HP UX Patch Management manual Patch management life cycle

Page 43

Second, use standard HP-UX patch bundles as your starting point:

HP provides standard HP-UX patch bundles including the Quality Pack (QPK), Hardware Enablement (HWE), and Feature Enablement Patch Bundle (FEATURE11i) patch bundles.

The QPK consists of defect fixes and the HWE consists of patches that are required for new hardware products.

The FEATURE11i bundle enables new features and enhancements to the HP-UX operating system and applications by providing the complete, minimal set of patches required.

New HP-UX operating system features and enhancements sometimes require the selection of a “key patch.” For example, to enable the Locality-Optimized Resource Alignment (LORA) feature you must select the key patch PHKL_38980, which will then automatically select all dependent patches. See the Feature Enablement Patch Bundle section in the HP-UX Release Notes for a list of enhancements and features included in your FEATURE11i bundle.

When installing applications from AR media, patches satisfying those applications' dependencies are automatically selected from the FEATURE11i bundle on the AR media. This process works with any application that lists patch dependencies as corequisites. For this reason, FEATURE11i is the only standard patch bundle included on the AR media, as well as the OE media.

The patches in these patch bundles are tested extensively with the latest OE Update Release, so HP can recommend these patch bundles as a starting point when acquiring patches for your needs. Simply download the bundles from the ITRC or your latest HP media.

FEATURE11i, HWE, and QPK bundles are delivered on the HP-UX 11i v3 OEUR media. HP-UX 11i v3 and v2 AR media also include the FEATURE11i bundle. QPK bundles can be found on the 11i v2 Support Pack media and the HP-UX 11i v1 Support Plus media .

For more information about standard HP-UX patch bundles, see Chapter 5: “What are standard HP-UX patch bundles?” (page 52).

If you have constructed a list of patch needs, compare that with the patches in your selected bundles. If you are missing patches from your list, obtain them individually using the ITRC Patch Database.

3.Deploying patches.

Patch testing.

You should install the patches on one or more levels of preproduction systems and perform testing. Testing is discussed in more detail later in this chapter.

Planning deployment.

Determine the details regarding how the installation of the patches will occur on production systems. The frequency and timing of patch installation maintenance windows must be chosen to meet with particular system down time limitations and the need to install the new patches. You might choose the timing of patching to coincide with your current maintenance windows. However, for reactive patching, you might be required to use unscheduled maintenance. For proactive patching, common intervals are quarterly, every other quarter, and yearly. You should also consider the availability of new patches and, if you are using standard HP-UX patch bundles, you will likely want to choose a schedule that in some way coincides with the release dates of new bundles.

Patch management life cycle 43

Page 42 Page 44
Image 43
Page 42 Page 44
Contents Patch Management User Guide for HP-UX 11.x Systems Revision history Table of Contents What are standard HP-UX patch bundles? Using Dynamic Root Disk for patch management 107 104Patch management strategies HP-UX patches and patch managementWhere to start How to get patchesShould you use standard HP-UX patch bundles? Quick start guide for patching HP-UX systemsOverview Before you beginStandard HP-UX patch bundles Acquiring and installing standard HP-UX patch bundlesAcquiring the bundles As root, run the createdepothp-ux11script Installing the bundlesSwlist Advanced topic using Dynamic Root Disk DRDAcquiring the patches Acquiring and installing individual patchesQuick start guide for patching HP-UX systems Swverify -d \* @ /tmp/somepatchdirectory/depot Installing the patchesAdvanced topic using Dynamic Root Disk DRD HP-UX software structure HP-UX patch overviewPatch-related concepts Patch identificationSoftware depots and patch depots Patch bundlesPatch state Patch statusCategory tags StateSwlist -l fileset -a state grep patchid Swlist -l product -a categorytag patchid Which patches are on a system?For example Examples of the swlist command$ swlist -l product *,c=patch $ swlist -l bundle @ somesystem $ swlist -l product *,c=manualdependenciesAncestors Ancestors and supersession$ swlist -l fileset -a ancestor PHSS29183 Swlist -a appliedpatches filesetname Supersession$ swlist -a appliedpatches Xserver.AGRM Showpatches -s Swlist -l patch -x showsupersededpatches=trueSwlist -a patchstate -x showsupersededpatches=true patchid $ swlist -l fileset -a supersedes PHSS28681HP-UX Patch Supersession Chain Patch-related attributesSee Category tags Types of dependencies Patch dependenciesCorequisites and prerequisites Impact of dependencies on acquiring patches Enforced and unenforced manual dependenciesSwlist -vl fileset -a dependencytype fileset Patch rollback Patch rollback and commitmentPatch commitment Cleanup -p -c number Advanced topic patch cleanup utilityHP-UX patch ratings Rating details HP patch rating$ swlist -l product -a categorytag PHSS30011 Critical and noncritical patchesFinding information for a specific patch Patch documentationSubset of fields in patch text file and patch details Swlist -l product -a readme patchid more Obtaining information using the ItrcPatch warnings Advanced topic the readme attributeCritical and noncritical warnings Questions to ask How to handle patch warnings Advanced topic finding patches with warnings Considerations Backup and recoveryPatch management life cycle Patch management overviewPatch management life cycle Patch management overview Restrictive Conservative Innovative Establishing a software change management strategyOperational factor and patch management strategy matrix Recommendations for software change managementPatch management and software depots Consideration of HP patch ratingAcquiring patches for proactive patching Proactive patching strategyAdvanced topic HP-UX Software Assistant Reactive patching strategyAcquiring patches for reactive patching Advanced topic security patching strategyAdvanced topic scanning for security patches Testing the patches to be installedWhat are standard HP-UX patch bundles? Key featuresStandard HP-UX patch bundles Standard HP-UX patch bundle use and release dates Obtaining standard HP-UX patch bundlesQuick start guide for patching HP-UX systems Find individual patches Using the IT Resource CenterObtaining an Itrc user account Useful pages on the ItrcAccessing the patch database and finding an individual patch Key featuresClick the add to selected patch list button Using the IT Resource Center Check for patches with dependencies Advanced topic checking for all patch dependenciesUsing the IT Resource Center Click the add to selected patch list button Ask your peers in the forums Standard patch bundlesCustom patch bundles run a patch assessment Support information digestsSearch knowledge base Common software distributor commands for patching Using software depots for patch managementDirectory depots Depot typesTape depots Using depotsChoosing depot type and depot location Viewing depotsSwlist -l depot Swlist -l depot @ remotesystem $ swlist -l depot$ swlist -l depot @ swdepot.xyz.com Creating and adding to a directory depot Depot/patches/11.11 Copying patches to depotsAdvanced topic HP-UX Software Assistant Registering and unregistering directory depotsCopying products with patch dependencies to depots $ swreg -u -l depot /depot/patches/2003-07periodicdepot Advanced topic access control listsExamples of registering and unregistering depots $ swreg -l depot /depot/patches/2003-07periodicdepotExamples of verifying directory depots Verifying directory depots$ swverify -d \* @ /mydepots/newdirectorydepot $ swverify -d \* @ /mydepots/PHSS30278depot Verification had errorsRemoving software from a directory depot Verification succeededExecution succeeded Advanced topic removing superseded patches from a depot $ /usr/sbin/cleanup -d /mydepots/patchdepot$ swlist -l product -d @ /mydepots/patchdepot $ swreg -u -l depot /mydepots/PHCO27780depot Installing patches from a depotRemoving a directory depot $ swlist -l product @ /mydepots/patchdepotReboots the system when required Analysis succeeded Examples of installing patches from a depotCustom patch bundles Installing products with patch dependencies from a depotAnalysis and Execution succeeded Rev Patch description Examples of listing patches and bundlesRev Bundle Description $ swlist -d @ /mydepots/temporarydepot Creating a custom bundleAnalysis succeeded Finally, remove the temporary depot For more information Using HP-UX Software Assistant for patch managementUsing Dynamic Root Disk for patch management Drd1m Patch Assessment Tool Using the Patch Assessment ToolBenefits of the Patch Assessment Tool Example of running the Patch Assessment Tool Select upload new system information Contacting HP Support and other resourcesRelated information HP websites Typographic conventionsNon-HP websites Times Patch usage models Components in test Image Then production Patch usage model 1 hardware/application software changeDRD Begi n Product needs to be certified on HP-UX 11i v2/v3 Patch usage model 3 operating environment cold install Patch usage model 3 operating environment cold install Patch usage model 4 operating environment update Patch usage model 4 operating environment update Create clone Patch usage model 5 proactive patchPassed? System Patch usage model 6 reactive patchAncestor GlossaryIPD SWA Index Index See also HWE Index
Top Page Image Contents