Configuring Your Local Patch Server

Only a system that runs at least Solaris 9 can be used as a local patch server.

Client systems are configured to obtain patches from the Sun patch server by default.

You need a local patch server in the following situations:

• Your client systems are not permitted to connect to the Internet.

• You want to minimize the Internet traffic between your client systems and the Sun patch server.

The local patch server is an optional Sun Patch Manager 2.0 feature that you can obtain at no charge if you are a contract customer in the SunSpectrum program.

For information about becoming a contract customer or obtaining the local patch server distribution, go to http://sunsolve.sun.com and click Patch Portal.

For additional information about local patch servers, see Local Patch Server.

To configure a local patch server on your intranet and to begin using it to serve client systems, do the following:

1. Configure and start your local patch server.

   See How to Initially Configure Your Local Patch Server (Command Line).

2. Configure your client system or systems to obtain patches from your local patch server.

   See How to Specify the Source of Patches (Web Browser) or How to Specify the Source of Patches (Command Line).

After completing these steps, you are ready to have your client systems obtain patches from your local patch server. See Managing Patches by Using the Command-Line Interface (Task Map) or Managing Patches by Using the Browser Interface (Task Map).

Configuration Requirements

Your local patch server needs to obtain patches and patch data from one of these sources:

• Patch server – The patch server can be the Sun patch server or another local patch server in the chain of patch servers. The Sun patch server is the default source of patches.

• Local collection of patches – A collection of patches and patch data that is stored in a directory available to the local system. Such a directory might be a local directory, a shared network directory, or a CD mounted on your local system.

  If you would like to obtain a suitable patch CD from Sun, contact your Sun support representative.

After you set up the local patch server, you must configure each of your client systems to communicate with that server. Then you are ready to have your client systems obtain patches from your local patch server.

Configuring Your Local Patch Server by Using the Command-Line Interface

Use the patchsvr command to configure and enable your local patch server. See the patchsvr(1M) man page.

How to Initially Configure Your Local Patch Server (Command Line)

Before you can use a system as a local patch server, you must ensure that the Sun Patch Manager 2.0 software is installed, configure and start the local patch server, and configure clients to communicate with the local patch server.

A Solaris 9 system with at least the Developer Solaris Software Group (SUNWCdev) installed is suitable to be a patch server on your intranet. You must install Sun Patch Manager 2.0 for Solaris 9.

You can obtain this software from the Sun Download Center at http://wwws.sun.com/software/download.

If your local patch server uses a web proxy to connect to the Internet, you must specify information about the web proxy. See How to Change Configuration Settings for Your Local Patch Server (Command Line).

1. As superuser, log in to the system that you plan to use as your local patch server.

2. Determine whether the SUNWpsvru and SUNWpsvrr packages are installed on the system.

   # pkginfo | grep SUNWpsvr system SUNWpsvrr Patch Server Deployment (Root) system SUNWpsvru Patch Server Deployment (Usr)

   If the packages are not installed, you must install them before continuing this task.

3. If needed, specify the web proxy that your local patch server uses to connect to the Internet.

   # patchsvr setup -x web-proxy-name:port

   If you do not have the web proxy information, contact your network administrator.

4. Specify the patch source.

   Your local patch server can point to a different source of patches. This patch source can be used to fulfill patch download requests that cannot be fulfilled by your local patch server. By default, the source of patches for your local patch server is the Sun patch server.

   • To specify the next patch server in the chain of local patch servers, type:

     # patchsvr setup -p http://server-name:3816/solaris/

   • To specify a collection of patches on the local patch server, type:

     # patchsvr setup -p file:/directory-name

   • To specify the Sun patch server, which is the default, type:

     # patchsvr setup -p https://updateserver.sun.com/solaris/

     The local collection of patches can be in a directory, on a CD, or on a remote file system.

5. Start your local patch server.

   # patchsvr start

6. (Optional) Enable your local patch server so that it is started each time the system boots.

   # patchsvr enable

Example 7–1 Initially Configuring Your Local Patch Server

Each of these examples verify that the Sun Patch Manager 2.0 software is installed on the system.

• The following example shows how to configure a local patch server to point to another local patch server in a chain. You configure two local patch servers to serve systems in two buildings.

  You configure psvr1 to obtain patches from the Sun patch server. Also, psvr1 communicates with the Internet by using a web proxy. Before you can make the local patch server ready for use, you must specify the host name, webproxy1, and the port number, 2010, of the web proxy. After you configure psvr1, you must start it. You can also enable it for automatic restart when the system boots.

  psvr1 # pkginfo | grep SUNWpsvr system SUNWpsvrr Patch Server Deployment (Root) system SUNWpsvru Patch Server Deployment (Usr) psvr1 # patchsvr setup -x webproxy1:2010 psvr1 # patchsvr setup -p https://updateserver.sun.com/solaris/ psvr1 # patchsvr start Starting Local Patch Server psvr1 # patchsvr enable

  You configure psvr2 to obtain patches from psvr1 by specifying the URL to the server, which is http://psvr1:3816/solaris/. After you configure psvr2, you must start it. You can also enable it for automatic restart when the system boots.

  psvr2 # pkginfo | grep SUNWpsvr system SUNWpsvrr Patch Server Deployment (Root) system SUNWpsvru Patch Server Deployment (Usr) psvr2 # patchsvr setup -p http://psvr1:3816/solaris/ psvr2 # patchsvr start Starting Local Patch Server psvr2 # patchsvr enable

  Now that both of the patch servers are configured and started, configure client systems to use them. See How to Specify the Source of Patches (Command Line) or How to Specify the Source of Patches (Web Browser).

• The following example shows how to configure a local patch server to obtain patches from a local collection of patches in the /export/patches directory. The URL that points to this directory is file:/export/patches. After configuring the local patch server, you must start it. You can also enable it for automatic restart when the system boots.

  # pkginfo | grep SUNWpsvr system SUNWpsvrr Patch Server Deployment (Root) system SUNWpsvru Patch Server Deployment (Usr) # patchsvr setup -p file:/export/patches # patchsvr start Starting Local Patch Server # patchsvr enable

  Now that the patch server is configured and started, configure client systems to use it. See How to Specify the Source of Patches (Command Line) or How to Specify the Source of Patches (Web Browser).

• The following example shows how to configure a local patch server to obtain patches from a local collection of patches on a CD mounted from the first CD-ROM drive. The URL that points to this CD is file:/cdrom/cdrom0. After configuring the local patch server, you must start it. You can also enable it for automatic restart when the system boots.

  # pkginfo | grep SUNWpsvr system SUNWpsvrr Patch Server Deployment (Root) system SUNWpsvru Patch Server Deployment (Usr) # patchsvr setup -p file:/cdrom/cdrom0 # patchsvr start Starting Local Patch Server # patchsvr enable

  Now that the patch server is configured and started, configure client systems to use it. See How to Specify the Source of Patches (Command Line) or How to Specify the Source of Patches (Web Browser).

• The following example shows how to configure a local patch server to obtain patches from a collection of patches that is mounted on a remote system. The URL that points to this directory is /net/mars/export/patches. After configuring the local patch server, you must start it. You can also enable it for automatic restart when the system boots.

  # pkginfo | grep SUNWpsvr system SUNWpsvrr Patch Server Deployment (Root) system SUNWpsvru Patch Server Deployment (Usr) # patchsvr setup -p file:/net/mars/export/patches # patchsvr start Starting Local Patch Server # patchsvr enable

  Now that the patch server is configured and started, configure client systems to use it. See How to Specify the Source of Patches (Command Line) or How to Specify the Source of Patches (Web Browser).

How to View the Configuration Settings for Your Local Patch Server (Command Line)

You can check the configuration settings of your local patch server to help diagnose problems or to understand your server's patch-related settings.

The information includes the following:

• Location of the patch collection – Source of patches to be checked when the requested patch is not available on the local server.

• Web proxy information – Host name and port of a web proxy that is used to communicate with the Internet.

• Location of the patch cache – Directory where patches are cached.

1. Log in to the local patch server as superuser.

2. List the configuration settings for your local patch server.

   # patchsvr setup -l Patch source URL: https://updateserver.sun.com/solaris/ Cache location: /var/sadm/spool/patchsvr Web proxy host name: mars Web proxy port number: 8080

How to Change Configuration Settings for Your Local Patch Server (Command Line)

If you want to change the configuration settings of your local patch server, you must first stop it. After you change the settings by using the patchsvr setup command, you must restart the local patch server.

For information about the configuration settings that you can change, see the patchsvr(1M) man page.

1. As superuser, log in to the system that you plan to use as your local patch server.

2. Stop the local patch server.

   # patchsvr stop

3. Change one or more configuration settings, one per command line.

   For example, specify a web proxy, web-proxy-name, and a port, port.

   # patchsvr setup -x web-proxy-name:port

4. Start the local patch server.

   # patchsvr start

Example 7–2 Changing Configuration Settings for Your Local Patch Server

This example shows how to change some configuration settings for your local patch server. The local patch server communicates with the Internet by using a web proxy. First, you stop the local patch server, then specify the host name, webproxy1, and the port number, 2010, of the web proxy.

Next, you specify the next local patch server in the chain. You configure two local patch servers to serve systems in two buildings. The psvr1 server obtains patches from the Sun patch server. The second server, psvr2, obtains patches from psvr1. You configure psvr2 to obtain patches from psvr1 by specifying the URL to the server, which is http://psvr1:3816/solaris/.

# patchsvr stop
Shutting down Local Patch Server
# patchsvr setup -x webproxy1:2010
# patchsvr setup -p http://psvr1:3816/solaris/
# patchsvr start
Starting Local Patch Server