Discussion:
Sol11.3 to 11.4 offline upgrade not working
(too old to reply)
Scott
2018-10-12 21:42:30 UTC
Permalink
I'm trying this on an test host first before trying it on the real host.
Test host is a VMWare 6.5.0 instance, on an HPE DL380g9.

The real host is in an air-gapped network, so I'm treating the test host
the same way.
I build a fresh 11.3 host, apply the 11.3.22.3.0 patches,
then try to go to 11.4. First attempt kind of works, though
I only see two packages updated.
Next attempt fails, with:
pkg update: No solution was found to satisfy constraints
No solution found to update to latest available versions.

I had first tried patching from 11.3.22.3.0 to 11.4.1.4.0, which did not take, then I tried this multi-step method. Still can't get it to patch.

Details below.

Rebuilt host.
1) Solaris 11.3 text install

2) Install Solaris 11.3 local repository

3) Install Solaris 11.3.22.3.0 local repository

4) pkg update -v --accept; reboot

***@dhcp-147-17-26-138:~# pkg info entire
Name: entire
Summary: entire incorporation including Support Repository Update (Oracle Solaris 11.3.22.3.0).
Description: This package constrains system package versions to the same
build. WARNING: Proper system update and correct package
selection depend on the presence of this incorporation.
Removing this package will result in an unsupported system.
For more information see:
https://support.oracle.com/rs?type=doc&id=2045311.1
Category: Meta Packages/Incorporations
State: Installed
Publisher: solaris
Version: 0.5.11 (Oracle Solaris 11.3.22.3.0)
Build Release: 5.11
Branch: 0.175.3.22.0.3.0
Packaging Date: June 29, 2017 04:14:58 PM
Size: 5.46 kB
FMRI: pkg://solaris/***@0.5.11,5.11-0.175.3.22.0.3.0:20170629T161458Z
***@dhcp-147-17-26-138:~# pkg publisher
PUBLISHER TYPE STATUS P LOCATION
solaris origin online F file:///usr/local/sol-11_3/
solaris origin online F file:///usr/local/sol_11.3.22.3.0/

5) Install Solaris 11.4 local repository

***@dhcp-147-17-26-138:/usr/local/src/sol-11_4# pkg publisher
PUBLISHER TYPE STATUS P LOCATION
solaris origin online F file:///usr/local/sol-11_3/
solaris origin online F file:///usr/local/sol-11_4-repo/
solaris origin online F file:///usr/local/sol_11.3.22.3.0/
***@dhcp-147-17-26-138:/usr/local/src/sol-11_4# pkg update -v
Packages to update: 2
Estimated space available: 137.16 GB
Estimated space to be consumed: 108.53 MB
Create boot environment: No
Create backup boot environment: Yes
Rebuild boot archive: No

Changed packages:
solaris
consolidation/ddt/ddt-incorporation
8.16.17.6.12,0.5.11-0.175.3.22.0.1.0:20170620T160828Z -> 18.3.18.7.13,0.5.11-11.4.0.0.1.11.0:20180718T212443Z
support/explorer
8.16.17.6.12,0.5.11-0.175.3.22.0.1.0:20170620T160829Z -> 18.3.18.7.13,0.5.11-11.4.0.0.1.11.0:20180718T212444Z

DOWNLOAD PKGS FILES XFER (MB) SPEED
Completed 2/2 1420/1420 7.7/7.7 0B/s

PHASE ITEMS
Removing old actions 22/22
Installing new actions 111/111
Updating modified actions 1605/1605
Updating package state database Done
Updating package cache 2/2
Updating image state Done
Creating fast lookup database Done
Updating package cache 1/1

---------------------------------------------------------------------------
NOTE: Please review release notes posted at:

https://support.oracle.com/rs?type=doc&id=2045311.1
---------------------------------------------------------------------------

***@dhcp-147-17-26-
----- Message truncated -----

Next time I type pkg update it shows a lot of conflicts and will not
do an upgrade.

Any ideas?

Regards, Scott
YTC#1
2018-10-13 09:39:27 UTC
Permalink
Post by Scott
I'm trying this on an test host first before trying it on the real host.
Test host is a VMWare 6.5.0 instance, on an HPE DL380g9.
The real host is in an air-gapped network, so I'm treating the test host
the same way.
I build a fresh 11.3 host, apply the 11.3.22.3.0 patches,
then try to go to 11.4. First attempt kind of works, though
I only see two packages updated.
pkg update: No solution was found to satisfy constraints
No solution found to update to latest available versions.
I had first tried patching from 11.3.22.3.0 to 11.4.1.4.0, which did not take, then I tried this multi-step method. Still can't get it to patch.
Details below.
Rebuilt host.
1) Solaris 11.3 text install
2) Install Solaris 11.3 local repository
3) Install Solaris 11.3.22.3.0 local repository
Go to SRU35 1st, but IIRC you may need to go via SRU24 then SRU35 (I had
a similar patching issue around SRU22).

Once at SRU35, run the new pkg upgrade chekc (pkg check ??)
Post by Scott
4) pkg update -v --accept; reboot
I sincerely hope you did not reboot without checking the update ? :-)
Post by Scott
Name: entire
Summary: entire incorporation including Support Repository Update (Oracle Solaris 11.3.22.3.0).
Description: This package constrains system package versions to the same
build. WARNING: Proper system update and correct package
selection depend on the presence of this incorporation.
Removing this package will result in an unsupported system.
https://support.oracle.com/rs?type=doc&id=2045311.1
Category: Meta Packages/Incorporations
State: Installed
Publisher: solaris
Version: 0.5.11 (Oracle Solaris 11.3.22.3.0)
Build Release: 5.11
Branch: 0.175.3.22.0.3.0
Packaging Date: June 29, 2017 04:14:58 PM
Size: 5.46 kB
PUBLISHER TYPE STATUS P LOCATION
solaris origin online F file:///usr/local/sol-11_3/
solaris origin online F file:///usr/local/sol_11.3.22.3.0/
5) Install Solaris 11.4 local repository
PUBLISHER TYPE STATUS P LOCATION
solaris origin online F file:///usr/local/sol-11_3/
solaris origin online F file:///usr/local/sol-11_4-repo/
solaris origin online F file:///usr/local/sol_11.3.22.3.0/
Packages to update: 2
Estimated space available: 137.16 GB
Estimated space to be consumed: 108.53 MB
Create boot environment: No
Create backup boot environment: Yes
Rebuild boot archive: No
solaris
consolidation/ddt/ddt-incorporation
8.16.17.6.12,0.5.11-0.175.3.22.0.1.0:20170620T160828Z -> 18.3.18.7.13,0.5.11-11.4.0.0.1.11.0:20180718T212443Z
support/explorer
8.16.17.6.12,0.5.11-0.175.3.22.0.1.0:20170620T160829Z -> 18.3.18.7.13,0.5.11-11.4.0.0.1.11.0:20180718T212444Z
DOWNLOAD PKGS FILES XFER (MB) SPEED
Completed 2/2 1420/1420 7.7/7.7 0B/s
PHASE ITEMS
Removing old actions 22/22
Installing new actions 111/111
Updating modified actions 1605/1605
Updating package state database Done
Updating package cache 2/2
Updating image state Done
Creating fast lookup database Done
Updating package cache 1/1
---------------------------------------------------------------------------
https://support.oracle.com/rs?type=doc&id=2045311.1
---------------------------------------------------------------------------
----- Message truncated -----
Next time I type pkg update it shows a lot of conflicts and will not
do an upgrade.
Any ideas?
Regards, Scott
--
Bruce Porter
"The internet is a huge and diverse community but mainly friendly"
http://ytc1.blogspot.co.uk/
There *is* an alternative! http://www.openoffice.org/
YTC#1
2018-10-14 16:09:01 UTC
Permalink
Post by YTC#1
Post by Scott
I'm trying this on an test host first before trying it on the real host.
Test host is a VMWare 6.5.0 instance, on an HPE DL380g9.
The real host is in an air-gapped network, so I'm treating the test host
the same way.
I build a fresh 11.3 host, apply the 11.3.22.3.0 patches,
then try to go to 11.4. First attempt kind of works, though
I only see two packages updated.
pkg update: No solution was found to satisfy constraints
No solution found to update to latest available versions.
I had first tried patching from 11.3.22.3.0 to 11.4.1.4.0, which did not take, then I tried this multi-step method. Still can't get it to patch.
Details below.
Rebuilt host.
1) Solaris 11.3 text install
2) Install Solaris 11.3 local repository
3) Install Solaris 11.3.22.3.0 local repository
Go to SRU35 1st, but IIRC you may need to go via SRU24 then SRU35 (I had
a similar patching issue around SRU22).
I was close, it is update to SRU23
https://docs.oracle.com/cd/E37838_01/html/E60977/gmpdi.html#IOSUPfrom3to4update
Post by YTC#1
Once at SRU35, run the new pkg upgrade chekc (pkg check ??)
Then I'd suggest going to SRU35 and running the compliance check

https://docs.oracle.com/cd/E37838_01/html/E60977/gmpdi.html#IOSUPehchowto
Post by YTC#1
Post by Scott
4) pkg update -v --accept; reboot
I sincerely hope you did not reboot without checking the update ? :-)
Post by Scott
Name: entire
Summary: entire incorporation including Support Repository Update (Oracle Solaris 11.3.22.3.0).
Description: This package constrains system package versions to the same
build. WARNING: Proper system update and correct package
selection depend on the presence of this incorporation.
Removing this package will result in an unsupported system.
https://support.oracle.com/rs?type=doc&id=2045311.1
Category: Meta Packages/Incorporations
State: Installed
Publisher: solaris
Version: 0.5.11 (Oracle Solaris 11.3.22.3.0)
Build Release: 5.11
Branch: 0.175.3.22.0.3.0
Packaging Date: June 29, 2017 04:14:58 PM
Size: 5.46 kB
PUBLISHER TYPE STATUS P LOCATION
solaris origin online F file:///usr/local/sol-11_3/
solaris origin online F file:///usr/local/sol_11.3.22.3.0/
5) Install Solaris 11.4 local repository
PUBLISHER TYPE STATUS P LOCATION
solaris origin online F file:///usr/local/sol-11_3/
solaris origin online F file:///usr/local/sol-11_4-repo/
solaris origin online F file:///usr/local/sol_11.3.22.3.0/
Packages to update: 2
Estimated space available: 137.16 GB
Estimated space to be consumed: 108.53 MB
Create boot environment: No
Create backup boot environment: Yes
Rebuild boot archive: No
solaris
consolidation/ddt/ddt-incorporation
8.16.17.6.12,0.5.11-0.175.3.22.0.1.0:20170620T160828Z -> 18.3.18.7.13,0.5.11-11.4.0.0.1.11.0:20180718T212443Z
support/explorer
8.16.17.6.12,0.5.11-0.175.3.22.0.1.0:20170620T160829Z -> 18.3.18.7.13,0.5.11-11.4.0.0.1.11.0:20180718T212444Z
DOWNLOAD PKGS FILES XFER (MB) SPEED
Completed 2/2 1420/1420 7.7/7.7 0B/s
PHASE ITEMS
Removing old actions 22/22
Installing new actions 111/111
Updating modified actions 1605/1605
Updating package state database Done
Updating package cache 2/2
Updating image state Done
Creating fast lookup database Done
Updating package cache 1/1
---------------------------------------------------------------------------
https://support.oracle.com/rs?type=doc&id=2045311.1
---------------------------------------------------------------------------
----- Message truncated -----
Next time I type pkg update it shows a lot of conflicts and will not
do an upgrade.
Any ideas?
Regards, Scott
--
Bruce Porter
"The internet is a huge and diverse community but mainly friendly"
http://ytc1.blogspot.co.uk/
There *is* an alternative! http://www.openoffice.org/
Scott
2018-10-17 02:10:52 UTC
Permalink
Post by YTC#1
Post by YTC#1
Post by Scott
I'm trying this on an test host first before trying it on the real host.
Test host is a VMWare 6.5.0 instance, on an HPE DL380g9.
The real host is in an air-gapped network, so I'm treating the test host
the same way.
I build a fresh 11.3 host, apply the 11.3.22.3.0 patches,
then try to go to 11.4. First attempt kind of works, though
I only see two packages updated.
pkg update: No solution was found to satisfy constraints
No solution found to update to latest available versions.
I had first tried patching from 11.3.22.3.0 to 11.4.1.4.0, which did not take, then I tried this multi-step method. Still can't get it to patch.
Details below.
Rebuilt host.
1) Solaris 11.3 text install
2) Install Solaris 11.3 local repository
3) Install Solaris 11.3.22.3.0 local repository
Go to SRU35 1st, but IIRC you may need to go via SRU24 then SRU35 (I had
a similar patching issue around SRU22).
I was close, it is update to SRU23
https://docs.oracle.com/cd/E37838_01/html/E60977/gmpdi.html#IOSUPfrom3to4update
Post by YTC#1
Once at SRU35, run the new pkg upgrade chekc (pkg check ??)
Then I'd suggest going to SRU35 and running the compliance check
https://docs.oracle.com/cd/E37838_01/html/E60977/gmpdi.html#IOSUPehchowto
Post by YTC#1
Post by Scott
4) pkg update -v --accept; reboot
I sincerely hope you did not reboot without checking the update ? :-)
Post by Scott
Name: entire
Summary: entire incorporation including Support Repository Update (Oracle Solaris 11.3.22.3.0).
Description: This package constrains system package versions to the same
build. WARNING: Proper system update and correct package
selection depend on the presence of this incorporation.
Removing this package will result in an unsupported system.
https://support.oracle.com/rs?type=doc&id=2045311.1
Category: Meta Packages/Incorporations
State: Installed
Publisher: solaris
Version: 0.5.11 (Oracle Solaris 11.3.22.3.0)
Build Release: 5.11
Branch: 0.175.3.22.0.3.0
Packaging Date: June 29, 2017 04:14:58 PM
Size: 5.46 kB
PUBLISHER TYPE STATUS P LOCATION
solaris origin online F file:///usr/local/sol-11_3/
solaris origin online F file:///usr/local/sol_11.3.22.3.0/
5) Install Solaris 11.4 local repository
PUBLISHER TYPE STATUS P LOCATION
solaris origin online F file:///usr/local/sol-11_3/
solaris origin online F file:///usr/local/sol-11_4-repo/
solaris origin online F file:///usr/local/sol_11.3.22.3.0/
Packages to update: 2
Estimated space available: 137.16 GB
Estimated space to be consumed: 108.53 MB
Create boot environment: No
Create backup boot environment: Yes
Rebuild boot archive: No
solaris
consolidation/ddt/ddt-incorporation
8.16.17.6.12,0.5.11-0.175.3.22.0.1.0:20170620T160828Z -> 18.3.18.7.13,0.5.11-11.4.0.0.1.11.0:20180718T212443Z
support/explorer
8.16.17.6.12,0.5.11-0.175.3.22.0.1.0:20170620T160829Z -> 18.3.18.7.13,0.5.11-11.4.0.0.1.11.0:20180718T212444Z
DOWNLOAD PKGS FILES XFER (MB) SPEED
Completed 2/2 1420/1420 7.7/7.7 0B/s
PHASE ITEMS
Removing old actions 22/22
Installing new actions 111/111
Updating modified actions 1605/1605
Updating package state database Done
Updating package cache 2/2
Updating image state Done
Creating fast lookup database Done
Updating package cache 1/1
---------------------------------------------------------------------------
https://support.oracle.com/rs?type=doc&id=2045311.1
---------------------------------------------------------------------------
----- Message truncated -----
Next time I type pkg update it shows a lot of conflicts and will not
do an upgrade.
Any ideas?
Regards, Scott
--
Bruce Porter
"The internet is a huge and diverse community but mainly friendly"
http://ytc1.blogspot.co.uk/
There *is* an alternative! http://www.openoffice.org/
Many thanks, worked perfectly.
Yeah, for brevity of the post I just wrote "; reboot".
I look around more in real life, and shutdown -y -i6 -g0.

Regards, Scott
YTC#1
2018-10-17 08:39:21 UTC
Permalink
<snip>
Post by Scott
Many thanks, worked perfectly.
Yeah, for brevity of the post I just wrote "; reboot".
I look around more in real life, and shutdown -y -i6 -g0.
Cool, always handy when someone else has had the pain first :-)
--
Bruce Porter
"The internet is a huge and diverse community but mainly friendly"
http://ytc1.blogspot.co.uk/
There *is* an alternative! http://www.openoffice.org/
Scott
2018-10-23 21:42:42 UTC
Permalink
Well I tried it on the real host and can't get from 11.3.27.4.0 to 11.3.28.4.0.

# pkg update --be-name 11.3.28 ***@0.5.11-0.175.3.28
Creating Plan (Running solver): /
pkg update: Package 'library/python/numpy-27' must be uninstalled or upgraded if
the requested operation is to be performed.
Reject: pkg://solaris/library/python/numpy-***@1.9.0-5.12.0.0.0.115.0
Reason: No version matching 'optional' dependency library/python/python-extra-***@2.7,2.7-5.12.0.0.0.109.0 can be installed
Reject: pkg://solaris/library/python/python-extra-***@2.7-5.12.0.0.0.109.0
Reason: Excluded by proposed incorporation 'consolidation/desktop/desktop-incorporation'
Package 'library/python/numpy' must be uninstalled or upgraded if the requested operation is to be performed.
Reject: pkg://solaris/library/python/***@l.9.0 5.12.0.0.0.115.0
Reason: No version matching 'conditional' dependency library/python/numpy-27@,1.9.0,5.12-5.12.0.0.0.115.0 can be installed


There's a note in the readme-11_3_28_4_0.txt about bug number 15711284 / SUNBT7039051 numpy.py module should be available as a 64 bit module.

I made a few attempts to uninstall numpy; it won't go without numpy-27 gone, and numpy-27 won't go without python-extra-27 gone, and python-extra-27 won't go without 3 libraries gone. At that point I stopped trying.
YTC#1
2018-10-24 07:35:52 UTC
Permalink
Post by Scott
Well I tried it on the real host and can't get from 11.3.27.4.0 to 11.3.28.4.0.
Why are you not going straight to SRU35 now ?
Post by Scott
Creating Plan (Running solver): /
pkg update: Package 'library/python/numpy-27' must be uninstalled or upgraded if
the requested operation is to be performed.
Reason: Excluded by proposed incorporation 'consolidation/desktop/desktop-incorporation'
Package 'library/python/numpy' must be uninstalled or upgraded if the requested operation is to be performed.
There's a note in the readme-11_3_28_4_0.txt about bug number 15711284 / SUNBT7039051 numpy.py module should be available as a 64 bit module.
I made a few attempts to uninstall numpy; it won't go without numpy-27 gone, and numpy-27 won't go without python-extra-27 gone, and python-extra-27 won't go without 3 libraries gone. At that point I stopped trying.
DocID 2383138.1
--
Bruce Porter
"The internet is a huge and diverse community but mainly friendly"
http://ytc1.blogspot.co.uk/
There *is* an alternative! http://www.openoffice.org/
Scott
2018-10-24 23:12:38 UTC
Permalink
Post by YTC#1
Post by Scott
Well I tried it on the real host and can't get from 11.3.27.4.0 to 11.3.28.4.0.
Why are you not going straight to SRU35 now ?
Post by Scott
Creating Plan (Running solver): /
pkg update: Package 'library/python/numpy-27' must be uninstalled or upgraded if
the requested operation is to be performed.
Reason: Excluded by proposed incorporation 'consolidation/desktop/desktop-incorporation'
Package 'library/python/numpy' must be uninstalled or upgraded if the requested operation is to be performed.
There's a note in the readme-11_3_28_4_0.txt about bug number 15711284 / SUNBT7039051 numpy.py module should be available as a 64 bit module.
I made a few attempts to uninstall numpy; it won't go without numpy-27 gone, and numpy-27 won't go without python-extra-27 gone, and python-extra-27 won't go without 3 libraries gone. At that point I stopped trying.
DocID 2383138.1
( Doc ID 2383138.1 )
Yeah. That fixed it.

I couldn't go to SRU35, I didn't know what was broken (I thought it was a package in a repo that was missing), so I baby-stepped forward until I couldn't go forward any further.

When IPS is working I think I can take a large jump in repos, but when this problem came up I thought there must be some intermediate version packages that I needed to get to SRU35 that I did not get along the way. (I still remember pre-IPS patching.)

It's a real system, and it's a real time hit (3-4 weeks) if I damage it sufficiently to have to reinstall.

Anyway, thanks.
Regards, Scott
YTC#1
2018-10-25 06:57:45 UTC
Permalink
Post by Scott
Post by YTC#1
Post by Scott
Well I tried it on the real host and can't get from 11.3.27.4.0 to 11.3.28.4.0.
Why are you not going straight to SRU35 now ?
Post by Scott
Creating Plan (Running solver): /
pkg update: Package 'library/python/numpy-27' must be uninstalled or upgraded if
the requested operation is to be performed.
Reason: Excluded by proposed incorporation 'consolidation/desktop/desktop-incorporation'
Package 'library/python/numpy' must be uninstalled or upgraded if the requested operation is to be performed.
There's a note in the readme-11_3_28_4_0.txt about bug number 15711284 / SUNBT7039051 numpy.py module should be available as a 64 bit module.
I made a few attempts to uninstall numpy; it won't go without numpy-27 gone, and numpy-27 won't go without python-extra-27 gone, and python-extra-27 won't go without 3 libraries gone. At that point I stopped trying.
DocID 2383138.1
( Doc ID 2383138.1 )
Yeah. That fixed it.
I couldn't go to SRU35, I didn't know what was broken (I thought it was a package in a repo that was missing), so I baby-stepped forward until I couldn't go forward any further.
When IPS is working I think I can take a large jump in repos, but when this problem came up I thought there must be some intermediate version packages that I needed to get to SRU35 that I did not get along the way. (I still remember pre-IPS patching.)
It's a real system, and it's a real time hit (3-4 weeks) if I damage it sufficiently to have to reinstall.
Take an archive(UAR), archiveadm

Then regular ZFS snapshots
--
Bruce Porter
"The internet is a huge and diverse community but mainly friendly"
http://ytc1.blogspot.co.uk/
There *is* an alternative! http://www.openoffice.org/
Scott
2018-11-08 21:28:43 UTC
Permalink
Still not that great.
I ran the ehc-update compliance assessment tool, nothing of consequence
to prevent me from jumping from 11.3SRU35 to 11.4.

I have encrypted datasets, that are using:
aes-256-gcm encryption
CANMOUNT on
keystore=file:///etc/keystore/otn1raw
I have many, but two I created start with rpool/ROOT/.

After either a minor bump of 11.3 or the upgrade to 11.4, a copy of
encrypted datasets starting with rpool/ROOT/ are done.

*If* the home of the dataset starts with rpool/ROOT/...
I have to:
a) Type in a password for each copy (they are copied into new datasets).
b) After reboot, the old datasets are the ones mounted,
so I'm in a mixed beadm environment.
c) "Fix" them by:
1) change the keysource from "passphrase,prompt" to
"raw,file:///etc/keystore/otn1raw"
2) change the CANMOUNT property from noauto to on, on the new datasets,
and from on to noauto on the old datasets.


I think the fix/lesson is:
Don't create your own encrypted datasets in rpool/ROOT/.
Other places in rpool seem to be okay.

Other than that, I can't ssh into the host, but I had a 3rd party sshd
on the host before the upgrade (and it's OpenSSH from Oracle after the
upgrade).

Also, after applying 11.4, I saw:
The following unexpected or editable files and directories were
salvaged while executing the request package operation; they
have been moved to the displayed location in the image:
(they all get put into something under /tmp/tmpgfxDJI/)
usr/share/mime/subclasses
usr/share/mime/magic
usr/share/mime/types
usr/share/mime/globs2
usr/share/mime/globs
usr/share/mime/mime.cache
var/log/beadm
usr/share/mime/application
usr/share/icons/nimbus
usr/share/icons/Tango
usr/lib/system-config-printer
usr/lib/ocm
etc/nwam/loc/NoNet
etc/nwam/loc


On reboot, on the console, I get:
Loading smf(7) service descriptions: 254/254
WARNING: svccfg apply /etc/svc/profile/node/migrated_etc_svc_profile_site_profile_00:10:E0:C0:88:58.nsrhhE.xml failed
Configuring devices.Loading smf(7) service descriptions: 6/6
WARNING: svccfg apply /etc/svc/profile/node/migrated_etc_svc_profile_site_profile_00:10:E0:C0:88:58.nsrhhE.mxl failed

svc.startd[13]: svc:/system/webui/server:default: Method "/lib/svc/method/svc-webui-server start" failed with exit status 96.
svc.startd[13]: system/webui/server:default misconfigured: transitioned to maintenance (see 'svcs -xv' for details)
Scott
2018-11-09 03:43:48 UTC
Permalink
Post by Scott
Still not that great.
I ran the ehc-update compliance assessment tool, nothing of consequence
to prevent me from jumping from 11.3SRU35 to 11.4.
aes-256-gcm encryption
CANMOUNT on
keystore=file:///etc/keystore/otn1raw
I have many, but two I created start with rpool/ROOT/.
After either a minor bump of 11.3 or the upgrade to 11.4, a copy of
encrypted datasets starting with rpool/ROOT/ are done.
*If* the home of the dataset starts with rpool/ROOT/...
a) Type in a password for each copy (they are copied into new datasets).
b) After reboot, the old datasets are the ones mounted,
so I'm in a mixed beadm environment.
1) change the keysource from "passphrase,prompt" to
"raw,file:///etc/keystore/otn1raw"
2) change the CANMOUNT property from noauto to on, on the new datasets,
and from on to noauto on the old datasets.
Don't create your own encrypted datasets in rpool/ROOT/.
Other places in rpool seem to be okay.
Other than that, I can't ssh into the host, but I had a 3rd party sshd
on the host before the upgrade (and it's OpenSSH from Oracle after the
upgrade).
The following unexpected or editable files and directories were
salvaged while executing the request package operation; they
(they all get put into something under /tmp/tmpgfxDJI/)
usr/share/mime/subclasses
usr/share/mime/magic
usr/share/mime/types
usr/share/mime/globs2
usr/share/mime/globs
usr/share/mime/mime.cache
var/log/beadm
usr/share/mime/application
usr/share/icons/nimbus
usr/share/icons/Tango
usr/lib/system-config-printer
usr/lib/ocm
etc/nwam/loc/NoNet
etc/nwam/loc
Loading smf(7) service descriptions: 254/254
WARNING: svccfg apply /etc/svc/profile/node/migrated_etc_svc_profile_site_profile_00:10:E0:C0:88:58.nsrhhE.xml failed
Configuring devices.Loading smf(7) service descriptions: 6/6
WARNING: svccfg apply /etc/svc/profile/node/migrated_etc_svc_profile_site_profile_00:10:E0:C0:88:58.nsrhhE.mxl failed
svc.startd[13]: svc:/system/webui/server:default: Method "/lib/svc/method/svc-webui-server start" failed with exit status 96.
svc.startd[13]: system/webui/server:default misconfigured: transitioned to maintenance (see 'svcs -xv' for details)
The 3rd party Centrify I have installed is not yet ready for Solaris 11.4.
I reverted to 11.3SRU35.
They are planning a December release of a version that does support 11.4.
I'll try again after that.
Specifically, I get pam_unix_cred complaining when I try to ssh in.
KB-11129 addresses it, if anybody's interested. It looks like:
Oct 1 09:30:27 solaris sshd[2689]: [ID 636228 auth.error] pam_unix_cred: illegal option (null)
Oct 1 09:30:27 solaris adclient[1058]: [ID 702911 auth.warning] WARN <fd:25 sshd(2689)> /usr/lib/security/sparcv9/pam_unix_cred.so returned (3)
Oct 1 09:30:27 solaris adclient[1058]: [ID 702911 auth.debug] DEBUG <fd:25 sshd(2689)> No session ID exists.​

Regards, Scott
YTC#1
2018-11-09 13:56:28 UTC
Permalink
Post by Scott
Post by Scott
Still not that great.
I ran the ehc-update compliance assessment tool, nothing of consequence
to prevent me from jumping from 11.3SRU35 to 11.4.
aes-256-gcm encryption
CANMOUNT on
keystore=file:///etc/keystore/otn1raw
I have many, but two I created start with rpool/ROOT/.
After either a minor bump of 11.3 or the upgrade to 11.4, a copy of
encrypted datasets starting with rpool/ROOT/ are done.
*If* the home of the dataset starts with rpool/ROOT/...
a) Type in a password for each copy (they are copied into new datasets).
b) After reboot, the old datasets are the ones mounted,
so I'm in a mixed beadm environment.
1) change the keysource from "passphrase,prompt" to
"raw,file:///etc/keystore/otn1raw"
2) change the CANMOUNT property from noauto to on, on the new datasets,
and from on to noauto on the old datasets.
Don't create your own encrypted datasets in rpool/ROOT/.
Other places in rpool seem to be okay.
Other than that, I can't ssh into the host, but I had a 3rd party sshd
on the host before the upgrade (and it's OpenSSH from Oracle after the
upgrade).
The following unexpected or editable files and directories were
salvaged while executing the request package operation; they
(they all get put into something under /tmp/tmpgfxDJI/)
usr/share/mime/subclasses
usr/share/mime/magic
usr/share/mime/types
usr/share/mime/globs2
usr/share/mime/globs
usr/share/mime/mime.cache
var/log/beadm
usr/share/mime/application
usr/share/icons/nimbus
usr/share/icons/Tango
usr/lib/system-config-printer
usr/lib/ocm
etc/nwam/loc/NoNet
etc/nwam/loc
Loading smf(7) service descriptions: 254/254
WARNING: svccfg apply /etc/svc/profile/node/migrated_etc_svc_profile_site_profile_00:10:E0:C0:88:58.nsrhhE.xml failed
Configuring devices.Loading smf(7) service descriptions: 6/6
WARNING: svccfg apply /etc/svc/profile/node/migrated_etc_svc_profile_site_profile_00:10:E0:C0:88:58.nsrhhE.mxl failed
svc.startd[13]: svc:/system/webui/server:default: Method "/lib/svc/method/svc-webui-server start" failed with exit status 96.
svc.startd[13]: system/webui/server:default misconfigured: transitioned to maintenance (see 'svcs -xv' for details)
The 3rd party Centrify I have installed is not yet ready for Solaris 11.4.
I reverted to 11.3SRU35.
They are planning a December release of a version that does support 11.4.
I'll try again after that.
Specifically, I get pam_unix_cred complaining when I try to ssh in.
Oct 1 09:30:27 solaris sshd[2689]: [ID 636228 auth.error] pam_unix_cred: illegal option (null)
Oct 1 09:30:27 solaris adclient[1058]: [ID 702911 auth.warning] WARN <fd:25 sshd(2689)> /usr/lib/security/sparcv9/pam_unix_cred.so returned (3)
Oct 1 09:30:27 solaris adclient[1058]: [ID 702911 auth.debug] DEBUG <fd:25 sshd(2689)> No session ID exists.​
So many changes

Maybe they should have called it Solaris 12 :-)
--
Bruce Porter
"The internet is a huge and diverse community but mainly friendly"
http://ytc1.blogspot.co.uk/
There *is* an alternative! http://www.openoffice.org/
Loading...