* * * READ ME * * * * * * Veritas Cluster Server Bundled Agents 6.1 * * * * * * Patch 6.1.0.100 * * * Patch Date: 2014-05-05 This document provides the following information: * PATCH NAME * OPERATING SYSTEMS SUPPORTED BY THE PATCH * PACKAGES AFFECTED BY THE PATCH * BASE PRODUCT VERSIONS FOR THE PATCH * SUMMARY OF INCIDENTS FIXED BY THE PATCH * DETAILS OF INCIDENTS FIXED BY THE PATCH * INSTALLATION PRE-REQUISITES * INSTALLING THE PATCH * REMOVING THE PATCH PATCH NAME ---------- Veritas Cluster Server Bundled Agents 6.1 Patch 6.1.0.100 OPERATING SYSTEMS SUPPORTED BY THE PATCH ---------------------------------------- RHEL6 x86-64 PACKAGES AFFECTED BY THE PATCH ------------------------------ VRTSvcsag BASE PRODUCT VERSIONS FOR THE PATCH ----------------------------------- * Symantec Application HA 6.1 * Symantec Cluster Server 6.1 * Symantec Storage Foundation Cluster File System HA 6.1 * Symantec Storage Foundation for Oracle RAC 6.1 * Symantec Storage Foundation HA 6.1 SUMMARY OF INCIDENTS FIXED BY THE PATCH --------------------------------------- Patch ID: VRTSvcsag-6.1.0.100 * 3489379 (3489378) Upgrade openssl 1.0.1d to openssl1.0.1g DETAILS OF INCIDENTS FIXED BY THE PATCH --------------------------------------- This patch fixes the following Symantec incidents: Patch ID: VRTSvcsag-6.1.0.100 * 3489379 (Tracking ID: 3489378) SYMPTOM: Heartbleed vulnerability in OpenSSL. DESCRIPTION: Heartbleed vulnerability was found in OpenSSL. The VMwareDisks agent uses OpenSSL and the agent has been affected by this vulnerability. RESOLUTION: Symantec has modified the VMwareDisks agent code to fix this vulnerability. INSTALLING THE PATCH -------------------- Run the Installer script to automatically install the patch: ----------------------------------------------------------- To install the patch perform the following steps on at least one node in the cluster: 1. Copy the hot-fix vcsag-rhel6_x86_64-6.1.0.100-rpms.tar.gz to /tmp 2. Untar vcsag-rhel6_x86_64-6.1.0.100-rpms.tar.gz to /tmp/hf # mkdir /tmp/hf # cd /tmp/hf # gunzip /tmp/vcsag-rhel6_x86_64-6.1.0.100-rpms.tar.gz # tar xf /tmp/vcsag-rhel6_x86_64-6.1.0.100-rpms.tar 3. Install the hotfix # pwd /tmp/hf # ./installVRTSvcsag610HF100 [ ...] Install the patch manually: -------------------------- Perform the following steps on all nodes in the VCS cluster: 1. Take backup of your configurations. 2. Stop VCS on the cluster node. 3. Install the patch. 4. Restart VCS on the node. Stopping VCS on the cluster node -------------------------------- Perform the following steps: 1. Ensure that the "/opt/VRTSvcs/bin" directory is included in your PATH environment variable so that you can execute all the VCS commands. Refer to Veritas Cluster Server Installation Guide for more information. 2. Ensure that the version of VRTSvcsag for Linux is 6.1.0 3. Freeze all the service groups persistently. # haconf -makerw # hagrp -freeze [group] -persistent 4. Stop the cluster on all nodes. If the cluster is writable, you may close the configuration before stopping the cluster. # haconf -dump -makero From any node, execute the following command. # hastop -all or # hastop -all -force Verify that the cluster is stopped on all nodes by running the ha command. # hasys -state On all nodes, make sure that both had and hashadow processes are stopped. Also, stop the VCS CmdServer on all nodes. # CmdServer -stop Installing the Patch -------------------- Perform the following steps: 1. Un-compress the downloaded patch from Symantec. Change the directory to the uncompressed patch location. Install the VRTSvcsag patch using the following command: i. For RHEL5: # rpm -Uvh VRTSvcsag-6.1.0.100-GA_RHEL5.i686.rpm ii. For RHEL6: # rpm -Uvh VRTSvcsag-6.1.0.100-GA_RHEL6.i686.rpm iii. For SLES11: # rpm -Uvh VRTSvcsag-6.1.0.100-GA_SLES11.i586.rpm 2. Run the following command to verify if the new patch has been installed: # rpm -q VRTSvcsag If the proper patch is installed, the following output is displayed: i. For RHEL5: # VRTSvcsag-6.1.0.100-GA_RHEL5.i686 ii. For RHEL6: # VRTSvcsag-6.1.0.100-GA_RHEL6.i686 iii. For SLES11: # VRTSvcsag-6.1.0.100-GA_SLES11.i586 Re-starting VCS on the cluster node ----------------------------------- 1. To start the cluster services on all cluster nodes. Execute the following command first on one node: # hastart On all the other nodes, start VCS by executing the hastart command after the first node goes to LOCAL_BUILD or RUNNING state. 2. Make VCS cluster writable. # haconf -makerw 3. Unfreeze all the groups. # hagrp -unfreeze [group] -persistent # haconf -dump -makero REMOVING THE PATCH ------------------ Removal of the patch will result in removing the whole package from the system/node. To go back to a previous installed version of the package, you may need to re-install the package. Run the following steps on all the VCS cluster nodes: To remove the patch from a cluster node: --------------------------------------------- 1. Freeze all the service groups persistently. # haconf -makerw # hagrp -freeze [group] -persistent 2. Stop VCS on the node by following the steps provided in the section "Stopping VCS on the cluster node". 3. Remove the patch by using the following command: # rpm -e VRTSvcsag 4. Verify that the patch has been removed from the system: # rpm -qa | grep VRTSvcsag Ensure that the VRTSvcsag package is not be displayed. This confirms that the package is removed. 5. Install the VRTSvcsag package from the VCS 6.0.3 Installation DVD. 6. To start the cluster services on all cluster nodes, execute the following command first on one node: # hastart On all the other nodes, start VCS by executing hastart after the first node goes to LOCAL_BUILD or RUNNING state. 7. Unfreeze all the groups. # hagrp -unfreeze [group] -persistent # haconf -dump -makero SPECIAL INSTRUCTIONS -------------------- NONE OTHERS ------ NONE