1pprosetup(1M) System Administration Commands pprosetup(1M)
2
6 pprosetup - setup program for Patch Manager
7
9 /usr/sbin/pprosetup [-a admin-email-addr] [-b backout-dir]
10 [-c config-name] [-C] [-d patch-dir]
11 [ [-D | -M day-of-month | -W day-of-week] [-s hh:mm]]
12 [-h] [-H] [-i [none | patch-property-list]] [-L]
13 [-p [none | standard]] [-P patch-source-url]
14 [-q sequester-dir] [-u user-name]
15 [-U proxy-user-name] [-x [host:port]]
16
19 Note -
20 This command is deprecated. Use the smpatch set, smpatch unset, and
22 smpatch get commands instead. See the smpatch(1M) man page.
23 Use the pprosetup command, as superuser, to configure your patch man‐
26 agement environment by doing the following:
27 o Scheduling the patch operations
29 o Setting a patch policy
31 o Specifying patch directories
33 o Specifying the hardware on the system
35 o Specifying alternate configurations
37 Scheduling the Patch Operations
39 Schedule the automatic synchronization of patches with Sun's patch
40 base. This scheduling makes the pprosvc command run in automatic mode.
41 This mode is set up by using the cron interface. Use the -C, -D, -M,
42 -s, and -W options to perform the scheduling tasks.
43 If you do not want to schedule patch operations, you can run the
46 pprosvc and smpatch commands in manual mode, which means running the
47 tool from the command line.
48 Note that midnight is represented as 00:00.
51 Note -
53 The smpatch command does not directly support this mechanism for
55 scheduling patch operations. You can set up a schedule by using cron
56 to run smpatch in local mode. See the smpatch(1M) man page.
57 Setting a Patch Policy
59 Patches are classified as being standard or nonstandard. A standard
60 patch can be applied by pprosvc in automatic mode. Such a patch is
61 associated with the standard patch property. A nonstandard patch is one
62 that has one of the following characteristics:
63 o A patch that is associated with the rebootafter, rebootimme‐
65 diate, reconfigafter, reconfigimmediate, or singleuser prop‐
66 erties. This nonstandard patch can be applied by running the
67 pprosvc command or the smpatch command in manual mode.
68 o A patch that is associated with the interactive property.
70 Such a patch cannot be applied by using the smpatch command.
71 Use pprosetup to schedule patch operations to run in automatic mode.
74 Patches are applied based on the policy, which you can set by running
75 pprosetup.
76 Use pprosetup -p to specify the types of patches to apply in automatic
79 mode. You can set a policy to apply no patches (none) or standard
80 patches (standard).
81 Use pprosetup -i to specify the types of patches to apply in manual
84 mode. Such patches might include those that require a reboot and those
85 that must be applied while the system is in single-user mode. Specify
86 the types of patches that can be applied by using the following com‐
87 mand:
88 # pprosetup -i patch-property-list
90 patch-property-list is a colon-separated list of one or more of the
95 following patch properties:
96 interactive A patch that cannot be applied by running the
98 usual patch management tools (pprosvc, smpatch, or
99 patchadd). Before this patch is applied, the user
100 must perform special actions. Such actions might
101 include checking the serial number of a disk
102 drive, stopping a critical daemon, or reading the
103 patch's README file.
104 rebootafter The effects of this patch are not visible until
107 after the system is rebooted.
108 rebootimmediate When this patch is applied, the system becomes
111 unstable until the system is rebooted. An unstable
112 system is one in which the behavior is unpre‐
113 dictable and data might be lost.
114 reconfigafter The effects of this patch are not visible until
117 after a reconfiguration reboot (boot -r). See the
118 boot(1M) man page.
119 reconfigimmediate When this patch is applied, the system becomes
122 unstable until the system gets a reconfiguration
123 reboot (boot -r). An unstable system is one in
124 which the behavior is unpredictable and data might
125 be lost.
126 singleuser Do not apply this patch while the system is in
129 multiuser mode. You must apply this patch on a
130 quiet system with no network traffic and with
131 extremely restricted I/O activity.
132 standard This patch can be applied while the system is in
135 multiuser mode. The effects of the patch are visi‐
136 ble as soon as it is applied unless the applica‐
137 tion being patched is running while the patch is
138 applied. In this case, the effects of the patch
139 are visible after the affected application is
140 restarted.
141 Note -
144 The smpatch command only supports the patch policy for manual mode.
146 Specifying Patch Directories
148 Use the following options to specify the directories in which to store
149 patch-related data:
150 o Use the -b option to specify the directory in which to store
152 backout data. During a patch backout operation, the data is
153 retrieved from this directory to restore the system to its
154 state prior to applying the patch.
155 o Use the -d option to specify the download directory in which
157 to store patches that are downloaded from the Sun patch
158 server. This directory is also the location from which
159 patches are applied.
160 o Use the -q option to specify the directory in which to store
162 patches that cannot be applied automatically. Such patches
163 are called sequestered patches.
164 Note -
166 The sequester directory is not used by the smpatch command.
168 Specifying the Hardware on the System
170 Use the -H option to run a program that helps you determine the hard‐
171 ware that is attached to the host system, such as firmware, disk array
172 systems, and tape storage systems.
173 Use this option to select the hardware that applies to this system.
176 Select the sequence number of the specific hardware. A confirmation
177 page lists the selections.
178 Save the specified hardware configuration information to a file. Then,
181 the system responds by performing the appropriate actions.
182 Note -
184 The smpatch command does not support this feature for specifying
186 hardware on your system.
187 Specifying Alternate Configurations
189 The pprosetup command uses a configuration file to specify the collec‐
190 tion of patches with which to perform patch operations. By default, all
191 of the patches from the Sun patch server are available for patch opera‐
192 tions.
193 The -c option enables you to specify an alternate configuration.
196 Sun currently provides one alternate configuration, which is called the
199 recommended configuration. This configuration includes only those
200 patches that have been declared significant. Such patches include secu‐
201 rity patches and patches that address known performance and availabil‐
202 ity problems.
203 You can use the -c recommended option when you schedule patch opera‐
206 tions. For example, the following command schedules monthly patch oper‐
207 ations that use the recommended configuration:
208 # pprosetup -c recommended -M 15 -s 23:30
210 To cancel a schedule that uses the recommended configuration, type:
215 # pprosetup -c recommended -C
217 You are permitted to modify the recommended configuration by using the
222 -c option. See EXAMPLES.
223 Note -
225 The smpatch command does not support this feature for specifying
227 alternate configurations.
228
230 The following options are supported:
231 -a admin-email-addr
233 Is the email address of the patch administrator. Email notification
235 is sent to describe the patches downloaded, the patches applied,
236 and any error events that occurred when running the pprosvc -i -n
237 command.
238 Note -
240 This option does not affect the smpatch command.
242 -b backout-dir
245 Stores backout data in the specified directory.
247 The backout data is used whenever you use the patchrm command to
249 remove a patch that has already been applied to your system. The
250 data is used to restore a system to the state it was in before you
251 applied a particular patch. Since backout data might be quite
252 large, store the data in a large partition that holds large transi‐
253 tory data. Such a partition might be /var.
254 If you do not specify the -b option, the backout data is stored in
256 the default locations used by patchadd. These locations are the
257 save directories of the packages that were modified by the patch.
258 For example, if a patch modifies the SUNWcsr package, the backout
259 data for that package is stored in the /var/sadm/pkg/SUNWcsr/save
260 directory.
261 To specify the backout directory, use the smpatch set command to
263 set the patchpro.backout.directory parameter.
264 Note -
266 The root file system of any non-global zones must not be refer‐
268 enced with the -b option. Doing so might damage the global zone's
269 file system, might compromise the security of the global zone,
270 and might damage the non-global zone's file system. See zones(5).
271 -C
274 Clears the existing patch service schedule.
276 Note -
278 This feature is not supported by the smpatch command.
280 -c config-name
283 Uses the config-name configuration for patch operations. When this
285 option is included in any pprosetup command, the entire command
286 applies to the specified configuration.
287 Note -
289 This feature is not supported by the smpatch command.
291 -d patch-dir
294 Is the directory in which to download the patches that are appro‐
296 priate for this host system. This directory is also the location
297 from which patches are applied. By default, the download directory
298 is /var/sadm/spool.
299 Note -
301 To specify the download directory, use the smpatch set command to
303 set the patchpro.download.directory parameter.
304 -D
307 Schedules the automatic analysis, download, and optional applica‐
309 tion of patches on a daily basis. This option is equivalent to exe‐
310 cuting the pprosvc -i -n command on a daily basis. See the
311 crontab(1) man page.
312 The policy defined by the -p option determines whether no patches
314 (pprosetup -p none) are applied or whether standard patches (ppros‐
315 etup -p standard) are applied. By default, no patches are applied.
316 This option is mutually exclusive with the -M option and the -W
318 option.
319 Note -
321 This feature is not supported by the smpatch command.
323 -h
326 Displays information about command-line options.
328 -H
331 Establishes a dialog with the user to determine what hardware is
333 attached to the host system.
334 Note -
336 This feature is not supported by the smpatch command.
338 -i [none | patch-property-list]
341 Specifies the policy for applying patches in manual mode.
343 No patches are applied when none is specified. patch-property-list
345 is a colon-separated list of one or more of the following patch
346 properties: interactive, rebootafter, rebootimmediate, reconfi‐
347 gafter, reconfigimmediate, singleuser, and standard. See Setting a
348 Patch Policy.
349 Note -
351 To specify the patch policy, use the smpatch set command to set
353 the patchpro.install.types parameter.
354 -L
357 Displays the configuration parameter settings of your patch manage‐
359 ment environment.
360 This option is mutually exclusive with the other options.
362 Note -
364 To view the configuration parameter settings, use the smpatch get
366 command.
367 -M day-of-month
370 Schedules the automatic analysis, download, and optional applica‐
372 tion of patches on a monthly basis.
373 The policy defined by the -p option determines whether no patches
375 (pprosetup -p none) are applied or whether standard patches (ppros‐
376 etup -p standard) are applied. By default, no patches are applied.
377 day-of-month is a numerical value from 1-28, which represents the
379 day of the month. Note that the values 29, 30, and 31 are invalid.
380 See the crontab(1) man page.
381 This option is mutually exclusive with the -D option and the -W
383 option.
384 Note -
386 This feature is not supported by the smpatch command.
388 -p [none | standard]
391 Specifies the policy for applying patches in automatic mode.
393 No patches are applied when none, the default, is specified.
395 When standard is specified, only standard patches are applied.
397 Note -
399 This feature is not supported by the smpatch command.
401 -P patch-source-url
404 Is the URL that points to the collection of patches. The default is
406 the Sun patch server, which has the following URL:
407 https://updateserver.sun.com/solaris/
409 Note -
413 To specify the URL that points to the collection of patches, use
415 the smpatch set command to set the patchpro.patch.source parame‐
416 ter.
417 -q sequester-dir
420 Is the directory in which patches are moved if they cannot be auto‐
422 matically applied. By default, the sequester directory is
423 /var/sadm/spool/patchproSequester.
424 Note -
426 The sequester directory is not used by the smpatch command.
428 -s hh:mm
431 Optionally sets the time of day to perform patch operations, which
433 by default, is midnight local time.
434 hh is a value from 00-23, which specifies the hour. mm is a value
436 from 00-59, which specifies the minute.
437 Use this option with the -D, -M, and -W options.
439 Note -
441 This feature is not supported by the smpatch command.
443 -u user-name
446 Is the user name with which to obtain contract patches from Sun.
448 Store the corresponding SunSpectrum user's password in the
450 lib/.sunsolvepw file. If PatchPro is installed in the default loca‐
451 tion, this file is in the /opt/SUNWppro directory.
452 Keep the password safe by setting the owner, group, and permissions
454 to root, sys, and 0600, respectively.
455 Note -
457 This file method of supplying passwords is no longer supported.
459 Note -
461 To specify this user, use the smpatch set command to set the
463 patchpro.sun.user parameter. Also, specify this user's password
464 by setting the patchpro.sun.passwd parameter.
465 -U proxy-user-name
468 Is the user name required for authentication of the web proxy, if
470 applicable.
471 Store the corresponding user's password in the lib/.proxypw file.
473 If PatchPro is installed in the default location, this file is in
474 the /opt/SUNWppro directory.
475 Keep the password safe by setting the owner, group, and permissions
477 to root, sys, and 0600, respectively.
478 Note -
480 This file method of supplying passwords is no longer supported.
482 Note -
484 To specify this user, use the smpatch set command to set the
486 patchpro.proxy.user parameter. Also, specify this user's password
487 by setting the patchpro.proxy.passwd parameter.
488 -W day-of-week
491 Schedules the automatic analysis, download, and optional applica‐
493 tion of patches on a weekly basis.
494 day-of-week is a numerical value from 0-6, which represents the day
496 of the week. 0 represents Sunday. See the crontab(1) man page.
497 The policy defined by the -p option determines whether no patches
499 (pprosetup -p none) are applied or whether standard patches (ppros‐
500 etup -p standard) are applied. By default, no patches are applied.
501 This option is mutually exclusive with the -D option and the -M
503 option.
504 Note -
506 This feature is not supported by the smpatch command.
508 -x [host:port]
511 Specifies the web proxy. If your system is behind a firewall, use
513 this option to specify your web proxy. Get the name of the web
514 proxy and its port from your system administrator or network admin‐
515 istrator.
516 Note -
518 To specify the web proxy host name and port, use the smpatch set
520 command to set the patchpro.proxy.host and patchpro.proxy.port
521 parameters, respectively.
522
525 Example 1 Scheduling Daily Patch Operations in Automatic Mode
526 # pprosetup -D
528 Schedules smpatch update to run in automatic mode daily at midnight
533 local time.
534 Example 2 Scheduling Weekly Patch Operations in Automatic Mode
537 # pprosetup -W 0 -s 00:45
539 Schedules smpatch update to run in automatic mode every Sunday at 12:45
544 a.m. local time.
545 Example 3 Scheduling Monthly Patch Operations in Automatic Mode
548 # pprosetup -M 15 -s 02:30
550 Schedules smpatch update to run in automatic mode on the 15th day of
555 every month at 2:30 a.m. local time.
556 Example 4 Canceling Scheduled Jobs
559 # pprosetup -C
561 Cancels the scheduled jobs that use the default configuration.
566 Example 5 Specifying the Patch Policy for Manual Mode
569 # pprosetup -i standard:singleuser:reconfigafter:rebootafter
571 Specifies the policy for applying patches in manual mode. This policy
576 permits you to apply the following types of patches to your system in
577 manual mode:
578 o Standard patches
581 o Patches that must be applied in single-user mode
583 o Patches that require that the system undergo a reconfigura‐
585 tion reboot after they have been applied
586 o Patches that require that the system undergo a reboot after
588 they have been applied
589 Example 6 Specifying the Patch Policy for Automatic Mode
591 # pprosetup -p none
593 Specifies that no patches are automatically applied.
598 # pprosetup -p standard
601 Specifies that only standard patches can be downloaded and applied.
606 Example 7 Specifying an Alternate Download Directory
609 # pprosetup -d /export/home/patches
611 Specifies that patches are downloaded to the /export/home/patches
616 directory.
617 Example 8 Specifying an Alternate Sequester Directory
620 # pprosetup -q /export/home/patches/sequester
622 Specifies that sequestered patches are stored in the
627 /export/home/patches/sequester directory.
628 Example 9 Identifying the Hardware on Your System
631 # pprosetup -H
633 Enables a patch analysis to determine whether your system needs spe‐
638 cific patches based on your hardware configuration. This command only
639 helps you identify hardware products from Sun Network Storage.
640 Example 10 Configuring Your System to Obtain Contract Patches
643 # pprosetup -u myuser
645 # echo mypasswd > /opt/SUNWppro/lib/.sunsolvepw
646 Enables your contract user, myuser, to obtain the contract patches.
651 Ensure that the contract user's password is safe by setting the owner,
655 group, and permissions of the .sunsolvepw file to root, sys, and 0600,
656 respectively.
657 Example 11 Specifying a Web Proxy
660 # pprosetup -x webaccess.corp.net.com:8080
662 Specifies the host name, webaccess.corp.net.com, and port, 8080, of the
667 web proxy to use.
668 Example 12 Scheduling Daily Patch Operations to Use the recommended
671 Configuration
672 # pprosetup -c recommended -D -s 23:00
674 Schedules a daily patch analysis that uses the recommended configura‐
679 tion. You can use the alternate configuration in conjunction with or in
680 place of a full analysis.
681 # pprosetup -c recommended -C
684 Cancels this job that uses the recommended configuration.
689 Example 13 Modifying the recommended Configuration
692 # pprosetup -c recommended -a recommended@local
694 Modifies the recommended configuration to send email notifications to
699 the recommended@local email alias about each scheduled analysis that
700 uses the recommended cluster. Any scheduled operation that uses the
701 recommended configuration will send notification to the alias you spec‐
702 ify.
703 Example 14 Creating a New Configuration
706 # pprosetup -c export -d /export/patches
708 Creates a new configuration named export that downloads patches to the
713 /export/patches directory. After executing this command, you can sched‐
714 ule patch operations or manually run patch operations that use the
715 export configuration by running the pprosetup or pprosvc commands,
716 respectively.
717 # pprosvc -c export -d
720 Downloads patches to the download directory specified by the export
725 configuration.
726
729 See the attributes(5) man page for descriptions of the following
730 attributes:
731 ┌─────────────────────────────┬─────────────────────────────┐
736 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
737 ├─────────────────────────────┼─────────────────────────────┤
738 │Availability │SUNWpprou │
739 ├─────────────────────────────┼─────────────────────────────┤
740 │Interface Stability │Obsolete │
741 └─────────────────────────────┴─────────────────────────────┘
742
744 crontab(1), boot(1M), patchadd(1M), patchrm(1M), pprosvc(1M),
745 smpatch(1M), attributes(5)
746SunOS 5.11 6 Apr 2005 pprosetup(1M)