Chapter 6 Managing Solaris Patches by Using the Sun Patch Manager Browser Interface (Tasks)

This chapter describes how to use the Patch Manager browser interface to manage patches on your Solaris 9 systems.

The following task-related information is in this chapter:

• Managing Solaris Patches by Using the Sun Patch Manager Browser Interface (Task Map)

• Accessing the Sun Patch Manager Browser Interface

• Configuring Your Patch Management Environment by Using the Browser Interface (Task Map)

• Managing Patches by Using the Browser Interface (Task Map)

• Tuning Your Patch Management Environment by Using the Browser Interface (Task Map)

The browser interface that was originally released with the Sun Patch Manager 2.0 product for Solaris 9 systems has been withdrawn.

The Patch Manager product will be replaced by the new Sun Update Manager product.

Managing Solaris Patches by Using the Sun Patch Manager Browser Interface (Task Map)

The following table identifies the tasks that you might perform when you use the Sun Patch Manager browser interface.

Accessing the Sun Patch Manager Browser Interface

Do not run simultaneous Patch Manager operations on your system because it might become unstable. Do not interrupt a patch operation once it has started. If a patch operation is running, you must wait for that operation to complete before starting another operation.

This behavior pertains to operations initiated by both the browser interface and by the smpatch command.

The browser interface for Patch Manager supports the following web browsers:

• Netscape Communicator, at least Version 4.7

• Microsoft Internet Explorer, at least Version 5

• Mozilla^TM, at least Version 1.2

The Patch Manager URL follows this form:

https://system-name.domain:6789/patchmgr

You can obtain help while you use the Patch Manager browser interface by clicking Help at the top of each page of the application.

How to Access the Sun Patch Manager Browser Interface (Web Browser)

1. Become superuser.

2. Ensure that the Sun Web Console is enabled in one of these ways:

   • To start the Sun^TM Web Console manually, type:

     # /usr/sbin/smcwebserver start

   • To enable boot-time startup of the Sun Web Console, type:

     # /usr/sbin/smcwebserver enable

     Each time the system boots, the Sun Web Console is started.

   • To enable boot-time startup of the Sun Web Console and to start it now, type:

     # /usr/sbin/smcwebserver enable # /usr/sbin/smcwebserver start

3. Access the Patch Manager browser interface for your system by typing the URL in your web browser.

   For example, if your system is called mars, the URL is as follows:

   https://mars:6789/patchmgr

4. When you are asked to accept a certificate for the new site, accept it.

   Follow the instructions in the dialog boxes.

   The Sun Web Console login page appears.

   

5. To log in to the Patch Manager application, type one of the following in the User Name field, followed by the password for that user:

   • Name of a user who has the Cron Management, Maintenance and Repair, and Software Installation profiles or the solaris.admin.patchmgr.*, solaris.jobs.admin, and solaris.compsys.write authorizations

   • Name of a user who has permission to assume a role that includes the Cron Management, Maintenance and Repair, and Software Installation profiles or the solaris.admin.patchmgr.*, solaris.jobs.admin, and solaris.compsys.write authorizations

     When the Role Name drop-down menu appears, choose the role to use. Then, type the password for the role in the Password field.

     The System Administrator profile includes these profiles. For information about how to create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

6. Click Log In to open the Patch Manager browser interface.

7. (Optional) Click Sun Patch Manager 2.0 to access the Patches to Apply page.

What to Do Next

After you access the browser interface, you can configure the patch management environment for your system and manage patches.

See the following sections:

• Configuring Your Patch Management Environment by Using the Browser Interface (Task Map)

• Managing Patches by Using the Browser Interface (Task Map)

• Tuning Your Patch Management Environment by Using the Browser Interface (Task Map)

Configuring Your Patch Management Environment by Using the Browser Interface (Task Map)

By default, the patch management environment is configured to obtain patches directly from the Sun patch server.

Therefore, you must customize your environment if your system does one or more of the following:

• Connects to the Internet by means of a web proxy

• Requires a user name and password to obtain patches

• Obtains patches from a patch source other than the Sun patch server

The following table identifies the browser-based tasks that you might perform when you configure the patch management environment for your system.

If you want to use the smpatch command to configure your patch management environment, see Configuring Your Patch Management Environment by Using the Command-Line Interface (Task Map).

How to Specify Your Web Proxy (Web Browser)

If your system connects to the Internet through a web proxy, you must provide information about the web proxy to Patch Manager.

1. Access the Patch Manager browser interface.

   See How to Access the Sun Patch Manager Browser Interface (Web Browser).

2. Obtain the host name and the port of the web proxy from your network administrator.

   For example, the web proxy might be called my-webproxy and the port 2010.

3. Click the Administration tab to access the Patch Management Configuration page.

4. Go to the Web Proxy section.

5. Specify the host name of your web proxy in the Web Proxy Host Name field.

6. Specify the port number used by your web proxy in the Web Proxy Port Number field.

7. (Optional) If the web proxy requires authentication, supply the user name and password.

   Obtain this information from your network administrator.

   1. Go to the Web Proxy section.

   2. Specify the user name in the Web Proxy User Name field.

   3. Specify the password in the Web Proxy User Password field.

      The password appears as asterisks in the field.

      To clear the password, select the Clear checkbox next to the Web Proxy User Password field.

8. Click Save.

Example 6–1 Specifying Your Web Proxy

This example shows how to specify the web proxy used by a system. The web proxy is called my-webproxy and it uses port 2010. This example also shows how to specify the name of the user who authenticates to the web proxy. The user name is proxyusr. Also specify the password for the proxyusr user. Note that the user and password are optional.

How to Specify a User Name and Password With Which to Obtain Patches (Web Browser)

If you needed a user name and password to obtain patches from the Sun patch server, you must specify them for Patch Manager.

As of June 2005, a user name and password are not required to obtain patches from the Sun patch server.

1. Access the Patch Manager browser interface.

   See How to Access the Sun Patch Manager Browser Interface (Web Browser).

2. Click the Administration tab to access the Patch Management Configuration page.

3. Go to the Patch Source section.

4. Specify your Sun user name and password.

   If you do not have an account, register for one at http://sunsolve.sun.com.

   1. Specify your user name in the Sun User Name field.

   2. Specify the password for your user in the Sun User Password field.

      The password appears as asterisks in the field.

      To clear the password, select the Clear checkbox next to the Sun User Password field.

5. Click Save.

How to Specify the Source of Patches (Web Browser)

Your system can obtain patches from the following sources:

• Sun patch server

• Local patch server on your intranet

• Local patch collection

By default, your system obtains patches from the Sun patch server.

The local patch server is an optional Sun Patch Manager 2.0 feature that you can obtain at no charge if you are a contract customer in the SunSpectrum program.

For information about becoming a contract customer or obtaining the local patch server distribution, go to http://sunsolve.sun.com and click Patch Portal.

If you want your system to obtain patches from a local patch server, you must first configure one. See Configuring Your Local Patch Server (Task Map).

1. Access the Patch Manager browser interface.

   See How to Access the Sun Patch Manager Browser Interface (Web Browser).

2. Click the Administration tab to access the Patch Management Configuration page.

3. Go to the Patch Source section.

4. In the Patch Source field, specify the URL that points to the source of patches.

   • For the Sun patch server, select the SunSolve radio button.

   • For a local patch server, select the Other radio button and use this URL format:

     http://server-name:3816/solaris/

   • For a collection of patches in a directory, select the Other radio button and use this URL format:

     file:/directory-name

     Note that directory-name can be a local file system or a remotely mounted file system.

     If you use a CD-ROM as a patch source, ensure that it is mounted before Patch Manager tries to access it.

   See Example 6–2 for examples of using the file:/ URL format.

5. Click Save.

Example 6–2 Specifying the Source of Patches

This example shows how to configure a system to obtain patches from the /export/patches directory on the local system. Specify file:/export/patches in the Other field.

This example shows how to configure a system to obtain patches from the /export/patches directory on the remote system called jupiter. Specify file:/net/jupiter/export/patches in the Other field.

This example shows how to configure a system to obtain patches from a CD mounted from the first CD-ROM drive of the local system. Specify file:/cdrom/cdrom0 in the Other field.

What to Do Next

After you specify a patch source, your client system is ready to manage patches. See Managing Patches by Using the Browser Interface (Task Map).

Managing Patches by Using the Browser Interface (Task Map)

You can use the Patch Manager browser interface to perform the following tasks:

• Analyze your system to determine the list of appropriate patches

• Update your system with patches automatically

• Remove a patch from your system

Perform these tasks and more by using the command-line interface. See Managing Patches by Using the Command-Line Interface (Task Map).

The following table identifies the common patch management tasks.

How to Analyze Your System to Obtain the List of Patches to Apply (Web Browser)

Patch Manager can analyze your system to determine the list of patches that are appropriate for your system.

To schedule a periodic patch analysis of your system, see How to Schedule a Regular Analysis of Patches (Web Browser).

1. Access the Patch Manager browser interface.

   See How to Access the Sun Patch Manager Browser Interface (Web Browser).

2. Click the Patches to Apply tab to access the Patches to Apply page.

3. Click Update Patch List to analyze your system for the list of appropriate patches.

4. When the job completes, click Back to Patches to Apply to view the list of patches to apply.

5. (Optional) Click View README in the SunSolve Actions column to see detailed information about a patch.

   A new browser window opens to show the contents of the patch's README file.

What to Do Next

After you have a list of patches to apply, you can update your system with patches. See How to Update Your System With Patches (Web Browser).

How to Update Your System With Patches (Web Browser)

You can update your system by downloading and applying all of the patches that are listed on the Patches to Apply page. Or, you can select one or more of the patches to download and apply.

The Patches to Apply page lists patches that you can apply to your system.

Each patch entry includes the following information:

• Name – Identification number for the patch, which is its patch ID.

• Description – Synopsis of the patch.

• Special Handling – The patch properties listed in this column describe the special handling measures that are required to apply the patch. To apply the special-handling patches by clicking Apply or Apply All, the policy for applying patches must include the appropriate patch properties. See How to Change the Policy for Applying Patches (Web Browser).

• Sun Alert Patch – A checkmark in this column means that the patch is part of the Recommended Patch Cluster, which is associated with Sun Alert notifications.

• Security Patch – A checkmark in this column means that the patch fixes a security problem.

• SunSolve Actions – Link to the patch's README file. Click View README to open a browser window that displays the patch's README file.

By default, only standard patches and those patches with the rebootafter or reconfigafter patch properties are applied when you click Apply or Apply All.

Any patches in the list that do not have a checkbox cannot be applied because they do not meet the current policy for applying patches. To apply such patches, you must change the policy for applying patches.

If all patches are not applied, you can use the smpatch command to apply them. For more information, see How to Apply Patches to Your System (Command Line) and How to Apply a Nonstandard Patch (Command Line). Also, see the smpatch(1M) man page.

1. Access the Patch Manager browser interface.

   See How to Access the Sun Patch Manager Browser Interface (Web Browser).

2. Click the Patches to Apply tab to access the Patches to Apply page.

3. Determine whether to perform a patch analysis to obtain the most up-to-date list of patches.

   • If you are logging in to the browser interface for the first time, the list of patches to apply is empty. You must first analyze the system to determine the list of appropriate patches.

     To schedule a periodic patch analysis of your system, see How to Schedule a Regular Analysis of Patches (Web Browser).

   • If the list of patches appears, check the date of the last analysis to determine whether you want to perform the analysis again to get the most up-to-date list of patches.

4. (Optional) Click Update Patch List to perform an analysis.

5. (Optional) When the job in Step 4 completes, click Back to Patches to Apply to view the list of patches to apply.

6. (Optional) Click View README in the SunSolve Actions column to see detailed information about a patch.

   A new browser window opens to show the contents of the patch's README file.

   

7. From the Patches to Apply page, apply the appropriate patches.

   • To apply all of the patches in the list that meet the current policy for applying patches, click Apply All.

   • To apply specific patches that meet the current policy for applying patches, select the patches to apply and click Apply.

     If the patches that you select depend on other patches being applied to the system first, those other patches are added to your selection.

   The patches are downloaded and then applied. The progress is indicated on the page.

   When the job completes, the following information appears:

   • Patches that you selected

   • Patches that are added to the selection due to dependencies

   • Patches that are successfully downloaded and applied

   • Errors that occurred while applying patches

8. Click Back to Patches to Apply to return to the Patches to Apply page.

How to Resolve a List of Patches (Web Browser)

Sometimes a patch depends on another patch, that is, the first patch cannot be applied to the system until the other patch is applied. The first patch is said to have a dependency on the second patch.

If you specify a list of patches to apply, you can resolve the list for patch dependencies. The resulting list might include additional patches that you must apply before applying the patches you specified.

1. Access the Patch Manager browser interface.

   See How to Access the Sun Patch Manager Browser Interface (Web Browser).

2. Click the Patches to Apply tab to access the Patches to Apply page.

3. Select the patches that you want to apply.

4. Choose Find Dependencies from the More Actions menu to resolve the list of specified patches.

   The progress is indicated on the page.

5. When the job completes, click Back to Patches to Apply to view the list of patches to apply.

   Any patch dependencies are listed in an alert at the top of the page. In addition, those patches are added to the patch selection.

6. Click Apply to apply the patches you selected.

What to Do Next

After the list of patches is resolved, you can update your system with patches. See How to Update Your System With Patches (Web Browser).

How to Remove Patches From Your System (Web Browser)

Do not remove the Sun Patch Manager 2.0 WBEM patch (117680-01 for x86 and 117679-01 for SPARC) from a system, or Patch Manager will not work properly.

1. Access the Patch Manager browser interface.

   See How to Access the Sun Patch Manager Browser Interface (Web Browser).

2. Click the Applied Patches tab to access the Applied Patches page.

   

3. (Optional) Click the icon next to the More Actions drop-down menu to show all applied patches on a single page.

4. Select the checkbox next to the patches that you want to remove.

   Note that some patches cannot be removed by Patch Manager because they were applied as a part of a Solaris release or because they were applied without preserving backout information. If the patch entry does not have a checkbox next to it, you cannot use Patch Manager to remove the patch.

5. Click Remove to remove the patches you selected.

   The patches are removed. The progress is indicated on the page.

   When the job completes, the following information appears:

   • Patches that you selected

   • Patches that are also removed due to dependencies

   • Patches that are successfully removed

   • Errors that occurred while removing patches

6. Click Back to Applied Patches to view the list of applied patches.

How to View Patch Manager Log Entries (Web Browser)

The Patch Manager log entries can help you identify problems with managing patches.

Each log entry contains the following information:

• Date – Date and time of the log entry

• User – User who performed the operation

• Type – Log entry type: Error, Warning, Informational, or Invalid

• Message – Text of the log message

Log entries appear in chronological order. The most recent entries are added to the top of the log. To see older entries, scroll down the page or go to subsequent pages of the log.

1. Access the Patch Manager browser interface.

   See How to Access the Sun Patch Manager Browser Interface (Web Browser).

2. Click the Logs tab to access the Patch Log Viewer page.

3. Choose the log file you want to view from the Log File drop-down menu.

4. Click the link in the Message column to view the log entry details.

Tuning Your Patch Management Environment by Using the Browser Interface (Task Map)

The following table identifies the optional tasks that you might perform when you use the browser interface to tune the patch management environment for your system.

If you want to use the smpatch command to tune your patch management environment, see Tuning Your Patch Management Environment by Using the Command-Line Interface (Task Map).

How to View the Configuration Settings for Your Patch Management Environment (Web Browser)

You can check the configuration settings of your patch management environment to help diagnose problems or to understand your system's patch-related settings.

1. Access the Patch Manager browser interface.

   See How to Access the Sun Patch Manager Browser Interface (Web Browser).

2. Click the Administration tab to access the Patch Management Configuration page.

   The current configuration settings appear in the fields of that page.

3. Click the Schedule An Analysis subtab to view those settings.

How to Change the Policy for Applying Patches (Web Browser)

If you want to configure your system to apply some nonstandard patches during an update operation, you must change the policy for applying patches.

By default, only patches that are associated with the standard, rebootafter, or reconfigafter properties can be applied by an update operation.

If you change your policy from the default, Sun makes no guarantees that the patches apply correctly to your system or that your system will function properly.

For more information about the policy for applying patches, see Customizing the Policy for Applying Patches.

1. Access the Patch Manager browser interface.

   See How to Access the Sun Patch Manager Browser Interface (Web Browser).

2. Click the Administration tab to access the Patch Management Configuration page.

3. Go to the Patch Policy section.

   

4. Select the checkbox next to the patch property types that you want to add to the policy.

5. Click Save.

How to Change the Patch Set (Web Browser)

You can choose to analyze your system based on different sets of Sun patches, such as the Recommended Patch Cluster. By default, you use the patch set All Available Patches.

As of June 2005, the only patch sets available from Sun are All Available Patches and Recommended Patch Cluster.

1. Access the Patch Manager browser interface.

   See How to Access the Sun Patch Manager Browser Interface (Web Browser).

2. Click the Administration tab to access the Patch Management Configuration page.

3. Go to the Patch Set section under Patch Source.

4. Select the patch set to use.

   • To base your analysis on all patches, select All Available Patches.

   • To base your analysis on recommended patches, select Recommended Patch Cluster.

   • To base your analysis on another patch set, select Other and type the name of the patch set in the field.

5. Click Save.

Example 6–3 Changing the Patch Set

This example shows how to specify a Sun-defined patch set other than All Available Patches or Recommended Patch Cluster.

In this example, you specify a fictitious patch set called patchset1.

How to Change Directory Locations (Web Browser)

Patch Manager is configured to use these default locations for storing patch-related data:

• Download directory – Directory in which patches are stored when they are downloaded from the patch source. This is also the directory from which patches are applied. Patches remain in this directory until they are successfully applied. The default location is /var/sadm/spool.

• Backout data directory – Directory in which data that enables a patch to be backed out is stored. By default, backout data is stored in the default locations used by patchadd. This is the save directory of each package that was modified by the patch. For example, if a patch modifies the SUNWcsr package, the backout data for that package is stored in the /var/sadm/pkg/SUNWcsr/save directory.

If you run out of available disk space in the default locations, specify different locations for these directories.

If you specify a different directory, you must manually create that directory before performing any patch operations.

1. Access the Patch Manager browser interface.

   See How to Access the Sun Patch Manager Browser Interface (Web Browser).

2. Click the Administration tab to access the Patch Management Configuration page.

3. Go to the Directories section.

4. Determine which directory locations you want to change.

   • To change the location of the download directory, where patches are downloaded and from where patches are applied, type the new directory name in the Download Directory field.

     For example, you might configure the download directory for a system to be /export/patches.

     

   • To specify a location for the backout data directory, type the new directory name in the Backout Data Directory field.

     For example, you might configure the backout data directory for a system to be /export/patches/backout.

     

5. Click Save.

How to Schedule a Regular Analysis of Patches (Web Browser)

You might want to configure the Patch Manager browser interface to generate an up-to-date list of patches that you can apply each time you access the interface. You do this by scheduling a patch analysis to occur on a regular basis.

1. Access the Patch Manager browser interface.

   See How to Access the Sun Patch Manager Browser Interface (Web Browser).

2. Click the Administration tab to access the Patch Management Configuration page.

3. Click the Schedule An Analysis subtab.

4. Select Enabled to permit a patch analysis to be run at a regular interval.

   Select Disabled to disable a scheduled patch analysis.

5. Schedule the analysis.

   ---

   Note –

   The month and year that you specify is only used to determine the day of the week on which to perform a weekly analysis or the day of the month on which to perform a monthly analysis. The analysis is performed when the next interval begins.

   ---

   1. Specify the date on which to start the analysis, using one of these methods:

      • In the Start Date field, type the start date in the form mm/dd/yyyy.

      • From the drop-down menus, choose the month and year you want, and click the day of the month in the calendar.

   2. From the Start Time drop-down menus, choose the hour and minute of the start time.

   3. From the Repeat Interval drop-down menu, choose the interval in which to perform the analysis.

      The analysis is performed at the time you specified based on these intervals:

      • Daily – At the next occurrence of the time you specified

      • Weekly – On the day of the week represented by the date you specified

      • Monthly – On the day of the month represented by the date you specified

6. Click Save.

Example 6–4 Scheduling a Regular Analysis of Patches

This example shows how to schedule a regular analysis of patches each day at 17:15 Pacific time starting on March 11, 2004.

How to Reset Configuration Parameter Values (Web Browser)

The browser interface enables you to reset all parameter values in two ways:

• To the default values

• To the previously saved values

1. Access the Patch Manager browser interface.

   See How to Access the Sun Patch Manager Browser Interface (Web Browser).

2. Click the Administration tab to access the Patch Management Configuration page.

3. Reset all of the configuration parameter values for your patch management environment.

   • Click Reset to Default to reset all of the configuration parameters for your patch management environment to the default values.

     The default values appear in the parameter fields.

   • Click Reset to Last Save to reset all of the configuration parameters for your patch management environment to the previously saved values.

     The previously saved values appear in the parameter fields.

4. Click Save.