| Sun Update Manager 1.0 Administration Guide |    
|
| Sun Update Manager 1.0 Administration Guide |
|
| C H A P T E R 1 |
|
Overview of Sun Update Manager |
The SunTM Update Manager software is one part of the Sun Update Connection, System Edition 1.0 software that enables you to locally manage updates on your system. Sun Update Manager is henceforth referred to as Update Manager.
This chapter covers the following topics:
|
Note - The terms patch and update are used interchangeably in the Sun Update Manager application and in this book. |
|
Note - If you are familiar with Sun Update Manager and want to go ahead and install the client software, go to Chapter 2. |
Sun Update Manager has two user interfaces that you can use to locally manage updates on your system. The user interfaces are the Sun Update Manager graphical user interface and the smpatch command-line interface.
This section covers the following topics:
Before you can use Update Manager or the Sun Update Connection services to manage updates on your systems, you must determine the update management strategy you want to use.
1. Install and start the Sun Update Manager application on your SolarisTM 10 system.
2. Find the situation that best describes your update management environment.
You are ready to begin the system registration process.
You must first specify the host name and port of the network proxy during the system registration process. If required, also specify the user name and password associated with the network proxy.
You must first configure a system to act as your Sun Update Connection Proxy. See Configuring Your Sun Update Connection Proxy (Task Map). Then, configure your client system to obtain updates from the proxy during the registration process.
3. Register your Solaris system with Update Manager.
During the registration process, you are prompted for a Sun Online Account. You might already have a Sun Online Account if you registered for an account with programs such as Java Developer ConnectionSM, Online Support Center (OSC), MySun, SunSolveSM, and SunStore.
Determine the update management strategy you want to use based on your level of registration and subscription.
4. Manage updates on your Solaris 10 systems.
The following table summarizes the Sun Update Manager 1.0 features and tasks that are supported by the GUI and the command-line interface (smpatch).
Update management involves applying Solaris updates, also referred to as patches, to a system. Update management might also involve removing unwanted or faulty updates. Removing updates is also called backing out updates.
This section covers the following topics:
For information about applying patches to diskless client systems, see "Patching Diskless Client OS Services" in System Administration Guide: Basic Administration.
For information about recommended strategies and practices for using Solaris updates, go to http://docs.sun.com/doc/817-0574/.
An update is a collection of files and directories that replaces or updates existing files and directories that are preventing proper execution of the existing software. An update might also introduce a new feature to the system. Such an update is called a feature update. The existing software is derived from a specified package format, which conforms to the application binary interface (ABI).
You can manage updates on your Solaris system by using the Update Manager application, the smpatch command, or the patchadd command.
A signed update is one that has a digital signature applied to it. An update that has its digital signature verified has not been modified since the signature was applied. The digital signature of a signed update is verified after the update is downloaded to your system.
Updates and patches for Solaris releases are available as signed updates and as unsigned updates. Unsigned updates do not have a digital signature.
Signed updates are stored in JavaTM archive format (JAR) files and are available from the Sun update server. Unsigned updates are stored in directory format and are also available from the Sun update server as .zip files.
Sun customers can access updates and patches from the Sun update server whether or not they are in the SunSpectrumSM program. These updates and patches are updated nightly.
You can obtain Solaris updates in the following ways:
To access updates from the Sun Patch Portal, your system must be connected to the Internet and be capable of running a web browser, such as the MozillaTM software.
You can access individual updates or a set of updates from an update cluster, or refer to update reports. You can also use Sun Update Manager to analyze your system to determine the appropriate updates. Update Manager can also download and apply the updates to your system.
Each update is associated with a README file that has information about the update. You can view the README from the Update Manager GUI.
Updates are identified by unique update IDs. An update ID is an alphanumeric string that is an update base code and the update revision number joined with a hyphen. For example, update 118822-02 is the update ID for the SunOSTM 5.10 kernel update.
You can use the following tools to apply updates to Solaris systems:
If you need to apply a patch to a diskless client system, see "Patching Diskless Client OS Services" in System Administration Guide: Basic Administration.
The Update Manager application is part of the Sun Update Connection, System Edition software product. The Sun Update Connection services are also part of this software product.
The following table summarizes the availability of various Solaris update management tools.
While you apply updates, the patchadd command logs information in the /var/sadm/patch/update-id/log file.
The patchadd command cannot apply an update under the following conditions:
You can use several different methods to download or apply one or more updates to your system. Use the following table to determine which method is best for your needs.
|
Note - The version of the smpatch command described in this table was first available for Solaris 8 systems. |
|
Use this tool when you want the convenience of a GUI to manage updates. |
Managing Solaris Updates by Using the Sun Update Manager GUI |
|
|
Use this Sun-hosted web application to remotely manage updates on all of your Solaris 10 systems. |
||
|
Use this command to analyze your system to determine the appropriate updates, and to automatically download and apply the updates. Note that this command will not apply an update that has the interactive property set. For Solaris 8 systems, only the local mode smpatch is available. |
||
|
First, use smpatch analyze to analyze your system to determine the appropriate updates. Then, use smpatch update to download and apply one or more of the updates to your system. Note that this command will not apply an update that has the interactive property set. For Solaris 8 systems, only the local mode smpatch is available. |
||
|
First, use smpatch analyze to analyze your system to determine the appropriate updates. Then, use smpatch download to download them. This command also downloads any prerequisite updates. Then, use smpatch add to apply one or more of the updates to your system while the system is in single-user or multiuser mode. For Solaris 8 systems, only the local mode smpatch is available. |
||
|
Starting with Solaris 2.6 release - Apply unsigned updates to your system. Starting with Solaris 9 12/03 release - Use this command to apply either signed or unsigned updates to your system. To apply signed updates, you must first set up your package keystore. |
If you choose to use the smpatch command-line interface or the Update Manager graphical user interface to apply updates, see Getting Started With Update Manager for additional information that might affect which method you select.
This section describes the main features of Sun Update Connection, System Edition:
To use the Update Manager tool, you must install at least the End User Solaris Software Group of Solaris 10 software.
Information about Solaris patches and the Sun Patch Manager 2.0 software is in System Administration Guide: Basic Administration in the Solaris 10 System Administrator Collection on the docs.sun.com site.
Update Manager offers a graphical user interface for updating systems with updates. You can use the GUI to analyze your system, apply updates you select, remove updates, and configure your update management environment.
The Sun Update Connection services enable you to remotely monitor and manage all update activities for each of your registered systems. These services are available through a web application that runs at Sun.
The Sun Update Connection services provide a web application that is hosted on a Sun web site. You can use this tool to create jobs to run on systems as they check in to the service. A job either installs an update or uninstalls an update. You can also use the web application to view the update status of your systems and of your jobs.
The Sun Update Connection services have these features:
For more information about the Sun Update Connection services, see the Sun Update Connection 1.0 Administration Guide.
The Sun Update Connection Proxy was previously called local patch server.
This proxy supports client systems that use the Sun Update Connection, System Edition 1.0 software and the Sun Patch Manager 2.0 software. A Sun Update Connection client system is not compatible with the older local patch server feature associated with the Sun Patch Manager 2.0 product.
|
Note - The Sun Update Connection Proxy is an optional feature that you can obtain at no charge if you have a Sun Service Plan. For information about obtaining a Sun Service Plan, go to Solaris Operating System Software Support at http://www.sun.com/service/support/software/solaris/ and select the appropriate level of service. |
Starting with the Solaris 8 Operating System, client systems can access updates and update data to perform update analysis and maintenance. This update data is provided by an update source. The update source can be an update server, such as the Sun update server or a Sun Update Connection Proxy (also referred to as a local patch server), or a local collection of updates.
By using a Sun Update Connection Proxy on your intranet, you can serve updates to your local systems and minimize the Internet traffic between your systems and the Sun update server. This type of proxy caches any updates that are downloaded from its update source.
For information about configuring this type of proxy on your intranet, see Configuring Your Sun Update Connection Proxy by Using the Command-Line Interface.
The Sun Update Connection Proxy obtains updates from its source of updates on a per-request basis. You do not need to stock your proxy with updates before you use it.
The system that you choose to act as the Sun Update Connection Proxy must be running at least Solaris 10 and have at least the Developer Solaris Software Group installed. This system must also have the Sun Update Manager 1.0 software installed.
Using a Sun Update Connection Proxy addresses security concerns as well as system analysis and update download performance issues.
For instance, if your client systems are connected to a Sun Update Connection Proxy and managed locally, the client systems do not need to be connected to the Internet. These client systems also do not need to be registered by the Sun Update Manager software.
As another example, using this type of proxy can improve update-related performance issues. Instead of updates and metadata being downloaded from the Sun update server to each of your systems, the update is downloaded only once to your Sun Update Connection Proxy. After the update data is stored on this server, update data is transferred to your system for analysis over your intranet instead of over the Internet.
You can configure a chain of Sun Update Connection Proxies on your intranet. The last link in the chain of proxies can point to the Sun update server or to a local collection of updates. By using this chain of proxies, an update download request from your system to its primary Sun Update Connection Proxy can be forwarded to other proxies in the chain in an attempt to fulfill the request. If your system's primary Sun Update Connection Proxy cannot locate an update, it makes the same request of the next proxy in the chain to see if the update is stored there. If the update is found, it is downloaded to the system. If the update is not found, the request continues along the chain until the update is found or the last proxy in the chain is reached.
For example, your company has a Sun Update Connection Proxy that obtains updates directly from the Sun update server. Each office in your company has its own Sun Update Connection Proxy that obtains updates from the company proxy.
Each Sun Update Connection Proxy in the chain stores the updates found on another proxy in the chain based on the download request. So, an update that is not initially found on your proxy will be downloaded to your Sun Update Connection Proxy and stored before being downloaded to the client system. Each system in a chain of proxies might increase the amount of time it takes to download updates to your client system. So, the first time a client system requests a download, the update is downloaded to the proxy system over the Internet. Subsequent requests for that update are downloaded to the client system from the proxy system over your intranet.
Update Manager incorporates PatchPro functionality. PatchPro performs update analyses on systems, then downloads and applies the resulting updates. This automation functionality was previously available for Solaris 2.6, Solaris 7, Solaris 8, and Solaris 9 as a separate PatchPro product, and in the Sun Patch Manager 2.0 product. PatchPro functionality is now part of the Sun Update Manager 1.0 software.
PatchPro uses signed updates, which improves the security of Solaris updates by ensuring that they have not been modified.
|
Note - The pprosetup and pprosvc commands are included with Sun Update Manager 1.0 for transition purposes. It is best not to use these commands and to use the smpatch command instead. |
|
Note - On Solaris 8 systems, you can only run smpatch in local mode. |
Starting with Solaris 9, the smpatch command is available in two modes: local mode and remote mode. Local mode can only be run on the local system. This mode can be run while the system is in single-user or multiuser mode. Remote mode can be used to perform tasks on remote systems. Both local mode and remote mode can be used by users or roles that have the appropriate authorizations.
By default, smpatch runs in local mode. In local mode, the Solaris WBEM services are not used, and none of the authentication options or options that refer to remote systems are available. The smpatch command in local mode runs faster than in remote mode.
If you specify any of the remote or authentication options (except for -L), remote mode is used.
You can use the smpatch add command in local mode to apply updates while the system is in single-user mode. Apply updates in this way when the updates are associated with the singleuser update property, or when you want to apply any updates to a quiet system.
Use only the smpatch add, smpatch order, and smpatch remove commands to manage updates when your system is running in single-user mode.
You can configure your update management environment while the system is running in single-user mode by using the smpatch get, smpatch set, and smpatch unset commands.
Do not use the smpatch analyze, smpatch download, and smpatch update commands while the system is running in single-user mode. These commands depend on network services that are not available while the system is in single-user mode.
Some updates cannot be automatically applied to your system if they do not meet the policy for applying updates. These updates might need to be applied manually in single-user mode.
Updates that require an immediate reboot or reconfiguration reboot after applying them are not applied immediately. Instead, these updates are automatically applied during a scheduled system shutdown.
You can use the smpatch command to create an ordered list of updates. You can save the ordered list to a text file and use it to perform update operations.
You might use an update list to apply the same set of updates to systems that have the same hardware and software configurations. Or, you might create an update list file that contains all pertinent security updates and use that list to apply those security updates to one or more systems.
You can create a file that contains an ordered update list by using the smpatch command in any of these ways:
If you modify an update list and the updates are available on your system, use the smpatch order command to put the list in an order suitable for applying updates. Otherwise, use the smpatch analyze command, which also produces an ordered list of updates.
|
Caution - The smpatch addcommand attempts to apply all of the updates in the update list, regardless of the policy for applying updates and update dependencies. |
You can use update lists as input to the smpatch add, smpatch analyze, smpatch download, smpatch order, and smpatch update commands.
To use the Sun Update Manager software, you must be familiar with these concepts:
Information about Solaris patches and the Sun Patch Manager 2.0 software is in System Administration Guide: Basic Administration in the Solaris 10 System Administrator Collection on the docs.sun.com site.
Update Manager is a tool for managing updates on Solaris 10 systems. Update Manager extends the functionality that was previously available with the Sun Patch Manager 2.0 software. This new functionality is only available if you have a Sun Online Account and you register your system with Sun.
Only systems that have been registered with Update Manager can use its functionality and be managed remotely by the Sun Update Connection services.
For instructions on registering your system, see How to Register Your System. For information about obtaining a subscription key, see How to Obtain a Sun Subscription Key.
A customer with a Sun Service Plan, which includes software support, can do any of the following:
For information about the available Solaris Service Plans, go to the http://www.sun.com/service/solaris10/ web site.
To use Update Manager, you must register the system on which you installed the software. You can select from three levels of registration and entitlement, which are described in the following sections:
|
Note - An unregistered system only has access to security updates. You can manage the updates on your unregistered system by using the smpatch add command and the smpatch remove command. |
You have sent basic information about your system to Sun, but have not purchased an update management subscription. At this service level, you can use the Update Manager application to locally manage updates, which includes doing the following:
You have sent system information to Sun and have purchased an update management subscription. This service level expands the functionality available at the previous (basic) service level. You can use the Update Manager application for these tasks:
You have sent system information, purchased a subscription, and want to use the Sun Update Connection services to remotely manage updates. This service level expands the functionality available at the previous (middle) service level. You can use the Sun Update Connection services for these tasks:
Update Manager enables you to perform the update management process, which includes the following tasks:
For information about recommended strategies and practices for using Solaris updates, go to http://docs.sun.com/doc/817-0574/.
After an update has been successfully applied, the downloaded update is removed from the download directory.
Updates are applied to your system depending on the specified policy and the update properties that are associated with the downloaded updates.
If an update does not meet the policy for applying updates, the update is not applied immediately. Instead, the update is applied during a scheduled system shutdown. The Update Manager application shows these updates as being Restart Required updates.
For any of the updates that have the interactive property set, follow the instructions in the update's README file to manually apply them. The Update Manager application shows these updates as being Download Only updates.
Before you apply updates to your system, you must determine which updates are needed. You can use Update Manager to perform a update analysis of your system to obtain a list of appropriate updates.
Update Manager uses analysis modules and a list of available updates to perform the analysis of your Solaris system. For information about the source of updates, see Specifying the Source of Updates.
Based on the result of the analysis, the updates can be downloaded and applied to your system.
Sometimes an update cannot be applied to the system until another update is applied. The first update is said to depend on the second update. When Update Manager analyzes your system, it checks for update dependencies and automatically includes all updates in the resulting list.
Before you apply updates to your system, you must download the updates that you want from the Sun update server to that system.
You can download updates from the Sun update server based on an analysis of the system, or you can specify particular updates to download.
The Update Manager application ties the download operation and the installation operation together. So, when you request that an update be installed, the update is first downloaded to your system and then installed.
Some updates, which are marked as Download Only, cannot be installed by the Update Manager application. When you request that a Download Only update be installed, the update is downloaded to your system, but not installed. To install the update, you must follow the installation instructions in the update's README file.
Update Manager can apply updates to your system.
If you use the smpatch add command to apply particular updates, it attempts to apply only those updates that you specified. The smpatch add command does not attempt to resolve update dependencies. If you want to apply an update that has a missing dependency, the update is not applied. You can use the smpatch analyze command or the smpatch update command to resolve update dependencies.
When you use the Sun Update Manager GUI to apply updates that you selected from the list of updates, each update is downloaded (if necessary) before it is applied.
If you attempt to install a list of updates, Update Manager first performs an analysis to determine whether dependent updates must also be installed.
You might want to remove (or back out) an update that you previously applied to your system. Update Manager enables you to remove updates.
|
Caution - Do notremove the Sun Update Manager 1.0 feature update from a system, or Update Manager will not work properly. |
When you remove an update, the Solaris update tools restore all of the files that have been modified by that update, unless any of the following are true:
During the update removal process, the patchrm command logs the backout process in the /tmp/backoutlog.process-id file. This log file is automatically removed if the update is successfully removed.
You can use the Sun Update Manager GUI to remove one or more updates by selecting them from the list of applied updates. However, you can only remove one update at a time with the smpatch remove command.
|
Note - If you attempt to remove an update on which other updates depend, it is not removed. If you remove all of the updates that depend upon this update, you can remove the update. |
When you attempt to remove an update on which other updates depend, Update Manager presents you with the list of updates that must be removed as well. To remove the update you originally selected, you must agree to remove these updates.
You can request that your Solaris 10 systems be managed by the Sun Update Connection services either during or after the registration process. These services provide a web application for managing the updates on all of your systems.
For more information, see the Sun Update Connection 1.0 Administration Guide.
Even if your system is managed by the Sun Update Connection services, you can still use Update Manager to manage updates on your local system.
When you use Update Manager, your client systems and any Sun Update Connection Proxies must have access to Solaris updates and update data. Both client systems and proxies can obtain updates from these sources:
The default source of updates for client systems and Sun Update Connection Proxies is the Sun update server. As a result, any client system or Sun Update Connection Proxy that obtains updates from the Sun update server must be connected, either directly or through a network proxy, to the Internet.
You can use a combination of Sun Update Connection Proxies and different update sources to configure these update management environments.
Clients access updates and update data from the following sources:
For instructions on specifying the source of updates for your client system, see How to Specify a Source of Updates (GUI).
For instructions on specifying the source of updates for your proxy, see How to Change Configuration Settings for Your Sun Update Connection Proxy (Command Line).
Update Manager applies these types of updates to your system:
Standard updates are associated with the standard update property. Updates marked as Restart Required are associated with the rebootafter, reconfigafter, rebootimmediate, reconfigimmediate, and singleuser update properties. Updates marked as Download Only are associated with the interactive update property. Download Only updates are only downloaded to your system and must be applied manually according to the instructions in the update's README file.
If you use the smpatch update command to update your system, however, you can customize the policy for applying updates.
For more information about this policy, see the smpatch(1M) man page.
The smpatch set command uses the following parameters to configure your update management environment.
|
Note - Except for patchpro.patchset, parameters can also be modified in the Sun Update Manager GUI by choosing Preferences from the File menu and specifying the appropriate values. |
Choose the update set from the View Collection menu.
| Sun Update Manager 1.0 Administration Guide | 835-0615 |
|
Copyright © 2005, Sun Microsystems, Inc. All Rights Reserved.