1pprosetup(1M)           System Administration Commands           pprosetup(1M)
2
3
4

NAME

6       pprosetup - setup program for Patch Manager
7

SYNOPSIS

9       /usr/sbin/pprosetup [-a admin-email-addr] [-b backout-dir]
10            [-c config-name] [-C] [-d patch-dir]
11            [ [-D | -M day-of-month | -W day-of-week] [-s hh:mm]]
12            [-h] [-H] [-i [none | patch-property-list]] [-L]
13            [-p [none | standard]] [-P patch-source-url]
14            [-q sequester-dir] [-u user-name]
15            [-U proxy-user-name] [-x [host:port]]
16
17

DESCRIPTION

19       Note -
20
21         This  command  is deprecated. Use the smpatch set, smpatch unset, and
22         smpatch get commands instead. See the smpatch(1M) man page.
23
24
25       Use the pprosetup command, as superuser, to configure your  patch  man‐
26       agement environment by doing the following:
27
28           o      Scheduling the patch operations
29
30           o      Setting a patch policy
31
32           o      Specifying patch directories
33
34           o      Specifying the hardware on the system
35
36           o      Specifying alternate configurations
37
38   Scheduling the Patch Operations
39       Schedule  the  automatic  synchronization  of  patches with Sun's patch
40       base. This scheduling makes the pprosvc command run in automatic  mode.
41       This  mode  is  set up by using the cron interface. Use the -C, -D, -M,
42       -s, and -W options to perform the scheduling tasks.
43
44
45       If you do not want to  schedule  patch  operations,  you  can  run  the
46       pprosvc  and  smpatch  commands in manual mode, which means running the
47       tool from the command line.
48
49
50       Note that midnight is represented as 00:00.
51
52       Note -
53
54         The smpatch command does not  directly  support  this  mechanism  for
55         scheduling  patch operations. You can set up a schedule by using cron
56         to run smpatch in local mode. See the smpatch(1M) man page.
57
58   Setting a Patch Policy
59       Patches are classified as being standard  or  nonstandard.  A  standard
60       patch  can  be  applied  by  pprosvc in automatic mode. Such a patch is
61       associated with the standard patch property. A nonstandard patch is one
62       that has one of the following characteristics:
63
64           o      A patch that is associated with the rebootafter, rebootimme‐
65                  diate, reconfigafter, reconfigimmediate, or singleuser prop‐
66                  erties. This nonstandard patch can be applied by running the
67                  pprosvc command or the smpatch command in manual mode.
68
69           o      A patch that is associated with  the  interactive  property.
70                  Such a patch cannot be applied by using the smpatch command.
71
72
73       Use  pprosetup  to  schedule patch operations to run in automatic mode.
74       Patches are applied based on the policy, which you can set  by  running
75       pprosetup.
76
77
78       Use  pprosetup -p to specify the types of patches to apply in automatic
79       mode. You can set a policy to  apply  no  patches  (none)  or  standard
80       patches (standard).
81
82
83       Use  pprosetup  -i  to  specify the types of patches to apply in manual
84       mode. Such patches might include those that require a reboot and  those
85       that  must  be applied while the system is in single-user mode. Specify
86       the types of patches that can be applied by using  the  following  com‐
87       mand:
88
89         # pprosetup -i patch-property-list
90
91
92
93
94       patch-property-list  is  a  colon-separated  list of one or more of the
95       following patch properties:
96
97       interactive          A patch that cannot  be  applied  by  running  the
98                            usual patch management tools (pprosvc, smpatch, or
99                            patchadd). Before this patch is applied, the  user
100                            must  perform  special actions. Such actions might
101                            include checking  the  serial  number  of  a  disk
102                            drive,  stopping a critical daemon, or reading the
103                            patch's README file.
104
105
106       rebootafter          The effects of this patch are  not  visible  until
107                            after the system is rebooted.
108
109
110       rebootimmediate      When  this  patch  is  applied, the system becomes
111                            unstable until the system is rebooted. An unstable
112                            system  is  one  in  which  the behavior is unpre‐
113                            dictable and data might be lost.
114
115
116       reconfigafter        The effects of this patch are  not  visible  until
117                            after  a reconfiguration reboot (boot -r). See the
118                            boot(1M) man page.
119
120
121       reconfigimmediate    When this patch is  applied,  the  system  becomes
122                            unstable  until  the system gets a reconfiguration
123                            reboot (boot -r). An unstable  system  is  one  in
124                            which the behavior is unpredictable and data might
125                            be lost.
126
127
128       singleuser           Do not apply this patch while  the  system  is  in
129                            multiuser  mode.  You  must  apply this patch on a
130                            quiet system with  no  network  traffic  and  with
131                            extremely restricted I/O activity.
132
133
134       standard             This  patch  can be applied while the system is in
135                            multiuser mode. The effects of the patch are visi‐
136                            ble  as  soon as it is applied unless the applica‐
137                            tion being patched is running while the  patch  is
138                            applied.  In  this  case, the effects of the patch
139                            are visible  after  the  affected  application  is
140                            restarted.
141
142
143       Note -
144
145         The smpatch command only supports the patch policy for manual mode.
146
147   Specifying Patch Directories
148       Use  the following options to specify the directories in which to store
149       patch-related data:
150
151           o      Use the -b option to specify the directory in which to store
152                  backout  data. During a patch backout operation, the data is
153                  retrieved from this directory to restore the system  to  its
154                  state prior to applying the patch.
155
156           o      Use the -d option to specify the download directory in which
157                  to store patches that are  downloaded  from  the  Sun  patch
158                  server.  This  directory  is  also  the  location from which
159                  patches are applied.
160
161           o      Use the -q option to specify the directory in which to store
162                  patches  that  cannot be applied automatically. Such patches
163                  are called sequestered patches.
164
165           Note -
166
167             The sequester directory is not used by the smpatch command.
168
169   Specifying the Hardware on the System
170       Use the -H option to run a program that helps you determine  the  hard‐
171       ware  that is attached to the host system, such as firmware, disk array
172       systems, and tape storage systems.
173
174
175       Use this option to select the hardware that  applies  to  this  system.
176       Select  the  sequence  number  of the specific hardware. A confirmation
177       page lists the selections.
178
179
180       Save the specified hardware configuration information to a file.  Then,
181       the system responds by performing the appropriate actions.
182
183       Note -
184
185         The  smpatch  command  does  not  support this feature for specifying
186         hardware on your system.
187
188   Specifying Alternate Configurations
189       The pprosetup command uses a configuration file to specify the  collec‐
190       tion of patches with which to perform patch operations. By default, all
191       of the patches from the Sun patch server are available for patch opera‐
192       tions.
193
194
195       The -c option enables you to specify an alternate configuration.
196
197
198       Sun currently provides one alternate configuration, which is called the
199       recommended  configuration.  This  configuration  includes  only  those
200       patches that have been declared significant. Such patches include secu‐
201       rity patches and patches that address known performance and  availabil‐
202       ity problems.
203
204
205       You  can  use  the -c recommended option when you schedule patch opera‐
206       tions. For example, the following command schedules monthly patch oper‐
207       ations that use the recommended configuration:
208
209         # pprosetup -c recommended -M 15 -s 23:30
210
211
212
213
214       To cancel a schedule that uses the recommended configuration, type:
215
216         # pprosetup -c recommended -C
217
218
219
220
221       You  are permitted to modify the recommended configuration by using the
222       -c option. See EXAMPLES.
223
224       Note -
225
226         The smpatch command does not  support  this  feature  for  specifying
227         alternate configurations.
228

OPTIONS

230       The following options are supported:
231
232       -a admin-email-addr
233
234           Is the email address of the patch administrator. Email notification
235           is sent to describe the patches downloaded,  the  patches  applied,
236           and  any  error events that occurred when running the pprosvc -i -n
237           command.
238
239           Note -
240
241             This option does not affect the smpatch command.
242
243
244       -b backout-dir
245
246           Stores backout data in the specified directory.
247
248           The backout data is used whenever you use the  patchrm  command  to
249           remove  a  patch  that has already been applied to your system. The
250           data is used to restore a system to the state it was in before  you
251           applied  a  particular  patch.  Since  backout  data might be quite
252           large, store the data in a large partition that holds large transi‐
253           tory data. Such a partition might be /var.
254
255           If  you do not specify the -b option, the backout data is stored in
256           the default locations used by patchadd.  These  locations  are  the
257           save  directories  of the packages that were modified by the patch.
258           For example, if a patch modifies the SUNWcsr package,  the  backout
259           data  for  that package is stored in the /var/sadm/pkg/SUNWcsr/save
260           directory.
261
262           To specify the backout directory, use the smpatch  set  command  to
263           set the patchpro.backout.directory parameter.
264
265           Note -
266
267             The  root  file system of any non-global zones must not be refer‐
268             enced with the -b option. Doing so might damage the global zone's
269             file  system,  might  compromise the security of the global zone,
270             and might damage the non-global zone's file system. See zones(5).
271
272
273       -C
274
275           Clears the existing patch service schedule.
276
277           Note -
278
279             This feature is not supported by the smpatch command.
280
281
282       -c config-name
283
284           Uses the config-name configuration for patch operations. When  this
285           option  is  included  in  any pprosetup command, the entire command
286           applies to the specified configuration.
287
288           Note -
289
290             This feature is not supported by the smpatch command.
291
292
293       -d patch-dir
294
295           Is the directory in which to download the patches that  are  appro‐
296           priate  for  this  host system. This directory is also the location
297           from which patches are applied. By default, the download  directory
298           is /var/sadm/spool.
299
300           Note -
301
302             To specify the download directory, use the smpatch set command to
303             set the patchpro.download.directory parameter.
304
305
306       -D
307
308           Schedules the automatic analysis, download, and  optional  applica‐
309           tion of patches on a daily basis. This option is equivalent to exe‐
310           cuting the pprosvc  -i  -n  command  on  a  daily  basis.  See  the
311           crontab(1) man page.
312
313           The  policy  defined by the -p option determines whether no patches
314           (pprosetup -p none) are applied or whether standard patches (ppros‐
315           etup -p standard) are applied. By default, no patches are applied.
316
317           This  option  is  mutually  exclusive with the -M option and the -W
318           option.
319
320           Note -
321
322             This feature is not supported by the smpatch command.
323
324
325       -h
326
327           Displays information about command-line options.
328
329
330       -H
331
332           Establishes a dialog with the user to determine  what  hardware  is
333           attached to the host system.
334
335           Note -
336
337             This feature is not supported by the smpatch command.
338
339
340       -i [none | patch-property-list]
341
342           Specifies the policy for applying patches in manual mode.
343
344           No  patches are applied when none is specified. patch-property-list
345           is a colon-separated list of one or more  of  the  following  patch
346           properties:  interactive,  rebootafter,  rebootimmediate,  reconfi‐
347           gafter, reconfigimmediate, singleuser, and standard. See Setting  a
348           Patch Policy.
349
350           Note -
351
352             To  specify  the patch policy, use the smpatch set command to set
353             the patchpro.install.types parameter.
354
355
356       -L
357
358           Displays the configuration parameter settings of your patch manage‐
359           ment environment.
360
361           This option is mutually exclusive with the other options.
362
363           Note -
364
365             To view the configuration parameter settings, use the smpatch get
366             command.
367
368
369       -M day-of-month
370
371           Schedules the automatic analysis, download, and  optional  applica‐
372           tion of patches on a monthly basis.
373
374           The  policy  defined by the -p option determines whether no patches
375           (pprosetup -p none) are applied or whether standard patches (ppros‐
376           etup -p standard) are applied. By default, no patches are applied.
377
378           day-of-month  is  a numerical value from 1-28, which represents the
379           day of the month. Note that the values 29, 30, and 31 are  invalid.
380           See the crontab(1) man page.
381
382           This  option  is  mutually  exclusive with the -D option and the -W
383           option.
384
385           Note -
386
387             This feature is not supported by the smpatch command.
388
389
390       -p [none | standard]
391
392           Specifies the policy for applying patches in automatic mode.
393
394           No patches are applied when none, the default, is specified.
395
396           When standard is specified, only standard patches are applied.
397
398           Note -
399
400             This feature is not supported by the smpatch command.
401
402
403       -P patch-source-url
404
405           Is the URL that points to the collection of patches. The default is
406           the Sun patch server, which has the following URL:
407
408             https://updateserver.sun.com/solaris/
409
410
411
412           Note -
413
414             To  specify the URL that points to the collection of patches, use
415             the smpatch set command to set the patchpro.patch.source  parame‐
416             ter.
417
418
419       -q sequester-dir
420
421           Is the directory in which patches are moved if they cannot be auto‐
422           matically  applied.  By  default,  the   sequester   directory   is
423           /var/sadm/spool/patchproSequester.
424
425           Note -
426
427             The sequester directory is not used by the smpatch command.
428
429
430       -s hh:mm
431
432           Optionally  sets the time of day to perform patch operations, which
433           by default, is midnight local time.
434
435           hh is a value from 00-23, which specifies the hour. mm is  a  value
436           from 00-59, which specifies the minute.
437
438           Use this option with the -D, -M, and -W options.
439
440           Note -
441
442             This feature is not supported by the smpatch command.
443
444
445       -u user-name
446
447           Is the user name with which to obtain contract patches from Sun.
448
449           Store   the   corresponding  SunSpectrum  user's  password  in  the
450           lib/.sunsolvepw file. If PatchPro is installed in the default loca‐
451           tion, this file is in the /opt/SUNWppro directory.
452
453           Keep the password safe by setting the owner, group, and permissions
454           to root, sys, and 0600, respectively.
455
456           Note -
457
458             This file method of supplying passwords is no longer supported.
459
460           Note -
461
462             To specify this user, use the smpatch  set  command  to  set  the
463             patchpro.sun.user  parameter.  Also, specify this user's password
464             by setting the patchpro.sun.passwd parameter.
465
466
467       -U proxy-user-name
468
469           Is the user name required for authentication of the web  proxy,  if
470           applicable.
471
472           Store  the  corresponding user's password in the lib/.proxypw file.
473           If PatchPro is installed in the default location, this file  is  in
474           the /opt/SUNWppro directory.
475
476           Keep the password safe by setting the owner, group, and permissions
477           to root, sys, and 0600, respectively.
478
479           Note -
480
481             This file method of supplying passwords is no longer supported.
482
483           Note -
484
485             To specify this user, use the smpatch  set  command  to  set  the
486             patchpro.proxy.user parameter. Also, specify this user's password
487             by setting the patchpro.proxy.passwd parameter.
488
489
490       -W day-of-week
491
492           Schedules the automatic analysis, download, and  optional  applica‐
493           tion of patches on a weekly basis.
494
495           day-of-week is a numerical value from 0-6, which represents the day
496           of the week. 0 represents Sunday. See the crontab(1) man page.
497
498           The policy defined by the -p option determines whether  no  patches
499           (pprosetup -p none) are applied or whether standard patches (ppros‐
500           etup -p standard) are applied. By default, no patches are applied.
501
502           This option is mutually exclusive with the -D  option  and  the  -M
503           option.
504
505           Note -
506
507             This feature is not supported by the smpatch command.
508
509
510       -x [host:port]
511
512           Specifies  the  web proxy. If your system is behind a firewall, use
513           this option to specify your web proxy. Get  the  name  of  the  web
514           proxy and its port from your system administrator or network admin‐
515           istrator.
516
517           Note -
518
519             To specify the web proxy host name and port, use the smpatch  set
520             command  to  set  the patchpro.proxy.host and patchpro.proxy.port
521             parameters, respectively.
522
523

EXAMPLES

525       Example 1 Scheduling Daily Patch Operations in Automatic Mode
526
527         # pprosetup -D
528
529
530
531
532       Schedules smpatch update to run in automatic  mode  daily  at  midnight
533       local time.
534
535
536       Example 2 Scheduling Weekly Patch Operations in Automatic Mode
537
538         # pprosetup -W 0 -s 00:45
539
540
541
542
543       Schedules smpatch update to run in automatic mode every Sunday at 12:45
544       a.m. local time.
545
546
547       Example 3 Scheduling Monthly Patch Operations in Automatic Mode
548
549         # pprosetup -M 15 -s 02:30
550
551
552
553
554       Schedules smpatch update to run in automatic mode on the  15th  day  of
555       every month at 2:30 a.m. local time.
556
557
558       Example 4 Canceling Scheduled Jobs
559
560         # pprosetup -C
561
562
563
564
565       Cancels the scheduled jobs that use the default configuration.
566
567
568       Example 5 Specifying the Patch Policy for Manual Mode
569
570         # pprosetup -i standard:singleuser:reconfigafter:rebootafter
571
572
573
574
575       Specifies  the  policy for applying patches in manual mode. This policy
576       permits you to apply the following types of patches to your  system  in
577       manual mode:
578
579
580           o      Standard patches
581
582           o      Patches that must be applied in single-user mode
583
584           o      Patches  that require that the system undergo a reconfigura‐
585                  tion reboot after they have been applied
586
587           o      Patches that require that the system undergo a reboot  after
588                  they have been applied
589
590       Example 6 Specifying the Patch Policy for Automatic Mode
591
592         # pprosetup -p none
593
594
595
596
597       Specifies that no patches are automatically applied.
598
599
600         # pprosetup -p standard
601
602
603
604
605       Specifies that only standard patches can be downloaded and applied.
606
607
608       Example 7 Specifying an Alternate Download Directory
609
610         # pprosetup -d /export/home/patches
611
612
613
614
615       Specifies  that  patches  are  downloaded  to  the /export/home/patches
616       directory.
617
618
619       Example 8 Specifying an Alternate Sequester Directory
620
621         # pprosetup -q /export/home/patches/sequester
622
623
624
625
626       Specifies   that   sequestered    patches    are    stored    in    the
627       /export/home/patches/sequester directory.
628
629
630       Example 9 Identifying the Hardware on Your System
631
632         # pprosetup -H
633
634
635
636
637       Enables  a  patch  analysis to determine whether your system needs spe‐
638       cific patches based on your hardware configuration. This  command  only
639       helps you identify hardware products from Sun Network Storage.
640
641
642       Example 10 Configuring Your System to Obtain Contract Patches
643
644         # pprosetup -u myuser
645         # echo mypasswd > /opt/SUNWppro/lib/.sunsolvepw
646
647
648
649
650       Enables your contract user, myuser, to obtain the contract patches.
651
652
653
654       Ensure  that the contract user's password is safe by setting the owner,
655       group, and permissions of the .sunsolvepw file to root, sys, and  0600,
656       respectively.
657
658
659       Example 11 Specifying a Web Proxy
660
661         # pprosetup -x webaccess.corp.net.com:8080
662
663
664
665
666       Specifies the host name, webaccess.corp.net.com, and port, 8080, of the
667       web proxy to use.
668
669
670       Example 12 Scheduling Daily Patch Operations  to  Use  the  recommended
671       Configuration
672
673         # pprosetup -c recommended -D -s 23:00
674
675
676
677
678       Schedules  a  daily patch analysis that uses the recommended configura‐
679       tion. You can use the alternate configuration in conjunction with or in
680       place of a full analysis.
681
682
683         # pprosetup -c recommended -C
684
685
686
687
688       Cancels this job that uses the recommended configuration.
689
690
691       Example 13 Modifying the recommended Configuration
692
693         # pprosetup -c recommended -a recommended@local
694
695
696
697
698       Modifies  the  recommended configuration to send email notifications to
699       the recommended@local email alias about each  scheduled  analysis  that
700       uses  the  recommended  cluster.  Any scheduled operation that uses the
701       recommended configuration will send notification to the alias you spec‐
702       ify.
703
704
705       Example 14 Creating a New Configuration
706
707         # pprosetup -c export -d /export/patches
708
709
710
711
712       Creates  a new configuration named export that downloads patches to the
713       /export/patches directory. After executing this command, you can sched‐
714       ule  patch  operations  or  manually  run patch operations that use the
715       export configuration by running  the  pprosetup  or  pprosvc  commands,
716       respectively.
717
718
719         # pprosvc -c export -d
720
721
722
723
724       Downloads  patches  to  the  download directory specified by the export
725       configuration.
726
727

ATTRIBUTES

729       See the attributes(5)  man  page  for  descriptions  of  the  following
730       attributes:
731
732
733
734
735       ┌─────────────────────────────┬─────────────────────────────┐
736       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
737       ├─────────────────────────────┼─────────────────────────────┤
738       │Availability                 │SUNWpprou                    │
739       ├─────────────────────────────┼─────────────────────────────┤
740       │Interface Stability          │Obsolete                     │
741       └─────────────────────────────┴─────────────────────────────┘
742

SEE ALSO

744       crontab(1),    boot(1M),    patchadd(1M),   patchrm(1M),   pprosvc(1M),
745       smpatch(1M), attributes(5)
746
747
748
749SunOS 5.11                        6 Apr 2005                     pprosetup(1M)
Impressum