HPUX : Patch Management

Patch Management.

Overview

Patch Management : To reduce the risk of problems such as system hangs, panics,memory leaks, data corruption, application failures, and security breaches.

Procedures

Patch management: • Having proper system functionality and performance • Maintaining system security • Maintaining system reliability and availability • Obtaining the latest system enhancements and functionality • Reading about problems and solutions before you encounter them • Limiting the number of patches to install if you encounter a problem • Limiting the amount of time required to troubleshoot problems Patch management involves any of the following tasks: • Selecting or acquiring patches • Applying patches • Updating previously applied patches with more current patches • Verifying patches • Testing patches • Listing patches already applied to existing software • Copying patches • Maintaining repositories, or depots, of patches for easy selection • Committing applied patches • Removing or rolling back applied patches . Patch identification HP assigns each HP-UX patch a unique identification or patch ID. Each HP-UX patch ID has the form PHXX_#####, where: • PH is an abbreviation for Patch HP-UX • XX is replaced with one of the following values for the HP-UX area being patched: — CO = command patches — KL = kernel patches — NE = network patches — SS = patches related to all other subsystems • ##### is replaced with a unique four- or five-digit number. In general, the numeric portion of the patch ID is higher for more recently released patches. Use the following SD-UX commands to determine patch_state values: • Show the patch_state value for patch patch_id by entering this command: #swlist -l fileset -a patch_state patch_id • Show the patch_state values for all patches on the local system by entering this command: #swlist -l fileset -a patch_state *,c=patch Use the following swlist command to view the state associated with patch patch_id: #swlist -l fileset -a state | grep patch_id • Viewing the Category Tags field on the patch details page or inthe text file for the patch. • Using the swlist command: #swlist -l product -a category_tag patch_id — Operates on the software depot depot1 located in directory some_directory on the local host: #swlist @ /some_directory/depot1 — Operates on the depot depot2 located in directory some_directory on the system host1: #swlist @ host1:/some_directory/depot2 show_superseded_patches option to show them. Enter this command: swlist -l patch -x show_superseded_patches=true To showsuperseded patches, enter this command: show_patches –s To view a list of registered depots on the local system, use this command #swlist -l depot To view a list of registered depots on a remote system, use this command: swlist -l depot @ remote_system To list the contents of a directory or tape depot, use this command: swlist -l level -d @ remote_system:/directory_path/depot_name Examples of registering and unregistering depots To register a depot, use this command: swreg -l depot directory_path_to_depot For example: $ swreg -l depot /depot/patches/2003-07_periodic_depot/ ======= 05/05/04 09:55:53 MDT BEGIN swreg SESSION (non-interactive) * Session started for user "some_user@my_system". * Beginning Selection * Targets: my_system * Objects: /depot/patches/2003-07_periodic_depot/ * Selection succeeded. ======= 05/05/04 09:55:53 MDT END swreg SESSION (non-interactive) To unregister a depot, use this command: swreg -u -l depot directory_path_to_depot For example: $ swreg -u -l depot /depot/patches/2003-07_periodic_depot/ ======= 05/05/04 09:40:17 MDT BEGIN swreg SESSION (non-interactive) * Session started for user "some_user@my_system". * Beginning Selection * Targets: my_system * Objects: /depot/patches/2003-07_periodic_depot * Selection succeeded. ======= 05/05/04 09:40:17 MDT END swreg SESSION (non-interactive) Copying patches to depots The following example shows how to copy patch PHCO_27780 from a remote directory depot to a local directory depot. The process creates the local depot. The following values are specified in the command line: • source_system: remote_system • source_depot: /depot/patches/11.11/ • target_system: my_system • target_depot: /my_depots/new_directory_depot/ 1. List the registered depots on the local system before copying the patch: $ swlist -l depot # Initializing... # Target "my_system" has the following depot(s): /var/spool/sw The target_depot/my_depots/new_directory_depot/ does not yet exist. 2. List the registered depots on the remote system: $ swlist -l depot @ remote_system # Initializing... # Target "remote_system" has the following depot(s): /depot/patches/11.00 /depot/patches/11.04 /depot/patches/11.11 /depot/patches/11.23 Note the source_depot. 3. Show the contents of the source_depot using /depot/patches/11.11/: $ swlist -l product @ remote_system:/depot/patches/11.11 # Initializing... # Contacting target "remote_system"... # # Target: remote_system:/depot/patches/11.11 # ... PHCO_27752 1.0 audevent(1M) cumulative patch PHCO_27758 1.0 gsp parser & DIMM labels PHCO_27780 1.0 HP-UX Patch Tools PHCO_27781 1.0 su(1) cumulative patch PHCO_27828 1.0 ups_mond(1M) cumulative patch ... Note the patch to be copied into the target_depot. 4. Execute the swcopy command in preview mode by including the -p argument: $ swcopy -p -s remote_system:/depot/patches/11.11 PHCO_27780 \ @ /my_depots/new_directory_depot The swcopy command generates a log file. The swcopy output contains a swjob command. 5. Use the swjob command to read the log file. This command also verifies that there is sufficient disk space for the copy. $ swjob -a log my_sys-0827 @ my_system:/my_depots/new_directory_depot 6. Read the log file. 7. Execute the swcopy command without the preview argument: $ swcopy -s remote_system:/depot/patches/11.11 PHCO_27780 \ @ /my_depots/new_directory_depot 8. Show the registered depots on the local system again: $ swlist -l depot # Initializing... # Target "my_system" has the following depot(s): /var/spool/sw /my_depots/new_directory_depot The newly created depot is listed. 9. Show the contents of the new depot: $ swlist -l product -d @ /my_depots/new_directory_depot # Initializing... # Contacting target "my_system"... # # Target: my_system:/my_depots/new_directory_depot # PHCO_27780 1.0 HP-UX Patch Tools Some specific criteria to consider when planning your change: — Backup of your system. — System down time. — When are your maintenance windows? What length of time are they? — In the event of patches causing negative side effects, what steps will you take to back out changes, and how long will it take to execute these steps? — To significantly reduce downtime, and to take advantage of the ability to easily switch back to your original image if the applied patches cause any negative side effects, consider using Dynamic Root Disk (DRD). With DRD, you create a copy of the root disk (or clone) that you can apply patches to, while your system is still up and running. Once all the patches are loaded on the clone, you can then reboot the system, using the clone as your active root volume. If for any reason you decide that the patched root volume does not perform as you desire, you can quickly reboot the original system image

Keywords.

Swinstall, swremove, swcopy, swreg.swlist