Automating Solaris patch installations

Solaris 10 now ships with the patchpro suite of utilities, which assist with analyzing and applying Operating System patches. Patchpro makes patch installation super easy, since you are not required to download recommended bundles, or dig through patchdiag information to find the “required” patches. The patchpro smpatch(1m) utility can be run with the analyze option to compare the current set of patches from with what is installed on a server:

$ smpatch analyze

119145-01 SunOS 5.10: usr/snadm/lib Patch
119042-02 SunOS 5.10: patch usr/sbin/svccfg
117463-02 SunOS 5.10: passwdutil Patch
119143-02 SunOS 5.10: patch lib/
118822-01 SunOS 5.10: kernel Patch

If you want decided to download and install each patch listed by the analyze option, you can run smpatch(1m) with the update option:

$ smpatch update

119145-01 has been validated.
119042-02 has been validated.
117463-02 has been validated.
119143-02 has been validated.
118822-01 has been validated.
Installing patches from /var/sadm/spool...
119145-01 has been applied.
119042-02 has been applied.
117463-02 has been applied.
119143-02 has been applied.
118822-01 has been applied.
/var/sadm/spool/patchpro_dnld_2005.04.07@12:25:28:EDT.txt has been moved to /var/sadm/spool/patchproSequester/patchpro_dnld_2005.04.07@12:25:28:EDT.txt

Each smpatch run produces a logfile with notes on required reboots, and additional instructions:

$ cat /var/sadm/spool/patchproSequester/patchpro_dnld_2005.04.07@12:25:28:EDT.txt

This patch bundle was generated by PatchPro.

Please refer to the README file within each patch for installation instructions. To properly patch your system, the following patches should be installed in the listed order:

1) 119145-01
2) 119042-02
3) 117463-02 !!! REBOOT !!!
4) 119143-02 !!! REBOOT !!!
5) 118822-01 !!! REBOOT !!!

If you want to view the smpatch(1m) configuration options, you can run smpatch(1m) with the get option:

$ smpatch get - "" - /var/sadm/spool
patchpro.install.types - rebootafter:reconfigafter:standard
patchpro.patch.source -
patchpro.patchset - patchdb - ""
patchpro.proxy.passwd - ""
patchpro.proxy.port - 8080
patchpro.proxy.user - ""
patchpro.sun.passwd - ""
patchpro.sun.user - ""

smpatch(1m) contains a several options in addition to “analyze,” “update” and “get.” The “add” option allows individual patches to be installed, “remove” backs out patches from a system, “download” grabs a patch from “patchpro.patch.source,” and “set and “unset” are used to configure smpatch(1m).

This article was posted by Matty on 2005-04-01 22:26:00 -0400 -0400