HP UX Patch Management manual Using depots, Tape depots

Page 66

For patch management, directory depots offer the following advantages over tape depots:

Can be made available to remote users. See “Registering and unregistering directory depots” (page 71).

Are optimized for random access by multiple simultaneous sessions.

Allow for customized access controls. See “Advanced topic: access control lists” (page 72).

Allow SD-UX verification. See “Verifying directory depots” (page 73).

Allow modification.

Using these features, you can centrally define and support standardized sets of patches for members of your organization to use for patch installation.

There are other benefits to using directory depots. Installation from a directory depot on a local or remote disk is likely to be faster than installing from removable media. You can also install software onto a remote system without having to physically load the install media onto the system.

For example, consider a company with multiple locations over a large geographical region. This company creates and maintains a centralized directory depot for companywide use and locates it on a networked system at location A. Employees at location B can install software from this depot onto systems at location C without ever leaving their desks.

Tape depots

Tape depots, also known as serial access depots, are primarily used for software transfer. Tape depots are completely contained within a single file, which is formatted as a tape archive (tar), and are accessed in a serial manner. Within the archive, directory and file entries are organized using the same structure as that used for directory depots. Tape depots have the default file extension .depot. Although you are not required to use this extension, it can help you to easily distinguish tape depots from other files.

If you download patches or patch bundles from HP, you receive tape depots. These depots might be contained in another file, such as a tar file or a shell archive (shar) file. Although the tape depot format was designed to support software delivery on tape, tape depots are not limited to tape media. You can locate them anywhere a directory depot can be located.

Using depots

As you start identifying uses for depots in your patch management process, you should consider the intended purpose and use model for each potential depot. There are many appropriate patch management uses for depots, including the following:

Periodic patch depot — contains patches that define the current recommended patch level. These are patches that you have tested as a group on the target configuration. You will generate periodic patch depots on a regular basis. Here are some possible generation time frames:

Semiyearly or yearly, to coincide with the release of specific-standard HP-UX patch bundles, such as Quality Pack (QPK) or Hardware Enablement (HWE).

Monthly, to allow more timely inclusion of critical fixes and security patches.

Regularly in advance of scheduled system down time to take advantage of the opportunity to install new patches.

Many users find it unacceptable to modify the contents of a periodic patch depot after it has undergone analysis and testing. In this case, you can create a critical patch depot to supplement a periodic patch depot.

Critical patch depot — contains critical fix or security-related patches that were not available when you created the latest periodic patch depot. Use this depot to update any systems that encounter known failures and to bring systems up to the latest level of security patches. You can use this depot as the starting point for the next version of the periodic patch depot.

66 Using software depots for patch management

Image 66
Contents Patch Management User Guide for HP-UX 11.x Systems Revision history Table of Contents What are standard HP-UX patch bundles? Using Dynamic Root Disk for patch management 104 107HP-UX patches and patch management Patch management strategiesHow to get patches Where to startBefore you begin Quick start guide for patching HP-UX systemsOverview Should you use standard HP-UX patch bundles?Acquiring and installing standard HP-UX patch bundles Standard HP-UX patch bundlesAcquiring the bundles Installing the bundles As root, run the createdepothp-ux11scriptAdvanced topic using Dynamic Root Disk DRD SwlistAcquiring and installing individual patches Acquiring the patchesQuick start guide for patching HP-UX systems Installing the patches Swverify -d \* @ /tmp/somepatchdirectory/depotAdvanced topic using Dynamic Root Disk DRD Patch identification HP-UX patch overviewPatch-related concepts HP-UX software structurePatch bundles Software depots and patch depotsPatch status Patch stateState Category tagsSwlist -l fileset -a state grep patchid Which patches are on a system? Swlist -l product -a categorytag patchidExamples of the swlist command For example$ swlist -l product *,c=patch $ swlist -l product *,c=manualdependencies $ swlist -l bundle @ somesystemAncestors and supersession Ancestors$ swlist -l fileset -a ancestor PHSS29183 Supersession Swlist -a appliedpatches filesetname$ swlist -a appliedpatches Xserver.AGRM Swlist -l patch -x showsupersededpatches=true Showpatches -s$ swlist -l fileset -a supersedes PHSS28681 Swlist -a patchstate -x showsupersededpatches=true patchidPatch-related attributes HP-UX Patch Supersession ChainSee Category tags Patch dependencies Types of dependenciesCorequisites and prerequisites Enforced and unenforced manual dependencies Impact of dependencies on acquiring patchesSwlist -vl fileset -a dependencytype fileset Patch rollback and commitment Patch rollbackPatch commitment Advanced topic patch cleanup utility Cleanup -p -c numberHP-UX patch ratings HP patch rating Rating detailsPatch documentation Critical and noncritical patchesFinding information for a specific patch $ swlist -l product -a categorytag PHSS30011Subset of fields in patch text file and patch details Advanced topic the readme attribute Obtaining information using the ItrcPatch warnings Swlist -l product -a readme patchid moreCritical and noncritical warnings How to handle patch warnings Questions to askAdvanced topic finding patches with warnings Backup and recovery ConsiderationsPatch management overview Patch management life cyclePatch management life cycle Patch management overview Establishing a software change management strategy Restrictive Conservative InnovativeRecommendations for software change management Operational factor and patch management strategy matrixConsideration of HP patch rating Patch management and software depotsProactive patching strategy Acquiring patches for proactive patchingReactive patching strategy Advanced topic HP-UX Software AssistantAdvanced topic security patching strategy Acquiring patches for reactive patchingTesting the patches to be installed Advanced topic scanning for security patchesKey features What are standard HP-UX patch bundles?Standard HP-UX patch bundles Obtaining standard HP-UX patch bundles Standard HP-UX patch bundle use and release datesQuick start guide for patching HP-UX systems Useful pages on the Itrc Using the IT Resource CenterObtaining an Itrc user account Find individual patchesKey features Accessing the patch database and finding an individual patchClick the add to selected patch list button Using the IT Resource Center Advanced topic checking for all patch dependencies Check for patches with dependenciesUsing the IT Resource Center Click the add to selected patch list button Support information digests Standard patch bundlesCustom patch bundles run a patch assessment Ask your peers in the forumsSearch knowledge base Using software depots for patch management Common software distributor commands for patchingDepot types Directory depotsUsing depots Tape depotsViewing depots Choosing depot type and depot locationSwlist -l depot $ swlist -l depot Swlist -l depot @ remotesystem$ swlist -l depot @ swdepot.xyz.com Creating and adding to a directory depot Copying patches to depots Depot/patches/11.11Registering and unregistering directory depots Advanced topic HP-UX Software AssistantCopying products with patch dependencies to depots $ swreg -l depot /depot/patches/2003-07periodicdepot Advanced topic access control listsExamples of registering and unregistering depots $ swreg -u -l depot /depot/patches/2003-07periodicdepotVerifying directory depots Examples of verifying directory depots$ swverify -d \* @ /mydepots/newdirectorydepot Verification succeeded Verification had errorsRemoving software from a directory depot $ swverify -d \* @ /mydepots/PHSS30278depotExecution succeeded $ /usr/sbin/cleanup -d /mydepots/patchdepot Advanced topic removing superseded patches from a depot$ swlist -l product -d @ /mydepots/patchdepot $ swlist -l product @ /mydepots/patchdepot Installing patches from a depotRemoving a directory depot $ swreg -u -l depot /mydepots/PHCO27780depotReboots the system when required Examples of installing patches from a depot Analysis succeededInstalling products with patch dependencies from a depot Custom patch bundlesAnalysis and Execution succeeded Examples of listing patches and bundles Rev Patch descriptionRev Bundle Description Creating a custom bundle $ swlist -d @ /mydepots/temporarydepotAnalysis succeeded Finally, remove the temporary depot Using HP-UX Software Assistant for patch management For more informationUsing Dynamic Root Disk for patch management Drd1m Using the Patch Assessment Tool Patch Assessment ToolBenefits of the Patch Assessment Tool Example of running the Patch Assessment Tool Select upload new system information Support and other resources Contacting HPRelated information Typographic conventions HP websitesNon-HP websites Times Patch usage models Patch usage model 1 hardware/application software change Components in test Image Then productionDRD Begi n Product needs to be certified on HP-UX 11i v2/v3 Patch usage model 3 operating environment cold install Patch usage model 3 operating environment cold install Patch usage model 4 operating environment update Patch usage model 4 operating environment update Patch usage model 5 proactive patch Create clonePatch usage model 6 reactive patch Passed? SystemGlossary AncestorIPD SWA Index Index See also HWE Index