Tuning Your Patch Management Environment by Using the Command-Line Interface (Task Map)

The following table identifies the optional tasks that you might perform when you tune the patch management environment for your system.

Use the smpatch command to tune your patch management environment. For the list of configuration parameters you can set, see Setting Patch Manager Configuration Parameters and the smpatch ( 1M ) man page.

Note

You can use the Sun Update Connection, System Edition software to manage patches and updates on your Solaris system. The Sun Update Connection software has the same functionality as the Sun Patch Manager 2.0 tools, with the addition of some new features and enhancements. For more information, see What's New in Software Management in the Solaris Operating System?.

The following are optional tasks that you can perform with Sun Patch Manager.

Task

Description

For Instructions

Obtain configuration information about your patch management environment.

View the configuration of your patch management environment, which might help you diagnose problems.

How to View the Configuration Settings for Your Patch Management Environment (Command Line)

Change the policy for applying patches for your system.

Patch Manager can update your system with standard patches automatically. If you want to update your system with some types of nonstandard patches, you must change your policy for applying patches.

By default, only patches that are associated with the standard, rebootafter, or reconfigafter properties are applied by an update operation.

How to Change the Policy for Applying Patches (Command Line)

Change the patch set to use for system analysis.

Patch Manager bases analyses on all available Sun patches. If you want to apply only patches from a different patch set, such as the Recommended Patch Cluster, you must change the patch set.

How to Change the Patch Set (Command Line)

Set different directory locations.

You might want to specify a different location for the download directory or the backout directory if the default locations are not large enough.

How to Change Directory Locations (Command Line)

Reset configuration parameters to the default values.

You might want to reset configuration parameters to the default values.

Note that some configuration parameters have an empty default value.

How to Reset Configuration Parameters to the Default Values (Command Line)

Note

The following procedures and examples show how to run the local mode smpatch command, which is run by default. To run the remote mode version, use any of the authentication options (except for L) or the remote options. See the smpatch ( 1M ) man page.

How to View the Configuration Settings for Your Patch Management Environment (Command Line)

You can check the configuration settings of your patch management environment to help diagnose problems or to understand your system's patch-related settings.

The configuration settings output shows an entry for all configuration parameters. Each entry appears on a line by itself.

When you list all settings, each entry includes three fields: the parameter name, the value you have assigned, and its default value. The fields are separated by one or more tab characters.

The following values have special meaning:

  • - means that no value is set

  • "" means that the value is the null string

  • \- means that the value is -

  • \"" means that the value is "" (two double quotes)

In addition to these special values, these special characters might appear in the output:

  • \t for a tab

  • \n for a newline

  • \\ for a backslash

  1. Become an appropriately authorized user or assume a role that includes the Software Installation profile or the solaris.admin.patchmgr.* authorization.

    The System Administrator profile includes the appropriate profiles. To create the role and assign the role to a user, see Configuring RBAC in System Administration Guide: Security Services .

  2. List the configuration settings for your patch management environment.

    • To list all settings, type:

      # smpatch get
      
    • To list the values for one or more parameters, type:

      # smpatch get parameter-name...
      
      

Example 22.8. Viewing Configuration Settings for Your Patch Management Environment

The following example shows how to list all the configuration settings for your patch management environment.

# smpatch get
patchpro.backout.directory  -      ""
patchpro.download.directory -      /var/sadm/spool
patchpro.install.types      -      rebootafter:reconfigafter:standard
patchpro.patch.source       -      https://updateserver.sun.com/solaris/
patchpro.patchset           -      patchdb
patchpro.proxy.host         -      ""
patchpro.proxy.passwd       ****   ****
patchpro.proxy.port         -      8080
patchpro.proxy.user         -      ""
patchpro.sun.passwd         ****   ****
patchpro.sun.user           -      ""

The following example shows how to list the configuration settings for the patchpro.download.directory and patchpro.patchset parameters.

# smpatch get patchpro.download.directory patchpro.patchset
/var/sadm/spool
patchdb

How to Change the Policy for Applying Patches (Command Line)

If you want to configure your system to apply some nonstandard patches during an update operation, you must change the policy for applying patches.

By default, only patches that are associated with the standard, rebootafter, or reconfigafter properties can be applied by an update operation.

Caution

If you change your policy from the default, Sun makes no guarantees that the patches apply correctly to your system or that your system will function properly.

For more information about the policy for applying patches, see Customizing the Policy for Applying Patches.

  1. Determine the types of nonstandard patch properties that you want to apply during an update.

  2. Become an appropriately authorized user or assume a role that includes the Software Installation profile or the solaris.admin.patchmgr.* authorization.

    The System Administrator profile includes the appropriate profiles. To create the role and assign the role to a user, see Configuring RBAC in System Administration Guide: Security Services .

  3. Specify the new policy.

    # smpatch set patchpro.install.types=patch-property
    
    

    patch-property is a list of patch properties each separated by a colon (:). For the list of valid patch properties, see Customizing the Policy for Applying Patches.

Example 22.9. Changing the Policy for Applying Patches

This example shows how to set the policy for a system. The new policy also includes patches that require that the system be rebooted immediately for the patch to take effect.

# smpatch set \
patchpro.install.types=standard:rebootafter:reconfigafter:rebootimmediate

How to Change the Patch Set (Command Line)

You can choose to analyze your system based on different sets of Sun patches, such as the Recommended Patch Cluster. By default, you use the patch set All Available Patches.

As of this Solaris release, the only patch sets available from Sun are All Available Patches and Recommended Patch Cluster.

  1. Become an appropriately authorized user or assume a role that includes the Software Installation profile or the solaris.admin.patchmgr.* authorization.

    The System Administrator profile includes the appropriate profiles. To create the role and assign the role to a user, see Configuring RBAC in System Administration Guide: Security Services .

  2. Specify the patch set to use.

    • To base your analysis on all patches, type:

      # smpatch set patchpro.patchset=patchdb
      
    • To base your analysis on recommended patches, type:

      # smpatch set patchpro.patchset=recommended
      
    • To base your analysis on another patch set, type:

      # smpatch set patchpro.patchset=patch-set
      
      

How to Change Directory Locations (Command Line)

Patch Manager is configured to use these default locations for storing patch-related data:

  • Download directory – Directory in which patches are stored when they are downloaded from the patch source. This is also the directory from which patches are applied. Patches remain in this directory until they are successfully applied. The default location is /var/sadm/spool.

  • Backout data directory – Directory in which data that enables a patch to be backed out is stored. By default, backout data is stored in the default locations used by patchadd. This is the save directory of each package that was modified by the patch. For example, if a patch modifies the SUNWcsr package, the backout data for that package is stored in the /var/sadm/pkg/SUNWcsr/save directory.

If you run out of available disk space in the default locations, specify different locations for these directories.

Note

If you specify a different directory, you must manually create that directory before performing any patch operations.

  1. Determine the new locations for the directories.

  2. Become an appropriately authorized user or assume a role that includes the Software Installation profile or the solaris.admin.patchmgr.* authorization.

    The System Administrator profile includes the appropriate profiles. To create the role and assign the role to a user, see Configuring RBAC in System Administration Guide: Security Services .

  3. Specify a new directory, dir-name, for any of the patch-related directories.

    • To specify a different download directory, type:

      # smpatch set patchpro.download.directory=dir-name
      
      

      where dir-name is /export/patches, for example.

    • To specify a different backout directory , type:

      # smpatch set patchpro.backout.directory=dir-name
      
      

      where dir-name is /export/patches/backout, for example.

How to Reset Configuration Parameters to the Default Values (Command Line)

You must reset parameter values explicitly. You cannot use the smpatch command to reset all parameter values at once.

  1. Become an appropriately authorized user or assume a role that includes the Software Installation profile or the solaris.admin.patchmgr.* authorization.

    The System Administrator profile includes the appropriate profiles. To create the role and assign the role to a user, see Configuring RBAC in System Administration Guide: Security Services .

  2. Reset a configuration parameter for your patch management environment to its default value.

    # smpatch unset parameter-name...
    
    

Example 22.10. Resetting Configuration Parameters to the Default Values

The following example shows how to configure a system to obtain patches from the Sun patch server instead of from a different patch source.

# smpatch unset patchpro.patch.source

The following example shows how to reset the patch download directory and the backout directory locations to the default values.

# smpatch unset patchpro.download.directory patchpro.backout.directory