Sun Update Connection System Features
This section describes the main features of Sun Update Connection System:
To use the Update Manager tool, you must install at least the End User Solaris Software Group of Solaris 10 software.
Note –
As of March 2006, not all Sun updates are available through the Update Manager application. Such updates include those that do not conform to PatchPro standards and those that have third-party contract restrictions.
Information about Solaris patches and the Sun Patch Manager 2.0 software is in System Administration Guide: Basic Administration in the Solaris 10 System Administrator Collection on the docs.sun.comSM site.
Update Manager Graphical User Interface
Update Manager offers a graphical user interface for updating systems with updates. You can use the GUI to analyze your system, apply updates you select, remove updates, and configure your update management environment.
As of June 2006, the Update Manager GUI has an updated GNOME Graphics Tool Kit (GTK+) look and feel. Update Manager now has these new features:
-
The Help pull-down menu has an Icon Legend option and an About option. The Icon Legend dialog box contains a list and description of the icons used in the Update Manager GUI. The About dialog box provides information about the current release of theSun Update Connection System.
-
Print and Save As options are available for Installed Updates, Available Updates, and README files from the File pull-down menu.
-
Available Update and Installed Update windows have been redesigned to be more user-friendly.
-
The Manage at Sun Update Connection link is now located above the table of updates in the right corner of the Update Manager window.
-
Many new icons have been integrated into Update Manager, including new status notification icons. See Chapter 4, Managing Solaris Updates by Using the Update Manager GUIfor more information.
Sun Update Connection Hosted Web Application
The Sun Update Connection Hosted web application enables you to remotely monitor and manage all update activities for each of your registered systems. This web application is hosted at Sun.
Note –
Systems that you manage with the Sun Update Connection Hosted web application can still be managed locally by using Update Manager. The update data that appears in these tools might be out of sync due to latency.
The Sun Update Connection Hosted web application is hosted on a Sun web site. You can use this tool to create jobs to run on systems as they check in to the service. A job either installs an update or uninstalls an update. You can also use the Hosted web application to view the update status of your systems and of your jobs.
The Sun Update Connection Hosted web application has these features:
-
Automatic check-in of registered systems. Each registered system checks in, or connects, to the Sun Update Connection System web site to run queued jobs, which install and uninstall updates. You can specify the check-in interval for each system.
-
Job creation. Create a job to download and install an update to one or more systems.
-
Job monitoring. View the progress of all update jobs.
-
Job management. Cancel pending jobs, archive completed jobs, and schedule system restarts to install updates that require a reboot.
For more information about the Sun Update Connection Hosted web application, see Chapter 5, Managing Solaris Updates by Using the Sun Update Connection Hosted Browser Interface.
Sun Update Connection Proxy
The Sun Update Connection Proxy was previously called local patch server.
This proxy supports client systems that use the Sun Update Connection System software and the Sun Patch Manager 2.0 software. A Sun Update Connection System client system is not compatible with the older local patch server feature associated with the Sun Patch Manager 2.0 product.
Note –
The Sun Update Connection Proxy is an optional feature that you can obtain at no charge if you have a Sun Service Plan. For information about obtaining a Sun Service Plan, go to Solaris Operating System Software Support at http://www.sun.com/service/support/software/solaris/ and select the appropriate level of service.
Starting with the Solaris 8 Operating System, client systems can access updates and update data to perform update analysis and maintenance. This update data is provided by an update source. The update source can be an update server, such as the Sun update server or a Sun Update Connection Proxy (also referred to as a local patch server), or a local collection of updates.
By using a Sun Update Connection Proxy on your intranet, you can serve updates to your local systems and minimize the Internet traffic between your systems and the Sun update server. This type of proxy caches any updates that are downloaded from its update source.
For information about configuring this type of proxy on your intranet, see Configuring Your Sun Update Connection Proxy by Using the Command-Line Interface.
The Sun Update Connection Proxy obtains updates from its source of updates on a per-request basis. You do not need to stock your proxy with updates before you use it.
The system that you choose to act as the Sun Update Connection Proxy must be running at least Solaris 10 and have at least the Developer Solaris Software Group installed. This system must also have the Update Manager software installed.
Benefits of Using a Sun Update Connection Proxy
Using a Sun Update Connection Proxy addresses security concerns as well as system analysis and update download performance issues.
For instance, if your client systems are connected to a Sun Update Connection Proxy and managed locally, the client systems do not need to be connected to the Internet. These client systems also do not need to be registered by the Update Manager software.
As another example, using this type of proxy can improve update-related performance issues. Instead of updates and metadata being downloaded from the Sun update server to each of your systems, the update is downloaded only once to your Sun Update Connection Proxy . After the update data is stored on this server, update data is transferred to your system for analysis over your intranet instead of over the Internet.
You can configure a chain of Sun Update Connection System Proxies on your intranet. The last link in the chain of proxies can point to the Sun update server or to a local collection of updates. By using this chain of proxies, an update download request from your system to its primary Sun Update Connection Proxy can be forwarded to other proxies in the chain in an attempt to fulfill the request. If your system’s primary Sun Update Connection Proxy cannot locate an update, it makes the same request of the next proxy in the chain to see if the update is stored there. If the update is found, it is downloaded to the system. If the update is not found, the request continues along the chain until the update is found or the last proxy in the chain is reached.
For example, your company has a Sun Update Connection Proxy that obtains updates directly from the Sun update server. Each office in your company has its own Sun Update Connection Proxy that obtains updates from the company proxy.
Each Sun Update Connection Proxy in the chain stores the updates found on another proxy in the chain based on the download request. So, an update that is not initially found on your proxy will be downloaded to your Sun Update Connection Proxy and stored before being downloaded to the client system. Each system in a chain of proxies might increase the amount of time it takes to download updates to your client system. So, the first time a client system requests a download, the update is downloaded to the proxy system over the Internet. Subsequent requests for that update are downloaded to the client system from the proxy system over your intranet.
PatchPro Analysis Engine
Update Manager incorporates PatchPro functionality. PatchPro performs update analyses on systems, then downloads and applies the resulting updates. This automation functionality was previously available for Solaris 2.6, Solaris 7, Solaris 8, and Solaris 9 as a separate PatchPro product, and in the Sun Patch Manager 2.0 product. PatchPro functionality is now part of the Update Manager software.
PatchPro uses signed updates, which improves the security of Solaris updates by ensuring that they have not been modified.
Note –
The pprosetup and pprosvc commands are included with Update Manager for transition purposes. It is best not to use these commands and to use the smpatch command instead.
Local-Mode Command-Line Interface
Note –
On Solaris 8 systems, you can only run smpatch in local mode.
Starting with Solaris 9, the smpatch command is available in two modes: local mode and remote mode. Local mode can only be run on the local system. This mode can be run while the system is in single-user or multiuser mode. Remote mode can be used to perform tasks on remote systems. Both local mode and remote mode can be used by users or roles that have the appropriate authorizations.
By default, smpatch runs in local mode. In local mode, the Solaris WBEM services are not used, and none of the authentication options or options that refer to remote systems are available. The smpatch command in local mode runs faster than in remote mode.
If you specify any of the remote or authentication options (except for -L), remote mode is used.
Single-User Mode Operations in Local Mode
You can use the smpatch add command in local mode to apply updates while the system is in single-user mode. Apply updates in this way when the updates are associated with the singleuser update property, or when you want to apply any updates to a quiet system.
Use only the smpatch add, smpatch order, and smpatch remove commands to manage updates when your system is running in single-user mode.
You can configure your update management environment while the system is running in single-user mode by using the smpatch get, smpatch set, and smpatch unset commands.
Do not use the smpatch analyze, smpatch download, and smpatch update commands while the system is running in single-user mode. These commands depend on network services that are not available while the system is in single-user mode.
Some updates cannot be automatically applied to your system if they do not meet the policy for applying updates. These updates might need to be applied manually in single-user mode.
Updates that require an immediate reboot or reconfiguration reboot after applying them are not applied immediately. Instead, these updates are automatically applied during a scheduled system shutdown.
The smpatch Live Upgrade Support Feature
This new feature enables users to install all updates in multi-user mode, instead of deferring the updates that require a system-restart to single-user mode.
To activate live upgrade support, you can use the -b boot-env option with the smpatch add, smpatch remove, or smpatch update commands, where -b is the boot environment and the value boot-env is the name of the specific boot environment. The command syntax is as follows:.
smpatch -add -b boot-env
Note –
The current boot environment is copied to the specified boot environment. The chosen updates are applied to the specified boot environment. The specified environment will be activated so that on reboot, the system will run the newly updated boot environment instead of the current one.
After you run the smpatch command with the selected option, a message appears on the command-line prompting you to restart the system at a convenient time.
Caution – If you run the smpatch command once again specifying the same boot environment, the changes made by any earlier command are lost. The system applies the most recent set of changes. This issue does not apply when you use the smpatch -update command, because this command installs the complete set of updates once again.
Update List Operations
You can use the smpatch command to create an ordered list of updates. You can save the ordered list to a text file and use it to perform update operations.
You might use an update list to apply the same set of updates to systems that have the same hardware and software configurations. Or, you might create an update list file that contains all pertinent security updates and use that list to apply those security updates to one or more systems.
You can create a file that contains an ordered update list by using the smpatch command in any of these ways:
-
Perform an analysis of a system. Use the smpatch analyze command to analyze a system to generate an ordered list of updates and write it to a file. You can edit this file to remove unneeded updates.
-
Supply a specific list of updates. Use the smpatch analyze command to generate an ordered list of updates based on a set of updates that you specify for a particular system. The update list is resolved by augmenting the list with updates on which they depend.
-
Point to a collection of updates that are stored on a system. Use the smpatch order command to produce an ordered list of updates based on a collection of updates that are stored on a system.
If you modify an update list and the updates are available on your system, use the smpatch order command to put the list in an order suitable for applying updates. Otherwise, use the smpatch analyze command, which also produces an ordered list of updates.
Caution – The smpatch add command attempts to apply all of the updates in the update list, regardless of the policy for applying updates and update dependencies.
You can use update lists as input to the smpatch add, smpatch analyze, smpatch download, smpatch order, and smpatch update commands.
- © 2010, Oracle Corporation and/or its affiliates