test

Signed Patches Administration Guide for PatchPro 2.2

Troubleshooting Signed Patch Problems (Task Map)

Use the following task map to troubleshoot signed patch problems.

Task 

Description 

For Instructions 

Obtain PatchPro configuration information. 

Obtain information about your patch management environment to help you diagnose problems. 

See How to Obtain Information About Your Patch Management Environment.

View patch management tool log files. 

View log files on the system to identify problems with installing patch management tools or applying signed patches. 

See How to View Patch Management Tool Log Files.

Set up a separate PatchPro log file. 

Move the log from syslog to a separate file.

See How to Move the Log From syslog to a Separate File.

Resolve a sequestered patch. 

Resolve a patch that has been sequestered, one that cannot be installed by PatchPro. 

See How to Resolve a Sequestered Patch.

For up-to-date information about troubleshooting signed patch problems, error messages, or documentation errata, see the Signed Patches Release Notes for PatchPro 2.2.

How to Obtain Information About Your Patch Management Environment

To begin troubleshooting problems with PatchPro 2.2 or Patch Manager Base 1.0.1, you must understand how your patch management environment is configured. Use the pprosetup -L command to obtain the configuration information.

  1. Become superuser.

  2. Obtain the configuration information.


    # pprosetup -L

Log file location:   System log file (consult /etc/syslog.conf for
                     exact location)
Log file size:       50000
Download directory:  /var/sadm/spool
Sequester directory: /var/sadm/spool/patchproSequester
Proxy server name:   webaccess.corp.net.com
Proxy server port:   8080
Server URL:          https://patchpro.sun.com/servlet/ \
                     com.sun.patchpro.server.PatchProServerServlet/
Database URL:        https://patchpro.sun.com/database/patchprodb.zip
Detectors URL:       https://patchpro.sun.com/database/pprodetectors.jar

How to View Patch Management Tool Log Files

Various log files on the system can help you to identify problems with installing patch management tools or applying signed patches.

By default, PatchPro writes to the system log file. The system log configuration file, /etc/syslog.conf, specifies where the system log file resides on the system. By default, the system log file is /var/adm/messages.

  1. (Optional) To instruct PatchPro to write messages to a different file on the local file system, update the patchpro.log.file property in the PatchPro configuration file, /etc/opt/SUNWppro/etc/patchpro.conf.

    For example, if you want PatchPro to write to the /var/tmp/patchpro.log file, assign /var/tmp/patchpro.log to the patchpro.log.file property.

  2. Use the following table to determine which log file might contain information about a failed installation of a patch management tool or a signed patch.

    Log File 

    Description 

    /var/tmp/ppro_install_log.nnn

    Identifies the success or failure of the installation of PatchPro packages and patches. 

    /var/tmp/log/patchpro.log

    Identifies problems that are found when using the patch management tool. 

    /var/adm/messages

    Identifies problems that are found when applying a signed patch to a system by using the various patch management tools. Also, identifies problems that are found when the patch management tools do not initialize properly. 

    Solaris Management Console Log Viewer on a Solaris 9 system 

    Identifies the success or failure of applying a signed patch with the Solaris Management Console Patches Tool. 

How to Move the Log From syslog to a Separate File

  1. Select a file of specific maximum size to serve as the PatchPro circular log.

  2. Become superuser.

  3. Save the current PatchPro configuration by creating a copy of the PatchPro configuration file.


    # cp /etc/opt/SUNWppro/etc/patchpro.conf \
/etc/opt/SUNWppro/etc/patchpro.conf.orig

  4. Edit the patchpro.conf configuration file.

    1. Change the value of the patchpro.log.file property to specify the new log file.

    2. Change the value of the patchpro.log.size property to specify the size of the log file in bytes.

  5. Resume syslog logging.


    # cp /etc/opt/SUNWppro/etc/patchpro.conf.orig \
/etc/opt/SUNWppro/etc/patchpro.conf

How to Resolve a Sequestered Patch

A patch might not install successfully if the patch installation policy cannot be satisfied. Namely, a patch that has the rebootafter property cannot be applied in automatic mode. A patch that cannot be installed by PatchPro is sequestered in the /var/sadm/spool/patchproSequester directory, by default.

Review the README file associated with the patch to determine the installation details of the patch.

To view the README, do one of the following:

To protect the digital signature, do not expand the JAR archive. Use the following procedure to safely extract the patch README file.

Also, review the contents of the /var/tmp/log/patchpro.log file to determine why a patch did not install successfully.

  1. Become superuser.

  2. Verify that one or more patches were not installed by viewing the contents of the /var/sadm/spool/patchproSequester directory.


    # cd /var/sadm/spool/patchproSequester; ls

  3. Extract the README file from the JAR archive.

    1. First, identify the name of the README file, for example:


      # /usr/j2se/bin/jar tvf 107058-01.jar | grep README
1440 Sat Apr 06 08:50:08 MST 2002 107058-01/README.107058-01

    2. Then, extract the README file.


      # /usr/j2se/bin/jar xvf 107058-01.jar 107058-01/README.107058-01
extracted: 107058-01/README.107058-01

  4. View the README file.


    # more 107058-01/README.107058-01