JomaSoft provides OpenJDK17 package for Solaris 11.4 SPARC

Since two years JomaSoft produces Solaris 11.4 IPS packages
of opensource software. After postgres now openjdk was added.

Based on the work done by Peter Tribble. Thanks Peter!
https://github.com/ptribble/jdk-sunos-builder

Download Page
https://www.jomasoft.ch/downloads/#js-openjdk

Direct p5p Download Link
https://bit.ly/js-openjdk17-sparc

The package is provided without support or warranty.
Use at your own risk.

New Features in Solaris 11.4 SRU75 (Nov 2024)

Another quarterly Solaris SRU including new features

zfs mount/unmount -r
pgrep/pkill -Z
cups SMF disabled by default

FOSS: gcc14
EOF: snort, Node.js 18

 

OVM SPARC Agent End of Life

Extended Support for the OV Manager SPARC Agent ended by June 2024.
No patches are provided by Oracle anymore.

It is expected OVM SPARC Agent will not work anymore in 2025,
after old insecure components will be removed from Solaris.

Details in MOS DOC:
OVM : SPARC Solaris Support in OVM Environment After The End of OVM Extended Support. (Doc ID 3041724.1)

With JomaSoft VDCF we offer a complete and easy to use CLI solution to deploy, operate
and monitor Solaris SPARC LDoms.

WebCasts, Documentation and a Free Trial Version is available on
https://www.jomasoft.ch/vdcf/

Cleanup Oracle Solaris Audit files

Auditing is enabled by default on Solaris 11.4 and records security-related system events,
like logins, reboots, etc.

The audit files are stored in /var/share/audit.
Overtime this files use quiet some disk space

# cd /var/share/audit/
# du -sh
18.3G   .

For later analysis a backup of this files is recommended.
Maybe you have a central archive or security tools for this.

On the Solaris server there is no automatically cleanup
of this files active. This should be done manually from time to time.

For example to delete files older than 3 years.
find /var/share/audit -mtime +1095 -exec rm {} \;

If you are using JomaSoft VDCF you can execute this on all your Solaris 11 Nodes

# su
Password:
# echo "# cleanup audit files older than 3 years" >/var/opt/jomasoft/vdcf/config/script/cleanup_audit
# echo "find /var/share/audit -mtime +1095 -exec rm {} \;" >>/var/opt/jomasoft/vdcf/config/script/cleanup_audit

# exit
-bash-5.2$ config -c add type=SCRIPT name=cleanup_audit script=cleanup_audit os=11
Configuration SCRIPT successfully added.

-bash-5.2$ serverconfig -c exec servertype=node type=SCRIPT name=cleanup_audit
INFO: Servertype <node> selected, the following 'running' server are processed:
....

To learn more about Solaris Auditing take a look into the
Doc "Managing Auditing in Oracle Solaris 11.4"
https://docs.oracle.com/cd/E37838_01/html/E61027/index.html

Checkout what you can do with JomaSoft VDCF
https://www.jomasoft.com/vdcf/

New Features in Solaris 11.4 SRU72 (Aug 2024)

Another quarterly Solaris SRU including new features

System Account Check Service (svc:/system/check/user)
iostat sstore collection
Per-disk kstats for vds/zvblk
WebUI - LDom sheets
ZFS clonedir

FOSS: +suricata (IDS)

EOF: Python 3.7, Tomcat 8.5, Perl 5.36, Snort


Find details on the Oracle Solaris Blog

 

Oracle Solaris ASR troubleshooting

In a few cases I expected an ASR SR would be opened, but it did not happen.
If there are special characters in the fault the ASR manager
can't handle the request.

This can be found in the ASR Manager log

/var/opt/asrmanager/log/asr-http.log

To make ASR work correctly you have to remove the old "bad"
xml files from the ASR client.

# pwd
/var/fm/asr/msgs

# ls -tlr
total 1827
-rw-r--r--   1 noaccess noaccess    3136 Jul 30 22:32 heartbeat.xml
-rw-r--r--   1 noaccess noaccess  910240 Jul 30 22:33 audit.xml
-rw-r--r--   1 noaccess noaccess   10604 Jul 31 10:43 fault-f680bb98-d016-4259-bc00-941858fcaced.xml

rm fault-*.xml

How to send files to Oracle Support SR using ASR Manager

Most of the time it is required to attach additional files to Oracle Support Cases,
for example ILOM/XSCF snapshots or Logfiles.

If you use the ASR Manager on Solaris it is very easy to attach
additional files. It includes a transport tool. No need to copy files to
your local machine and to upload using a Browser.

Check if you use the ASR Manager

# svcs |grep asrm
online         2024-05-08T17:29:45 svc:/application/management/asrm:default

You can just copy your files into this directory

/var/opt/asrmanager/sftransport/transfer/

The files need to start with your SR-Number, for example
3-31234567890.mylogfile

The files are transported to Oracle Support and attached
to your SR every 10 minutes.

You can check the state using

/opt/asrmanager/bin/sftransport info

New Features in Solaris 11.4 SRU69 (May 2024)

Another quarterly Solaris SRU including new features

sshd_config.d/*.conf
zoneadm log
autofs SMF refresh
ps -I (ISO 8601 format)
svccfg setnotify from= header
svc:/network/ldap/identity:openldap
modinfo -x

Oracle Cloud Systems TechDay 2024 in Prague

Tuesday, June 11th

Cloud, Security, Automation, Systems

Register here:
https://eventreg.oracle.com/profile/web/index.cfm?PKwebID=0x874552abcd
 

See you there!

OpenJDK 17 is available for Solaris 11.4 SPARC

Great work by Peter Tribble
http://www.petertribble.co.uk/

Download page
https://pkgs.tribblix.org/openjdk/sparc-solaris/

Solaris 11.4 SRU60 - fc port tabular output

The default output of fcinfo hba-port contains a lot of values,
but is not optimal if you are looking for a specific attribute

# fcinfo hba-port 2100000e1ef99410
HBA Port WWN: 2100000e1ef99410
        Port Mode: Initiator
        Port ID: 10200
        OS Device Name: /dev/cfg/c5
        Manufacturer: Marvell Technology, Inc
        Model: 7023303
        Firmware Version: 8.08.04
        FCode/BIOS Version:  BIOS: 3.19; fcode: 4.02; EFI: 5.36;
        Serial Number: 463916R+1729340085
        Driver Name: qlc
        Driver Version: 230206-5.12
        Type: N-port
        State: online
        Supported Speeds: 4Gb 8Gb 16Gb
        Current Speed: 8Gb
        Node WWN: 2000000e1ef99410
        Max NPIV Ports: 253
        NPIV port list:

Solaris 11.4 SRU60 (August 2023) introduces the new -T, -O and -o flags

default tabular format

# fcinfo hba-port -T 2100000e1ef99410
PORT_WWN         PARENT_WWN       MODE      CTRL    STATE   SPEED
2100000e1ef99410 NA               Initiator c5      online  8Gb

Output for admins

# fcinfo hba-port -o port_wwn,driver_name,link_failure_count,state,speed 2100000e1ef99410
PORT_WWN         DRIVER_NAME         LINK_FAILURE_COUNT STATE   SPEED
2100000e1ef99410 qlc                 1                  online  8Gb

Output for scripts

# fcinfo hba-port -O port_wwn,driver_name,link_failure_count,state,speed 2100000e1ef99410
2100000e1ef99410:qlc:1:online:8Gb

New Features in Solaris 11.4 SRU66 (Feb 2024)

Another quarterly Solaris SRU including new features

dns/client: usevc/use-vc options
ptree -z zone -g
fractional seconds in log messages (messages, syslog)

FOSS: Apache Tomcat 9
EOF: PHP 8.0, GCC 10
Removed: ipf2pf, MySQL 5.7

 

Find details on the Oracle Solaris SRU66 blog 

https://blogs.oracle.com/solaris/post/whats-new-in-oracle-solaris-114-sru-66

Oracle offers Extended Support for Solaris 11.4 now till at least 2037

In 2023 Oracle has changed the Extended Support for Solaris 10 and Solaris 11.3
from January 2025 to January 2027.

Now Oracle adds another 3 years to Solaris 11.4 to November 2037.
This is a long term commitment I'm not aware of any other OS vendor.
New features are delivered every quarter using SRUs.

You can find all the Support dates in

http://www.oracle.com/us/support/library/lifetime-support-hardware-301321.pdf