any plans for Proxy server auto populate (mirror)
Are there any plans to add an option to proxy sever (LPS) that will allow it to basically mirror sunsolve? (either auto or manually) I mean pre-populate, so when the host asks for patches they'll already be there.
This would really help customers with lots of boxes since the smpatch download times are generally very slow. In the commercial sector "time is money"not to mention this is supposed to save me time.
We used to keep their own patch mirror via wget, but of course Sun decided to drop that support (before getting something solid to replace it)
This whole registering each host from that host is BS, we should be able to just download patches based on our support agreement like we have the last 15 years! At the very least we need a way to license a host via command line.
[810 byte] By [
jwbledsoe] at [2007-11-26 6:02:58]
# 1
Maybe someone from Sun can address this question... please
# 2
I'm not sure the auto-mirror is something Sun currently has planned for the Sun Update Connection Proxy. I will file an request for that enhancement if such an request does not already exist in the change request database.
As for registering each host, it's my understanding that if you are using the Sun Update Connection Proxy, the individual hosts behind that Proxy should work without being registered.
HTH
# 3
This is pretty easy to setup yourself, assuming Ive understood the question correctly.
Just use a cron jon to run "smpatch download" at 3 am everyday on a test server pointed at the patch proxy.
It will download all available patches (but not install them) and incidentally get them cached on the proxy for everyone else to use...
# 4
Actually I believe a client server only requests and downloads the patches it needs, not all patches.We have hundreds of servers across most platforms offered and three OS versions, thus the reason for an option to keep the patch proxy current.
# 5
I've filed a request for enhancement for this issue. The CR number is 6305782.
# 6
Thank you very much :-)
# 7
Its true that it only downloads the patches that server needs.
But if you have 3 relatively unpatched test servers (one for each platform) regularly do smpatch download, they should pick up virtually all patches for you.
But I agree, its a lot easier if the software provides this functionality natively.
# 8
Well if you have three servers that can just sit there doing nothing but drawing patches into the mirror then great, but most of us actually have to use our servers for something more tangable.
Of course if Sun wanted to give us three servers for this purpose, with full support (of course) then I suppose we could do that.
LOL
# 9
Get a copy of the xref file, comapre that to patches you have downloaded then just ncftp or wget them (the new ones) to the proxy via cron or something? I still have some old homemade patch utils that use the xref file, I pull it down via http once a day to my patch distribution system.
If not the xref file, perl a script that retrieves a listing of all the patches on patches.sun.com/all_signed or current_signed. I'm not 100% on the location, but I'm betting there's a URL somewhere that could be parsed for this purpose.
Could even smpatch download -i each one or premake a patch-list-file from the xref comparison and smpatch download -x based on that. Add the -d to park them somewhere else even..?
# 10
hmmm, all good ideas
I hadn't thought about just doing an smpatch download -i on all the current patches
I would like to know your wget syntax, mine was broke long ago when Sun removed support and I haven't been able to figure out replacement syntax that works. Not that I tried very hard though.
I need a line that will get all individual patches using a wildcard or similar, getting the recommended patches and xref is easy since we know the exact names.
# 11
I used my SunSolve account id directly to where the URL on the page normally take you.
wget --http-user=XXXXXXX --http-passwd=YYYYY http://sunsolve.sun.com/private-cgi/pdown
load.pl?target=120469-01&method=hs -O 120469-01.zip
Get the xref via:
wget --http-user=XXXXXX --http-passwd=YYYYYY http://sunsolve.sun.com/private-cgi/pdown
load.pl?target=patchdiag.xref
I've had to change this various times when Sun makes site changes though.
I thought I had an example with Perl LWP somewhere that takes the xref over http and creates a file handle out of it suitable for a (<while_file>) type of loop. Can't find that one though, must have scrapped it for some reason. If I come across it, I'll post it for ya.
I would think it wouldn't be to difficult to turn an xref file into something that smpatch -x could take and let it go get everything.
# 12
I tried an smpatch download -x idlist=xxx but it seems it checks the host no matter what and will only dl the patches that apply to that client.
So I went a different route to populate the LPS.
This is for a Solaris 10 box with SUC and LPS installed.
note: CacheLocation is output from patchsvr setup -l (or whereever you want the patches) and make sure your wget works.
cd to $CacheLocation/Patches
smpatch analyze
unzip -d /tmp /var/sadm/spool/cache/Database/*current.zip
cat /tmp/patchlist.delimited | cut -c1-11 | sed "s;<!>;-;g" > /tmp/patchlist.out
for i in `cat /tmp/patchlist.out`; do
wget -q -m -L -l2 -nH --cut-dirs=1 -A "$i.jar" \
"http://patches.sun.com/all_signed/$i.jar"
done
It's rather crude and Sun might not appreciate the massive downloads much, but we can get some real work done now ;-)
Keep in mind that Sun does have an RFE to add some kind of mirring capabilities to SUC and/or LPS
# 13
the forum seems to have stripped some text.that should read: sed "s;\<\!\>;-;g"
# 14
ok one more try...'sed "s;<!>;-;g"'
# 15
wonder why the -x <file> doesn't work. Can anyone from Sun explain that one? Only downloads patches that are applicable for the host doing the download? Seems that way though right?
Haven't yet brought up a proxy here yet, been trying to avoid that one but think I'm going to have to very soon.
# 16
The original question in this thread was: Are there any plans to add an option to proxy sever (LPS) that will allow it to basically mirror sunsolve?
Answer: LPS is implemented already:
It is possible to configure a Sun Update Connection Proxy (used to be called Local Patch Server). All Updates will be downloaded to the Sun Update Connection Proxy and all systems can access the updates via the LAN
See "Configuring a Sun Update Connection Proxy" in the Sun Update Manager 1.0 Administration Guide
sdga at 2007-7-21 14:57:14 >
# 17
Implementing a proxy is about a 10 minute task, and the benefit far outways that little bit of your time.I have not seen any setting that will cause the patch proxy to download all patches.Can you please be more specific, like chapter and page?Thanks!
# 18
Any updates on this?sdg indicated that the patch proxy could be configured for this and pointed us to the docs. I read them and there is nothing about what I am referring to.I know an RFE was added, just wondering if there is any movement on it.Thanks!Jeff
# 19
any updates on this and the CR that was generated?
This is to add mirroring to local patch proxy so the proxy cache can be kept up (mirror all signed files)
Yesterday was a perfect example why it's needed, I was trying to do smpatch download's directly from Sun and it was slow slow slow, other times it just timed out. This was on my patch proxy, I finally pointed it to itself to get the patches it needed. It downloaded the patches and I patched it.
Going out to Sun interactively for patches isn't effective in the real world. In big shops time is money. Of course actually being able to download the patches is nice too!
JB
# 20
Frankly, I always like to apply all patches to a test server first just to check theres no obvious problems.
I patch my test server every couple of days, so I can keep an eye on what patches are coming down the pipe. And if any of them look significant, I can look at the Readme in more detail.
So when I come to patch a production server, all patches are already on the LPS.
And yes, the LPS should point to itself so it also gets the benefit of its own cache.
# 21
buy us three test servers (8,9,10) and we'll do that too!
Oh, but then you'd need one for every server type we have, better up that by about 20
All kidding aside, we do patch dev/qna boxes first but need to be able to get the patches cached dependably. Currently I do this manually via wget but that's just a hack. There's no reason Sun can't provide mirroring capabilities in the patch proxy and that's what large shops need.
We don't have time to be fighting with smpatch download to get patches downloaded to the client when we need them and that's exactly what happens when it needs to go back to Sun for the patches.It should be quick and efficient.
That's the difference between a small shop and one where we have hundreds or thousands of servers to keep up with.
# 22
Ok, I see your point. But is isnt t quite that bad. Sun doesnt tend to differentiate much which patches are installed based on the type of server.
Pretty much every patch gets installed on every machine as long as the package it applies to is installed.
It just doesnt do anything on inappropriate hardware.
We have 50+ servers so while we're not huge, we're not that small either. And while our hardware is fairly homogenous, we do have a some mix of servers. And we have a mix of solaris 9 & 10.
So all I'm saying is that in my experience, once I patch a sol 9 and a sol 10 box. Pretty much all the patches are cached.
But I'm sure I'm not telling you anything you don't already know.
And you're the best person to judge your needs. So if you feel you need the functionality, then I'm sure your right.
# 23
Oh yeah I see your point, I think I just have very bad luck and find all the days for those dev downloads when the Sun site is having issues. My hacked up wget has helped a lot, just want something integrated into patch proxy. ;-)
I must say I have done patches using smpatch for dev, then prod a week later and over the last three quarters it has worked out great. That would be for Solaris 8/9/10 boxes. Much better than just putting on recommended patch clusters which these days don't have many patches that really need to be applied.
# 24
To update JB, the CR 6305782 (or similar functionalility) is to be included in Software Update Onsite Edition. This is an in-progress project to support patching in enterprise environments.
We're just currently trying to confirm the actual functionality in relation to CR 6305782 and if there is a schedule for release.
# 25
I haven't seen anything on this, was this functionality added?If not, please update everyone with the current schedule?Thanks,Jeff
# 26
I'm afraid there still isn't a date set for this feature being released.The best solution that you can use at present is to setup a nightly cronjob for 'smpatch download'.Sorry I can't provide any good news at this time.Mod
