Sun Update Connection - Automated Baseline Management Service 1.0 User's Guide

Customizing the TLP Tool

This section contains information on customizing the TLP tool. Included in this section are the procedures for modifying whitelists and blacklists. Information on working with withdrawn patches is also included in this section.

Customizing Whitelists and Blacklists

TLP patch sets are created through the use of analyzers. These analyzers use Sun knowledge and best practices to locate missing patches on a system. However, these analyzers do not analyze third-party applications or hardware. These components might conflict with certain patches, or patch revisions, for a given system. For known conflicts, such as those from the component, from the application vendor, or from previous experience, TLP provides a mechanism for adding or removing these patches from the specific patch sets. This process is accomplished through the use of whitelists and blacklists. A whitelist is a list of all of the patches to be included in the patch set. A blacklist is a list of all of the patches to be excluded from the patch set.

ProcedureHow to Customize Whitelists and Blacklists

This task describes how to configure and modify TLP whitelists and blacklists. Patches in the whitelist file are added to patch sets. Patches in the blacklist file are removed from the patch sets. This procedure shows how to modify the whitelist file. The same steps are applicable when modifying a blacklist file.

Steps
  1. Log in to the TLP server as the tlp-user.

  2. Using a text editor, open the whitelist file for editing.

    The location of the whitelist and blacklist files is configured in the patchdiag section of the tlp.cfg file. The default locations for these lists are:

    • /opt/SUNWtlp/conf/whitelist.cfg

    • /opt/SUNWtlp/conf/blacklist.cfg

  3. Add patches to the list.

    The whitelist and blacklist files include many examples. See TLP Whitelists and Blacklists for more details.

    1. Copy the most appropriate example. Remove the hash mark (#) from the beginning of the line.

    2. Adjust the values accordingly.

    You can add patches for all of the systems in the data center or for a subset of systems. Subsets are selected by keys, which are known by using the uname command. The following information about the operating system is provided:

    • Name

    • Version

    • Architecture

    • System type

  4. Save the changes.

    The changes take effect when the next patch sets is created. See How to Create Individual TLP Patch Sets.


Example 2–8 Configuring a Whitelist

The following example shows a whitelist configuration.


<Module patchdiag>
Class Tlp::Resolver::PatchDiag

       # List of patches to be ignored
       BlackList $BaseDirectory/conf/patches.black

       # Default white list of patches which should be always 
       # installed:
       WhiteList $BaseDirectory/conf/patches.white

       # Additional list of patches which should be added for sure
       # WhiteList ./patches.white
</Module>

For an example of a blacklist configuration, see Example 3–1.


Working With Withdrawn Patches

Patches fix problems and install new functionality. However, some patches can create new problems. When a patch creates a problem, Sun withdraws the patch from the SunSolve web site to prevent you from downloading it. Because TLP works with baselines that are installed on the TLP server, Sun cannot withdraw these patches from the TLP server. Therefore, the TLP tool uses a WITHDRAWN patches list to update this information.

ProcedureHow to Update the WITHDRAWN Patches List

The following task describes how to configure the TLP tool to update information about withdrawn patches.

Before You Begin

You must have installed the TLP software to perform this task.

Steps
  1. Log in to the system as the tlp-user.

  2. Download the TLP metafiles.


    $ tlp download metafiles
    

    The TLP metafiles contain information about withdrawn patches. Running this command updates the WITHDRAWNPATCHES file with the latest information about withdrawn patches.

    To enable daily updates, add the tlp download metafiles command to the tlp-user crontab file.

  3. Ensure that the SunSolve login and proxy parameters are set properly in the tlp.cfg file.

  4. Ensure that the sunsolve Loader module is defined in the tlp.cfg file. To set this value, uncomment the line within the configuration file.

  5. After you recreate the patch sets, withdrawn patches are removed from all of the patch sets. See How to Create Individual TLP Patch Sets for more information about patch set creation.


Example 2–9 Downloading the TLP Metafiles

This example shows the process for downloading the TLP metafiles.


$ /tlp download metafiles
   + updating TLP Metafiles
   + Loading tlp_metafiles.xml (unknown filesize)
   + Loading tlp_metafiles.tar.gz (586145 bytes)
100% [===========================================]
tar: Read 7168 bytes from -