vcs-sol11_sparc-Patch-7.3.1.1100

 Basic information
Release type: Patch
Release date: 2019-11-05
OS update support: None
Technote: None
Documentation: None
Popularity: 551 viewed    39 downloaded
Download size: 100.18 MB
Checksum: 3912852831

 Applies to one or more of the following products:
InfoScale Availability 7.3.1 On Solaris 11 SPARC
InfoScale Enterprise 7.3.1 On Solaris 11 SPARC
InfoScale Storage 7.3.1 On Solaris 11 SPARC

 Obsolete patches, incompatibilities, superseded patches, or other requirements:
None.

 Fixes the following incidents:
3946643, 3947280, 3965118, 3981993

 Patch ID:
None.

Readme file
                          * * * READ ME * * *
                * * * Veritas Cluster Server 7.3.1 * * *
                         * * * Patch 1100 * * *
                         Patch Date: 2019-11-23


This document provides the following information:

   * PATCH NAME
   * OPERATING SYSTEMS SUPPORTED BY THE PATCH
   * PACKAGES AFFECTED BY THE PATCH
   * BASE PRODUCT VERSIONS FOR THE PATCH
   * SUMMARY OF INCIDENTS FIXED BY THE PATCH
   * DETAILS OF INCIDENTS FIXED BY THE PATCH
   * INSTALLATION PRE-REQUISITES
   * INSTALLING THE PATCH
   * REMOVING THE PATCH


PATCH NAME
----------
Veritas Cluster Server 7.3.1 Patch 1100


OPERATING SYSTEMS SUPPORTED BY THE PATCH
----------------------------------------
Solaris 11 SPARC
Solaris 11 X64


PACKAGES AFFECTED BY THE PATCH
------------------------------
VRTSvcs


BASE PRODUCT VERSIONS FOR THE PATCH
-----------------------------------
   * InfoScale Availability 7.3.1
   * InfoScale Enterprise 7.3.1
   * InfoScale Storage 7.3.1


SUMMARY OF INCIDENTS FIXED BY THE PATCH
---------------------------------------
Patch ID: 7.3.1.1100
* 3946643 (3932232) Even after SMF of Solaris disables VCS service, the had 
and hashadow processes still continue to run
* 3947280 (3947279) Memory leaks occurred in the hacli and the hacli_runcmd
processes.
* 3965118 (3969838) A failover Service Group can be brought online on one node even when it is ONLINE on another node
* 3981993 (3981992) A potentially critical security vulnerability in VCS needs to be addressed.


DETAILS OF INCIDENTS FIXED BY THE PATCH
---------------------------------------
This patch fixes the following incidents:

Patch ID: 7.3.1.1100

* 3946643 (Tracking ID: 3932232)

SYMPTOM:
Even after SMF of Solaris disables VCS service, the had and 
hashadow processes still continue to run

DESCRIPTION:
The VCS service stops when SMF disables the VCS services. 
However, even if the VCS service is in disabled state, the had or hashadow 
still continue to run.

RESOLUTION:
Added error handling in VCS init script to verify if the VCS 
service is stopped or not, and return the state to SMF accordingly.

* 3947280 (Tracking ID: 3947279)

SYMPTOM:
Memory leaks occurred in the hacli and the hacli_runcmd processes.

DESCRIPTION:
When an hacli command is executed on a cluster node, which runs a
process on another cluster node, the hacli_runcmd process is forked on the other
node. Thereafter, the memory usage for the hacli and the hacli_runcmd processes
continues to increase continuously until the systems run out of memory.

RESOLUTION:
This hoftix updates the hacli and the hacli_runcmd processes to plug
the memory leaks.

* 3965118 (Tracking ID: 3969838)

SYMPTOM:
A failover Service Group can be brought online on one node even when it is ONLINE on another node

DESCRIPTION:
The flush operation clears the internal state of a resource, but doesn't stop the entry points that are already running. In this situation, the entry point may report pseudo fault even when the service group is already offline on that particular node. When such fault is reported, the value of CurrentCount is decremented to zero although the service group is active in the cluster. The zero value signifies that the group is completely offline and hence VCS inadvertently allows any subsequent online request.

RESOLUTION:
Additional checks are introduced to ensure that this incorrect decrement in CurrentCount is prevented when the failover service group is active on any other node in the cluster.

* 3981993 (Tracking ID: 3981992)

SYMPTOM:
A potentially critical security vulnerability in VCS needs to be addressed.

DESCRIPTION:
A potentially critical security vulnerability in VCS needs to be addressed.

RESOLUTION:
This hotfix addresses the security vulnerability. For details, refer to the security advisory at: https://www.veritas.com/content/support/en_US/security/VTS19-003.html



INSTALLING THE PATCH
--------------------
Run the Installer script to automatically install the patch:
-----------------------------------------------------------
Please be noted that the installation of this P-Patch will cause downtime.

To install the patch perform the following steps on at least one node in the cluster:
1. Copy the patch vcs-sol11_sparc-Patch-7.3.1.1100.tar.gz to /tmp
2. Untar vcs-sol11_sparc-Patch-7.3.1.1100.tar.gz to /tmp/hf
    # mkdir /tmp/hf
    # cd /tmp/hf
    # gunzip /tmp/vcs-sol11_sparc-Patch-7.3.1.1100.tar.gz
    # tar xf /tmp/vcs-sol11_sparc-Patch-7.3.1.1100.tar
3. Install the hotfix(Please be noted that the installation of this P-Patch will cause downtime.)
    # pwd /tmp/hf
    # ./installVRTSvcs731P1100 [<host1> <host2>...]

You can also install this patch together with 7.3.1 base release using Install Bundles
1. Download this patch and extract it to a directory
2. Change to the Veritas InfoScale 7.3.1 directory and invoke the installer script
   with -patch_path option where -patch_path should point to the patch directory
    # ./installer -patch_path [<path to this patch>] [<host1> <host2>...]

Install the patch manually:
--------------------------
To apply the patch perform the following steps on all nodes in the VCS cluster:
1. Stop VCS on the cluster node.
2. Install the patch.
3. Restart VCS on the node.
To stop VCS on the cluster node:
1. Ensure that the "/opt/VRTSvcs/bin" directory is included in your PATH environment variable so that you can execute all the VCS commands. For more information, refer to the Veritas Cluster Server Installation Guide.
2. Verify that the base version of VRTSvcs is 7.3.1
3. Persistently freeze all the service groups:
# haconf -makerw
# hagrp -freeze [group] -persistent
# haconf -dump -makero
4. Stop the cluster on all nodes. On any node, run the following command to stop the cluster:
# hastop -all -force
5. Verify that the cluster is stopped on all nodes: 
# hasys -state
6. On all nodes, make sure that both the had and hashadow processes are stopped. 
7. Stop the VCS CmdServer on all nodes:   
        # /opt/VRTSvcs/bin/CmdServer -stop
8. Copy the /etc/VRTSvcs/conf/config/types.cf file to /etc/VRTSvcs/conf/config/types.cf.orig as a backup.
9. Copy the /etc/VRTSvcs/conf/config/main.cf file to /etc/VRTSvcs/conf/config/main.cf.orig as a backup.
Installing the patch
--------------------
To install the patch:
1. Log in as superuser on the system where you are installing the patch.
2. Uncompress the patch that you downloaded from Veritas.
3. Change the directory to the uncompressed patch location.
4. Apply the patch by issuing the following commands
a. Set the publisher
# pkg set-publisher -g Veritas
e.g:
# pkg set-publisher -g /hotfix_dir/patches/VRTSvcs.p5p Veritas
b. Install the package
# pkg install --accept --no-backup-be VRTSvcs
5. After the installation completes, verify that the package is installed.
# pkg info VRTSvcs
6. Unset the publisher
# pkg unset-publisher Veritas
7. Start VCS:
# hastart
8. Start the VCS CmdServer on all nodes
   # /opt/VRTSvcs/bin/CmdServer


REMOVING THE PATCH
------------------
Note: Uninstalling this patch will remove the entire VRTSvcs package. If you need
an earlier version of the package, re-install it from original source media ( ref step 3 below ).
Run the following steps on all the nodes in the VCS cluster:
1. Stop VCS:
# haconf -dump -makero
# hastop -local -force
2. Stop the VCS CmdServer
    #/opt/VRTSvcs/bin/CmdServer -stop
3. Uninstall the VRTSvcs package:
a. If you have local zones on the system, uninstall the VRTSvcs package and its dependent packages from all local zones in which it is present (repeat with set to each local zone in which VRTSvcsag is installed):
# zlogin pkg uninstall VRTSvcsag VRTSvcswiz VRTSvcs
b. Once the package is uninstalled from all local zones, uninstall the VRTSvcs package and its dependent packages from the global zone:
# pkg uninstall VRTSvcsag VRTSvcswiz VRTSvcs
4. (optional) Install the previous version of the VRTSvcs package and its dependent packages from original source media to revert your system to pre-patch conditions.
5. Start VCS:
# hastart
6. Start the VCS CmdServer on all nodes
   # /opt/VRTSvcs/bin/CmdServer


SPECIAL INSTRUCTIONS
--------------------
If a local zone is in 'configured' state while the VRTSvcs package
is being updated, then the package is not updated in local zone. To update
packages inside a local zone, set the publisher on the global zone and execute
the below command (repeat per zone as needed):
# zoneadm -z attach -u


OTHERS
------
NONE


Read and accept Terms of Service