HP UX Patch Management manual Using software depots for patch management

Page 64

7 Using software depots for patch management

A software depot, or simply depot, is a special type of file or directory formatted for use by Software Distributor for HP-UX (SD-UX). Depots can contain a variety of software products. This chapter focuses specifically on depots as repositories for patches and patch bundles. These depots are commonly referred to as patch depots.

Common uses for patch depots include the following:

Patch depots are an extremely effective mechanism for managing patches. They can be especially beneficial in managing patches for groups of systems.

Patch depots can be used as a single source of patches. This helps you to install all patches in a single installation session.

Depots are used for software delivery. When you download patches or patch bundles from HP, you receive either a depot or a file that contains a depot.

Patch depots can be transferred using email or file transfer protocol (FTP).

Patch depots are an extremely useful patch management tool for systems whose patching you manage as a group. For these groups, you can use patch depots to centrally manage tasks such as defining, testing, and updating patch configurations. First, you create a separate centralized depot for each group; then you manage the patches in each depot rather than on each individual system. These centralized depots, which can be accessed remotely, are used as the single patch source for patch installations on all systems in the corresponding group. This allows you to maintain the same patch level (set of active patches) on all your systems with less overall effort.

Another benefit of using depots is that they minimize the number of reboots required during patch installation. If you place all the patches to install into a single depot, you will be able to install the entire contents of the depot onto a system with a single reboot.

For information about depots beyond the scope of this guide, see the Software Distributor Administration Guide on the HP Business Support Center website at http://www.hp.com/go/ sd-docs.

Common software distributor commands for patching

Please note that use of the various SD-UX commands requires root privileges. For information on the SD-UX commands, see the Software Distributor Administration Guide on the HP Business Support Center website at http://www.hp.com/go/sd-docs.

Table 7-1 SD commands and patch tools

SD-UX Command

Description

check_patches

Check for installation problems and issues related to patches. Options allow

 

you to check for patches missing the SD-UX patch attributes, missing patch

 

filesets, patch object modules missing from archive libraries, patch filesets

 

with the incorrect patch_state, patch filesets not in the configured state,

 

and patch filesets that fail swverify.

 

This command is available on 11i v3 systems, and is available as a patch in

 

preceding HP-UX versions:

 

• PHCO_27780: 11.11 HP-UX Patch Tools

 

• PHCO_32220: 11.23 HP-UX Patch Tools

 

See check_patches(1M) for more information.

cleanup

Allows you to commit all patches that have been superseded a specified

 

number of times. You can execute this command in preview mode to see what

 

effect the command will have without making any changes.

64 Using software depots for patch management

Page 63 Page 65
Image 64
Page 63 Page 65
Contents Patch Management User Guide for HP-UX 11.x Systems Revision history Table of Contents What are standard HP-UX patch bundles? Using Dynamic Root Disk for patch management 104 107HP-UX patches and patch management Patch management strategiesHow to get patches Where to startQuick start guide for patching HP-UX systems OverviewBefore you begin Should you use standard HP-UX patch bundles?Standard HP-UX patch bundles Acquiring and installing standard HP-UX patch bundlesAcquiring the bundles Installing the bundles As root, run the createdepothp-ux11scriptAdvanced topic using Dynamic Root Disk DRD SwlistAcquiring and installing individual patches Acquiring the patchesQuick start guide for patching HP-UX systems Installing the patches Swverify -d \* @ /tmp/somepatchdirectory/depotAdvanced topic using Dynamic Root Disk DRD HP-UX patch overview Patch-related conceptsPatch identification HP-UX software structurePatch bundles Software depots and patch depotsPatch status Patch stateCategory tags StateSwlist -l fileset -a state grep patchid Which patches are on a system? Swlist -l product -a categorytag patchidExamples of the swlist command For example$ swlist -l product *,c=patch $ swlist -l product *,c=manualdependencies $ swlist -l bundle @ somesystemAncestors Ancestors and supersession$ swlist -l fileset -a ancestor PHSS29183 Swlist -a appliedpatches filesetname Supersession$ swlist -a appliedpatches Xserver.AGRM Swlist -l patch -x showsupersededpatches=true Showpatches -s$ swlist -l fileset -a supersedes PHSS28681 Swlist -a patchstate -x showsupersededpatches=true patchidPatch-related attributes HP-UX Patch Supersession ChainSee Category tags Types of dependencies Patch dependenciesCorequisites and prerequisites Impact of dependencies on acquiring patches Enforced and unenforced manual dependenciesSwlist -vl fileset -a dependencytype fileset Patch rollback Patch rollback and commitmentPatch commitment Cleanup -p -c number Advanced topic patch cleanup utilityHP-UX patch ratings HP patch rating Rating detailsCritical and noncritical patches Finding information for a specific patchPatch documentation $ swlist -l product -a categorytag PHSS30011Subset of fields in patch text file and patch details Obtaining information using the Itrc Patch warningsAdvanced topic the readme attribute Swlist -l product -a readme patchid moreCritical and noncritical warnings Questions to ask How to handle patch warningsAdvanced topic finding patches with warnings Backup and recovery ConsiderationsPatch management overview Patch management life cyclePatch management life cycle Patch management overview Establishing a software change management strategy Restrictive Conservative InnovativeRecommendations for software change management Operational factor and patch management strategy matrixConsideration of HP patch rating Patch management and software depotsProactive patching strategy Acquiring patches for proactive patchingReactive patching strategy Advanced topic HP-UX Software AssistantAdvanced topic security patching strategy Acquiring patches for reactive patchingTesting the patches to be installed Advanced topic scanning for security patchesWhat are standard HP-UX patch bundles? Key featuresStandard HP-UX patch bundles Obtaining standard HP-UX patch bundles Standard HP-UX patch bundle use and release datesQuick start guide for patching HP-UX systems Using the IT Resource Center Obtaining an Itrc user accountUseful pages on the Itrc Find individual patchesKey features Accessing the patch database and finding an individual patchClick the add to selected patch list button Using the IT Resource Center Advanced topic checking for all patch dependencies Check for patches with dependenciesUsing the IT Resource Center Click the add to selected patch list button Standard patch bundles Custom patch bundles run a patch assessmentSupport information digests Ask your peers in the forumsSearch knowledge base Using software depots for patch management Common software distributor commands for patchingDepot types Directory depotsUsing depots Tape depotsChoosing depot type and depot location Viewing depotsSwlist -l depot Swlist -l depot @ remotesystem $ swlist -l depot$ swlist -l depot @ swdepot.xyz.com Creating and adding to a directory depot Copying patches to depots Depot/patches/11.11Advanced topic HP-UX Software Assistant Registering and unregistering directory depotsCopying products with patch dependencies to depots Advanced topic access control lists Examples of registering and unregistering depots$ swreg -l depot /depot/patches/2003-07periodicdepot $ swreg -u -l depot /depot/patches/2003-07periodicdepotExamples of verifying directory depots Verifying directory depots$ swverify -d \* @ /mydepots/newdirectorydepot Verification had errors Removing software from a directory depotVerification succeeded $ swverify -d \* @ /mydepots/PHSS30278depotExecution succeeded Advanced topic removing superseded patches from a depot $ /usr/sbin/cleanup -d /mydepots/patchdepot$ swlist -l product -d @ /mydepots/patchdepot Installing patches from a depot Removing a directory depot$ swlist -l product @ /mydepots/patchdepot $ swreg -u -l depot /mydepots/PHCO27780depotReboots the system when required Examples of installing patches from a depot Analysis succeededCustom patch bundles Installing products with patch dependencies from a depotAnalysis and Execution succeeded Rev Patch description Examples of listing patches and bundlesRev Bundle Description Creating a custom bundle $ swlist -d @ /mydepots/temporarydepotAnalysis succeeded Finally, remove the temporary depot Using HP-UX Software Assistant for patch management For more informationUsing Dynamic Root Disk for patch management Drd1m Patch Assessment Tool Using the Patch Assessment ToolBenefits of the Patch Assessment Tool Example of running the Patch Assessment Tool Select upload new system information Contacting HP Support and other resourcesRelated information HP websites Typographic conventionsNon-HP websites Times Patch usage models Patch usage model 1 hardware/application software change Components in test Image Then productionDRD Begi n Product needs to be certified on HP-UX 11i v2/v3 Patch usage model 3 operating environment cold install Patch usage model 3 operating environment cold install Patch usage model 4 operating environment update Patch usage model 4 operating environment update Patch usage model 5 proactive patch Create clonePatch usage model 6 reactive patch Passed? SystemGlossary AncestorIPD SWA Index Index See also HWE Index
Top Page Image Contents