Any jumpstart pros out there? 1

[gallows]

How do you tell the jumpstart server to boot in single user mode to apply Recommended patch cluster? I do not have any problems with the profiles, finish scripts, hardening scripts etc, but I don't see how you can apply the Recommended Patches which should be installed via single user mode.

Thanks,
gallows

 

[maximusGeek]

I do that as the last step of my finish script.

This script came from the Sun Blue Prints Jumpstart book:

#
#ident "@(#)install-recommended-patches.fin 1.6 00/10/19 SMI"
#
# This script is responsible for installing a Sun Recommended
# and Security Patch Cluster from ${BASEDIR}/${PATCH_DIR}.

errorCondition=0
mountedProc=0

BASEDIR="/a"
PATCH_SERV_DIR=""
PATCH_DIR="/mnt"
MNTTAB="${BASEDIR}/etc/mnttab"
OE_VER="`uname -r`"

mount -F nfs -o ro 10.1.1.1:/jumpstart/Patches ${BASEDIR}/${PATCH_DIR}

case ${OE_VER} in

5.9)
PATCH_SERV_DIR=9_Recommended
;;

5.8)
PATCH_SERV_DIR=8_Recommended
;;

5.7)
PATCH_SERV_DIR=7_Recommended
;;

5.6)
PATCH_SERV_DIR=2.6_Recommended
;;

5.5.1)
PATCH_SERV_DIR=2.5.1_Recommended
;;

*)
errorCondition=1
;;

esac


if [ ${errorCondition} = 0 ]; then
if [ ! -d ${BASEDIR}/${PATCH_DIR} ]; then
echo "The directory, ${PATCH_DIR}, does not exist."
else

# Some patches require a loopback filesystem be used when
# installing using chroot.

if [ -d /proc ]; then
if [ "`df -n /proc | awk '{ print $3 }'`" = "proc" ]; then
if [ -d ${BASEDIR}/proc ]; then
if [ "`df -n ${BASEDIR}/proc | \
awk '{ print $3 }'`" != "proc" ]; then
mount -F lofs /proc ${BASEDIR}/proc
mountedProc=1
fi
fi
fi
fi

if [ ! -s ${MNTTAB} ]; then
if [ -s /etc/mnttab ]; then

# First create ${MNTTAB} so patches can read it:

echo "Copying /etc/mnttab from miniroot to ${MNTTAB}"
echo ""

rm -f ${MNTTAB}

if [ "${OE_VER}" = "5.5.1" ]; then

# This is necessary for "install_cluster" to get the mount
# point for /var/sadm/patch from the "real" root filesystem.

cat /etc/mnttab | sed 's/\/a/\//g' > ${MNTTAB}

# This is necessary for "df" to execute which is needed by
# "install_cluster" to determine if enough free disk
# space exists on the target system.

touch ${BASEDIR}/etc/.mnttab.lock
chown root:root ${BASEDIR}/etc/.mnttab.lock
chmod 644 ${BASEDIR}/etc/.mnttab.lock
else
cp /etc/mnttab ${MNTTAB}
fi
else
echo "Could not find a valid /etc/mnttab"
errorCondition=1
fi
fi

if [ ${errorCondition} = 0 ]; then

SHOWCOMMAND=""

if [ -x ${BASEDIR}/usr/sbin/patchadd ]; then
SHOWCOMMAND="/usr/sbin/patchadd"
elif [ -x ${BASEDIR}/usr/bin/showrev ]; then
SHOWCOMMAND="/usr/bin/showrev"
fi

# if [ "${SHOWCOMMAND}" != "" ]; then
# echo "The following patches are currently installed:"
# echo ""
# chroot ${BASEDIR} ${SHOWCOMMAND} -p
# echo ""
# fi

cd ${BASEDIR}/${PATCH_DIR}

if [ -d ${PATCH_SERV_DIR} ]; then
echo "Installing the ${PATCH_SERV_DIR} patch cluster."
echo ""

if [ "${SHOWCOMMAND}" = "/usr/sbin/patchadd" ]; then
chroot ${BASEDIR} /usr/sbin/patchadd -d -u \
-M ${PATCH_DIR}/${PATCH_SERV_DIR} patch_order
elif [ -x ${PATCH_DIR}/${PATCH_SERV_DIR}/install_cluster ]; then
chroot ${BASEDIR} \
${PATCH_DIR}/${PATCH_SERV_DIR}/install_cluster -q \
${PATCH_DIR}/${PATCH_SERV_DIR}
else
echo "Cannot find /usr/sbin/patchadd or install_cluster"
fi
else
echo "Could not find the ${PATCH_SERV_DIR} patch cluster"
fi
fi

umount ${BASEDIR}/${PATCH_DIR}
if [ ${mountedProc} = 1 ]; then
umount ${BASEDIR}/proc
fi
fi
fi

 

[cndcadams]

I also use the script from the blueprints.

ca

 

[gallows]

Thanks maximusgeek and ca.
Here is my problem. My boss wants the system rebooted in normal mode, ie, init 6, after the initial installation of Solaris. This is because there is a message stating that the system should be rebooted.

Then, to install the Rec Patches, the system should be booted in single user mode. Then install the Rec patches.

He reviews the installation logs and does not see the reboot. If you install Solaris from CD, this is the process you should follow, according to him.
I don't see a reboot in the script above. I am not at work today so I can't verify.

gallows

 

[maximusGeek]

gallows,

No, there is no reboot in that script. Once your finish script has been completed, jumpstart will reboot your system.

Installing the patch cluster immediately after the OS installation is a standard practice. It's even better than installing from Single user mode. At that time, you are not even booted! You are network booted off the installation image on your jumpstart server.

You can tell your boss that this procedure is documents in The Solaris 9 and 10 installation guides and in the Solaris 8 Jumpstart Technology book from Sun BluePrints. From a CM, SA, and Security standpoint, jumpstart is really the only way to go.

 

[gallows]

Many thanks maximusGeek!!
This whole issue started when I tried installing the latest recommended patch set with a Fin script. The kernel patch 112233 failed, which caused many other patches to fail that probably should not have. His thought was that it might have been due to the message "You must reboot your system to complete installation", after the initial install of the Solaris 9 OS. We were using the Core Package, which I think was the problem in the first place.

I will tell him what you said and see what happens.

Thanks again!!

Gallows

 

[maximusGeek]

Gallows,

Ah, now I see where you are coming from. I have patch failures at times as well and even pkg that fail to install. It depends on what release of Solaris 9 you are using too and what hardware you are installing it on.

I would start with installing the entire distribution + OEM. Many patches have dependencies that cause failures, even when they don't make sense. I find it simpler to install all disable services I'm not using. I don't know anything about your environment but for mine, when I make any change (even like installing a Solaris pkg and I left off in and install), it takes time, meetings, testing teams to make them part of the CM configuration. Easy to remove, hard to add.