UnixPedia : HPUX / LINUX / SOLARIS: HPUX : Patch Management

Saturday, May 3, 2014

HPUX : Patch Management


Patch Management.
Overview
Patch Management : To reduce the risk of problems such as system hangs, panics,memory leaks, data corruption, application failures, and security breaches.
Procedures
Patch management:
• Having proper system functionality and performance
• Maintaining system security
• Maintaining system reliability and availability
• Obtaining the latest system enhancements and functionality
• Reading about problems and solutions before you encounter them
• Limiting the number of patches to install if you encounter a problem
• Limiting the amount of time required to troubleshoot problems
Patch management involves any of the following tasks:
• Selecting or acquiring patches
• Applying patches
• Updating previously applied patches with more current patches
• Verifying patches
• Testing patches
• Listing patches already applied to existing software
• Copying patches
• Maintaining repositories, or depots, of patches for easy selection
• Committing applied patches
• Removing or rolling back applied patches
.

Patch identification
HP assigns each HP-UX patch a unique identification or patch ID. Each HP-UX patch ID has the
form PHXX_#####, where:
• PH is an abbreviation for Patch HP-UX
• XX is replaced with one of the following values for the HP-UX area being patched:
— CO = command patches
— KL = kernel patches
— NE = network patches
— SS = patches related to all other subsystems
• ##### is replaced with a unique four- or five-digit number.
In general, the numeric portion of the patch ID is higher for more recently released patches.


Use the following SD-UX commands to determine patch_state values:
• Show the patch_state value for patch patch_id by entering this command:
#swlist -l fileset -a patch_state patch_id
• Show the patch_state values for all patches on the local system by entering this command:
#swlist -l fileset -a patch_state *,c=patch
Use the following swlist command to view the state associated with patch patch_id:
#swlist -l fileset -a state | grep patch_id

• Viewing the Category Tags field on the patch details page or inthe text file for the patch.
• Using the swlist command:
#swlist -l product -a category_tag patch_id

— Operates on the software depot depot1 located in directory some_directory on the
local host:
#swlist @ /some_directory/depot1
— Operates on the depot depot2 located in directory some_directory on the system
host1:
#swlist @ host1:/some_directory/depot2

show_superseded_patches option to show them. Enter this command:
swlist -l patch -x show_superseded_patches=true

To showsuperseded patches, enter this command:
show_patches –s

To view a list of registered depots on the local system, use this command
#swlist -l depot

To view a list of registered depots on a remote system, use this command:
swlist -l depot @ remote_system

To list the contents of a directory or tape depot, use this command:
swlist -l level -d @ remote_system:/directory_path/depot_name



Examples of registering and unregistering depots
To register a depot, use this command:
swreg -l depot directory_path_to_depot
For example:
$ swreg -l depot /depot/patches/2003-07_periodic_depot/
======= 05/05/04 09:55:53 MDT BEGIN swreg SESSION (non-interactive)
* Session started for user "some_user@my_system".
* Beginning Selection
* Targets: my_system
* Objects: /depot/patches/2003-07_periodic_depot/
* Selection succeeded.
======= 05/05/04 09:55:53 MDT END swreg SESSION (non-interactive)
To unregister a depot, use this command:
swreg -u -l depot directory_path_to_depot
For example:
$ swreg -u -l depot /depot/patches/2003-07_periodic_depot/
======= 05/05/04 09:40:17 MDT BEGIN swreg SESSION (non-interactive)
* Session started for user "some_user@my_system".
* Beginning Selection
* Targets: my_system
* Objects: /depot/patches/2003-07_periodic_depot
* Selection succeeded.
======= 05/05/04 09:40:17 MDT END swreg SESSION (non-interactive)

Copying patches to depots
The following example shows how to copy patch PHCO_27780 from a remote directory depot
to a local directory depot. The process creates the local depot. The following values are specified
in the command line:
source_system: remote_system
source_depot: /depot/patches/11.11/
target_system: my_system
target_depot: /my_depots/new_directory_depot/
1. List the registered depots on the local system before copying the patch:
$ swlist -l depot
# Initializing...
# Target "my_system" has the following depot(s):
/var/spool/sw
The target_depot/my_depots/new_directory_depot/ does not yet exist.
2. List the registered depots on the remote system:
$ swlist -l depot @ remote_system
# Initializing...
# Target "remote_system" has the following depot(s):
/depot/patches/11.00
/depot/patches/11.04
/depot/patches/11.11
/depot/patches/11.23
Note the source_depot.
3. Show the contents of the source_depot using /depot/patches/11.11/:
$ swlist -l product @ remote_system:/depot/patches/11.11
# Initializing...
# Contacting target "remote_system"...
#
# Target: remote_system:/depot/patches/11.11
#
...
PHCO_27752 1.0 audevent(1M) cumulative patch
PHCO_27758 1.0 gsp parser & DIMM labels
PHCO_27780 1.0 HP-UX Patch Tools
PHCO_27781 1.0 su(1) cumulative patch
PHCO_27828 1.0 ups_mond(1M) cumulative patch
...
Note the patch to be copied into the target_depot.
4. Execute the swcopy command in preview mode by including the -p argument:
$ swcopy -p -s remote_system:/depot/patches/11.11 PHCO_27780 \
@ /my_depots/new_directory_depot
The swcopy command generates a log file. The swcopy output contains a swjob command.
5. Use the swjob command to read the log file. This command also verifies that there is
sufficient disk space for the copy.
$ swjob -a log my_sys-0827 @
my_system:/my_depots/new_directory_depot
6. Read the log file.
7. Execute the swcopy command without the preview argument:
$ swcopy -s remote_system:/depot/patches/11.11 PHCO_27780 \
@ /my_depots/new_directory_depot

8. Show the registered depots on the local system again:
$ swlist -l depot
# Initializing...
# Target "my_system" has the following depot(s):
/var/spool/sw
/my_depots/new_directory_depot
The newly created depot is listed.
9. Show the contents of the new depot:
$ swlist -l product -d @ /my_depots/new_directory_depot
# Initializing...
# Contacting target "my_system"...
#
# Target: my_system:/my_depots/new_directory_depot
#
PHCO_27780 1.0 HP-UX Patch Tools


Some specific criteria to consider when planning your change:
— Backup of your system.
— System down time.
— When are your maintenance windows? What length of time are they?
— In the event of patches causing negative side effects, what steps will you take to
back out changes, and how long will it take to execute these steps?
— To significantly reduce downtime, and to take advantage of the ability to easily
switch back to your original image if the applied patches cause any negative side
effects, consider using Dynamic Root Disk (DRD). With DRD, you create a copy
of the root disk (or clone) that you can apply patches to, while your system is still
up and running. Once all the patches are loaded on the clone, you can then reboot
the system, using the clone as your active root volume. If for any reason you decide
that the patched root volume does not perform as you desire, you can quickly
reboot the original system image
Keywords.
Swinstall, swremove, swcopy, swreg.swlist

No comments:

Post a Comment