To use the Update Manager software, you must be familiar with these concepts:
Information about Solaris patches and the Sun Patch Manager 2.0 software is in System Administration Guide: Basic Administration in the Solaris 10 System Administrator Collection on the docs.sun.com site.
Update Manager is a tool for managing updates on Solaris 10 systems. Update Manager extends the functionality that was previously available with the Sun Patch Manager 2.0 software. This new functionality is only available if you have a Sun Online Account and you register your system with Sun.
You can always use the smpatch add command and the smpatch remove command to manage updates that you manually download from Sun. A system that you manage in this way need not be registered. However, your system must be registered if you use the smpatch analyze, smpatch download, or smpatch update command.
Only systems that have been registered with Update Manager can use its functionality and be managed remotely by the Sun Update Connection Hosted web application.
For instructions on registering your system, see How to Register Your System. For information about obtaining a subscription key, see How to Obtain a Sun Subscription Key.
If you locally manage a system that is a client of a Sun Update Connection Proxy on your intranet, you do not need to register the client system. You must register the system that acts as the proxy. If, however, your client system is also remotely managed by the Sun Update Connection Hosted web application, the client system must be registered.
A customer with a Sun Service Plan, which includes software support, can do any of the following:
Use the Update Manager application to locally manage updates
Use the Sun Update Connection Hosted web application to remotely manage updates
Access the Sun update server to manually manage updates
Use the smpatch command to manage updates
For information about the available Solaris Service Plans, go to the http://www.sun.com/service/solaris10/ web site.
To use Update Manager, you must register the system on which you installed the software. You can select from three levels of registration and entitlement, which are described in the following sections:
Registered with no subscription
Registered with a subscription
Registered with a subscription and managed with Sun Update Connection System
An unregistered system only has access to security updates. You can manage the updates on your unregistered system by using the smpatch add command and the smpatch remove command.
You have sent basic information about your system to Sun, but have not purchased an update management subscription. At this service level, you can use the Update Manager application to locally manage updates, which includes doing the following:
Viewing lists of installed updates
Managing security updates on your system
Analyzing your system for appropriate updates
Installing and uninstalling appropriate updates
Resolving update dependencies
Monitoring update download and installation status
Being notified when new updates for your system become available
If your update management environment includes a Sun Update Connection Proxy and your system is a client of that proxy, your client system does not need to be registered to use the Update Manager software. However, the system that acts as the proxy must be registered.
You have sent system information to Sun and have purchased an update management subscription. This service level expands the functionality available at the previous (basic) service level. You can use the Update Manager application for these tasks:
Managing all Solaris updates on your system
Selecting updates for automated download and installation
Receiving notification about all update dependencies
Deciding to remotely manage your system with the Sun Update Connection Hosted web application
If your update management environment includes a Sun Update Connection Proxy and your system is a client of that proxy, your client system does not need to be registered to use the Update Manager software. The system that acts as the proxy must be registered. If, however, you decide to use the Sun Update Connection Hosted web application to remotely manage your client system, that system must be registered.
You have sent system information, purchased a subscription, and want to use the Sun Update Connection Hosted web application to remotely manage updates. This service level expands the functionality available at the previous (middle) service level. You can use the Sun Update Connection Hosted web application for these tasks:
Viewing information about all your managed systems
Viewing reports that show all update management activity
Using a web application that is hosted at Sun to remotely manage updates on your systems
Controlling system check-in times to automate update management
Update Manager enables you to perform the update management process, which includes the following tasks:
Analyzing the system to obtain a list of appropriate updates
Downloading the appropriate updates to your system
Applying the appropriate updates to your system
Configuring the update management environment for your system
Tuning the update management environment for your system
Removing updates from your system
Using the Sun Update Connection Hosted web application to remotely manage your systems
For information about recommended strategies and practices for using Solaris updates, see Solaris Patch Management Recommended Strategies at http://docs.sun.com/app/docs/coll/1078.1.
After an update has been successfully applied, the downloaded update is removed from the download directory.
Updates are applied to your system depending on the specified policy and the update properties that are associated with the downloaded updates.
If an update does not meet the policy for applying updates, the update is not applied immediately. Instead, the update is applied during a scheduled system shutdown. The Update Manager application shows these updates as being Restart Required updates.
For any of the updates that have the interactive property set, follow the instructions in the update’s README file to manually apply them. The Update Manager application shows these updates as being Download Only updates.
Before you apply updates to your system, you must determine which updates are needed. You can use Update Manager to perform a update analysis of your system to obtain a list of appropriate updates.
Update Manager uses analysis modules and a list of available updates to perform the analysis of your Solaris system. For information about the source of updates, see Specifying the Source of Updates.
Based on the result of the analysis, the updates can be downloaded and applied to your system.
Sometimes an update cannot be applied to the system until another update is applied. The first update is said to depend on the second update. When Update Manager analyzes your system, it checks for update dependencies and automatically includes all updates in the resulting list.
The list of updates that is generated by the analysis is based on all of the available updates from the Sun update server. No explicit information about your host system or its network configuration is transmitted to Sun. Only a request for the Sun update set is transmitted. The update set is scanned for updates that are appropriate for this host system, the results are displayed, and those updates are optionally downloaded.
Before you apply updates to your system, you must download the updates that you want from the Sun update server to that system.
You can download updates from the Sun update server based on an analysis of the system, or you can specify particular updates to download.
The Update Manager application ties the download operation and the installation operation together. So, when you request that an update be installed, the update is first downloaded to your system and then installed.
Some updates, which are marked as Download Only, cannot be installed by the Update Manager application. When you request that a Download Only update be installed, the update is downloaded to your system, but not installed. To install the update, you must follow the installation instructions in the update’s README file.
Update Manager can apply updates to your system.
If you use the smpatch add command to apply particular updates, it attempts to apply only those updates that you specified. The smpatch add command does not attempt to resolve update dependencies. If you want to apply an update that has a missing dependency, the update is not applied. You can use the smpatch analyze command or the smpatch update command to resolve update dependencies.
When you use the Update Manager GUI to apply updates that you selected from the list of updates, each update is downloaded (if necessary) before it is applied.
If you attempt to install a list of updates, Update Manager first performs an analysis to determine whether dependent updates must also be installed.
You might want to remove (or back out) an update that you previously applied to your system. Update Manager enables you to remove updates.
Do not remove the Update Manager feature update from a system, or Update Manager will not work properly.
When you remove an update, the Solaris update tools restore all of the files that have been modified by that update, unless any of the following are true:
The update was applied by using the patchadd -d command, which instructs patchadd not to save copies of files being updated or replaced.
The update was applied by using the patchadd command without the -d option, and the backout files that were generated have since been removed.
The update has been made obsolete by a later update.
The update is required by another update.
During the update removal process, the patchrm command logs the backout process in the /tmp/backoutlog.process-id file. This log file is automatically removed if the update is successfully removed.
You can use the Update Manager GUI to remove one or more updates by selecting them from the list of applied updates. However, you can only remove one update at a time with the smpatch remove command.
If you attempt to remove an update on which other updates depend, it is not removed. If you remove all of the updates that depend upon this update, you can remove the update.
When you attempt to remove an update on which other updates depend, Update Manager presents you with the list of updates that must be removed as well. To remove the update you originally selected, you must agree to remove these updates.
You can request that your Solaris 10 systems be managed by the Sun Update Connection Hosted web application either during or after the registration process. This Hosted web application enables you to manage the updates on all of your systems. For more information, see Chapter 5, Managing Solaris Updates by Using the Sun Update Connection Hosted Browser Interface.
Even if your system is managed by the Sun Update Connection Hosted web application, you can still use Update Manager to manage updates on your local system.
When you use Update Manager, your client systems and any Sun Update Connection proxies must have access to Solaris updates and update data. Both client systems and proxies can obtain updates from these sources:
Update server. A server that provides access to Solaris updates and update data. An update server can be a Sun Update Connection Proxy on your intranet or the Sun update server, which is accessed over the Internet.
Local collection of updates. A collection of updates and update data that is stored in a directory available to the local system. Such a directory might be a local directory, a shared network directory, or a CD mounted on your local system.
The default source of updates for client systems and Sun Update Connection System Proxies is the Sun update server. As a result, any client system or Sun Update Connection Proxy that obtains updates from the Sun update server must be connected, either directly or through a network proxy, to the Internet.
You can use a combination of Sun Update Connection System Proxies and different update sources to configure these update management environments.
Clients access updates and update data from the following sources:
Sun update server. This configuration requires that the client systems are connected, directly or through a network proxy, to the Internet. Such a client system must be registered with Update Manager.
Sun Update Connection Proxy on your intranet (by way of the Sun update server). This configuration requires that only the Sun Update Connection Proxy be connected, directly or through a network proxy, to the Internet. The system that acts as the proxy must be registered with Update Manager, but the proxy’s client systems need not be registered.
Collection of updates on your local system. This configuration does not require that the client systems be connected to the Internet. These client systems also need not be registered with Update Manager.
Sun Update Connection Proxy (by way of a collection of updates on your local system). This configuration does not require that the client systems and Sun Update Connection Proxy be connected to the Internet. Neither the system that acts as the proxy nor the client systems must be registered with Update Manager.
For instructions on specifying the source of updates for your client system, see How to Specify a Source of Updates (GUI).
For instructions on specifying the source of updates for your proxy, see How to Change Configuration Settings for Your Sun Update Connection Proxy (Command Line).
Update Manager applies these types of updates to your system:
Standard updates that are applied immediately and require no system restart
Updates that require a system restart
Updates that must be manually applied
Standard updates are associated with the standard update property. Updates marked as Restart Required are associated with the rebootafter, reconfigafter, rebootimmediate, reconfigimmediate, and singleuser update properties. Updates marked as Download Only are associated with the interactive update property. Download Only updates are only downloaded to your system and must be applied manually according to the instructions in the update’s README file.
If you use the smpatch update command to update your system, however, you can customize the policy for applying updates.
For more information about this policy, see the smpatch(1M) man page.
The smpatch set command uses the following parameters to configure your update management environment.
Except for patchpro.patchset, parameters can also be modified in the Update Manager GUI by choosing Preferences from the File menu and specifying the appropriate values.
patchpro.patchset – Name of the update set to use. The default name is current.
Choose the update set from the View Collection menu.
patchpro.download.directory – Path of the directory where downloaded updates are stored and from which updates are applied. The default location is /var/sadm/spool.
patchpro.backout.directory – Path of the directory where update backout data is saved. When an update is removed, the data is retrieved from this directory as well. By default, backout data is saved in the package directories.
patchpro.patch.source – URL that points to the collection of updates. The default URL is that of the Sun update server, https://getupdates.sun.com/solaris/.
patchpro.proxy.host – Host name of your network proxy. By default, no network proxy is specified, and a direct connection to the Internet is assumed.
patchpro.proxy.port – Port number used by your network proxy. By default, no network proxy is specified, and a direct connection to the Internet is assumed. The default port is 8080.
patchpro.proxy.user – User name used by your network proxy for authentication.
patchpro.proxy.passwd – Password used by your network proxy for authentication.
patchpro.install.types – Your policy for applying updates. The value is a list of zero or more colon-separated update properties that are permitted to be applied by an update operation (smpatch update).
By default, the smpatch update command applies updates that have the standard, rebootafter, and reconfigafter properties. See Customizing the Policy for Applying Updates.
The Update Manager GUI always applies updates that have the standard property. This policy cannot be changed.