Patch Management.
Overview
|
Patch
Management : To reduce the risk of problems such as system hangs,
panics,memory leaks, data corruption, application failures, and security
breaches.
|
Procedures
|
Patch management:
• Having proper system
functionality and performance
• Maintaining system
security
• Maintaining system
reliability and availability
• Obtaining the latest
system enhancements and functionality
• Reading about
problems and solutions before you encounter them
• Limiting the number
of patches to install if you encounter a problem
• Limiting the amount
of time required to troubleshoot problems
Patch management
involves any of the following tasks:
• Selecting or
acquiring patches
• Applying patches
• Updating previously
applied patches with more current patches
• Verifying patches
• Testing patches
• Listing patches
already applied to existing software
• Copying patches
• Maintaining
repositories, or depots, of patches for easy selection
• Committing applied
patches
• Removing or rolling back applied patches
.
Patch identification
HP assigns each HP-UX
patch a unique identification or patch ID. Each HP-UX patch ID has the
form PHXX_#####, where:
• PH is an abbreviation
for Patch HP-UX
• XX is replaced with
one of the following values for the HP-UX area being patched:
— CO = command patches
— KL = kernel patches
— NE = network patches
— SS = patches related
to all other subsystems
• ##### is replaced
with a unique four- or five-digit number.
In general, the numeric portion of the patch ID
is higher for more recently released patches.
Use the following SD-UX
commands to determine patch_state values:
• Show the patch_state value
for patch patch_id by entering this command:
#swlist -l fileset -a patch_state patch_id
• Show the patch_state values
for all patches on the local system by entering this command:
#swlist
-l fileset -a patch_state *,c=patch
Use the following swlist
command to view the state associated with patch patch_id:
#swlist
-l fileset -a state | grep patch_id
•
Viewing the Category Tags field on the patch
details page
or inthe text file for the patch.
• Using
the swlist
command:
#swlist -l product -a category_tag patch_id
—
Operates on the software depot depot1 located in directory some_directory on the
local
host:
#swlist @ /some_directory/depot1
—
Operates on the depot depot2 located in directory some_directory on the
system
host1:
#swlist
@ host1:/some_directory/depot2
show_superseded_patches
option
to show them. Enter this command:
swlist -l patch -x
show_superseded_patches=true
To showsuperseded
patches, enter this command:
show_patches –s
To view a list of registered
depots on the local system, use this command
#swlist -l depot
To view
a list of registered depots on a remote system, use this command:
swlist -l depot @ remote_system
To list
the contents of a directory or tape depot, use this command:
swlist -l level
-d @ remote_system:/directory_path/depot_name
Examples of
registering and unregistering depots
To
register a depot, use this command:
swreg -l depot directory_path_to_depot
For
example:
$ swreg -l depot
/depot/patches/2003-07_periodic_depot/
======= 05/05/04
09:55:53 MDT BEGIN swreg SESSION (non-interactive)
* Session started for
user "some_user@my_system".
* Beginning Selection
* Targets: my_system
* Objects:
/depot/patches/2003-07_periodic_depot/
* Selection succeeded.
======= 05/05/04
09:55:53 MDT END swreg SESSION (non-interactive)
To
unregister a depot, use this command:
swreg -u -l depot directory_path_to_depot
For
example:
$ swreg -u -l depot
/depot/patches/2003-07_periodic_depot/
======= 05/05/04
09:40:17 MDT BEGIN swreg SESSION (non-interactive)
* Session started for
user "some_user@my_system".
* Beginning Selection
* Targets: my_system
* Objects:
/depot/patches/2003-07_periodic_depot
* Selection succeeded.
======= 05/05/04 09:40:17 MDT END swreg SESSION
(non-interactive)
Copying patches to
depots
The
following example shows how to copy patch PHCO_27780 from a remote directory depot
to a
local directory depot. The process creates the local depot. The following
values are specified
in the
command line:
• source_system: remote_system
• source_depot: /depot/patches/11.11/
• target_system: my_system
• target_depot: /my_depots/new_directory_depot/
1. List
the registered depots on the local system before copying the patch:
$ swlist -l depot
# Initializing...
# Target
"my_system" has the following depot(s):
/var/spool/sw
The target_depot/my_depots/new_directory_depot/
does
not yet exist.
2. List
the registered depots on the remote system:
$ swlist -l depot @
remote_system
# Initializing...
# Target
"remote_system" has the following depot(s):
/depot/patches/11.00
/depot/patches/11.04
/depot/patches/11.11
/depot/patches/11.23
Note the
source_depot.
3. Show
the contents of the source_depot using /depot/patches/11.11/:
$ swlist -l
product @ remote_system:/depot/patches/11.11
# Initializing...
# Contacting target
"remote_system"...
#
# Target:
remote_system:/depot/patches/11.11
#
...
PHCO_27752 1.0
audevent(1M) cumulative patch
PHCO_27758 1.0 gsp
parser & DIMM labels
PHCO_27780 1.0
HP-UX Patch Tools
PHCO_27781 1.0 su(1)
cumulative patch
PHCO_27828 1.0
ups_mond(1M) cumulative patch
...
Note the
patch to be copied into the target_depot.
4.
Execute the swcopy
command
in preview mode by including the -p argument:
$ swcopy -p -s
remote_system:/depot/patches/11.11 PHCO_27780 \
@
/my_depots/new_directory_depot
The swcopy command
generates a log file. The swcopy output contains a swjob command.
5. Use
the swjob command
to read the log file. This command also verifies that there is
sufficient
disk space for the copy.
$ swjob -a log
my_sys-0827 @
my_system:/my_depots/new_directory_depot
6. Read
the log file.
7.
Execute the swcopy
command
without the preview argument:
$ swcopy -s
remote_system:/depot/patches/11.11 PHCO_27780 \
@ /my_depots/new_directory_depot
8. Show
the registered depots on the local system again:
$ swlist -l depot
# Initializing...
# Target
"my_system" has the following depot(s):
/var/spool/sw
/my_depots/new_directory_depot
The
newly created depot is listed.
9. Show
the contents of the new depot:
$ swlist -l product
-d @ /my_depots/new_directory_depot
# Initializing...
# Contacting target
"my_system"...
#
# Target:
my_system:/my_depots/new_directory_depot
#
PHCO_27780 1.0 HP-UX Patch Tools
Some specific criteria to
consider when planning your change:
— Backup of your system.
— System down time.
— When are your
maintenance windows? What length of time are they?
— In the event of patches
causing negative side effects, what steps will you take to
back out changes, and how
long will it take to execute these steps?
— To significantly reduce
downtime, and to take advantage of the ability to easily
switch back to your
original image if the applied patches cause any negative side
effects, consider using
Dynamic Root Disk (DRD). With DRD, you create a copy
of the root disk (or
clone) that you can apply patches to, while your system is still
up and running. Once all
the patches are loaded on the clone, you can then reboot
the system, using the
clone as your active root volume. If for any reason you decide
that the patched root
volume does not perform as you desire, you can quickly
reboot the original system image
|
Keywords.
|
Swinstall, swremove, swcopy, swreg.swlist
|
No comments:
Post a Comment