Performing a Solaris 11 patch analysis
To perform patch analysis for Solaris 11 servers, you create and run an NSH Script Job from the provided Solaris 11 Patching script.
Before you begin
Ensure that you have installed the scripts for the Solaris 11 patching solution, as described in Installing the script-based patching solution for Solaris 11.
To perform patch analysis, the role running the job must be mapped to root on the helper or target. This is typically achieved by granting mappings through RBAC and pushing ACLs. For more information, see Controlling server access with agent ACLs.
Before running patch analysis jobs, you must map the publishers (which you specify through a job parameter) with the Solaris 11 patch repositories that they represent. Perform the following steps:
- On the Application Server host computer, browse to the Solaris11_Script-<version>/Script folder that you from the BSA-SOL11-Patch-Solution-<version>.zip package (during installation), and locate the solaris11.cfg file within it.
- Open the solaris11.cfg file and edit it. Include one line for each publisher that you want to map to a repository.
Each line has the following syntax:
<publisher name>=file:///net/<name or IP of repository server>/<repository location on the server>
For example (two publishers):
To create an NSH Script Job for Solaris 11 patch analysis
- In the TrueSight Server Automation Console, browse to Depot > Solaris11 Patching Solution > Script.
- Right-click the Solaris 11 Patching script, and select NSH Script Job.
The New NSH Script Job wizard opens.
- In the New NSH Script Job wizard, configure the job through the various panels. Use the following steps to perform the most basic configuration for this job.
- On the General panel, define a name for the job and specify a location in the Jobs folder in which to save the job.
- On the Targets panel, choose the servers where the job should run.
On the Parameters panel, adjust the values of the editable script parameters:
Parameter Flag Description Default value Depot Workspace -D
Path to subfolder within the Depot folder, in which to save objects (custom software and BLPackages) required during deployment of missing patches. If the folder does not already exist, it will be created during patch analysis.
/Solaris11 Patching Solution Job Workspace -J
Path to subfolder within the Jobs folder, in which to save deploy jobs and batch jobs that are created during the deployment of missing patches. If the folder does not already exist, it will be created during patch analysis.
/Solaris11 Patching Solution Debug Mode -d
Whether or not to turn on debugging during the patching process. One of the following values:
- 0 — non-debug mode
- 1 — debug mode
0 Script Mode -m Whether to perform analysis or packaging, or both. If you choose to perform only packaging, ensure that analysis was performed previously. Specify one of the following values:
- a — analysis only
- p — packaging only
- ap — both analysis and packaging
a Script Location -l
Full NSH path to the Solaris11_Script-<version>/Scripts directory. You extracted this directory when you prepared to install the Solaris 11 patching solution package.
Detected automatically. Example path:
Analysis Mode -a Mode of analysis, one of the following:
- update — analyze only for updates available for installed IPS packages on a target server
- install — analyze for installation of specific IPS packages (as specified by the Analysis Filter) and their dependencies on the target server
update Publisher Name -p Names of the publishers of the Solaris patches.
Each of these publishers represents a Solaris 11 patch repository on an IPS server. Ensure that you have already mapped the publishers to their corresponding repositories.
solaris,solaris2 Analysis Filter -f
Specific IPS packages to do analysis against, specified in FMRI format. Use the space character as the delimiter to separate multiple packages. The maximum supported length for this string is 255 characters.
If you set the Analysis Mode to install, you must enter at least one package.
For update mode, you can choose no filters, by setting a blank value.
Analyzer Timeout -o
The amount of time (in seconds) to allow before the internal deploy job for patching analysis times out.
Note: This internal deploy job runs on target servers during patch analysis, but it does not deploy patches to the target servers.
For no timeout, set the value to 0.
0 Auto Execute Deploy Job -x
Whether to execute the patch deploy job immediately after the packaging phase is complete — either 0(no) or 1(yes).
- On the Schedules panel, schedule the execution of the job (either immediately or at a later time).
- When you finish all relevant job configuration on the remaining panels (Default Notifications, Properties, and Permissions), click Finish.
Where to go from here
After the job runs, you can view a summary of the most recent patch analysis results on each target server through a Live Browse of the Solaris 11 Analysis Results extended object. This summary is obtained from the patch analysis job log.
To troubleshoot issues that might arise during patch analysis, see Troubleshooting Patch Management for Solaris 11.