HP UX Patch Management manual Patch usage model 5 proactive patch, Create clone

Page 102

Patch usage model 5: proactive patch

B egin:

Start with functioning

system

Is patch

assessment to be performed by HP No

support?

Yes

Use DRD to minimize dow nti m e

Yes

Create clone

				Run SWA to
				find additional
				issues and their
				resolution.
				Updated products
				and patches will
No				and patches will
No				be identified;
				manual actions
				manual actions
				might be required.
				Use SWA to
				create depot of
				additional patches
				if needed.

Resolve security issues including manual actions. Add patches used for reactive patching in the past to the patch depot.

Contact HP S uppo rt

for p atch

assessm ent

Use DRD to

Was

Obtain patch

DRD used

Install

minimize

No

No

depot from HP

to create

patches

dow nti m e?

a clone?

Yes

Test/

validation/

roll into

* Ensure the latest

production

Yes

Create clone

drd_unsafe_patch_list

file is loaded

Apply

patches

to clone

and

test/validate

Activate and reboot clone

	End:		Create
	Functioning
			recovery/
	system with new
			archive image
	patches

NOTE: * More information is available in the Managing Rare DRD-Unsafe Patches white paper, available at http://www.hp.com/go/drd-docs.

102 Patch usage models

Image 102

Contents Patch Management User Guide for HP-UX 11.x Systems Revision history Table of Contents What are standard HP-UX patch bundles? Using Dynamic Root Disk for patch management 104 107HP-UX patches and patch management Patch management strategiesHow to get patches Where to startBefore you begin Quick start guide for patching HP-UX systemsOverview Should you use standard HP-UX patch bundles?Acquiring and installing standard HP-UX patch bundles Standard HP-UX patch bundlesAcquiring the bundles Installing the bundles As root, run the createdepothp-ux11scriptAdvanced topic using Dynamic Root Disk DRD SwlistAcquiring and installing individual patches Acquiring the patchesQuick start guide for patching HP-UX systems Installing the patches Swverify -d \* @ /tmp/somepatchdirectory/depotAdvanced topic using Dynamic Root Disk DRD Patch identification HP-UX patch overviewPatch-related concepts HP-UX software structurePatch bundles Software depots and patch depotsPatch status Patch stateState Category tagsSwlist -l fileset -a state grep patchid Which patches are on a system? Swlist -l product -a categorytag patchidExamples of the swlist command For example$ swlist -l product *,c=patch $ swlist -l product *,c=manualdependencies $ swlist -l bundle @ somesystemAncestors and supersession Ancestors$ swlist -l fileset -a ancestor PHSS29183 Supersession Swlist -a appliedpatches filesetname$ swlist -a appliedpatches Xserver.AGRM Swlist -l patch -x showsupersededpatches=true Showpatches -s$ swlist -l fileset -a supersedes PHSS28681 Swlist -a patchstate -x showsupersededpatches=true patchidPatch-related attributes HP-UX Patch Supersession ChainSee Category tags Patch dependencies Types of dependenciesCorequisites and prerequisites Enforced and unenforced manual dependencies Impact of dependencies on acquiring patchesSwlist -vl fileset -a dependencytype fileset Patch rollback and commitment Patch rollbackPatch commitment Advanced topic patch cleanup utility Cleanup -p -c numberHP-UX patch ratings HP patch rating Rating detailsPatch documentation Critical and noncritical patchesFinding information for a specific patch $ swlist -l product -a categorytag PHSS30011Subset of fields in patch text file and patch details Advanced topic the readme attribute Obtaining information using the ItrcPatch warnings Swlist -l product -a readme patchid moreCritical and noncritical warnings How to handle patch warnings Questions to askAdvanced topic finding patches with warnings Backup and recovery ConsiderationsPatch management overview Patch management life cyclePatch management life cycle Patch management overview Establishing a software change management strategy Restrictive Conservative InnovativeRecommendations for software change management Operational factor and patch management strategy matrixConsideration of HP patch rating Patch management and software depotsProactive patching strategy Acquiring patches for proactive patchingReactive patching strategy Advanced topic HP-UX Software AssistantAdvanced topic security patching strategy Acquiring patches for reactive patchingTesting the patches to be installed Advanced topic scanning for security patchesKey features What are standard HP-UX patch bundles?Standard HP-UX patch bundles Obtaining standard HP-UX patch bundles Standard HP-UX patch bundle use and release datesQuick start guide for patching HP-UX systems Useful pages on the Itrc Using the IT Resource CenterObtaining an Itrc user account Find individual patchesKey features Accessing the patch database and finding an individual patchClick the add to selected patch list button Using the IT Resource Center Advanced topic checking for all patch dependencies Check for patches with dependenciesUsing the IT Resource Center Click the add to selected patch list button Support information digests Standard patch bundlesCustom patch bundles run a patch assessment Ask your peers in the forumsSearch knowledge base Using software depots for patch management Common software distributor commands for patchingDepot types Directory depotsUsing depots Tape depotsViewing depots Choosing depot type and depot locationSwlist -l depot $ swlist -l depot Swlist -l depot @ remotesystem$ swlist -l depot @ swdepot.xyz.com Creating and adding to a directory depot Copying patches to depots Depot/patches/11.11Registering and unregistering directory depots Advanced topic HP-UX Software AssistantCopying products with patch dependencies to depots $ swreg -l depot /depot/patches/2003-07periodicdepot Advanced topic access control listsExamples of registering and unregistering depots $ swreg -u -l depot /depot/patches/2003-07periodicdepotVerifying directory depots Examples of verifying directory depots$ swverify -d \* @ /mydepots/newdirectorydepot Verification succeeded Verification had errorsRemoving software from a directory depot $ swverify -d \* @ /mydepots/PHSS30278depotExecution succeeded $ /usr/sbin/cleanup -d /mydepots/patchdepot Advanced topic removing superseded patches from a depot$ swlist -l product -d @ /mydepots/patchdepot $ swlist -l product @ /mydepots/patchdepot Installing patches from a depotRemoving a directory depot $ swreg -u -l depot /mydepots/PHCO27780depotReboots the system when required Examples of installing patches from a depot Analysis succeededInstalling products with patch dependencies from a depot Custom patch bundlesAnalysis and Execution succeeded Examples of listing patches and bundles Rev Patch descriptionRev Bundle Description Creating a custom bundle $ swlist -d @ /mydepots/temporarydepotAnalysis succeeded Finally, remove the temporary depot Using HP-UX Software Assistant for patch management For more informationUsing Dynamic Root Disk for patch management Drd1m Using the Patch Assessment Tool Patch Assessment ToolBenefits of the Patch Assessment Tool Example of running the Patch Assessment Tool Select upload new system information Support and other resources Contacting HPRelated information Typographic conventions HP websitesNon-HP websites Times Patch usage models Patch usage model 1 hardware/application software change Components in test Image Then productionDRD Begi n Product needs to be certified on HP-UX 11i v2/v3 Patch usage model 3 operating environment cold install Patch usage model 3 operating environment cold install Patch usage model 4 operating environment update Patch usage model 4 operating environment update Patch usage model 5 proactive patch Create clonePatch usage model 6 reactive patch Passed? SystemGlossary AncestorIPD SWA Index Index See also HWE Index