pprosetup(1M) System Administration Commands pprosetup(1M)NAMEpprosetup - setup program for Patch Manager
SYNOPSIS
/usr/sbin/pprosetup [-a admin-email-addr] [-b backout-dir] [-c config-
name] [-C] [-d patch-dir] [ [-D | -M day-of-month | -W day-of-week] [-s
hh:mm]] [-h] [-H] [-i [none | patch-property-list]] [-L] [-p [none |
standard]] [-P patch-source-url] [-q sequester-dir] [-u user-name] [-U
proxy-user-name] [-x [host:port]]
DESCRIPTION
Note - This command is deprecated. Use the smpatch set, smpatch unset,
and smpatch get commands instead. See the smpatch(1M) man page.
Use the pprosetup command, as superuser, to configure your patch man‐
agement environment by doing the following:
· Scheduling the patch operations
· Setting a patch policy
· Specifying patch directories
· Specifying the hardware on the system
· Specifying alternate configurations
Scheduling the Patch Operations
Schedule the automatic synchronization of patches with Sun's patch
base. This scheduling makes the pprosvc command run in automatic mode.
This mode is set up by using the cron interface. Use the -C, -D, -M,
-s, and -W options to perform the scheduling tasks.
If you do not want to schedule patch operations, you can run the
pprosvc and smpatch commands in manual mode, which means running the
tool from the command line.
Note that midnight is represented as 00:00.
Note - The smpatch command does not directly support this mechanism
for scheduling patch operations. You can set up a schedule by
using cron to run smpatch in local mode. See the smpatch(1M)
man page.
Setting a Patch Policy
Patches are classified as being standard or nonstandard. A standard
patch can be applied by pprosvc in automatic mode. Such a patch is
associated with the standard patch property. A nonstandard patch is one
that has one of the following characteristics:
· A patch that is associated with the rebootafter, rebootimmediate,
reconfigafter, reconfigimmediate, or singleuser properties. This
nonstandard patch can be applied by running the pprosvc command or
the smpatch command in manual mode.
· A patch that is associated with the interactive property. Such a
patch cannot be applied by using the smpatch command.
Use pprosetup to schedule patch operations to run in automatic mode.
Patches are applied based on the policy, which you can set by running
pprosetup.
Use pprosetup-p to specify the types of patches to apply in automatic
mode. You can set a policy to apply no patches (none) or standard
patches (standard).
Use pprosetup-i to specify the types of patches to apply in manual
mode. Such patches might include those that require a reboot and those
that must be applied while the system is in single-user mode. Specify
the types of patches that can be applied by using the following com‐
mand:
# pprosetup-i patch-property-list
patch-property-list is a colon-separated list of one or more of the
following patch properties:
interactive A patch that cannot be applied by running the
usual patch management tools (pprosvc, smpatch,
or patchadd). Before this patch is applied, the
user must perform special actions. Such
actions might include checking the serial num‐
ber of a disk drive, stopping a critical dae‐
mon, or reading the patch's README file.
rebootafter The effects of this patch are not visible until
after the system is rebooted.
rebootimmediate When this patch is applied, the system becomes
unstable until the system is rebooted. An
unstable system is one in which the behavior is
unpredictable and data might be lost.
reconfigafter The effects of this patch are not visible until
after a reconfiguration reboot (boot -r). See
the boot(1M) man page.
reconfigimmediate When this patch is applied, the system becomes
unstable until the system gets a reconfigura‐
tion reboot (boot -r). An unstable system is
one in which the behavior is unpredictable and
data might be lost.
singleuser Do not apply this patch while the system is in
multiuser mode. You must apply this patch on a
quiet system with no network traffic and with
extremely restricted I/O activity.
standard This patch can be applied while the system is
in multiuser mode. The effects of the patch are
visible as soon as it is applied unless the
application being patched is running while the
patch is applied. In this case, the effects of
the patch are visible after the affected appli‐
cation is restarted.
Note - The smpatch command only supports the patch policy for manual
mode.
Specifying Patch Directories
Use the following options to specify the directories in which to store
patch-related data:
· Use the -b option to specify the directory in which to store back‐
out data. During a patch backout operation, the data is retrieved
from this directory to restore the system to its state prior to
applying the patch.
· Use the -d option to specify the download directory in which to
store patches that are downloaded from the Sun patch server. This
directory is also the location from which patches are applied.
· Use the -q option to specify the directory in which to store
patches that cannot be applied automatically. Such patches are
called sequestered patches.
Note - The sequester directory is not used by the smpatch com‐
mand.
Specifying the Hardware on the System
Use the -H option to run a program that helps you determine the hard‐
ware that is attached to the host system, such as firmware, disk array
systems, and tape storage systems.
Use this option to select the hardware that applies to this system.
Select the sequence number of the specific hardware. A confirmation
page lists the selections.
Save the specified hardware configuration information to a file. Then,
the system responds by performing the appropriate actions.
Note - The smpatch command does not support this feature for specify‐
ing hardware on your system.
Specifying Alternate Configurations
The pprosetup command uses a configuration file to specify the collec‐
tion of patches with which to perform patch operations. By default, all
of the patches from the Sun patch server are available for patch opera‐
tions.
The -c option enables you to specify an alternate configuration.
Sun currently provides one alternate configuration, which is called the
recommended configuration. This configuration includes only those
patches that have been declared significant. Such patches include secu‐
rity patches and patches that address known performance and availabil‐
ity problems.
You can use the -c recommended option when you schedule patch opera‐
tions. For example, the following command schedules monthly patch oper‐
ations that use the recommended configuration:
# pprosetup-c recommended -M 15 -s 23:30
To cancel a schedule that uses the recommended configuration, type:
# pprosetup-c recommended -C
You are permitted to modify the recommended configuration by using the
-c option. See EXAMPLES.
Note - The smpatch command does not support this feature for specify‐
ing alternate configurations.
OPTIONS
The following options are supported:
-a admin-email-addr Is the email address of the patch administra‐
tor. Email notification is sent to describe the
patches downloaded, the patches applied, and
any error events that occurred when running the
pprosvc -i -n command.
Note - This option does not affect the smpatch
command.
-b backout-dir Stores backout data in the specified directory.
The backout data is used whenever you use the
patchrm command to remove a patch that has
already been applied to your system. The data
is used to restore a system to the state it was
in before you applied a particular patch. Since
backout data might be quite large, store the
data in a large partition that holds large
transitory data. Such a partition might be
/var.
If you do not specify the -b option, the back‐
out data is stored in the default locations
used by patchadd. These locations are the save
directories of the packages that were modified
by the patch. For example, if a patch modifies
the SUNWcsr package, the backout data for that
package is stored in the /var/sadm/pkg/SUN‐
Wcsr/save directory.
To specify the backout directory, use the
smpatch set command to set the patchpro.back‐
out.directory parameter.
Note - The root file system of any non-global
zones must not be referenced with the
-b option. Doing so might damage the
global zone's file system, might com‐
promise the security of the global
zone, and might damage the non-global
zone's file system. See zones(5).
-C Clears the existing patch service schedule.
Note - This feature is not supported by the
smpatch command.
-c config-name Uses the config-name configuration for patch
operations. When this option is included in any
pprosetup command, the entire command applies
to the specified configuration.
Note - This feature is not supported by the
smpatch command.
-d patch-dir Is the directory in which to download the
patches that are appropriate for this host sys‐
tem. This directory is also the location from
which patches are applied. By default, the
download directory is /var/sadm/spool.
Note - To specify the download directory, use
the smpatch set command to set the
patchpro.download.directory parameter.
-D Schedules the automatic analysis, download, and
optional application of patches on a daily
basis. This option is equivalent to executing
the pprosvc -i -n command on a daily basis. See
the crontab(1) man page.
The policy defined by the -p option determines
whether no patches (pprosetup -p none) are
applied or whether standard patches (pprosetup
-p standard) are applied. By default, no
patches are applied.
This option is mutually exclusive with the -M
option and the -W option.
Note - This feature is not supported by the
smpatch command.
-h Displays information about command-line
options.
-H Establishes a dialog with the user to determine
what hardware is attached to the host system.
Note - This feature is not supported by the
smpatch command.
-i [none | patch-propertSpecifies the policy for applying patches in
manual mode.
No patches are applied when none is specified.
patch-property-list is a colon-separated list
of one or more of the following patch proper‐
ties: interactive, rebootafter, rebootimmedi‐
ate, reconfigafter, reconfigimmediate, sin‐
gleuser, and standard. See Setting a Patch Pol‐
icy.
Note - To specify the patch policy, use the
smpatch set command to set the patch‐
pro.install.types parameter.
-L Displays the configuration parameter settings
of your patch management environment.
This option is mutually exclusive with the
other options.
Note - To view the configuration parameter
settings, use the smpatch get command.
-M day-of-month Schedules the automatic analysis, download, and
optional application of patches on a monthly
basis.
The policy defined by the -p option determines
whether no patches (pprosetup -p none) are
applied or whether standard patches (pprosetup
-p standard) are applied. By default, no
patches are applied.
day-of-month is a numerical value from 1-28,
which represents the day of the month. Note
that the values 29, 30, and 31 are invalid. See
the crontab(1) man page.
This option is mutually exclusive with the -D
option and the -W option.
Note - This feature is not supported by the
smpatch command.
-p [none | standard] Specifies the policy for applying patches in
automatic mode.
No patches are applied when none, the default,
is specified.
When standard is specified, only standard
patches are applied.
Note - This feature is not supported by the
smpatch command.
-P patch-source-url Is the URL that points to the collection of
patches. The default is the Sun patch server,
which has the following URL:
https://updateserver.sun.com/solaris/
Note - To specify the URL that points to the
collection of patches, use the smpatch
set command to set the patch‐
pro.patch.source parameter.
-q sequester-dir Is the directory in which patches are moved if
they cannot be automatically applied. By
default, the sequester directory is
/var/sadm/spool/patchproSequester.
Note - The sequester directory is not used by
the smpatch command.
-s hh:mm Optionally sets the time of day to perform
patch operations, which by default, is midnight
local time.
hh is a value from 00-23, which specifies the
hour. mm is a value from 00-59, which specifies
the minute.
Use this option with the -D, -M, and -W
options.
Note - This feature is not supported by the
smpatch command.
-u user-name Is the user name with which to obtain contract
patches from Sun.
Store the corresponding SunSpectrum user's
password in the lib/.sunsolvepw file. If Patch‐
Pro is installed in the default location, this
file is in the /opt/SUNWppro directory.
Keep the password safe by setting the owner,
group, and permissions to root, sys, and 0600,
respectively.
Note - This file method of supplying passwords
is no longer supported.
Note - To specify this user, use the smpatch
set command to set the patch‐
pro.sun.user parameter. Also, specify
this user's password by setting the
patchpro.sun.passwd parameter.
-U proxy-user-name Is the user name required for authentication of
the web proxy, if applicable.
Store the corresponding user's password in the
lib/.proxypw file. If PatchPro is installed in
the default location, this file is in the
/opt/SUNWppro directory.
Keep the password safe by setting the owner,
group, and permissions to root, sys, and 0600,
respectively.
Note - This file method of supplying passwords
is no longer supported.
Note - To specify this user, use the smpatch
set command to set the patch‐
pro.proxy.user parameter. Also, specify
this user's password by setting the
patchpro.proxy.passwd parameter.
-W day-of-week Schedules the automatic analysis, download, and
optional application of patches on a weekly
basis.
day-of-week is a numerical value from 0-6,
which represents the day of the week. 0 repre‐
sents Sunday. See the crontab(1) man page.
The policy defined by the -p option determines
whether no patches (pprosetup -p none) are
applied or whether standard patches (pprosetup
-p standard) are applied. By default, no
patches are applied.
This option is mutually exclusive with the -D
option and the -M option.
Note - This feature is not supported by the
smpatch command.
-x [host:port] Specifies the web proxy. If your system is
behind a firewall, use this option to specify
your web proxy. Get the name of the web proxy
and its port from your system administrator or
network administrator.
Note - To specify the web proxy host name and
port, use the smpatch set command to
set the patchpro.proxy.host and patch‐
pro.proxy.port parameters, respec‐
tively.
EXAMPLES
Example 1: Scheduling Daily Patch Operations in Automatic Mode
# pprosetup-D
Schedules smpatch update to run in automatic mode daily at midnight
local time.
Example 2: Scheduling Weekly Patch Operations in Automatic Mode
# pprosetup-W 0 -s 00:45
Schedules smpatch update to run in automatic mode every Sunday at 12:45
a.m. local time.
Example 3: Scheduling Monthly Patch Operations in Automatic Mode
# pprosetup-M 15 -s 02:30
Schedules smpatch update to run in automatic mode on the 15th day of
every month at 2:30 a.m. local time.
Example 4: Canceling Scheduled Jobs
# pprosetup-C
Cancels the scheduled jobs that use the default configuration.
Example 5: Specifying the Patch Policy for Manual Mode
# pprosetup-i standard:singleuser:reconfigafter:rebootafter
Specifies the policy for applying patches in manual mode. This policy
permits you to apply the following types of patches to your system in
manual mode:
· Standard patches
· Patches that must be applied in single-user mode
· Patches that require that the system undergo a reconfiguration
reboot after they have been applied
· Patches that require that the system undergo a reboot after they
have been applied
Example 6: Specifying the Patch Policy for Automatic Mode
# pprosetup-p none
Specifies that no patches are automatically applied.
# pprosetup-p standard
Specifies that only standard patches can be downloaded and applied.
Example 7: Specifying an Alternate Download Directory
# pprosetup-d /export/home/patches
Specifies that patches are downloaded to the /export/home/patches
directory.
Example 8: Specifying an Alternate Sequester Directory
# pprosetup-q /export/home/patches/sequester
Specifies that sequestered patches are stored in the
/export/home/patches/sequester directory.
Example 9: Identifying the Hardware on Your System
# pprosetup-H
Enables a patch analysis to determine whether your system needs spe‐
cific patches based on your hardware configuration. This command only
helps you identify hardware products from Sun Network Storage.
Example 10: Configuring Your System to Obtain Contract Patches
# pprosetup-u myuser
# echo mypasswd > /opt/SUNWppro/lib/.sunsolvepw
Enables your contract user, myuser, to obtain the contract patches.
Ensure that the contract user's password is safe by setting the owner,
group, and permissions of the .sunsolvepw file to root, sys, and 0600,
respectively.
Example 11: Specifying a Web Proxy
# pprosetup-x webaccess.corp.net.com:8080
Specifies the host name, webaccess.corp.net.com, and port, 8080, of the
web proxy to use.
Example 12: Scheduling Daily Patch Operations to Use the recommended
Configuration
# pprosetup-c recommended -D -s 23:00
Schedules a daily patch analysis that uses the recommended configura‐
tion. You can use the alternate configuration in conjunction with or in
place of a full analysis.
# pprosetup-c recommended -C
Cancels this job that uses the recommended configuration.
Example 13: Modifying the recommended Configuration
# pprosetup-c recommended -a recommended@local
Modifies the recommended configuration to send email notifications to
the recommended@local email alias about each scheduled analysis that
uses the recommended cluster. Any scheduled operation that uses the
recommended configuration will send notification to the alias you spec‐
ify.
Example 14: Creating a New Configuration
# pprosetup-c export -d /export/patches
Creates a new configuration named export that downloads patches to the
/export/patches directory. After executing this command, you can sched‐
ule patch operations or manually run patch operations that use the
export configuration by running the pprosetup or pprosvc commands,
respectively.
# pprosvc -c export -d
Downloads patches to the download directory specified by the export
configuration.
ATTRIBUTES
See the attributes(5) man page for descriptions of the following
attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Availability │SUNWpprou │
├─────────────────────────────┼─────────────────────────────┤
│Interface Stability │Obsolete │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSOcrontab(1), boot(1M), patchadd(1M), patchrm(1M), pprosvc(1M),
smpatch(1M), attributes(5)SunOS 5.10 6 Apr 2005 pprosetup(1M)