Software and Patch Management: (SD-UX)
The software in SD-UX is organized in a hierarchy of components or objects. These components are filesets, subproducts, products and bundles. The place where these components are stored is called a software depot.
Filesets: It is a collection of files and some control scripts. It is the basic entity in the SD-UX hierarchy. One file set can belong to only on product. But it can be included in a number of sub-products and bundles.
Sub-products: If a file set contains several filesets, it is better to combine logically related filesets in to subproducts.
Products: It is a superset of filesets and / or subproducts.
Bundles: Bundles are usually packaged by HP-UX for the distribution of software. The bundle may contain filesets that may belong to different products.
- The SD-UX daemon is “swagentd”. It is started on init level 2. To start it manually,
# /usr/sbin/swagentd -r
- The swagent agent process is executed by swagentd to perform specific software management tasks. The swagent agent is never invoked by the user.
- /var/spool/sw/ The default location of a source and target software depot.
- Software codes are stored in /var/adm/sw/.codewords
- SD-UX database is stored in /var/adm/sw/products directory. It is called as Installed Product Database (IPD)
- Log of swinstall command is stored in /var/adm/swinstall.log
- Log of swremove commands are stored in /var/adm/swremove.log
To restart the swagent daemon
# /usr/sbin/swagentd -r
SD-UX Commands
To list the software installed in a system
swlist
To find out Which Operating Environment Currently installed
# swlist -l bundle | grep HPUX11i HPUX11i-OE-Ent B.11.23.0706 HP-UX Enterprise Operating Environment Component
To run the swlist interactive interface at host1
# swlist -i @ host1
To use interactive swlist to view a depot
# swlist -i -d @ /tmp/depot
To generate a comprehensive listing that includes all filesets for the product NETWORKING
# swlist -v -l fileset NETWORKING
To list the contents of the local tape, /dev/rmt/0m
# swlist -d @ /dev/rmt/0m
(or)
# swlist -s /dev/rmt/0m
To list the products stored in a remote depot
#swlist -d @ hostA:/depot
To list all depots on a host
# swlist -l depot @ hostA # swlist -l product -d @ /tmp/depot
To list all filesets belong to a product called openssl
# swlist -l fileset openssl # swlist -l fileset LVM -d @ aembwqc1:/cdrom
To find out which product a file belongs to
1st way, its slow:
# swlist -l file |grep /bin/ls OS-Core.CMDS-MIN: /usr/bin/lsacl OS-Core.UX-CORE: /usr/bin/ls
2nd way much quicker, as root:
# find /var/adm/sw/products -name INFO -exec grep -l /bin/ls {} +
Installing and removing software
To install the software
swinstall -s <source> -x options -x autoreboot=true # To automatically reboot system if required after install -x mount_all_filesystems=false # to continue even if all file system are not mounted
To install all products from /SD_CDROM
#swinstall -s /SD_CDROM
To install the C and Pascal products to a set of remote hosts
#swinstall -s sw_server cc pascal @ hostA hostB hostC
Install Product1 from remote depot /tmp/depot.1 on host swposix
#swinstall -s swposix:/tmp/depot.1 Product1
To install a fileset
# swinstall -x autoreboot=true -s aembwqc1:/cdrom LVM.LVM-MIRROR-RUN # swinstall -s /SD_CDROM OnlineJFS01
swremove To remove software from the system
To remove the package B1868AA from the system
# swremove B6818AA
To preview the remove of Pascal and C
# swremove -p cc pascal
To remove the entire contents of a local depot (-d operates on depot instead of system)
# swremove -d \* @ /var/spool/sw
Verify the installed softwares
swverify: To verify the integrity of the installed software
# swverify B5725AA
To verify the contents of a local depot (-d operates on depot instead of system)
# swverify -d \* @ /var/spool/sw
To verify the entire contents of a system
# swverify \*
Managing software Depots
To register or unregister Software depot
To register /SD_CDROM as a depot
swreg -l depot /SD-CDROM
To unregister the depot /SD_CDROM
swreg -u -l depot /SD_CDROM @ hostA
To remove the software from the depots
To remove all software from /var/spool/sw depot
# swremove -d * @ /var/spool/sw
swcopy: To copy software products for subsequent installation or distribution. This is command copies the software from an existing depot to the new depot and automatically registers the depot.
To copy the product B6818AA from depot /SD_CDROM to /var/spool/sw
# swcopy -s /SD_CDROM B6818AA @ /var/spool/sw
To copy all products from the cartridge tape /dev/rmt/0m to the default depot on the local host
# swcopy -s /dev/rmt/0m \*
To package software products into a target depot or tape
To re-package the entire contents of the depot /var/spool/sw onto the tape at /dev/rmt/0m
# swpackage -s /var/spool/sw -x media_type=tape @ /dev/rmt/0
swjob
The swjob command displays job information and removes jobs. It supports these features:
- Display the current install jobs, copy jobs, and other SD jobs initiated by the SD commands.
- Specify a specific job to list or remove.
- Display the command logfile for a specific job.
- Display the target logfile for a specific target.
-a attribute -u To remove a job -v to list all available attributes, one per line # swjob # # Controller: test2 # #jobid operation state results title # test2-0025 Remove Complete test2-0028 Remove Complete test2-0030 Install Complete test2-0031 Install Complete
# swjob -a log test2-0025
or
# swjob -a log test2-0025 @ test2:/
======= 06/04/09 23:25:38 CDT BEGIN swremove SESSION
(non-interactive) (jobid=test2-0025)
* Session started for user "root@test2".
* Beginning Selection
* Target connection succeeded for "test2:/".
* Software selections:
.........
........
..........
* Summary of Execution Phase:
* 5 of 5 filesets had no Errors or Warnings.
* The Execution Phase succeeded.
======= 06/04/09 23:25:43 CDT END remove AGENT SESSION (pid=24811)
(jobid=test2-0025)
Patch management:
Types of patches:
- Command patches PHCO_XXXXX
- Kernel Patches PHKL_XXXXX
- Network Patches PHNE_XXXXX
- Subsystem Patches PHSS_XXXXX
Usually, system has to be rebooted after installing a kernel patch.
To list the installed patches:
swlist -l product PH* # In HP-UX 10.X
swlist -l patch # In HP-UX 11.X
HP-UX patches are distributed as shar files. When a patch is downloaded from HP FTP or Web site, sh command is used to unshare the patch. When a patch is unshared using sh command, it creates two files. One *.depot file and *.text file.
To install a downloaded patch PHCO_15220, complete the following steps.
01. Unshare the patch using sh command
sh PHCO_15220
(Note: The above command creates PHCO_15220.depot (compressed)
and PHCC_15220.text)
02. Create a patch depot using swcopy command
swcopy -s PHCO_15220.depot PHCO_15220 @ /var/spool/sw
03. Install it using swinstall command
Swinstall –s /var/spool/sw
HP-UX Software assistant
- HP-UX Software Assistant (SWA) can analyze a system (and some types of depots) for patch warnings, critical defects, security bulletins, missing Quality Pack patch bundle, and user-specified patches and patch chains. SWA uses an HP-supplied catalog file to analyze system and generate reports.
- From this analysis, swa get can download patches and build a Software Distributor (SD-UX) depot which will fix many of the issues in the report.
- SWA also recommends additional actions in the report which you need to take care of manually.
- SWA combines most of the abilities of Security Patch Check (SPC) and all of the abilities of the HP IT Resource Center (ITRC) Patch Assessment tool into a single solution that runs locally on HP-UX systems.
- SWA is divided into two bundles, SwAssistant (which contains security_patch_check and swa), and SwMgmtMin.
- The SwAssistant bundle must be installed to get full functionality, whereas the SwMgmtMin bundle only allows you to inventory systems and remove files created by SWA.
$HOME/.swa.conf - Per-user SWA Config File
/etc/opt/swa/swa.conf - System wide SWA Config file
/var/opt/swa/swa.log - Default log file location for root users
swa command has four major modes
report: Generates reports on Issues and recomended actions
get: Download software and create a depot. Depending upon option, either new depot created or an exixting depot is added to
step: Perform an individual step of the swa report or swa get command, both of which are acrually composed of multiple steps
clean: Remove software and files cached by SWA.