test

Sun Update Connection - Automated Baseline Management Service 1.0 User's Guide

TLP Processes

This section describes TLP concepts and related processes, which include the following cycles:

Figure 1–1 describes the TLP cycles and processes. Note that some of these processes are manually performed, while others are automatically or semiautomatically performed. These processes are described in greater detail in the sections that follow.

Figure 1–1 TLP Process Cycles for Patch Set Creation and Installation

Graphic that shows TLP processes. Processes are colored light grey for manual, white for semiautomatic, and dark grey for automatic.

Note –

The TLP tool's primary function is patch set creation. Although the TLP patch set installation process is included in Figure 1–1, the TLP tool does not provide this functionality. Patch set installation is a separate task that you perform after the tool has created the patch sets.

TLP Baseline Loop

TLP uses the concept of baselines, which are a set of patches and patch revisions that are frozen at a given point in time. This set is tested as a unity and doesn't change after it is released. Baselines enable you to bring all of your systems to the same patch level. The baselines are tested together, thereby reducing the risk of patch incompatibilities. Having all the systems in a large data center at the same patch level makes administration and error detection much easier.

Baselines usually change once per quarter. First, an appropriate baseline is selected. For example, an EIS-CD dated, January 2005 would contain all of the patches that were burned in January of 2005. The baseline is installed once per quarter. When a new baseline is installed, TLP automatically updates the various reports.

TLP Analysis Loop

The analysis Loop is central to the TLP process. It runs for each client system in the data center. After you have installed TLP, you can choose to set up a cron job that starts TLP automatically, once per week. The TLP Client will utilize PatchPro to analyze the target system. The output of all the target systems are collected on the TLP server. The TLP server then compares the output with the installed baseline and creates a patch list. TLP automatically adds or removes patches from whitelist or blacklist configuration files. These files enable you to add or remove patches, if necessary. Whitelist and blacklist files are manually configured. Note that some systems require special patches, such as when an application requirement exists. For more information on maintaining whitelist and blacklist configuration files, see How to Customize Whitelists and Blacklists. In addition, TLP checks the WITHDRAWN patches list and removes any bad patches from the baseline. You can modify this list by using the TLP CLI commands, or by setting up a cron job. You should plan to update the WITHDRAWN patches list on a weekly basis. For more information on working with the WITHDRAWN patches list, see How to Update the WITHDRAWN Patches List.

The TLP tool then takes the resulting list and checks for patch dependencies. If any missing patches are found, the tool attempts to download these patches from the SunSolve web site. Note that Internet connectivity is required to complete this task. In addition, you need a login and password to access the SunSolve web site to download patches.

Note –

The new SunSolve web site allows the downloading of patches with arbitrary revision levels, which is contrary to the old method. This capability is necessary for the proper working of the TLP tool.

If no Internet connection exists, you need to manually install any missing patches. After the patch dependencies are resolved, all of the patches are put in the correct order. At this time, the tool removes any patches that cannot be installed automatically. In addition, all firmware and OpenBootTM PROM patches that require special treatment are stored in a separate directory for manual installation at a later time. The result is a final patch set that is placed in a dedicated directory. For ease of use, TLP does the following:

The last step in this process in the installation of the patch sets. This step is a separate task that you perform after the TLP tool creates the patch sets for your systems. For more information on the patch set installation process, see How to Install a TLP Patch Set.

Deployment Method

To install patch sets, you can choose one of the following installation options:

If you use Solaris Live Upgrade, the TLP patch sets fit the selected deployment method. For ease of deployment, TLP provides installation and back-out scripts, along with README files. These README files include additional useful data, such as a collection of special installation instructions. For more information about installing the TLP, software see TLP Software Installation (Task Map).

Sun Update Connection - Automated Baseline Management Service 1.0 Service Offering Activities and Deliverables

The Sun Update Connection - ABMS 1.0 service offering that uses the TLP 2.3 tool is divided into two stages, an initial stage and an ongoing stage. Table 1–2 describes these activities and deliverables.

Table 1–2 Sun Update Connection - ABMS 1.0 Service Offering Activities and Deliverables

Task 

Stage/Frequency of Occurrence 

Determine strategy 

Initial 

Determine frequency of patch cycles 

Initial (Default: quarterly) 

Define test scenarios 

Initial 

Determine fallback/back-up mechanism 

Initial 

Install TLP tools 

Initial 

Instruct system administrators in the use of TLP tool 

Initial 

Run patch updates 

Ongoing 

Update patch baselines 

Ongoing (up to 4 times per year) 

Automatic data analysis 

Ongoing 

Automatic generation of system-specific patch sets 

Ongoing 

Install patch sets 

Ongoing 

Note –

This guide does not contain information on all of the tasks that are described in the previous table. Information about patch strategy, including the Patch Strategy Checklist, can be found at http://onestop/tlp. Information on Solaris patch management strategy can be found at http://docs.sun.com/db/doc/817-0574-12.