This chapter describes how to use the Patch Manager browser interface to manage patches on your Solaris 9 systems.
The following task-related information is in this chapter:
Managing Solaris Patches by Using the Sun Patch Manager Browser Interface (Task Map)
Configuring Your Patch Management Environment by Using the Browser Interface (Task Map)
Tuning Your Patch Management Environment by Using the Browser Interface (Task Map)
The browser interface that was originally released with the Sun Patch Manager 2.0 product for Solaris 9 systems has been withdrawn.
The Patch Manager product will be replaced by the new Sun Update Manager product.
The following table identifies the tasks that you might perform when you use the Sun Patch Manager browser interface.
Task |
Description |
For Instructions |
---|---|---|
Access the browser interface. |
If you want the convenience of a web application to manage patches, use the Sun Patch Manager 2.0 browser interface. | |
Configure the patch management environment for your system. |
By default, your system is assumed to be connected directly to the Internet and configured to obtain patches from the Sun patch server. If this is not true for your system, change the configuration settings to match your environment. |
Configuring Your Patch Management Environment by Using the Browser Interface (Task Map) |
Manage patches on your system. |
You can use the browser interface to perform an analysis of your system, apply one or more patches, find patch dependencies, and remove patches. | |
(Optional) Tune the patch management environment for your system. |
Change some optional configuration settings, such as the policy for applying patches. |
Tuning Your Patch Management Environment by Using the Browser Interface (Task Map) |
Do not run simultaneous Patch Manager operations on your system because it might become unstable. Do not interrupt a patch operation once it has started. If a patch operation is running, you must wait for that operation to complete before starting another operation.
This behavior pertains to operations initiated by both the browser interface and by the smpatch command.
The browser interface for Patch Manager supports the following web browsers:
Netscape Communicator, at least Version 4.7
Microsoft Internet Explorer, at least Version 5
MozillaTM, at least Version 1.2
The Patch Manager URL follows this form:
https://system-name.domain:6789/patchmgr |
You can obtain help while you use the Patch Manager browser interface by clicking Help at the top of each page of the application.
Become superuser.
Ensure that the Sun Web Console is enabled in one of these ways:
To start the SunTM Web Console manually, type:
# /usr/sbin/smcwebserver start |
To enable boot-time startup of the Sun Web Console, type:
# /usr/sbin/smcwebserver enable |
Each time the system boots, the Sun Web Console is started.
To enable boot-time startup of the Sun Web Console and to start it now, type:
# /usr/sbin/smcwebserver enable # /usr/sbin/smcwebserver start |
Access the Patch Manager browser interface for your system by typing the URL in your web browser.
For example, if your system is called mars, the URL is as follows:
https://mars:6789/patchmgr |
When you are asked to accept a certificate for the new site, accept it.
Follow the instructions in the dialog boxes.
The Sun Web Console login page appears.
To log in to the Patch Manager application, type one of the following in the User Name field, followed by the password for that user:
Name of a user who has the Cron Management, Maintenance and Repair, and Software Installation profiles or the solaris.admin.patchmgr.*, solaris.jobs.admin, and solaris.compsys.write authorizations
Name of a user who has permission to assume a role that includes the Cron Management, Maintenance and Repair, and Software Installation profiles or the solaris.admin.patchmgr.*, solaris.jobs.admin, and solaris.compsys.write authorizations
When the Role Name drop-down menu appears, choose the role to use. Then, type the password for the role in the Password field.
The System Administrator profile includes these profiles. For information about how to create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Click Log In to open the Patch Manager browser interface.
(Optional) Click Sun Patch Manager 2.0 to access the Patches to Apply page.
After you access the browser interface, you can configure the patch management environment for your system and manage patches.
See the following sections:
Configuring Your Patch Management Environment by Using the Browser Interface (Task Map)
Tuning Your Patch Management Environment by Using the Browser Interface (Task Map)
By default, the patch management environment is configured to obtain patches directly from the Sun patch server.
Therefore, you must customize your environment if your system does one or more of the following:
Connects to the Internet by means of a web proxy
Requires a user name and password to obtain patches
Obtains patches from a patch source other than the Sun patch server
The following table identifies the browser-based tasks that you might perform when you configure the patch management environment for your system.
If you want to use the smpatch command to configure your patch management environment, see Configuring Your Patch Management Environment by Using the Command-Line Interface (Task Map).
Task |
Description |
For Instructions |
---|---|---|
(Optional) Specify the web proxy to use. |
If your system is connected to the Internet through a web proxy, you must specify the web proxy that is used to access the Sun patch server. By default, no web proxy is specified. | |
(Optional) Specify the user and password needed to provide authentication for the web proxy. |
If your web proxy requires authentication, you must specify the web proxy user that is needed for authentication. By default, no web proxy user is specified. | |
(Optional) Specify the user and password needed to obtain patches from the Sun patch server. |
If you needed a user and password to obtain patches, you must specify the user name and password. |
How to Specify a User Name and Password With Which to Obtain Patches (Web Browser) |
(Optional) Specify the source of patches for your system. |
Your system can obtain patches from one of the following sources:
The default source of patches for your system is the Sun patch server. |
If your system connects to the Internet through a web proxy, you must provide information about the web proxy to Patch Manager.
Access the Patch Manager browser interface.
See How to Access the Sun Patch Manager Browser Interface (Web Browser).
Obtain the host name and the port of the web proxy from your network administrator.
For example, the web proxy might be called my-webproxy and the port 2010.
Click the Administration tab to access the Patch Management Configuration page.
Go to the Web Proxy section.
Specify the host name of your web proxy in the Web Proxy Host Name field.
Specify the port number used by your web proxy in the Web Proxy Port Number field.
(Optional) If the web proxy requires authentication, supply the user name and password.
Obtain this information from your network administrator.
Click Save.
This example shows how to specify the web proxy used by a system. The web proxy is called my-webproxy and it uses port 2010. This example also shows how to specify the name of the user who authenticates to the web proxy. The user name is proxyusr. Also specify the password for the proxyusr user. Note that the user and password are optional.
If you needed a user name and password to obtain patches from the Sun patch server, you must specify them for Patch Manager.
As of June 2005, a user name and password are not required to obtain patches from the Sun patch server.
Access the Patch Manager browser interface.
See How to Access the Sun Patch Manager Browser Interface (Web Browser).
Click the Administration tab to access the Patch Management Configuration page.
Go to the Patch Source section.
Specify your Sun user name and password.
If you do not have an account, register for one at http://sunsolve.sun.com.
Click Save.
Your system can obtain patches from the following sources:
Sun patch server
Local patch server on your intranet
Local patch collection
By default, your system obtains patches from the Sun patch server.
The local patch server is an optional Sun Patch Manager 2.0 feature that you can obtain at no charge if you are a contract customer in the SunSpectrum program.
For information about becoming a contract customer or obtaining the local patch server distribution, go to http://sunsolve.sun.com and click Patch Portal.
If you want your system to obtain patches from a local patch server, you must first configure one. See Configuring Your Local Patch Server (Task Map).
Access the Patch Manager browser interface.
See How to Access the Sun Patch Manager Browser Interface (Web Browser).
Click the Administration tab to access the Patch Management Configuration page.
Go to the Patch Source section.
In the Patch Source field, specify the URL that points to the source of patches.
For the Sun patch server, select the SunSolve radio button.
For a local patch server, select the Other radio button and use this URL format:
http://server-name:3816/solaris/ |
For a collection of patches in a directory, select the Other radio button and use this URL format:
file:/directory-name |
Note that directory-name can be a local file system or a remotely mounted file system.
If you use a CD-ROM as a patch source, ensure that it is mounted before Patch Manager tries to access it.
See Example 6–2 for examples of using the file:/ URL format.
Click Save.
This example shows how to configure a system to obtain patches from the /export/patches directory on the local system. Specify file:/export/patches in the Other field.
This example shows how to configure a system to obtain patches from the /export/patches directory on the remote system called jupiter. Specify file:/net/jupiter/export/patches in the Other field.
This example shows how to configure a system to obtain patches from a CD mounted from the first CD-ROM drive of the local system. Specify file:/cdrom/cdrom0 in the Other field.
After you specify a patch source, your client system is ready to manage patches. See Managing Patches by Using the Browser Interface (Task Map).
You can use the Patch Manager browser interface to perform the following tasks:
Analyze your system to determine the list of appropriate patches
Update your system with patches automatically
Remove a patch from your system
Perform these tasks and more by using the command-line interface. See Managing Patches by Using the Command-Line Interface (Task Map).
The following table identifies the common patch management tasks.
Task |
Description |
For Instructions |
---|---|---|
Analyze your system to determine the list of patches. |
You want to analyze your system to obtain the list of appropriate patches. Based on the analysis, you can update your system with one or more patches in the list. Note that the browser interface lists the appropriate patches. If you request another analysis, the list of patches is changed to reflect any new patches that are needed. |
How to Analyze Your System to Obtain the List of Patches to Apply (Web Browser) |
Automatically update your system with one or more patches in a single procedure. |
You want to automatically download and apply the patches that are appropriate for your system. The list of patches is determined by having Patch Manager analyze your system. | |
(Optional) Resolve patch dependencies. |
Determine whether the patches you want to apply depend on other patches being applied first. | |
Remove patches from your system. |
You want to remove, or back out, patches that you applied to your system. | |
(Optional) View the Patch Manager log. |
View the logs to identify problems with managing patches. |
Patch Manager can analyze your system to determine the list of patches that are appropriate for your system.
To schedule a periodic patch analysis of your system, see How to Schedule a Regular Analysis of Patches (Web Browser).
Access the Patch Manager browser interface.
See How to Access the Sun Patch Manager Browser Interface (Web Browser).
Click the Patches to Apply tab to access the Patches to Apply page.
Click Update Patch List to analyze your system for the list of appropriate patches.
When the job completes, click Back to Patches to Apply to view the list of patches to apply.
(Optional) Click View README in the SunSolve Actions column to see detailed information about a patch.
A new browser window opens to show the contents of the patch's README file.
After you have a list of patches to apply, you can update your system with patches. See How to Update Your System With Patches (Web Browser).
You can update your system by downloading and applying all of the patches that are listed on the Patches to Apply page. Or, you can select one or more of the patches to download and apply.
The Patches to Apply page lists patches that you can apply to your system.
Each patch entry includes the following information:
Name – Identification number for the patch, which is its patch ID.
Description – Synopsis of the patch.
Special Handling – The patch properties listed in this column describe the special handling measures that are required to apply the patch. To apply the special-handling patches by clicking Apply or Apply All, the policy for applying patches must include the appropriate patch properties. See How to Change the Policy for Applying Patches (Web Browser).
Sun Alert Patch – A checkmark in this column means that the patch is part of the Recommended Patch Cluster, which is associated with Sun Alert notifications.
Security Patch – A checkmark in this column means that the patch fixes a security problem.
SunSolve Actions – Link to the patch's README file. Click View README to open a browser window that displays the patch's README file.
By default, only standard patches and those patches with the rebootafter or reconfigafter patch properties are applied when you click Apply or Apply All.
Any patches in the list that do not have a checkbox cannot be applied because they do not meet the current policy for applying patches. To apply such patches, you must change the policy for applying patches.
If all patches are not applied, you can use the smpatch command to apply them. For more information, see How to Apply Patches to Your System (Command Line) and How to Apply a Nonstandard Patch (Command Line). Also, see the smpatch(1M) man page.
Access the Patch Manager browser interface.
See How to Access the Sun Patch Manager Browser Interface (Web Browser).
Click the Patches to Apply tab to access the Patches to Apply page.
Determine whether to perform a patch analysis to obtain the most up-to-date list of patches.
If you are logging in to the browser interface for the first time, the list of patches to apply is empty. You must first analyze the system to determine the list of appropriate patches.
To schedule a periodic patch analysis of your system, see How to Schedule a Regular Analysis of Patches (Web Browser).
If the list of patches appears, check the date of the last analysis to determine whether you want to perform the analysis again to get the most up-to-date list of patches.
(Optional) Click Update Patch List to perform an analysis.
(Optional) When the job in Step 4 completes, click Back to Patches to Apply to view the list of patches to apply.
(Optional) Click View README in the SunSolve Actions column to see detailed information about a patch.
A new browser window opens to show the contents of the patch's README file.
From the Patches to Apply page, apply the appropriate patches.
To apply all of the patches in the list that meet the current policy for applying patches, click Apply All.
To apply specific patches that meet the current policy for applying patches, select the patches to apply and click Apply.
If the patches that you select depend on other patches being applied to the system first, those other patches are added to your selection.
The patches are downloaded and then applied. The progress is indicated on the page.
When the job completes, the following information appears:
Patches that you selected
Patches that are added to the selection due to dependencies
Patches that are successfully downloaded and applied
Errors that occurred while applying patches
Click Back to Patches to Apply to return to the Patches to Apply page.
Sometimes a patch depends on another patch, that is, the first patch cannot be applied to the system until the other patch is applied. The first patch is said to have a dependency on the second patch.
If you specify a list of patches to apply, you can resolve the list for patch dependencies. The resulting list might include additional patches that you must apply before applying the patches you specified.
Access the Patch Manager browser interface.
See How to Access the Sun Patch Manager Browser Interface (Web Browser).
Click the Patches to Apply tab to access the Patches to Apply page.
Select the patches that you want to apply.
Choose Find Dependencies from the More Actions menu to resolve the list of specified patches.
The progress is indicated on the page.
When the job completes, click Back to Patches to Apply to view the list of patches to apply.
Any patch dependencies are listed in an alert at the top of the page. In addition, those patches are added to the patch selection.
Click Apply to apply the patches you selected.
After the list of patches is resolved, you can update your system with patches. See How to Update Your System With Patches (Web Browser).
Do not remove the Sun Patch Manager 2.0 WBEM patch (117680-01 for x86 and 117679-01 for SPARC) from a system, or Patch Manager will not work properly.
Access the Patch Manager browser interface.
See How to Access the Sun Patch Manager Browser Interface (Web Browser).
Click the Applied Patches tab to access the Applied Patches page.
(Optional) Click the icon next to the More Actions drop-down menu to show all applied patches on a single page.
Select the checkbox next to the patches that you want to remove.
Note that some patches cannot be removed by Patch Manager because they were applied as a part of a Solaris release or because they were applied without preserving backout information. If the patch entry does not have a checkbox next to it, you cannot use Patch Manager to remove the patch.
Click Remove to remove the patches you selected.
The patches are removed. The progress is indicated on the page.
When the job completes, the following information appears:
Patches that you selected
Patches that are also removed due to dependencies
Patches that are successfully removed
Errors that occurred while removing patches
Click Back to Applied Patches to view the list of applied patches.
The Patch Manager log entries can help you identify problems with managing patches.
Each log entry contains the following information:
Date – Date and time of the log entry
User – User who performed the operation
Type – Log entry type: Error, Warning, Informational, or Invalid
Message – Text of the log message
Log entries appear in chronological order. The most recent entries are added to the top of the log. To see older entries, scroll down the page or go to subsequent pages of the log.
Access the Patch Manager browser interface.
See How to Access the Sun Patch Manager Browser Interface (Web Browser).
Click the Logs tab to access the Patch Log Viewer page.
Choose the log file you want to view from the Log File drop-down menu.
Click the link in the Message column to view the log entry details.
The following table identifies the optional tasks that you might perform when you use the browser interface to tune the patch management environment for your system.
If you want to use the smpatch command to tune your patch management environment, see Tuning Your Patch Management Environment by Using the Command-Line Interface (Task Map).
Task |
Description |
For Instructions |
---|---|---|
(Optional) Obtain configuration information about your patch management environment. |
View the configuration of your patch management environment, which might help you diagnose problems. |
How to View the Configuration Settings for Your Patch Management Environment (Web Browser) |
(Optional) Change the policy for applying patches for your system. |
Patch Manager can update your system with standard patches automatically. If you want to update your system with some types of nonstandard patches, you must change your policy for applying patches. By default, only patches that are associated with the standard, rebootafter, or reconfigafter properties are applied by an update operation. | |
(Optional) Change the patch set to use for system analysis. |
Patch Manager bases analyses on all available Sun patches. If you want to apply only patches from a different patch set, such as the Recommended Patch Cluster, you must change the patch set. | |
(Optional) Set different directory locations. |
You might want to specify a different location for the download directory or the backout directory if the default locations are not large enough. | |
(Optional) Schedule a regular patch analysis to determine the list of appropriate patches. |
You might want to analyze your system on a regular basis to determine the list of appropriate patches. By default, no analysis is scheduled. | |
(Optional) Reset configuration parameters to the default values. |
You might want to reset configuration parameters to the default values. Note that some configuration parameters have an empty default value. |
You can check the configuration settings of your patch management environment to help diagnose problems or to understand your system's patch-related settings.
Access the Patch Manager browser interface.
See How to Access the Sun Patch Manager Browser Interface (Web Browser).
Click the Administration tab to access the Patch Management Configuration page.
The current configuration settings appear in the fields of that page.
Click the Schedule An Analysis subtab to view those settings.
If you want to configure your system to apply some nonstandard patches during an update operation, you must change the policy for applying patches.
By default, only patches that are associated with the standard, rebootafter, or reconfigafter properties can be applied by an update operation.
If you change your policy from the default, Sun makes no guarantees that the patches apply correctly to your system or that your system will function properly.
For more information about the policy for applying patches, see Customizing the Policy for Applying Patches.
Access the Patch Manager browser interface.
See How to Access the Sun Patch Manager Browser Interface (Web Browser).
Click the Administration tab to access the Patch Management Configuration page.
Go to the Patch Policy section.
Select the checkbox next to the patch property types that you want to add to the policy.
Click Save.
You can choose to analyze your system based on different sets of Sun patches, such as the Recommended Patch Cluster. By default, you use the patch set All Available Patches.
As of June 2005, the only patch sets available from Sun are All Available Patches and Recommended Patch Cluster.
Access the Patch Manager browser interface.
See How to Access the Sun Patch Manager Browser Interface (Web Browser).
Click the Administration tab to access the Patch Management Configuration page.
Go to the Patch Set section under Patch Source.
Select the patch set to use.
To base your analysis on all patches, select All Available Patches.
To base your analysis on recommended patches, select Recommended Patch Cluster.
To base your analysis on another patch set, select Other and type the name of the patch set in the field.
Click Save.
This example shows how to specify a Sun-defined patch set other than All Available Patches or Recommended Patch Cluster.
In this example, you specify a fictitious patch set called patchset1.
Patch Manager is configured to use these default locations for storing patch-related data:
Download directory – Directory in which patches are stored when they are downloaded from the patch source. This is also the directory from which patches are applied. Patches remain in this directory until they are successfully applied. The default location is /var/sadm/spool.
Backout data directory – Directory in which data that enables a patch to be backed out is stored. By default, backout data is stored in the default locations used by patchadd. This is the save directory of each package that was modified by the patch. For example, if a patch modifies the SUNWcsr package, the backout data for that package is stored in the /var/sadm/pkg/SUNWcsr/save directory.
If you run out of available disk space in the default locations, specify different locations for these directories.
If you specify a different directory, you must manually create that directory before performing any patch operations.
Access the Patch Manager browser interface.
See How to Access the Sun Patch Manager Browser Interface (Web Browser).
Click the Administration tab to access the Patch Management Configuration page.
Go to the Directories section.
Determine which directory locations you want to change.
To change the location of the download directory, where patches are downloaded and from where patches are applied, type the new directory name in the Download Directory field.
For example, you might configure the download directory for a system to be /export/patches.
To specify a location for the backout data directory, type the new directory name in the Backout Data Directory field.
For example, you might configure the backout data directory for a system to be /export/patches/backout.
Click Save.
You might want to configure the Patch Manager browser interface to generate an up-to-date list of patches that you can apply each time you access the interface. You do this by scheduling a patch analysis to occur on a regular basis.
Access the Patch Manager browser interface.
See How to Access the Sun Patch Manager Browser Interface (Web Browser).
Click the Administration tab to access the Patch Management Configuration page.
Click the Schedule An Analysis subtab.
Select Enabled to permit a patch analysis to be run at a regular interval.
Select Disabled to disable a scheduled patch analysis.
Schedule the analysis.
The month and year that you specify is only used to determine the day of the week on which to perform a weekly analysis or the day of the month on which to perform a monthly analysis. The analysis is performed when the next interval begins.
Specify the date on which to start the analysis, using one of these methods:
In the Start Date field, type the start date in the form mm/dd/yyyy.
From the drop-down menus, choose the month and year you want, and click the day of the month in the calendar.
From the Start Time drop-down menus, choose the hour and minute of the start time.
From the Repeat Interval drop-down menu, choose the interval in which to perform the analysis.
The analysis is performed at the time you specified based on these intervals:
Daily – At the next occurrence of the time you specified
Weekly – On the day of the week represented by the date you specified
Monthly – On the day of the month represented by the date you specified
Click Save.
This example shows how to schedule a regular analysis of patches each day at 17:15 Pacific time starting on March 11, 2004.
The browser interface enables you to reset all parameter values in two ways:
To the default values
To the previously saved values
Access the Patch Manager browser interface.
See How to Access the Sun Patch Manager Browser Interface (Web Browser).
Click the Administration tab to access the Patch Management Configuration page.
Reset all of the configuration parameter values for your patch management environment.
Click Reset to Default to reset all of the configuration parameters for your patch management environment to the default values.
The default values appear in the parameter fields.
Click Reset to Last Save to reset all of the configuration parameters for your patch management environment to the previously saved values.
The previously saved values appear in the parameter fields.
Click Save.