar files obtained via the Internet from the Compaq Services Web page, you must expand the tar file to access the patch kits.
The tar file can be expanded on any NFS mountable file system.
It is
recommended that the file system not exist in
/usr
or
/var
of the system that will be patched.
For example:
#
/usr/sbin/mount /dev/rz3g
/PatchKits
#
cd /PatchKits
#
mkdir kit8
Copy or ftp the patch kit to
/PatchKits/kit8.
For
example:
#
cp DUV40BAS00008-19980821.tar
/PatchKits/kit8
#
script untar.log
#
tar
-xpvf DUV40BAS00008-19980821.tar
#
^D
View the
untar-kit.log
for errors or failures untarring
the file.
Once the tar file has been expanded, make the file system containing the patch kits available to the system being patched. For example, on the system being patched do the following:
#
/usr/sbin/mount /PatchKits/kit8@hostname
/mnt
If you are using the DIGITAL UNIX Patch CD-ROM you need only mount the CD-ROM, as the information on the CD-ROM is already expanded. For example:
#
usr/sbin/mount -r /dev/rz4a
/mnt
The patch kits deliver updated patch tools to your system.
It is important
that you run the
dupatch
utility located in the
/patch_kit
directory every time you obtain new patch tar files or
a new DIGITAL UNIX Patch CD-ROM.
After you have made the patch kits available to the system being patched,
run
dupatch
as follows:
#
/mnt/patch_kit/dupatch
If new patch tools are available they will be loaded and the
dupatch
utility will be started and you will see messages similar
to the following when new patch tools are loaded:
* A new version of patch tools required for patch management
is now being installed on your system.
* Tools updated, invoking the updated Patch Utility...
DIGITAL UNIX Patch Utility (Rev. 25)
==========================
- This dupatch session is logged in /var/adm/patch/log/session.log
Main Menu:
---------
1) Patch Installation
2) Patch Deletion
3) Patch Documentation
4) Patch Tracking
5) Patch Baseline Analysis/Adjustment
h) Help on Command Line Interface
q) Quit
Enter your choice:
The
dupatch
utility saves information on the tools
that have been loaded to the log file
/var/adm/patch/log/Dupatch_load_date.log.
To minimize system downtime, Compaq recommends that you perform the preinstallation check in multiuser mode. When the patch preinstallation check is successful in multiuser mode, schedule time to bring down the system to single-user mode for patch installation.
The following steps provide the instructions for performing the preinstallation check.
Log in as root.
From the main
dupatch
menu, enter
1
at the
"Enter your choice"
prompt:
DIGITAL UNIX Patch Utility (Rev. 25)
==========================
- This dupatch session is logged in /var/adm/patch/log/session.log
Main Menu:
---------
1) Patch Installation
2) Patch Deletion
3) Patch Documentation
4) Patch Tracking
5) Patch Baseline Analysis/Adjustment
h) Help on Command Line Interface
q) Quit
Enter your choice: 1
The program responds with the Patch Installation Menu.
Enter
1
at the
"Enter your choice"
prompt:
DIGITAL UNIX Patch Utility (Rev. 25)
==========================
- This dupatch session is logged in /var/adm/patch/log/session.log
Patch Installation Menu:
------------------------
1) Pre-Installation Check ONLY
2) Check & Install (requires single-user mode)
b) Back to Main Menu
q) Quit
Enter your choice: 1
When prompted, enter the location of the patch distribution. For example:
Enter path to the top of the patch distribution,
or enter "q" to get back to the menu : /mnt/patch_kit
The program lists the patch kits provided in the patch distribution that apply to your system. Compaq recommends that you install all of these kits. For example:
The products listed below are optional: There may be more optional products than can be presented on a single screen. If this is the case, you can choose products screen by screen or all at once on the last screen. All of the choices you make will be collected for your confirmation before any products are installed.
1) Patches for Digital UNIX V4.0B 2) Patches for TruCluster Available Server Software_V1.4A Or you may choose one of the following options: 3) ALL of the above 4) CANCEL selections and redisplay menus 5) EXIT without installing any products Enter your choices or press RETURN to redisplay menus. Choices (for example, 1 2 4-6):3You are installing patches (to be selected) from the following products: Patches for Digital UNIX V4.0B Patches for TruCluster Available Server Software_V1.4A Is this correct? (y/n):y
You have the option to make the patches reversible so you
can revert the system to its state prior to the installation of a patch.
Press
Return or type
y
to the following question to make
the patches reversible.
For example:
Do you want the patches to be reversible? [y]: [Return]
By default, the backup copies of the installed patches will be saved
in
/var/adm/patch/backup.
If you have limited space in
/var, you may want to make the backup directory the mount point
for a separate disk partition, an NFS mounted directory, or a symbolic link
to another file system.
Answer yes when asked if you want to perform the preinstallation check with this setup:
Do you want to proceed with the preinstallation check with this setup? [y]: [Return]
You will be asked to select the patches for which the preinstallation
check will be performed .
It is recommended that you select
all.
The program displays the list of the patches you selected and asks you to verify the selection. If you answer no, you will be given the opportunity to make a new selection.
The program lists any patches that fail the prerequisite and applicability checks, and asks how you want to proceed. You are presented with the following choices:
Select the action you'd like to take: 1) proceed with the patches that passed the check 2) select patches again 3) go back to the previous menu
If the patches are prevented from being installed because of missing or unknown system files, set the system patch baseline, as described in Section 3.6. If patches are prevented from being installed because dependent patches were not selected, choose the "select patches again" item and add the required patches that are missing.
Otherwise, proceed to the installation phase, as described in Section 3.7.
If your system was customized as a result of the manual installation of any system files, you will need to set the patch baseline for your system. If you do not need to set the patch baseline for your system, proceed to Section 3.7.
Note
You will need to be familiar with the concepts of baselining in Section 2.6 before preforming the steps in this section.
You can set the patch baseline in multiuser mode, thereby minimizing system down time.
The following steps show you how to set a patch baseline.
Log in as root.
Run
dupatch
and enter
5
in response to
"Enter your choice"
prompt of the Main Menu:
DIGITAL UNIX Patch Utility (Rev. 25)
==========================
- This dupatch session is logged in /var/adm/patch/log/session.log
Main Menu:
---------
1) Patch Installation
2) Patch Deletion
3) Patch Documentation
4) Patch Tracking
5) Patch Baseline Analysis/Adjustment
h) Help on Command Line Interface
q) Quit
Enter your choice: 5
A summary of the patch baselining phases will be displayed on the screen.
Answer
y
or
n
when asked
if you want to proceed with setting the patch baseline (you must provide an
answer; there is no default answer):
Do you want to proceed with the analysis and adjustment? [y/n]:y
If you answer yes,
dupatch
asks you to enter the
location of the patch distribution as follows:
Enter path to the top of the patch distribution,
or enter "q" to get back to the menu : /mnt/patch_kit
The summary of the patch baselining phases provides the following information:
Baselining Phase 1 evaluates your system relative to the patch kit.
Baselining Phase 2 reports information for patches whose installation
is blocked by system files that were installed by layered products.
You cannot
enable
dupatch
to install patches that replace system files
installed by layered products.
You must contact your layered product customer
services or Compaq Services if you have purchased Business Critical
Services.
Baselining Phase 3 reports on patches that match existing
files on your system, but are not marked as
installed
by the system inventory.
You can tell
dupatch
to mark
these patches as
installed.
This involves copying valid
setld
database information to your system.
If exact matches are
found you will be asked the following question:
Do you want to mark these patches as installed ? [y/n]
You must provide an answer; there is no default answer.
Baselining Phase 4 reports information about any unknown or missing system files. This information is provided to assist you in understanding the state of files that may prevent patch installation.
Consider this information carefully when making decisions to override patch-installation checks for patches noted in Phase 5.
Phase 5 reports patches that do not pass installation applicability tests due to the current state of your system. The installation of these patches is prevented by missing or unknown system files.
The
dupatch
utility reports the known information
about the files contained in each patch and asks if you want to enable the
installation:
Do you want to enable the installation of any of these patches? [y/n]:
You must provide an answer; there is no default answer.
Answer
n, until you know the origin of the files
that are preventing the patch installation.
The changed system files that
are preventing the official patch installation may be part of a manually installed
prerelease patch or an intentionally customized utility or file.
If, for example, the file that is preventing the installation of an official patch is one of many files that are part of a prerelease patch, you must determine how to proceed. For more information, see Section 2.6.4.1 and Section 2.6.5.
If you answer
y
to this question, you can selectively
enable
dupatch
to install patches that are prevented from
being installed by missing or unknown files.
The
dupatch
utility will present the list of patches
so you can optionally enable installation.
It then asks you how to proceed.
If you select patches for installation,
dupatch
asks
you to confirm your selections and then enables installation of the selected
patches.
Perform the patch installation as described in
Section 3.7.
WARNING
Do not enable
dupatchto install patches over missing or unknown system files for which you do not know the origin. To do so might cause your operating system, ASE, or TCR software environments to be in an inconsistent or nonoperational state.
Patch installation is performed through
dupatch.
The
-l
of the
setld
command is disabled
for patch subsets.
Before beginning the installation, make sure that you have completed all of the preliminary steps:
Make sure you have met the installation prerequisites described in Section 3.2.
Make sure you made the patch distribution available to your system, as described in Section 3.3.
Make sure you loaded any new patch tools, as described in Section 3.4.
Make sure that you performed the patch preinstallation check, as described in Section 3.5.
If needed, make sure that system patch baseline as been set, as described in Section 3.6.
The following steps provide instructions for installing and enabling DIGITAL UNIX, ASE, and TCR patches:
Shut down the system to single-user mode. For example:
#
/usr/sbin/shutdown
-h
+5 "Applying 4.0B and TCR Patches"
Reboot to single-user mode from the console prompt, using a command like the following:
>>>boot
-fl
s
After the system shuts down and reboots to single-user mode,
mount the file system that contains the
/usr
and
/var
directories.
Use the
bcheckrc
command to
check and mount all the UFS and AdvFS file systems, then issue the
update
command and activate your swap partition with
swapon:
#
/sbin/bcheckrc
#
/sbin/update
#
/sbin/swapon
-a
If you are using the Logical Storage Manager, enter the
lsmbstartup
command:
#
/sbin/lsmbstartup
If you need access to the network, enter the
rcinet
command to start the network:
#
/usr/sbin/rcinet
Informational messages will appear on the screen.
Run the
dupatch
utility.
(This step assumes
that the patch kit is available to your system, as described in
Section 3.3,
and that the new patch tools have been loaded, as described in
Section 3.4).
Enter
1
at the
"Enter your choice"
prompt
to the invoke the patch installation session:
#
dupatch
DIGITAL UNIX Patch Utility (Rev. 25)
==========================
- This dupatch session is logged in /var/adm/patch/log/session.log
Main Menu:
---------
1) Patch Installation
2) Patch Deletion
3) Patch Documentation
4) Patch Tracking
5) Patch Baseline Analysis/Adjustment
h) Help on Command Line Interface
q) Quit
Enter your choice: 1
When the patch installation menu is displayed.
Enter
2, at the
"Enter your choice"
prompt:
DIGITAL UNIX Patch Utility (Rev. 25)
==========================
- This dupatch session is logged in /var/adm/patch/log/session.log
Patch Installation Menu:
-----------------------
1) Pre-Installation Check ONLY
2) Check & Install (requires single-user mode)
b) Back to Main Menu
q) Quit
Enter your choice: 2
You will be presented with the list of patch kits that are
provided in the patch distribution and that apply to your system.
Compaq
recommends that you install all patch kits (choice
3
)
that apply to your system.
For example:
The products listed below are optional:
There may be more optional products than can be presented
on a single screen. If this is the case, you can choose
products screen by screen or all at once on the last screen.
All of the choices you make will be collected for your
confirmation before any products are installed.
1) Patches for Digital UNIX V4.0B
2) Patches for TruCluster Available Server Software V1.4A
Or you may choose one of the following options:
3) ALL of the above
4) CANCEL selections and redisplay menus
5) EXIT without installing any products
Enter your choices or press RETURN to redisplay menus.
Choices (for example, 1 2 4-6): 3
The program lists your choices and asks to confirm your choices. For example:
You are installing patches (to be selected) from the following
products:
Patches for Digital UNIX V4.0B
Patches for TruCluster Available Server Software V1.4A
Is this correct? (y/n): y
You have the option to make patches reversible so you can
return the system to its state prior to the installation of a patch.
Enter
y
or press Return to make the patches reversible.
For example:
Do you want the patches to be reversible? [y]: [Return]
By default, backup copies of the installed patches are saved in
/var/adm/patch/backup.
If you have limited space in
/var, you may want to make the backup directory the mount point for
a separate disk partition, an NFS mounted directory, or a symbolic link to
another file system.
If you answer no to this question, the existing system files will not be saved and the installed patches will not be reversible. Compaq recommends that you install patches so they are reversible.
The program describes your backup setup and asks you if you want to proceed:
Do you want to proceed with the installation with this setup? [y]: [Return]
You are asked to record your name as the person installing the patches and to add any comments you would like stored for future reference. For example:
Your name: Mary Smith
Enter any notes about this operation that you would like stored for future reference. To end your input, enter a period (.) and press Return.
:Removing patches 6.00, 12.00, and 22.00 until the:firmware can be updated to the proper revision.:.[Return]
The program lists the patches available for installation on
your system.
This list may be different from system to system because
dupatch
does not display available patches that are already installed
on your system.
You can selectively choose patches for installation, install
all patches, cancel selections and redisplay menus, or exit without installing
any patches.
For example:
Enter your choices or press RETURN to display the next screen.
Choices (for example, 1 2 4-6) :
.
.
.
130) Patch 0381.00 - Motif Toolkit Correction
131) Patch 0384.00 - Various X11 Server Corrections
Or you may choose one of the following options:
134) ALL of the above
133) CANCEL selections and redisplay menus
134) EXIT without installing any patches
Selecting CANCEL cancels your patch selections and returns to the patch list and selection menus so you can reselect patches for installation.
Selecting EXIT returns you to the
dupatch
installation
menu.
The preinstallation check is performed to verify that the
patches will install.
If the preinstallation check is successful
dupatch
proceeds with the installation.
If the preinstallation check
fails,
dupatch
lists the specific patches that fail and
asks how you want to proceed:
Select the action you'd like to take: 1) proceed with the patches that passed the check 2) select patches again 3) go back to the previous menu
If you choose to proceed with patches that passed the preinstallation
check,
dupatch
will start installing those patches and
provide informational messages on the screen.
The whole
dupatch
session is logged to ensure you can view any messages that may
scroll off the screen.
If patch installation is blocked due to missing or unknown system files, refer to Section 3.6.
Review the
dupatch
session log,
/var/adm/patch/log/session.log, to ensure that the installation
was successful.
Note any special patch instructions, informational messages,
and error messages.
Assuming patch installation was successful, rebuild the kernel
(vmunix), save the existing kernel, move the new kernel
into place, and reboot the system.
For more information, see the DIGITAL UNIX
System Administration
manual.
In general the following steps are necessary:
Configure a new
vmunix.
For example:
#
doconfig
-c
HOSTNAME
Save the existing
vmunix.
For example:
#
cp /vmunix /usr/vmunix.prekit11-<yyyymmdd>
Install the newly built kernel (vmunix).
For example:
#
mv /usr/sys/HOSTNAME/vmunix /vmunix
Reboot the system. For example:
#
/usr/sbin/shutdown
-r
+5 "Reboot a with newly installed patches"
To remove patches from your system you use the Patch Deletion option
of the
dupatch
Main Menu.
The system must be in single-user
mode to remove patches.
Note that the
-d
option to the
setld
command is disabled for patch subsets.
The following steps show how to remove patches:
Caution
See Section 3.8.2 before using the "delete all" option of the Patch Deletion menu.
Shut down the system to single-user mode. For example:
#
/usr/sbin/shutdown
-h
+5 "Removing Patches"
After the system shuts down to single-user mode, mount the
file system that contains the
/usr
and
/var
directories.
Use the
bcheckrc
command to check and mount
all the UFS and AdvFS file systems.
Then issue the
update
command and activate your swap partition with
swapon:
#
/sbin/bcheckrc
#
/sbin/update
#
/sbin/swapon
-a
If you are using the Logical Storage Manager, run
lsmbstartup:
#
/sbin/lsmbstartup
If you need access to the network, use the following command to start the network:
#
/usr/sbin/rcinet start
Informational messages will appear on the screen.
Run
dupatch, select
2
for patch removal:
#
dupatch
DIGITAL UNIX Patch Utility ========================== (This dupatch session is logged in /var/adm/patch/log/session.log) Main Menu: ---------- 1) Patch Installation 2) Patch Deletion 3) Patch Documention 4) Patch Tracking 5) Patch Baseline Analysis/Adjustment h) Help on Command Line Interface q) Quit Enter your choice:2
You are asked to record your name as the person removing the patches and to add any comments you would like stored for future reference. For example:
Your name: Mary Smith
Enter any notes about this operation that you would like stored for future reference. To end your input, enter a period (.) and press Return.
:Removing patches 6.00, 12.00, and 22.00 until the:firmware can be updated to the proper revision.:.[Return]
Select and verify the patches to remove through the patch
selection menus.
Once the patch selection is done,
dupatch
removes the selected patches and provides informational messages on the screen.
The
dupatch
session is logged to
/var/adm/patch/log/session.log.
Review the session log to ensure the removal was successful. Note any special patch instructions, informational messages, and error messages.
If there are no error messages, follow the instructions for disabling the patches that are listed in the session log. Depending upon the deleted patches, you may need to rebuild the kernel or reboot the system.
The Delete Patch menu applies to all
setld-based
patches installed on your system; it does not focus on any specific patch
kit.
This menu allows you to delete a specific patch, a list of patches, or
all patches from your system.
The Delete Patch menu lists every
setld-based patch
on your system, regardless of which patch kit installed them.
Therefore, if
you select the
"delete all patches"
menu item, it will remove
all
setld-patches from your system.
For example, if chose the
"install all patches"
menu item
when installing Patch Kit-0009 and then decided to remove those patches, you
would have to specify the patch ID of all Patch Kit-0009 patches in the Delete
Patch menu.
If, instead, you select the
"delete all patches"
menu item, then all
setld-based patches that were installed
on your system would be deleted, not just those from Patch Kit-0009.