pprosetup(1M) System Administration Commands pprosetup(1M)NAMEpprosetup - setup program for Patch Manager
SYNOPSIS
/usr/sbin/pprosetup [-a admin-email-addr] [-b backout-dir]
[-c config-name] [-C] [-d patch-dir]
[ [-D | -M day-of-month | -W day-of-week] [-s hh:mm]]
[-h] [-H] [-i [none | patch-property-list]] [-L]
[-p [none | standard]] [-P patch-source-url]
[-q sequester-dir] [-u user-name]
[-U proxy-user-name] [-x [host:port]]
DESCRIPTION
Note -
This command is deprecated. Use the smpatch set, smpatch unset, and
smpatch get commands instead. See the smpatch(1M) man page.
Use the pprosetup command, as superuser, to configure your patch man‐
agement environment by doing the following:
o Scheduling the patch operations
o Setting a patch policy
o Specifying patch directories
o Specifying the hardware on the system
o Specifying alternate configurations
Scheduling the Patch Operations
Schedule the automatic synchronization of patches with Sun's patch
base. This scheduling makes the pprosvc command run in automatic mode.
This mode is set up by using the cron interface. Use the -C, -D, -M,
-s, and -W options to perform the scheduling tasks.
If you do not want to schedule patch operations, you can run the
pprosvc and smpatch commands in manual mode, which means running the
tool from the command line.
Note that midnight is represented as 00:00.
Note -
The smpatch command does not directly support this mechanism for
scheduling patch operations. You can set up a schedule by using cron
to run smpatch in local mode. See the smpatch(1M) man page.
Setting a Patch Policy
Patches are classified as being standard or nonstandard. A standard
patch can be applied by pprosvc in automatic mode. Such a patch is
associated with the standard patch property. A nonstandard patch is one
that has one of the following characteristics:
o A patch that is associated with the rebootafter, rebootimme‐
diate, reconfigafter, reconfigimmediate, or singleuser prop‐
erties. This nonstandard patch can be applied by running the
pprosvc command or the smpatch command in manual mode.
o A patch that is associated with the interactive property.
Such a patch cannot be applied by using the smpatch command.
Use pprosetup to schedule patch operations to run in automatic mode.
Patches are applied based on the policy, which you can set by running
pprosetup.
Use pprosetup-p to specify the types of patches to apply in automatic
mode. You can set a policy to apply no patches (none) or standard
patches (standard).
Use pprosetup-i to specify the types of patches to apply in manual
mode. Such patches might include those that require a reboot and those
that must be applied while the system is in single-user mode. Specify
the types of patches that can be applied by using the following com‐
mand:
# pprosetup-i patch-property-list
patch-property-list is a colon-separated list of one or more of the
following patch properties:
interactive A patch that cannot be applied by running the
usual patch management tools (pprosvc, smpatch, or
patchadd). Before this patch is applied, the user
must perform special actions. Such actions might
include checking the serial number of a disk
drive, stopping a critical daemon, or reading the
patch's README file.
rebootafter The effects of this patch are not visible until
after the system is rebooted.
rebootimmediate When this patch is applied, the system becomes
unstable until the system is rebooted. An unstable
system is one in which the behavior is unpre‐
dictable and data might be lost.
reconfigafter The effects of this patch are not visible until
after a reconfiguration reboot (boot -r). See the
boot(1M) man page.
reconfigimmediate When this patch is applied, the system becomes
unstable until the system gets a reconfiguration
reboot (boot -r). An unstable system is one in
which the behavior is unpredictable and data might
be lost.
singleuser Do not apply this patch while the system is in
multiuser mode. You must apply this patch on a
quiet system with no network traffic and with
extremely restricted I/O activity.
standard This patch can be applied while the system is in
multiuser mode. The effects of the patch are visi‐
ble as soon as it is applied unless the applica‐
tion being patched is running while the patch is
applied. In this case, the effects of the patch
are visible after the affected application is
restarted.
Note -
The smpatch command only supports the patch policy for manual mode.
Specifying Patch Directories
Use the following options to specify the directories in which to store
patch-related data:
o Use the -b option to specify the directory in which to store
backout data. During a patch backout operation, the data is
retrieved from this directory to restore the system to its
state prior to applying the patch.
o Use the -d option to specify the download directory in which
to store patches that are downloaded from the Sun patch
server. This directory is also the location from which
patches are applied.
o Use the -q option to specify the directory in which to store
patches that cannot be applied automatically. Such patches
are called sequestered patches.
Note -
The sequester directory is not used by the smpatch command.
Specifying the Hardware on the System
Use the -H option to run a program that helps you determine the hard‐
ware that is attached to the host system, such as firmware, disk array
systems, and tape storage systems.
Use this option to select the hardware that applies to this system.
Select the sequence number of the specific hardware. A confirmation
page lists the selections.
Save the specified hardware configuration information to a file. Then,
the system responds by performing the appropriate actions.
Note -
The smpatch command does not support this feature for specifying
hardware on your system.
Specifying Alternate Configurations
The pprosetup command uses a configuration file to specify the collec‐
tion of patches with which to perform patch operations. By default, all
of the patches from the Sun patch server are available for patch opera‐
tions.
The -c option enables you to specify an alternate configuration.
Sun currently provides one alternate configuration, which is called the
recommended configuration. This configuration includes only those
patches that have been declared significant. Such patches include secu‐
rity patches and patches that address known performance and availabil‐
ity problems.
You can use the -c recommended option when you schedule patch opera‐
tions. For example, the following command schedules monthly patch oper‐
ations that use the recommended configuration:
# pprosetup-c recommended -M 15 -s 23:30
To cancel a schedule that uses the recommended configuration, type:
# pprosetup-c recommended -C
You are permitted to modify the recommended configuration by using the
-c option. See EXAMPLES.
Note -
The smpatch command does not support this feature for specifying
alternate configurations.
OPTIONS
The following options are supported:
-a admin-email-addr
Is the email address of the patch administrator. Email notification
is sent to describe the patches downloaded, the patches applied,
and any error events that occurred when running the pprosvc -i -n
command.
Note -
This option does not affect the smpatch command.
-b backout-dir
Stores backout data in the specified directory.
The backout data is used whenever you use the patchrm command to
remove a patch that has already been applied to your system. The
data is used to restore a system to the state it was in before you
applied a particular patch. Since backout data might be quite
large, store the data in a large partition that holds large transi‐
tory data. Such a partition might be /var.
If you do not specify the -b option, the backout data is stored in
the default locations used by patchadd. These locations are the
save directories of the packages that were modified by the patch.
For example, if a patch modifies the SUNWcsr package, the backout
data for that package is stored in the /var/sadm/pkg/SUNWcsr/save
directory.
To specify the backout directory, use the smpatch set command to
set the patchpro.backout.directory parameter.
Note -
The root file system of any non-global zones must not be refer‐
enced with the -b option. Doing so might damage the global zone's
file system, might compromise the security of the global zone,
and might damage the non-global zone's file system. See zones(5).
-C
Clears the existing patch service schedule.
Note -
This feature is not supported by the smpatch command.
-c config-name
Uses the config-name configuration for patch operations. When this
option is included in any pprosetup command, the entire command
applies to the specified configuration.
Note -
This feature is not supported by the smpatch command.
-d patch-dir
Is the directory in which to download the patches that are appro‐
priate for this host system. This directory is also the location
from which patches are applied. By default, the download directory
is /var/sadm/spool.
Note -
To specify the download directory, use the smpatch set command to
set the patchpro.download.directory parameter.
-D
Schedules the automatic analysis, download, and optional applica‐
tion of patches on a daily basis. This option is equivalent to exe‐
cuting the pprosvc -i-n command on a daily basis. See the
crontab(1) man page.
The policy defined by the -p option determines whether no patches
(pprosetup -p none) are applied or whether standard patches (ppros‐
etup -p standard) are applied. By default, no patches are applied.
This option is mutually exclusive with the -M option and the -W
option.
Note -
This feature is not supported by the smpatch command.
-h
Displays information about command-line options.
-H
Establishes a dialog with the user to determine what hardware is
attached to the host system.
Note -
This feature is not supported by the smpatch command.
-i [none | patch-property-list]
Specifies the policy for applying patches in manual mode.
No patches are applied when none is specified. patch-property-list
is a colon-separated list of one or more of the following patch
properties: interactive, rebootafter, rebootimmediate, reconfi‐
gafter, reconfigimmediate, singleuser, and standard. See Setting a
Patch Policy.
Note -
To specify the patch policy, use the smpatch set command to set
the patchpro.install.types parameter.
-L
Displays the configuration parameter settings of your patch manage‐
ment environment.
This option is mutually exclusive with the other options.
Note -
To view the configuration parameter settings, use the smpatch get
command.
-M day-of-month
Schedules the automatic analysis, download, and optional applica‐
tion of patches on a monthly basis.
The policy defined by the -p option determines whether no patches
(pprosetup -p none) are applied or whether standard patches (ppros‐
etup -p standard) are applied. By default, no patches are applied.
day-of-month is a numerical value from 1-28, which represents the
day of the month. Note that the values 29, 30, and 31 are invalid.
See the crontab(1) man page.
This option is mutually exclusive with the -D option and the -W
option.
Note -
This feature is not supported by the smpatch command.
-p [none | standard]
Specifies the policy for applying patches in automatic mode.
No patches are applied when none, the default, is specified.
When standard is specified, only standard patches are applied.
Note -
This feature is not supported by the smpatch command.
-P patch-source-url
Is the URL that points to the collection of patches. The default is
the Sun patch server, which has the following URL:
https://updateserver.sun.com/solaris/
Note -
To specify the URL that points to the collection of patches, use
the smpatch set command to set the patchpro.patch.source parame‐
ter.
-q sequester-dir
Is the directory in which patches are moved if they cannot be auto‐
matically applied. By default, the sequester directory is
/var/sadm/spool/patchproSequester.
Note -
The sequester directory is not used by the smpatch command.
-s hh:mm
Optionally sets the time of day to perform patch operations, which
by default, is midnight local time.
hh is a value from 00-23, which specifies the hour. mm is a value
from 00-59, which specifies the minute.
Use this option with the -D, -M, and -W options.
Note -
This feature is not supported by the smpatch command.
-u user-name
Is the user name with which to obtain contract patches from Sun.
Store the corresponding SunSpectrum user's password in the
lib/.sunsolvepw file. If PatchPro is installed in the default loca‐
tion, this file is in the /opt/SUNWppro directory.
Keep the password safe by setting the owner, group, and permissions
to root, sys, and 0600, respectively.
Note -
This file method of supplying passwords is no longer supported.
Note -
To specify this user, use the smpatch set command to set the
patchpro.sun.user parameter. Also, specify this user's password
by setting the patchpro.sun.passwd parameter.
-U proxy-user-name
Is the user name required for authentication of the web proxy, if
applicable.
Store the corresponding user's password in the lib/.proxypw file.
If PatchPro is installed in the default location, this file is in
the /opt/SUNWppro directory.
Keep the password safe by setting the owner, group, and permissions
to root, sys, and 0600, respectively.
Note -
This file method of supplying passwords is no longer supported.
Note -
To specify this user, use the smpatch set command to set the
patchpro.proxy.user parameter. Also, specify this user's password
by setting the patchpro.proxy.passwd parameter.
-W day-of-week
Schedules the automatic analysis, download, and optional applica‐
tion of patches on a weekly basis.
day-of-week is a numerical value from 0-6, which represents the day
of the week. 0 represents Sunday. See the crontab(1) man page.
The policy defined by the -p option determines whether no patches
(pprosetup -p none) are applied or whether standard patches (ppros‐
etup -p standard) are applied. By default, no patches are applied.
This option is mutually exclusive with the -D option and the -M
option.
Note -
This feature is not supported by the smpatch command.
-x [host:port]
Specifies the web proxy. If your system is behind a firewall, use
this option to specify your web proxy. Get the name of the web
proxy and its port from your system administrator or network admin‐
istrator.
Note -
To specify the web proxy host name and port, use the smpatch set
command to set the patchpro.proxy.host and patchpro.proxy.port
parameters, respectively.
EXAMPLES
Example 1 Scheduling Daily Patch Operations in Automatic Mode
# pprosetup-D
Schedules smpatch update to run in automatic mode daily at midnight
local time.
Example 2 Scheduling Weekly Patch Operations in Automatic Mode
# pprosetup-W 0 -s 00:45
Schedules smpatch update to run in automatic mode every Sunday at 12:45
a.m. local time.
Example 3 Scheduling Monthly Patch Operations in Automatic Mode
# pprosetup-M 15 -s 02:30
Schedules smpatch update to run in automatic mode on the 15th day of
every month at 2:30 a.m. local time.
Example 4 Canceling Scheduled Jobs
# pprosetup-C
Cancels the scheduled jobs that use the default configuration.
Example 5 Specifying the Patch Policy for Manual Mode
# pprosetup-i standard:singleuser:reconfigafter:rebootafter
Specifies the policy for applying patches in manual mode. This policy
permits you to apply the following types of patches to your system in
manual mode:
o Standard patches
o Patches that must be applied in single-user mode
o Patches that require that the system undergo a reconfigura‐
tion reboot after they have been applied
o Patches that require that the system undergo a reboot after
they have been applied
Example 6 Specifying the Patch Policy for Automatic Mode
# pprosetup-p none
Specifies that no patches are automatically applied.
# pprosetup-p standard
Specifies that only standard patches can be downloaded and applied.
Example 7 Specifying an Alternate Download Directory
# pprosetup-d /export/home/patches
Specifies that patches are downloaded to the /export/home/patches
directory.
Example 8 Specifying an Alternate Sequester Directory
# pprosetup-q /export/home/patches/sequester
Specifies that sequestered patches are stored in the
/export/home/patches/sequester directory.
Example 9 Identifying the Hardware on Your System
# pprosetup-H
Enables a patch analysis to determine whether your system needs spe‐
cific patches based on your hardware configuration. This command only
helps you identify hardware products from Sun Network Storage.
Example 10 Configuring Your System to Obtain Contract Patches
# pprosetup-u myuser
# echo mypasswd > /opt/SUNWppro/lib/.sunsolvepw
Enables your contract user, myuser, to obtain the contract patches.
Ensure that the contract user's password is safe by setting the owner,
group, and permissions of the .sunsolvepw file to root, sys, and 0600,
respectively.
Example 11 Specifying a Web Proxy
# pprosetup-x webaccess.corp.net.com:8080
Specifies the host name, webaccess.corp.net.com, and port, 8080, of the
web proxy to use.
Example 12 Scheduling Daily Patch Operations to Use the recommended
Configuration
# pprosetup-c recommended -D -s 23:00
Schedules a daily patch analysis that uses the recommended configura‐
tion. You can use the alternate configuration in conjunction with or in
place of a full analysis.
# pprosetup-c recommended -C
Cancels this job that uses the recommended configuration.
Example 13 Modifying the recommended Configuration
# pprosetup-c recommended -a recommended@local
Modifies the recommended configuration to send email notifications to
the recommended@local email alias about each scheduled analysis that
uses the recommended cluster. Any scheduled operation that uses the
recommended configuration will send notification to the alias you spec‐
ify.
Example 14 Creating a New Configuration
# pprosetup-c export -d /export/patches
Creates a new configuration named export that downloads patches to the
/export/patches directory. After executing this command, you can sched‐
ule patch operations or manually run patch operations that use the
export configuration by running the pprosetup or pprosvc commands,
respectively.
# pprosvc -c export -d
Downloads patches to the download directory specified by the export
configuration.
ATTRIBUTES
See the attributes(5) man page for descriptions of the following
attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Availability │SUNWppro │
├─────────────────────────────┼─────────────────────────────┤
│Interface Stability │Obsolete │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSOcrontab(1), boot(1M), patchadd(1M), patchrm(1M), pprosvc(1M),
smpatch(1M), attributes(5)SunOS 5.11 6 Apr 2005 pprosetup(1M)