Content-type: text/html Man page of pprosetup

pprosetup

Section: System Administration Commands (1M)
Updated: 6 Apr 2005
Index Return to Main Contents
 

NAME

pprosetup - setup program for Patch Manager  

SYNOPSIS

/usr/sbin/pprosetup [-a admin-email-addr] [-b backout-dir] [-c config-name] [-C] [-d patch-dir] [ [-D | -M day-of-month | -W day-of-week] [-s hh:mm]] [-h] [-H] [-i [none | patch-property-list]] [-L] [-p [none | standard]] [-P patch-source-url] [-q sequester-dir] [-u user-name] [-U proxy-user-name] [-x [host:port]]  

DESCRIPTION

Note - This command is deprecated. Use the smpatch set, smpatch unset, and smpatch get commands instead. See the smpatch(1M) man page.

Use the pprosetup command, as superuser, to configure your patch management environment by doing the following:

• Scheduling the patch operations

• Setting a patch policy

• Specifying patch directories

• Specifying the hardware on the system

• Specifying alternate configurations

 

Scheduling the Patch Operations

Schedule the automatic synchronization of patches with Sun's patch base. This scheduling makes the pprosvc command run in automatic mode. This mode is set up by using the cron interface. Use the -C, -D, -M, -s, and -W options to perform the scheduling tasks.

If you do not want to schedule patch operations, you can run the pprosvc and smpatch commands in manual mode, which means running the tool from the command line.

Note that midnight is represented as 00:00.

Note - The smpatch command does not directly support this mechanism for scheduling patch operations. You can set up a schedule by using cron to run smpatch in local mode. See the smpatch(1M) man page.

 

Setting a Patch Policy

Patches are classified as being standard or nonstandard. A standard patch can be applied by pprosvc in automatic mode. Such a patch is associated with the standard patch property. A nonstandard patch is one that has one of the following characteristics:

• A patch that is associated with the rebootafter, rebootimmediate, reconfigafter, reconfigimmediate, or singleuser properties. This nonstandard patch can be applied by running the pprosvc command or the smpatch command in manual mode.

• A patch that is associated with the interactive property. Such a patch cannot be applied by using the smpatch command.

Use pprosetup to schedule patch operations to run in automatic mode. Patches are applied based on the policy, which you can set by running pprosetup.

Use pprosetup -p to specify the types of patches to apply in automatic mode. You can set a policy to apply no patches (none) or standard patches (standard).

Use pprosetup -i to specify the types of patches to apply in manual mode. Such patches might include those that require a reboot and those that must be applied while the system is in single-user mode. Specify the types of patches that can be applied by using the following command:

# pprosetup -i patch-property-list

patch-property-list is a colon-separated list of one or more of the following patch properties:

interactive A patch that cannot be applied by running the usual patch management tools (pprosvc, smpatch, or patchadd). Before this patch is applied, the user must perform special actions. Such actions might include checking the serial number of a disk drive, stopping a critical daemon, or reading the patch's README file.

rebootafter The effects of this patch are not visible until after the system is rebooted.

rebootimmediate When this patch is applied, the system becomes unstable until the system is rebooted. An unstable system is one in which the behavior is unpredictable and data might be lost.

reconfigafter The effects of this patch are not visible until after a reconfiguration reboot (boot -r). See the boot(1M) man page.

reconfigimmediate When this patch is applied, the system becomes unstable until the system gets a reconfiguration reboot (boot -r). An unstable system is one in which the behavior is unpredictable and data might be lost.

singleuser Do not apply this patch while the system is in multiuser mode. You must apply this patch on a quiet system with no network traffic and with extremely restricted I/O activity.

standard This patch can be applied while the system is in multiuser mode. The effects of the patch are visible as soon as it is applied unless the application being patched is running while the patch is applied. In this case, the effects of the patch are visible after the affected application is restarted.

Note - The smpatch command only supports the patch policy for manual mode.

 

Specifying Patch Directories

Use the following options to specify the directories in which to store patch-related data:

• Use the -b option to specify the directory in which to store backout data. During a patch backout operation, the data is retrieved from this directory to restore the system to its state prior to applying the patch.

• Use the -d option to specify the download directory in which to store patches that are downloaded from the Sun patch server. This directory is also the location from which patches are applied.

• Use the -q option to specify the directory in which to store patches that cannot be applied automatically. Such patches are called sequestered patches.

Note - The sequester directory is not used by the smpatch command.

 

Specifying the Hardware on the System

Use the -H option to run a program that helps you determine the hardware that is attached to the host system, such as firmware, disk array systems, and tape storage systems.

Use this option to select the hardware that applies to this system. Select the sequence number of the specific hardware. A confirmation page lists the selections.

Save the specified hardware configuration information to a file. Then, the system responds by performing the appropriate actions.

Note - The smpatch command does not support this feature for specifying hardware on your system.

 

Specifying Alternate Configurations

The pprosetup command uses a configuration file to specify the collection of patches with which to perform patch operations. By default, all of the patches from the Sun patch server are available for patch operations.

The -c option enables you to specify an alternate configuration.

Sun currently provides one alternate configuration, which is called the recommended configuration. This configuration includes only those patches that have been declared significant. Such patches include security patches and patches that address known performance and availability problems.

You can use the -c recommended option when you schedule patch operations. For example, the following command schedules monthly patch operations that use the recommended configuration:

# pprosetup -c recommended -M 15 -s 23:30

To cancel a schedule that uses the recommended configuration, type:

# pprosetup -c recommended -C

You are permitted to modify the recommended configuration by using the -c option. See EXAMPLES.

Note - The smpatch command does not support this feature for specifying alternate configurations.

 

OPTIONS

The following options are supported:

-a admin-email-addr Is the email address of the patch administrator. Email notification is sent to describe the patches downloaded, the patches applied, and any error events that occurred when running the pprosvc -i -n command.

Note - This option does not affect the smpatch command.

-b backout-dir Stores backout data in the specified directory.

The backout data is used whenever you use the patchrm command to remove a patch that has already been applied to your system. The data is used to restore a system to the state it was in before you applied a particular patch. Since backout data might be quite large, store the data in a large partition that holds large transitory data. Such a partition might be /var.

If you do not specify the -b option, the backout data is stored in the default locations used by patchadd. These locations are the save directories of the packages that were modified by the patch. For example, if a patch modifies the SUNWcsr package, the backout data for that package is stored in the /var/sadm/pkg/SUNWcsr/save directory.

To specify the backout directory, use the smpatch set command to set the patchpro.backout.directory parameter.

Note - The root file system of any non-global zones must not be referenced with the -b option. Doing so might damage the global zone's file system, might compromise the security of the global zone, and might damage the non-global zone's file system. See zones(5).

-C Clears the existing patch service schedule.

Note - This feature is not supported by the smpatch command.

-c config-name Uses the config-name configuration for patch operations. When this option is included in any pprosetup command, the entire command applies to the specified configuration.

Note - This feature is not supported by the smpatch command.

-d patch-dir Is the directory in which to download the patches that are appropriate for this host system. This directory is also the location from which patches are applied. By default, the download directory is /var/sadm/spool.

Note - To specify the download directory, use the smpatch set command to set the patchpro.download.directory parameter.

-D Schedules the automatic analysis, download, and optional application of patches on a daily basis. This option is equivalent to executing the pprosvc -i -n command on a daily basis. See the crontab(1) man page.

The policy defined by the -p option determines whether no patches (pprosetup -p none) are applied or whether standard patches (pprosetup -p standard) are applied. By default, no patches are applied.

This option is mutually exclusive with the -M option and the -W option.

Note - This feature is not supported by the smpatch command.

-h Displays information about command-line options.

-H Establishes a dialog with the user to determine what hardware is attached to the host system.

Note - This feature is not supported by the smpatch command.

-i [none | patch-property-list] Specifies the policy for applying patches in manual mode.

No patches are applied when none is specified. patch-property-list is a colon-separated list of one or more of the following patch properties: interactive, rebootafter, rebootimmediate, reconfigafter, reconfigimmediate, singleuser, and standard. See Setting a Patch Policy.

Note - To specify the patch policy, use the smpatch set command to set the patchpro.install.types parameter.

-L Displays the configuration parameter settings of your patch management environment.

This option is mutually exclusive with the other options.

Note - To view the configuration parameter settings, use the smpatch get command.

-M day-of-month Schedules the automatic analysis, download, and optional application of patches on a monthly basis.

The policy defined by the -p option determines whether no patches (pprosetup -p none) are applied or whether standard patches (pprosetup -p standard) are applied. By default, no patches are applied.

day-of-month is a numerical value from 1-28, which represents the day of the month. Note that the values 29, 30, and 31 are invalid. See the crontab(1) man page.

This option is mutually exclusive with the -D option and the -W option.

Note - This feature is not supported by the smpatch command.

-p [none | standard] Specifies the policy for applying patches in automatic mode.

No patches are applied when none, the default, is specified.

When standard is specified, only standard patches are applied.

Note - This feature is not supported by the smpatch command.

-P patch-source-url Is the URL that points to the collection of patches. The default is the Sun patch server, which has the following URL:


https://updateserver.sun.com/solaris/

Note - To specify the URL that points to the collection of patches, use the smpatch set command to set the patchpro.patch.source parameter.

-q sequester-dir Is the directory in which patches are moved if they cannot be automatically applied. By default, the sequester directory is /var/sadm/spool/patchproSequester.

Note - The sequester directory is not used by the smpatch command.

-s hh:mm Optionally sets the time of day to perform patch operations, which by default, is midnight local time.

hh is a value from 00-23, which specifies the hour. mm is a value from 00-59, which specifies the minute.

Use this option with the -D, -M, and -W options.

Note - This feature is not supported by the smpatch command.

-u user-name Is the user name with which to obtain contract patches from Sun.

Store the corresponding SunSpectrum user's password in the lib/.sunsolvepw file. If PatchPro is installed in the default location, this file is in the /opt/SUNWppro directory.

Keep the password safe by setting the owner, group, and permissions to root, sys, and 0600, respectively.

Note - This file method of supplying passwords is no longer supported.

Note - To specify this user, use the smpatch set command to set the patchpro.sun.user parameter. Also, specify this user's password by setting the patchpro.sun.passwd parameter.

-U proxy-user-name Is the user name required for authentication of the web proxy, if applicable.

Store the corresponding user's password in the lib/.proxypw file. If PatchPro is installed in the default location, this file is in the /opt/SUNWppro directory.

Keep the password safe by setting the owner, group, and permissions to root, sys, and 0600, respectively.

Note - This file method of supplying passwords is no longer supported.

Note - To specify this user, use the smpatch set command to set the patchpro.proxy.user parameter. Also, specify this user's password by setting the patchpro.proxy.passwd parameter.

-W day-of-week Schedules the automatic analysis, download, and optional application of patches on a weekly basis.

day-of-week is a numerical value from 0-6, which represents the day of the week. 0 represents Sunday. See the crontab(1) man page.

The policy defined by the -p option determines whether no patches (pprosetup -p none) are applied or whether standard patches (pprosetup -p standard) are applied. By default, no patches are applied.

This option is mutually exclusive with the -D option and the -M option.

Note - This feature is not supported by the smpatch command.

-x [host:port] Specifies the web proxy. If your system is behind a firewall, use this option to specify your web proxy. Get the name of the web proxy and its port from your system administrator or network administrator.

Note - To specify the web proxy host name and port, use the smpatch set command to set the patchpro.proxy.host and patchpro.proxy.port parameters, respectively.

 

EXAMPLES

Example 1: Scheduling Daily Patch Operations in Automatic Mode

# pprosetup -D

Schedules smpatch update to run in automatic mode daily at midnight local time.

Example 2: Scheduling Weekly Patch Operations in Automatic Mode

# pprosetup -W 0 -s 00:45

Schedules smpatch update to run in automatic mode every Sunday at 12:45 a.m. local time.

Example 3: Scheduling Monthly Patch Operations in Automatic Mode

# pprosetup -M 15 -s 02:30

Schedules smpatch update to run in automatic mode on the 15th day of every month at 2:30 a.m. local time.

Example 4: Canceling Scheduled Jobs

# pprosetup -C

Cancels the scheduled jobs that use the default configuration.

Example 5: Specifying the Patch Policy for Manual Mode

# pprosetup -i standard:singleuser:reconfigafter:rebootafter

Specifies the policy for applying patches in manual mode. This policy permits you to apply the following types of patches to your system in manual mode:

• Standard patches

• Patches that must be applied in single-user mode

• Patches that require that the system undergo a reconfiguration reboot after they have been applied

• Patches that require that the system undergo a reboot after they have been applied

Example 6: Specifying the Patch Policy for Automatic Mode

# pprosetup -p none

Specifies that no patches are automatically applied.

# pprosetup -p standard

Specifies that only standard patches can be downloaded and applied.

Example 7: Specifying an Alternate Download Directory

# pprosetup -d /export/home/patches

Specifies that patches are downloaded to the /export/home/patches directory.

Example 8: Specifying an Alternate Sequester Directory

# pprosetup -q /export/home/patches/sequester

Specifies that sequestered patches are stored in the /export/home/patches/sequester directory.

Example 9: Identifying the Hardware on Your System

# pprosetup -H

Enables a patch analysis to determine whether your system needs specific patches based on your hardware configuration. This command only helps you identify hardware products from Sun Network Storage.

Example 10: Configuring Your System to Obtain Contract Patches

# pprosetup -u myuser
# echo mypasswd > /opt/SUNWppro/lib/.sunsolvepw

Enables your contract user, myuser, to obtain the contract patches.

Ensure that the contract user's password is safe by setting the owner, group, and permissions of the .sunsolvepw file to root, sys, and 0600, respectively.

Example 11: Specifying a Web Proxy

# pprosetup -x webaccess.corp.net.com:8080

Specifies the host name, webaccess.corp.net.com, and port, 8080, of the web proxy to use.

Example 12: Scheduling Daily Patch Operations to Use the recommended Configuration

# pprosetup -c recommended -D -s 23:00

Schedules a daily patch analysis that uses the recommended configuration. You can use the alternate configuration in conjunction with or in place of a full analysis.

# pprosetup -c recommended -C

Cancels this job that uses the recommended configuration.

Example 13: Modifying the recommended Configuration

# pprosetup -c recommended -a [email protected]

Modifies the recommended configuration to send email notifications to the [email protected] email alias about each scheduled analysis that uses the recommended cluster. Any scheduled operation that uses the recommended configuration will send notification to the alias you specify.

Example 14: Creating a New Configuration

# pprosetup -c export -d /export/patches

Creates a new configuration named export that downloads patches to the /export/patches directory. After executing this command, you can schedule patch operations or manually run patch operations that use the export configuration by running the pprosetup or pprosvc commands, respectively.

# pprosvc -c export -d

Downloads patches to the download directory specified by the export configuration.  

ATTRIBUTES

See the attributes(5) man page for descriptions of the following attributes:

ATTRIBUTE TYPEATTRIBUTE VALUE
AvailabilitySUNWpprou
Interface StabilityObsolete

 

SEE ALSO

crontab(1), boot(1M), patchadd(1M), patchrm(1M), pprosvc(1M), smpatch(1M), attributes(5)


 

Index

NAME
SYNOPSIS
DESCRIPTION
Scheduling the Patch Operations
Setting a Patch Policy
Specifying Patch Directories
Specifying the Hardware on the System
Specifying Alternate Configurations
OPTIONS
EXAMPLES
ATTRIBUTES
SEE ALSO

This document was created by man2html, using the manual pages.
Time: 02:37:09 GMT, October 02, 2010