Monday, January 1, 2024

Coming Soon: SPARC T8-2 Refresh

 

Coming Soon: Oracle SPARC T8-2 Refresh

Abstract:

In September 2017, Oracle released their flagship M8 RISC CPU, with T8 platforms based upon it! The S5 Core was an amazing accomplishment, 4 instructions per clock cycle, screaming at 5 GHz. Fujitsu simultaneously released their SPARC64 XII CPU, with SPARC M12 Platforms. Solaris 11.3 was supposed to become Solaris 12, but instead was branded as Solaris 11.4 to encourage continuity. The M8+ processors listed on the now unpublished SPARC/Solaris Roadmap, were supposed to be released in 2020. Fujitsu released a roadmap of a SPARC memory increase of 1.5% in 2021, and Fujitsu came out with new memory risers to expand memory by 150%. Oracle refreshed T8 platform components after 5 years on 2022/2023: 100 GbE NIC Cards, 32 GB FibreChannel Cards, 128 GB DIMMS (4 TB T8-2 Chassis Capacity), better Live Upgrade, Live Firmware Updates. There is a T8-2 CPU Card update coming soon... but will they hold the 2020/2021 predicted M8+ from the erased server roadmap?

New T8 Platform Coming

With the T8 platforms being released in September 2017, it appears that they may be coming of age, as the 5 year tax cycle may be ready to expire. September 2023 marked 6 years, and this is when we have been becoming aware of hardware refresh for the T8 models on the horizon.

For the trade rags not been doing their jobs, dead platforms don't roll firmware with new features. 

Nov 2023 - Firmware 9.10.7

New hardware designs are finally being released, which are incompatible with existing hardware.

  • Add support for new CPU mezzanine (CM) design (34640013, 34640060).
  • 35837133 Abort boot if incorrect FPGA is installed on Infineon T8 CM
  • 35810699 Prevent downgrades to incompatible FW if an Infineon T8 CM is installed
  • 34640060 Hostconfig support for Infineon VRD for VCORE power rails on T8 CM
  • 34640013 Add support for Infineon XDPE15284D controller for VCORE power rails on T8 CM

May 2023 - Firmware 9.10.6

Feature Request for T8-2 Motherboard w/o onboard NIC and Memory Risers /w TI TPS546D24A

  • 34575814 Support T8-2 motherboard without onboard NIC
  • 34575730 Support T8-2 motherboard without onboard NIC
  • 34575699 Support T8-2 motherboard without onboard NIC
  • 34575617 Add vrdtool_ti support for TI TPS546D24A
  • 34510413 Hostconfig support for TI TPS546D24A on T8-2 YMR
  • 34500685 Add support for TI TPS546D24A for VMEMA/VMEMB power rails on T8-2 YMR

Conclusions

Oracle has promised to support SPARC Solaris to a MINIMUM of 2034. Looking forward 11 years is a very long time away, in compute time. The M8 Processor is now 6+ years old, but the market is still playing catch up. The SPARC M8's 5 GHz clock rate with 4 instructions per clock cycle across 32 cores with additional Crypto & DB acceleration units in the same silicon is still unmatched for workloads, specially encrypted. With the previous 128 GB DIMM & 100 GbE upgrades achieved, we are looking forward to seeing what the new T8-2 CPU boards will look like... if not announced in January 2024, they may be announced in September of 2024. Will these hold the SPARC M8+ sockets? One could hope, since the market has taken 6+ years to nearly catch up.

Friday, December 15, 2023

Oracle Refreshed SPARC T8 Model

 

Oracle Refreshed SPARC T8 Model

Abstract:

In September 2017, Oracle released their flagship M8 RISC CPU, with T8 platforms based upon it! The S5 Core was an amazing accomplishment, 4 instructions per clock cycle, screaming at 5 GHz. Fujitsu simultaneously released their SPARC64 XII CPU, with SPARC M12 Platforms. Solaris 11.3 was supposed to become Solaris 12, but instead was branded as Solaris 11.4 to encourage continuity. The M8+ processors listed on the now unpublished SPARC/Solaris Roadmap, were supposed to be released in 2020. Fujitsu released a roadmap of a SPARC memory increase of 1.5% in 2021, and Fujitsu came out with new memory risers to expand memory by 150%. Oracle matched & passed Fujitsu in 2022/2023 transition.

Recent M8 Platform Additions

The SPARC M8 Platforms, like the T8-2 systems, were given new phenomenal upgrades:

  • Double Memory with memory DIMM upgrades from 64 GB to 128 GB 
  • Double SAN Storage Throughput from 16 GB to 32 GB HBA Cards
  • Quadruple Network Speed Throughput from 25 GBit to 100 GBit NIC Cards
  • Live Upgrade for Firmware
  • Better Live Migration

The expense of the larger DIMMS is dramatic. Let's compare the rough costs.

  • 1TB T8-2 Chassis /w 32GB DIMM's can be used as a baseline.
  • 2TB T8-2 Chassis /w 64GB DIMM's is similar to buying 2x 1TB T8-2 /w 32GB DIMM's. 
  • 4TB T8-2 Chassis /w 128GB DIMM's is similar to buying 4x 1TB T8-2's /w 32GB DIMM's.

The cost of the new increase capacity is not for the faint of heart.

The 2022/2023 T8-2 Component Refresh

Trade rag coverage on SPARC hardware & software updates has been anemic, at best.
How could we see the future, when trade rags were negligent in their reporting?
Oracle released SPARC T8 features between end-2022 to start-2023, forecast in bug notes.

NOV 2022 - Firmware 9.10.5

Oracle worked on 128 GB DIMM's & 6.8TB Flash F640 v4 NVMe PCIe Card (Aura 10 AIC)
  •     33752815 NVME/T_IN read bad value 96 with Aura10-SFF Intel in T8 and S7
  •     33627980 prtfru displays incorrect DIMM capacity for 128GB DIMMs

MAR 2022 - Firmware 9.10.4.a

Feature Request for Intel NVMe Solid State Drive Assembly Aura10 and improved live migration 

  •    33691051 Aura10 SFF support for SPARC
  •    33741127 Add a subguest API minor version for migration-class2 bugfix presence

OCT 2021 - Firmware 9.10.3

Improvements to firmware patching, Ethernet Cards, Memory, and improved live migration.

  •    33216275 Enable live patching in Hypervisor 1.20.6
  •    33171094 Add card identification support for Intel Ethernet Server Adapter I210-T1 OEM Gen to ILOM
  •    33005242 Add ereport.hc.dev_info for memory risers
  •    32978497 T8-2 YMR VMEM ZL9025 ASCR_CONFIG change to match T8-1 value
  •    32929538 Increase maximum chunks to account for larger dimms
  •    32925557 Add Oracle ConnectX-6 Dx EN , 2x100GbE, Dual-port QSFP, Crypto and Secure Boot FW ILOM support (Mellanox ConnectX NIC - Mellanox 25G/100GbE Adapter) (NVIDIA ConnectX-6 Dx Network Adapters) (NVIDIA Connect X-6 Dx Datasheet: ConnectX-6 Dx provides up to two ports of 100Gb/s or a single port of 200Gb/s Ethernet connectivity and is powered by 50Gb/s (PAM4) or 25/10 Gb/s (NRZ) SerDes technology.)
  •    32920850 HV support for a Tahoe+ migration class
  •    32838122 Additional changes needed for live patching of 32625647/31561348 (live firmware patching)

JUN 2021 - Firmware 9.10.2

Feature request for Intel NVMe Solid State Drive 6.4TB Flash Accelerator F640 v3 NVMe PCIe Card (Aura 9 AIC), additional DRAM Support, and Network Cards

  • 33691051 Aura10 SFF support for SPARC
  • 32074098 Add Aura9 SFF support to SPARC platforms
  • 31365759 [ILOM] "hwdiag pci info" does not show Aura8 SFF Subsystem Vendor ID, Subsystem Device ID, Part Number and Description
  • 32385998 Aura 9 SFF fail post in some systems
  • 32372784 Add timing data for more DRAM types
  • 31447119 Device Monitor: Add support for CX-5 OCP,CX-5 2x100G OCP, CX-6 Dx, and CX-6 Dx 50G, and CX-6 Dx 50G Bifurcated cards
  • 31365759 [ILOM]"hwdiag pci info" does not show Aura8 SFF Subsystem Vendor ID, Subsystem Device ID, Part Number and Description

APR 2021 - Firmware 9.10.1.a (available in 9.10.1.c)

Feature request for Intel NVMe Solid State Drive 6.4TB Flash Accelerator F640 v3 NVMe PCIe Card (Aura 9 AIC) and Live Firmware Patching

  • 31792974 Updating Aura9 Descriptions and adding Samsung v2
  • 32182811 Support multiple tcp connections on SSH-DCA port (security scanners)
  • 32059898 Enable live patching in Hypervisor 1.20.5

AUG 2020- Firmware 9.10.0.a

Feature request for Intel NVMe Solid State Drive 6.4TB Flash Accelerator F640 v3 NVMe PCIe Card (Aura 9 AIC), Intel NVMe Solid State Drive 6.4TB Flash Accelerator F640 v2 NVMe PCIe Card (Aura 8 AIC), Intel NVMe Solid State Drive 6.4TB Flash Accelerator F640 v1 NVMe PCIe Card (Aura 7 AIC), 100 GbE Support, 128 GB DIMM, and Live Firmware Patching

  • 31225789 Bug fix for Intel NVMe Solid State Drive Assembly Aura9
  • 31388207 After reset /System, mctp_drive failed on Aura8 SFF
  • 31225789 Device Monitor: Add support for Intel prototype Aura9
  • 31218973 Failed to access Aura9 SSDs via MCTP/SMBus on E2-2C
  • 31190919 add aura9/7 aic to i2c test
  • 31181415 Enable live patching in Hypervisor 1.20.4
  • 31181349 Device Monitor: Add support for Intel/Samsung Aura9
  • 30898834 ILOM change request to support Aura9 SFF from Intel/Samsung and AIC from Intel
  • 31440160 Add CX-6 Dx 50G iLOM support
  • 31404646 Add CX-6 Dx 2x100G iLOM support
  • 31388207 After reset /System, mctp_drive failed on Aura8 SFF
  • 31388020 Add CX-5 2x100G OCP NIC support to iLOM
  • 30793129 libfru DDR4 (SPD_128RW_FORMAT) CRC protection is ineffective
  • 30766834 ILOM is not identifying the part number and description of the Cx5 card
  • 30738307 DDR4 (SPD_RW128_FORMAT) SPD_Fault_Data Rrecord re-initialized on SP reboot.

 

Conclusion:

Oracle continues to  refresh their SPARC S7 & T8 lines, with Memory & Network capacity, OS Capabilities, and Firmware Capabilities. We can see from the bug trail that it takes A LONG TIME for Oracle's development team to push features to fruition, about 2 years, but updates are still coming. It is great to see one of the fastest platforms on the planet, dating back to 2017, continuing to get hardware and software updates. More is coming.

Monday, February 27, 2023

How Do I Save the LDoms Configuration under Solaris?

 

 Abstract:

Under SPARC Logical Domains, the Hypervisor is actually running in the firmware of the chassis, where the Control Domain sends commands to partition the hardware underneath the OS's. The hypervisor and all settings are completely in memory... which means if there is a power outage, all virtualization configuration can be lost. The ILOM has onboard storage, to hold the LDoms configuration, when saved, and the hypervisor in the firmware is smart enough to request the configuration from the ILOM on boot, and then simultaneously boot all Logical Domains (including the Control Domain.)

List LDom Configurations

To list all Logical Domain Configurations, which were stored to the ILOM:

sun1824-cd/root# ldm list-spconfig
factory-default
@post-migration [current]
default-config
20190301
20191002
20211014
20220908

Note: in the above example, the "@post-migration" means the configuration was saved the last time someone executed a live migration onto or off of this platform, with the "-s" flag for "save config".

Save Logical Domain Configuration

To save a copy of the LDom configuration:

sun1824-cd/root# ldm add-spconfig `date +%Y%m%d`
sun1824-cd/root#

List Saved Logical Domain Configurations

The newly saved logical domain configuration  should show as the Year, Month, Day combination

sun1824-cd/root# ldm list-spconfig
factory-default
@post-migration
default-config
20190301
20191002
20211014
20220908
20230218 [current]
sun1824-cd/root#



 

Monday, February 20, 2023

How do I reset the ILOM from Solaris?

 

How do I reset the ILOM from Solaris?

Abstract:

A Solaris is comprised of an OS to run the applications under, as well as a variety of instrumentation and virtualization. A typical stack includes: ILOM or SP, CDom, LDom, Zone. If you need to reboot the SP (System Processor) or ILOM (Integrated Lights Out Management), it can be done from the base OS which is normally a Control Domain, and is non-intrusive to the applications running on the base OS (as long as the CDom is not trying to save the state of the LDoms or attempting to read-write the configuration.)

Check ILOM UpTime

The ILOM tracks it's uptime and it is available through the IPMI Tool

sun1824-cd/root# ipmitool sunoem cli
Connected. Use ^D to exit.
-> 

-> show /SP/clock

 /SP/clock
    Targets:

    Properties:
        datetime = Fri Feb 17 22:47:14 2023
        timezone = EST (America/New_York)
        uptime = 34 days, 14:45:14
        usentpserver = enabled

    Commands:
        cd
        set
        show

 
-> exit
Disconnected

Rebooting the ILOM

The System Processor Card can be rebooted from the base Solaris OS acting as a Control Domain via:

sun1824-cd/root# PATH=/opt/ipmitool/sbin/ipmitool:/usr/sbin
sun1824-cd/root# export PATH
sun1824-cd/root# ipmitool sunoem cli
Connected. Use ^D to exit.
-> reset /SP
Are you sure you want to reset /SP (y/n)? y
Performing reset on /SP

-> exit
Disconnected

Verify ILOM Reboot

The ILOM reboot can be verified by using the IPMI tool.

sun1824-cd/root# ipmitool sunoem cli
Connected. Use ^D to exit.
-> show /SP/clock

 /SP/clock
    Targets:

    Properties:
        datetime = Sat Feb 18 22:49:25 2023
        timezone = EST (America/New_York)
        uptime = 0 days, 00:07:43
        usentpserver = enabled

    Commands:
        cd
        set
        show

-> exit
Disconnected
sun1824-cd/root#





 

 

Friday, February 17, 2023

NAWK: How can I get uptime & boot time in Solaris?

 

[Solaris Logo, courtesy former Sun Microsystems, Oracle]

Abstract:

This is part of a small article series on lesser known uses of UNIX nawk. Why nawk? This POSIX language has not changed in decades, gets very few code changes, and is mostly bug free in any reasonable operating system. Scripts written in POSIX nawk will basically run, forever. Master this simple language, and there is virtually nothing that can not be done.

What is AWK?

Awk is a scriptable text language, originally written by the authors of UNIX and C: Alfred Aho, Peter Weinberger, and Brian Kernighan. It's concepts are managing Page Header (the BEGIN clause), Page Body (multiple Pattern -> Action clauses), and Page Footer (the END clause.) 

Awk is suitable for building & manipulating any textual or markup text, which is page oriented (i.e. SQL output, Text, Adobe PostScript, Adobe FrameMaker portable maker format, HTML, XML, Microsoft RTF, Microsoft CSV, etc.)

NAWK: How can I get uptime & boot time in Solaris?

The CTime or Epoch Time can be easily retrieved from nawk using the "srand()" function, if there is no seed passed into the function. This number represents the seconds since 00:00:00 on January 1, 1970.

The boot time is the CTime/Epoch Time [in seconds], at the time of the last OS boot, and can be retrieved from "kstat". Simple subtraction and division can provide reasonably accurate conversions.

The following examples show: CTime, Boot Time, Seconds Difference, Minutes Difference, Hours Difference, Days Difference.

Example 1 - Solaris 10:

Solaris10/root# kstat -n system_misc | nawk '
BEGIN { CTime=srand() };
/boot_time/ { BTime=$2; Diff=CTime-BTime };
END { printf "CTime:\t%s\nBTime:\t%s\nScDif:\t%s\nMnDif:\t%s\nHrDif:\t%s\nDyDif:\t%s\n",
      CTime,BTime,Diff,Diff/60,Diff/60/60,Diff/60/60/24 }'

CTime:  1676683570
BTime:  1676106161
ScDif:  577409
MnDif:  9623.48
HrDif:  160.391
DyDif:  6.68297

Example 2 - Solaris 11:

Solaris 11/root# kstat -n system_misc | nawk '
BEGIN { CTime=srand() };
/boot_time/ { BTime=$2; Diff=CTime-BTime };
END { printf "CTime:\t%s\nBTime:\t%s\nScDif:\t%s\nMnDif:\t%s\nHrDif:\t%s\nDyDif:\t%s\n",
      CTime,BTime,Diff,Diff/60,Diff/60/60,Diff/60/60/24 }'

CTime:  1676683533
BTime:  1662691183
SecDif: 13992350
MinDif: 233206
HrDif:  3886.76
DayDif: 161.948

Does the code look similar? It should, Solaris 10 and Solaris 11 are POSIX compliant.

What about GAWK?

GNU's Awk is not 100% compatible with POSIX Nawk, which is a huge disappointment. I have seen code, which worked for decades, never able to run unchanged under GNU's awk.

 

Wednesday, November 23, 2022

OpsCenter 12c 12.4, Patches, and Solaris 11.4 SRU 48

 

OpsCenter 12c 12.4, Patches, and Solaris 11.4 SRU 48

Abstract

Sun Microsystems purchased a company, which performed data center management, across multiple platforms, and then decided to merge it into Solaris. The Sun Connect product was born, to help deliver patches more effectively. The N1 Compute Initiative was born, to treat all systems in the data center as a single entity. OpsCenter was made available for all customers, to do local provisioning, patch, health, and reporting. Oracle purchased Sun Microsystems and had their own management framework called Oracle Enterprise Manager, but it was always short on handling hardware through provisioning hardware & management of the ILOM hardware [without an OS]. Oracle refers to OpsCenter as Oracle Enterprise Manager OpsCenter. 

Recent History

Oracle had been updating OpC pretty aggressively in 2022, this article talks about the path to accomplish this. The first set of updates was associated with Log4J vulnerability in December 2021, but introduction of Oracle Solaris 11.4 SRU 48 on agents actually caused a disconnection to the OpsCenter server, and some aspect of this procedure must be followed in order to restore connectivity to OpsCenter from managed Solaris 11.4 servers newer than 11.4.48.

 

OpsCenter Information Center

One of the most important sections to review is the OpsCenter Information Center, within Oracle's Support Network, for understanding what OpsCenter is and what updates are occurring.

Information Center: Overview of Enterprise Manager Ops Center (Doc ID 1507780.2)
https://support.oracle.com/epmos/faces/DocumentDisplay?id=1507780.2

As of the writing of this article, there have been several CPU (Critical Patch Updates),
stemming from a Log4J vulnerability discovered in the industry in December 2021. 

This is a good place to start, regarding the latest news on OpsCenter.

OpsCenter 12.4 Release

Oracle upgraded OpsCenter to the 12.4 release in 2019. 

Release Announcement - Oracle Enterprise Manager Ops Center 12c Release 4 (12.4.0.0.0) ( Doc ID 2532906.1 ) April 2019
https://support.oracle.com/epmos/faces/DocumentDisplay?id=2532906.1

The documentation is readily available to everyone, without My Oracle Support (MOS):

Oracle Enterprise Manager Ops Center 12c Release 4 (12.4)
https://docs.oracle.com/cd/ops-center-12.4/index.htm


Base Operating System

Ops Center 12c Release 12.4 is supported on Solaris 11.3 as well as Solaris 11.4, making it a well suited management tool which can be used on nearly any piece of Solaris SPARC Hardware.
 
Most installations will be on newer hardware, with security updates available for Solaris 11.4. Solaris 11.4, as of the time of this writing, is on SRU 50... this is the 50'th month after original release of 11.4!

To avoid installing a buggy Solaris 11.4.0 & applying a half-decade of patches to Solaris 11.4.50, Oracle released free for private use Solaris 11.4 CBE or Common Build Environment.
 
As of the time of this writing, this starts at Solaris 11.4 CBE starts at SRU 42, but OpsCenter will need to be upgraded to the support repository in order to get the required Perl XML parser.

OpsCenter 12c 12.4 Pre-Requisites

There are OpsCenter bugs which require workarounds, for installation on later releases of Solaris.

There is a known BUG (32548385) with OpsCenter, introduced by Solaris 11.4.30.
The python 'mediator' in Solaris 11.4 SRU 30 is set to 3.7 instead of 2.7. Ops Center requires 2.7.
Ops Center Will Not Start After Upgrading to Solaris 11.4.3- SRU 30 - Svc:/application/scn/ajaxterm:default is Restarting Too Quickly (Doc ID 2760685.1)
https://support.oracle.com/epmos/faces/DocumentDisplay?id=2760685.1

This mediator pre-requisite must be present for OpsCenter to start up on Solaris 11.4.30 and later.

There is a known BUG (33622838) with OpsCenter, introduced by Solaris 11.4.39.
Older release of Perl 5.26 in Solaris 11.4 SRU 30 is removed. OpsCenter EC requires Perl 5.2.2.

Ops Center 12.4 upgrades to Solaris 11.4 SRU 39 on an EC will fail (Doc ID 2826475.1)
https://support.oracle.com/epmos/faces/DocumentDisplay?id=2826475.1

This perl release pre-requisite must be present for OpsCenter to install on Solaris 11.4.39 and later.

OpsCenter 12.4 Installation

OpsCenter should be installed or upgraded to its most recent base version.

A basic installation with a Single Enterprise Controller is readily available:
https://docs.oracle.com/cd/ops-center-12.4/doc.1240/e59965/GUID-0DE73AE5-1B0B-4403-890A-8F632AD30131.htm#OPCSO525

After upgrade or installation, patches should be applied.

[Byzantine Mosaic: Jesus Christ Pantocrator, Courtesy Ricard MN Photography]

OpsCenter 12.4 Critical Patch Updates

Normally, Critical Patch Updates are cumulative, but this ceased to be the case after April 2022.
A circuitous path to follow, to deal with bureaucracy, was un-affectionately referred to as Byzantine.
This is where our Byzantine journey begins!

OpsCenter 12.4 April 2022 Critical Patch Update

The April 2022 CPU resolved a variety of issues, including Log4J.
(The January 2022 release, with Log4J patches, is also bundled in the April 2022 CPU.)

Ops Center 12.4 companion document for the April 2022 CPU (Doc ID 2865470.1)
https://support.oracle.com/epmos/faces/DocumentDisplay?id=2865470.1

Non-intuitively, this refers the user to another document, that says EM-only, but includes OpsCenter:

Critical Patch Update (CPU) Program Apr 2022 Patch Availability Document (EM-only) (Doc ID 2844807.1)
https://support.oracle.com/epmos/faces/DocumentDisplay?id=2844807.1

A "Bundle Patch" was created, which must be downloaded, and applied according to the instructions:

OPSS BUNDLE PATCH 12.2.1.4.210418 Patch 32784652 or later
https://support.oracle.com/epmos/faces/ui/patch/PatchDetail.jspx?patchId=32784652

These are the major bugs which have been resolved:

Bug 33601961 - Ops Center 12.4: CVE-2021-40438 Apache HTTPD server
Bug 33490456 - CVE-2021-2351: UPDATE THE C CLIENT LIBRARY FOR NNE VULNERABILITY
Bug 33735042 - CVE-2021-44832: APACHE LOG4J UPDATE TO 2.3.2, 2.12.4, OR 2.17.1

This must be applied only on an installation of OpsCenter 12.4

OpsCenter 12.4 July 2022 Critical Patch Update

The July 2022 CPU resolved a variety of issues...

Ops Center 12.4 companion document for the July 2022 CPU (Doc ID 2885006.1)
https://support.oracle.com/epmos/faces/DocumentDisplay?id=2885006.1

Non-intuitively, this refers the user to another document, that says EM-only, but includes OpsCenter:

Critical Patch Update (CPU) Program Jul 2022 Patch Availability Document (EM-only) (Doc ID 2867874.1)
https://support.oracle.com/epmos/faces/DocumentDisplay?id=2867874.1&_afrWindowMode=0&_adf.ctrl-state=1b5ay5nont_123#babfaaai

 A "Bundle Patch" was created, which must be downloaded, and applied according to the instructions:

Ops Center UCE patches for Jul CPU 2022 Patch 34332927 or later
https://support.oracle.com/epmos/faces/ui/patch/PatchDetail.jspx?patchId=34332927

These are the major bugs which have been resolved:

Bug 34259326 - Ops Center 12.4: CVE-2022-22720 in Apache 2.4.52
Bug 34259352 - Ops Center 12.4: CVE-2022-22721 in Apache 2.4.52
Bug 34269953 - Ops Center 12.4: Upgrade OpenSSL to 1.1.1o

This must be only applied after the April release.

OpsCenter 12.4 October 2022 Critical Patch Update

The October 2022 CPU resolved a variety of issue...

Ops Center 12.4 companion document for the Oct 2022 CPU (Doc ID 2904332.1)
https://support.oracle.com/epmos/faces/DocumentDisplay?id=2904332.1

Non-intuitively, this refers the user to another document, that says EM-only, but includes OpsCenter:

Critical Patch Update (CPU) Program Oct 2022 Patch Availability Document (EM-only) (Doc ID 2888514.1)
https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=298046759019691&id=2888514.1&_adf.ctrl-state=1b5ay5nont_659

A "Bundle Patch" was created, which must be downloaded, and applied according to the instructions:

Ops Center UI/Other patches for Oct CPU 2022 Patch 34611523 or later
https://support.oracle.com/epmos/faces/ui/patch/PatchDetail.jspx?patchId=34611523

These are the major bugs which have been resolved:

Bug 33952830  CVE-2021-23450: DOJO UPDATE TO AT LEAST 1.17.0

This must be only applied after the April and July releases.

OS Upgrade to Solaris 11.4 SRU 48

This may seem counter intuitive, but there is a bug in SRU 48, which disconnects OpsCenter agent from the OpsCenter Proxy Controller, which reflects in a down agent in OpsCenter Enterprise Controller... and before you can fix this bug, the operating system must be upgraded to crash the agent, then the fix can be applied.

Fixing the OpsCenter OS Agent

With application of Oracle Solaris 11.4 SRU 48, the agent fails to connect to the management station.

A good article on the topic is:

Ops Center 12.4: CDOM Agents fail to start after a Solaris upgrade to 11.4 SRU 48 ( Doc ID 2892465.1 )
https://support.oracle.com/epmos/faces/DocumentDisplay?id=2892465.1

At the root cause, there are a variety of bugs identified with SRU48.

Bug 34525568 : OpsCenter 12.4 CDOM Agents fail to start on Solaris SRU11.4.48 due to XMPP
Bug 34560282 : Ops Center Agent won't start after upgrade to 11.4SRU48 with S7 having Global zone
Bug 33876279 Local connections should skip TLS, SASL handshake

The patch to correct this problem, with SRU 48+, can only be acquired from the OpsCenter team, and is not generally available through the Oracle Patch Management system

A Service Request must be filed, specifically asking for the patch:

Patch 34525568


Monday, November 14, 2022

Installing a ISO from ILOM 4.0.3+ using SSH

Installing a ISO from ILOM 4.0.3+ using SSH

Abstract:

The SPARC platform have long come with various Lights Out Management (LOM) capabilities, to access the hardware, and provide for access to the OS from underneath, when there is a hardware issue. A more advanced system called Integrated Lights Out Management (ILOM) was later created. With ILOM 4.0.3, a feature was created to allow for the boot from a remove ISO via SSH!

Where to get ISO:

The easiest place to get the most recent version of Solaris, such as the Common Build Edition

https://www.oracle.com/solaris/solaris11/downloads/solaris-downloads.html

Various ISO's are available from Oracle for Solaris:

Where to download Oracle Solaris ISO images and Update Releases (Doc ID 1277964.1) 
https://support.oracle.com/epmos/faces/DocumentDisplay?id=1277964.1

What to do from ILOM:

Copy ISO's to a local directory on a server

a.b.c.d/user$ ls -l /export/home/user/*iso
a.b.c.d/user$ ls -al /u000/P2V/iso/*iso
-rw-r--r--   1 user root   2314731520 May 12  2016 /export/home/user/sol-10-u11-ga-sparc-dvd.iso
-rw-r--r--   1 user root     867020800 May 13  2016 /export/home/user/sol-11_3-text-sparc.iso
-rw-r--r--   1 user root   1018736640 Apr 23  2019 /export/home/user/sol-11_4-text-sparc.iso
-rw-r--r--   1 user root     551464960 Oct 20  2011 /export/home/user/sol-11-1111-text-sparc.iso

Make sure there is connectivity from the ILOM to the Server hosting the ISO

-> set /SP/network/test ping=a.b.c.d
Ping of
a.b.c.d succeeded

Set the ILOM Host Storage Device to Remote

-> set /SP/services/kvms/host_storage_device/ mode=remote

Set the username, password, and ISO location

-> cd /SP/services/kvms/host_storage_device/remote

-> set username=user
-> set password=password
-> set server_URI=sshfs://a.b.c.d:/export/home/user/sol-11_4-text-sparc.iso

/SP/services/kvms/host_storage_device=remote
Targets:
Properties:
password = *****
server_URI = sshfs://a.b.c.d:/export/home/user/sol-11_4-text-sparc.iso
username = user

Review Values

-> show /SP/services/kvms/host_storage_device/

/SP/services/kvms/host_storage_device

Targets:
remote

Properties:
mode = remote
status = operational 

Stop Automatic Boot on Host

-> set /HOST/bootmode script="setenv auto-boot? false"

Mount & Boot the Remote ISO

-> start /SP/console -script 

{ok} reset-all
{ok} devalias
...
rcdrom

{ok} ok boot rcdrom

Boot device: /pci@311/pci@1/usb@0/storage@1/disk@0 File and args:
SunOS Release 5.11 Version 11.4.0.15.0 64-bit
Copyright (c) 1983, 2018, Oracle and/or its affiliates. All rights reserved.
Remounting root read/write
Probing for device nodes ...
Preparing image for use
NOTICE: mount: not a UFS magic number (0x0)
NOTICE: mount: not a UFS magic number (0x0)
Done mounting image
USB keyboard
1. Arabic 15. Korean
2. Belgian 16. Latin-American
3. Brazilian 17. Norwegian
4. Canadian-Bilingual 18. Portuguese
5. Canadian-French 19. Russian
6. Danish 20. Spanish
7. Dutch 21. Swedish
8. Dvorak 22. Swiss-French
9. Finnish 23. Swiss-German
10. French 24. Traditional-Chinese
11. German 25. TurkishQ
12. Italian 26. UK-English
13. Japanese-type6 27. US-English
14. Japanese

To select the keyboard layout, enter a number [default 27]:

Additional Information

A good note on this process is available for people with Oracle Support:
How to Install/Re-image a T5-x, S7, T7-x, T8-x, M7-x, or M8-x System Using the sshfs Protocol (Doc ID 2817892.1)
https://support.oracle.com/epmos/faces/DocumentDisplay?id=2817892.1