Patch-ID# 146762-14


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security ha-xvm patch ha-vm
Synopsis: Oracle Solaris Cluster 3.3: HA-xVM Patch for Oracle Solaris 10
Date: Jun/26/2015


Install Requirements: NA

Solaris Release: 10

SunOS Release: 5.10

Unbundled Product: Oracle Solaris Cluster

Unbundled Release: 3.3

Xref:

Topic: Oracle Solaris Cluster 3.3: HA-xVM Patch for Oracle Solaris 10

Relevant Architectures: sparc

Bugs fixed with this patch:

Sun CR # Bug #
720207215819545
15845249
16012904
16329603
16353601
16396500
16530943
17015508
17254380
18114873
18190779
18203362
18335346
19572637
20127081
20325672
647735715353565
686559515578696
700723315687321
700723815687324
700830715688350
700847815688499
701310015692262
702799415703064
702893815703739
702895215703745
703529515708330
706530615727509
706926915730311
708641415739559
710339015749811
710366715750056
715544315780348


Changes incorporated in this version: 15819545 17254380 18190779 20325672

Patches accumulated and obsoleted by this patch: 146628-02 149522-03

Patches which conflict with this patch:

Patches required with this patch:

Obsoleted by:

Files included with this patch:

/opt/SUNWscxvm/bin/boot_xvm
/opt/SUNWscxvm/bin/control_xvm
/opt/SUNWscxvm/bin/fini_xvm
/opt/SUNWscxvm/bin/functions
/opt/SUNWscxvm/bin/validate_xvm
/opt/SUNWscxvm/etc/SUNW.ldom
/opt/SUNWscxvm/lib/libgetpassphrase.so.1
/opt/SUNWscxvm/man/man5/SUNW.ldom.5
/opt/SUNWscxvm/man/man5/ldom.5

Problem Description:

15819545 ha-ldom validate method should not allow migration_type of MIGRATE
17254380 HA LDOM fails when file holding encrypted password has wrong permissions
18190779 HA-XVM on SPARC platform has error when building parfait target
20325672 SUNW.ldom does not perform an immediate failover if plugin_probe returns 201
 
(from 146762-13)
 
20127081 SUNW.ldom FM logs a corrupted message if plugin_probe reports a probe failure
 
(from 146762-12)
 
19572637 unmanaging HA-xVM RG removes xml_<rs> entry from CCR ldom_domain_config file
 
(from 146762-11)
 
18335346 ldm stop timeout in SUNWscxvm.stop prevents LDOM unbound
 
(from 146762-10)
 
18114873 HA-LDOM CCR Configuration file rendered unusable after failfast panic
18203362 problem with Oracle Solaris Cluster HA-xVM
 
(from 146762-09)
 
17015508 HA-LDOM agent is not using warm migration after commandlog rotation
 
(from 146762-08)
 
16353601 HA-LDOM resource leaves LDOM in status bound after disabling
16396500 Live Migration failing
16530943 function script should use position independent parsing of ldm output
 
(from 146762-07)
 
16329603 HA-LDOM agent should have init method defined in RTR file
 
(from 146762-06)
 
16012904 LDOM resource is reporting that LDOM is not bound and not coming online
 
(from 146762-05)
 
        This revision accumulates feature point patch 149522-03 into OSC 3.3 U2.
 
(from 146762-04)
 
7027994 security: HA-LDoms password file contains unencrypted on non-obfuscated password used for migration
7028938 OSC agent for xVM/LDoms needs to avert race conditions
7028952 OSC agent for LDoms needs to use explicit pathnames when executing commands
7065306 problem with HA-xVM
 
(from 146762-03)
 
7035295 need to add all changed binaries to U1 patches
 
(from 146762-02)
 
        This revision accumulates feature point patch 146628-02.
 
(from 146762-01)
 
7007238 migrated Guest domain is shutdown by HA-LDoms and relocated to the next primary node
7008478 HA-LDOM agent migration command should use -p <passwd file> option as described in CR 6839518
 
(from 146628-02)
 
6477357 fix for 6463264: default property values in RT man pages are now out of date
7008307 HA LDOM doc states password_file as a required property
7013100 deliver data service man page changes for 3.3u1
 
(from 146628-01)
 
7007233 resource creation for Guest domain fails
 
(from 149522-03)
 
15845249 deliver man pages changes for 3.3u2 data services
 
(from 149522-02)
 
7155443 SUNW.ldom probe method is not updating LDOM configuration changes in CCR
 
(from 149522-01)
 
6865595 xVM agent doesn't delete domain config file from CCR if resource is deleted
7069269 HA LDOM default STOP_TIMEOUT is too low - need better monitoring of LDOM migration progress
7086414 LDOM agent is not using warm migration when using "+" for RG-name to move all RGs
7103390 SC3.x/ldom2.1 guest domain no longer listed and inaccessible w/ clrg offline of the associated group
7103667 SC3.x/ldom2.1 - would be useful to have some additional info about the guest domain w/ scstat/clrg


Patch Installation Instructions:
--------------------------------
 
There are three (3) possible procedures for installing patches on Oracle
Solaris Cluster.  The proper method to use and any additional instructions,
for this patch are specified below in the "Special Install Instructions"
section.
 
Refer to the chapter entitled "Patching Oracle Solaris Cluster Software and
Firmware" in the "Oracle Solaris Cluster System Administration Guide" for a
description of the different install processes and instructions on how
to install Oracle Solaris Cluster 3.3 patches.
 
Refer to the man pages for instructions on using 'patchadd' and 'patchrm'
commands provided with Oracle Solaris, to install and remove patches.


Special Install Instructions:
-----------------------------
 
NOTE 1:  Install this patch using one of the following patch install
         procedures found in the "Patching Oracle Software and Firmware"
         chapter of the "Oracle Solaris Cluster System Administration Guide:"
 
         * Non Rebooting Patch
         * Rebooting Patch (Node)
         * Rebooting Patch (Cluster and Firmware)
 
NOTE 2:  Revision -03 delivers the same fixes as in update 1 but is not
         equivalent to update 1. Updates can deliver new features that
         will not be in a patch.
 
NOTE 3:  Revision -07 delivers features introduced during update 2.
 
NOTE 4:  When registering the HA-LDOM resource, if an encrypted password is
         required for the LDOM migration, you must do the following:
 
         Note: The steps below can also be performed when the HA_LDOM
         resource is disabled.
 
         1. Set "encrypted" in the Password_file extension property.
 
         2. As root, create an encrypted password.  In the example below,
            the password "fu_bar" is being encrypted and "ldg1" reflects
            the LDOM name.
 
            node1# dd if=/dev/urandom of=/var/cluster/ldom_key bs=16 count=1
            node1# chmod 400 /var/cluster/ldom_key
            node1# echo fu_bar | /usr/sfw/bin/openssl enc -aes128 -e -pass file:/var/cluster/ldom_key -out /opt/SUNWscxvm/.ldg1_passwd
            node1# chmod 400 /opt/SUNWscxvm/.ldg1_passwd
 
         3. Verify that the encrypted password can be decrypted.
 
            node1# /usr/sfw/bin/openssl enc -aes128 -d -pass file:/var/cluster/ldom_key -in /opt/SUNWscxvm/.ldg1_passwd
 
         4. Repeat Steps 2-3 above on all other Oracle Solaris Cluster nodes
            that will host the LDOM service.


README -- Last modified date: Friday, June 26, 2015