Walkthrough: Performing Solaris 11 patch analysis
This topic walks you through the process of setting up and using the Solaris 11 Patch Analysis solution. It includes the following sections:
- Introduction
- What does this walkthrough show?
- What do I need to do before I get started?
- How to create or update a repository on an IPS server
- How to perform patch analysis on Solaris 11
- Wrapping it up
- How to videos
Introduction
This topic is intended for system administrators. The goal of this topic is to demonstrate how to perform patch analysis and remediation for Oracle Solaris 11 systems using TrueSight Server Automation. In the example shown here, we are analyzing our Solaris 11 systems for outdated Image Packaging System (IPS) packages, and then deploying the packages to the target servers where they were detected as outdated. For more information about this process, see How-to-perform-script-based-patch-analysis-for-Solaris-11.
Patch analysis for Solaris 11 differs in TrueSight Server Automation from patch analysis for earlier versions of Solaris, due to changes introduced by Oracle into version 11 of the Solaris operating system. For patch analysis of Solaris 11 systems, you use out-of-the-box NSH scripts provided with TrueSight Server Automation.
What does this walkthrough show?
This walkthrough shows how to use the Solaris 11 patching solution to update the patch repository and then to perform patch analysis to identify and update any outdated IPS packages on a group of two Solaris 11 systems.
The Patch Analysis Job in this walkthrough:
- Is based on a patch repository that you set up on an Oracle Solaris 11 IPS server.
- Uses Update mode to identify outdated IPS packages.
- Optionally packages and deploys the outdated packages, to remediate the targets identified in the patch analysis.
- Sets up notifications for the administrator in charge of Solaris 11 patching.
- Runs on a recurring schedule to obtain the latest patches.
The walkthrough also shows how to view a summary of the most recent patch analysis results for Solaris 11 systems through Live Browse.
What do I need to do before I get started?
- You must have already installed the scripts for the Solaris 11 patching solution, as described in Installing the script-based patching solution for Solaris 11.
- For this walkthrough, you need various authorizations. You can log in and perform these tasks as BLAdmin, the TrueSight Server Automation superuser, but BMC recommends a more restrictive approach to granting authorizations. Ideally, you should set up a role that is granted only the authorizations needed for patch management. To learn how to restrict access, see Walkthrough-Restricting-permissions-for-a-patching-administrator.
- To perform patch analysis, the role running the job must be mapped to root on the helper or target. This is typically achieved by granting mappings through RBAC and pushing ACLs. For more information, see Controlling-server-access-with-agent-ACLs.
The system with the Solaris 11 IPS repository on it must have outbound internet access (either direct or through a http proxy).
Before running Solaris 11 patch analysis jobs, map the publishers (which you will later specify through a parameter in the patch analysis job) with the Solaris 11 patch repositories that they represent.
- On the Application Server host computer, browse to the Solaris11_Script-<version>/Script folder that you extracted during installation, and locate the solaris11.cfg file within it.
- Open the solaris11.cfg file and edit it. Include one line for each publisher that you want to map to a repository.
Each line has the following syntax:
<publisher name>=file:///net/<name or IP of repository server>/<repository location on the server>
For example:
solaris=file:///net/server1/export/repoSolaris11
How to create or update a repository on an IPS server
Before performing patch analysis on your Solaris 11 systems, you must set up a patch repository or update the existing repository on an Oracle Solaris 11 IPS server. To do this, you use an out-of-the-box NSH script provided with TrueSight Server Automation.
| Step | Example screen |
|---|---|---|
1 | Under the Depot folder, navigate to Solaris11 Patching Solution > Script. Then right-click the Solaris 11 Update Repository script, and select NSH Script Job. |
|
2 | In the New NSH Script Job wizard, on the General panel, define a name for the job and specify a location in the Jobs folder in which to save the job. Then click Next. |
|
3 | On the Targets panel, choose Solaris 11 IPS servers that host patch repositories as the targets for your job. Then click Next. |
|
4 | On the Parameters panel, adjust the values of the script parameters, as necessary. For more information about these parameters, see Updating-the-Solaris-11-patch-repository. To move on, click Next. |
|
5 | On the Schedules panel, schedule the execution of the job (either immediately or at a later time). Then click Finish to complete the wizard and create and execute your job. |
|
6 | When the job starts to execute, the Tasks in Progress pane (typically at lower right) shows the tasks running at this moment. In a typical TrueSight Server Automation production environment you will see many jobs running at the same time performing many different tasks. Wait for the job to finish and click Refresh |
|
if needed.
How to perform patch analysis on Solaris 11
A special out-of-the-box NSH script enables you to analyze the patch compliance of your Solaris 11 systems and remediate patch failures that are detected.
| Step | Example screen |
|---|---|---|
1 | Under the Depot folder, navigate to Solaris11 Patching Solution > Script. Then right-click the Solaris 11 Patching script, and select NSH Script Job. |
|
2 | In the New NSH Script Job wizard, on the General panel, define a name for the job and specify a location in the Jobs folder in which to save the job. Then click Next. |
|
3 | On the Targets panel, choose target Solaris 11 servers where you want to perform patch analysis. Then click Next. |
|
4 | On the Parameters panel, adjust the values of the script parameters, as necessary.In this example, we accepted the default script mode, and will be performing patch analysis without packaging. For more information about these parameters, see Performing-a-Solaris-11-patch-analysis. To move on, click Next. |
|
5 | On the Default Notifications panel, configure the default notification settings. The defaults are used for all runs of this job unless you override them with notification settings for a scheduled job. This example sends an email to the patch administrator for any targets that have failed analysis.
|
|
6 | On the Schedules panel, you can set up an execution schedule for the job and you can choose to execute it immediately. For this example we run the job immediately and also schedule it to run on the first Tuesday of every month afterwards.
|
|
7 | When the job starts to execute, the Tasks in Progress pane (typically at lower right) shows the tasks running at this moment. In a typical TrueSight Server Automation production environment you will see many jobs running at the same time performing many different tasks. Wait for the job to finish and click Refresh |
|
8 | To view the results of the patch analysis, you can choose between the following options:
|
|
and define the a job schedule.
Wrapping it up
Congratulations! You have successfully performed patch analysis on Solaris 11 target servers.
How to videos
The following videos demonstrate how to perform the patch analysis on Solaris 11 targets: