 |
» |
|
|
|
At times, you may find it necessary to acquire
and install individual patches based on known patch IDs. For example, you may read an HP-UX security bulletin
in which HP recommends that you install specific patches. Another
possibility is that you are installing software that requires specific
patches for the software to function properly. Customers also frequently
acquire and install individual patches for reactive patching. Whichever
the case, you can use the Patch Database on the ITRC Web site to quickly
and simply acquire specified patches as well as their dependencies.
If you are unfamiliar with patches with dependencies, see Chapter 3: “HP-UX Patch Overview”. Acquiring the Patches | |
To acquire the patches from the Web, perform the
following steps: Log in to the target system. Determine the operating system
release by entering this command: Record this information. You
will use it in step 8. Be sure that you are logged
in as a user with write permissions to the download directory that
you plan to use. These instructions assume
you are using the /tmp/some_patch_directory directory. Log in to the ITRC at http://itrc.hp.com. Be sure
to log in to the appropriate site (Americas/Asia Pacific or European). Select maintenance
and support (hp products). Select find individual
patches. Select HP-UX to go to the search for patches page. Select the OS revision. From the drop-down list, select Search by Patch IDs. In the text box next to the
drop-down list, enter the patch ID for the patch you want to download.
Then click search. If it exists, the selected patch is displayed in the search
results page. Patches (possibly differing from the patch
you requested) display in one to three columns. Review the patches in the
table.
specified: Shows the patch ID
you requested. recommended: Shows the patch
that HP recommends for download/install based on the patch you requested
(it may be different than the patch you specified). If you see a patch
in this column, it meets all requirements of the patch you requested.
HP recommends that you download and install this patch. most recent: Shows the most recent
version of the requested patch.
The following icons may be displayed along with
the patch ID.
 This symbol means that
the patch has a warning associated with it. You should review the
warning text to determine whether it applies to the system.
 This icon means that the patch has Special Installation Instructions.
You should always read them.
See Table 6-1: “Navigating the Search Results Table” for a description of all table
icons. To review details about a
patch, select the patch ID to open the patch details page. At a minimum,
you should review the information provided in the following fields:
Special Installation Instructions: Read this section to determine if the chosen patch has additional
steps that you must perform during installation. Warning: This section will only
exist if the patch has a warning associated with it. Carefully read
the information to determine how or whether the patch's problems
will impact the system. If the warning does impact the system, you
must decide whether the problem appears severe enough to avoid installing
the patch. If this is the case, select an alternate patch if one is
available. Patch Dependencies, Hardware Dependencies,
Other Dependencies: Note the patch IDs because you must
later verify that the patches are included on the list of patches
that you download.
When you finish viewing this
page, select the search results link to
return to the search results page. On the search results page, check the box next to the patch ID of the patch to download. | | | |  | TIP: If the recommended column
appears, you should select the patch in that column unless you have
a valid reason not to. | | | | |
Add the checked patch to the
list of patches to download by clicking add to selected
patch list.
If the patch you chose has a warning associated with
it, the patch warning(s) page appears. If this happens, verify which patch you are downloading
and click continue. The selected patch list page
is displayed.
The Patch Database may automatically
add some patches to the download list to satisfy dependencies. You
should download these along with the patches you explicitly selected. To add more patches to the
patch list, click search results and repeat
steps 8 through 16. After acquiring all the patches
you need, click download selected to open the download patches page. Under the heading download items in one operation and/or download
items individually, select a format option (HP recommends
gzip package) and a download server. Select a zip package only if
you are certain that the HP-UX system can unpack a .zip file. You can use the program locating
commands whereis(1) and which(1) to make sure you have the
appropriate software. For example, use whereis gzip to determine if the program is installed and use which
gzip to determine if the program is in your path. Click download. Make the appropriate selections (based on the browser you are using)
to save the selected bundle to the /tmp/some_patch_directory directory on the target system. Record the name of the file
being downloaded. The following section
refers to the file as patches.xxx.
Installing the Patches | |
To install the downloaded patches, perform the
following steps: Log in to the target system. Unpack the downloaded file, patches.xxx:
If the downloaded file is patches.tgz: gunzip -c patches.tgz |
tar xvf - |
If the downloaded file is patches.tar: If the downloaded file is patches.zip: You must have an installed application that
can unpack a .zip file. Not all HP-UX systems
have such an application. You can use the program locating commands whereis(1) and which(1) to make sure you have the
appropriate software. For example, use whereis gzip to determine if the program is installed and use which
gzip to determine if the program is in your path.
As root, run the create_depot_hp-ux_11 script. The patches are now in a depot in the some_patch_directory directory. Verify the download: swverify -d \* @ /tmp/some_patch_directory/depot |
You will see the message "* Verification
succeeded." This step is critical. When you install the patches, the system may reboot automatically.
Before you install patches (step 8), you need to follow your company's
policy regarding a system reboot. This step is critical. Before you install the patches, back up the system. You can remove the following
files to clean up the directory and save space:
patch files of the form PHXX_##### downloaded .tgz, .tar, or .zip file create_depot_hp-ux_11 file
Install the patches using
the following command: swinstall -s /tmp/some_patch_directory/depot -x autoreboot=true \
-x patch_match_target=true
|
During the installation, the system
prints progress details to the screen. Monitor the screen for error
messages. The system reboots automatically
if any of the patches you are installing requires it. Be patient.
The patch installation can be slow for large numbers of patches. Verify that the installation
was successful:
Enter the command: swlist -l product Ensure that the installed patches are shown in the output. Execute the swverify command on
each of the new patches: This command may not always complete in a short period
of time. If the verification is successful, the last few lines
of output contain the line "* Verification succeeded." If the verification was not successful, view the /var/adm/sw/swagent.log filefor additional information
related to the swverify command failure. If this
is not sufficient to resolve the problem, consult more advanced resources
in Appendix B: “Other Resources”.
View the swagent log file, located
at /var/adm/sw/swagent.log. This log includes
information related to the installation. Find the section pertaining to the installation just
performed (located near the end of the file if you check it immediately
after the install). Review this section, and ensure that there were
no errors ("ERROR"). If you find errors, consult more advanced resources
in Appendix B: “Other Resources” to resolve the problem.
Advanced Topic: Using Dynamic Root Disk (DRD) | |
By using Dynamic Root Disk (DRD) you can minimize the downtime
required to apply patches, do most of your proactive maintenance during
normal business hours, and have a fast, reliable backup mechanism
if your system does not function as expected after the application
of the patches. With DRD, you create a copy of the root disk (or
clone) that you can apply patches to, while your system is still up
and running. Once all the patches are loaded on the clone, you can
then reboot the system, using the clone as your active root volume.
If for any reason you decide that the patched root volume does not
perform as you desire, you can quickly reboot the original system
image. Note that if you are only applying a few patches, the time
it takes to create a clone using DRD (similar to the time required
by Ignite-UX to create a recovery image) may not be a valuable investment
of your time. For more information, please see Chapter 10. |
Printable version
