Patch Manager - LPS through proxy, servers can't analyze
Hello,
i try to setup 2 servers :
srv1
one has the right to connect to internet through a proxy (appliance)
it has LPS (not sure it is correclty configured)
> patchsvr setup -l
Patch source URL: file:///local-arbre/export/download/sun/patches/5.9/9_recommanded
Cache Location: /local-arbre/export/download/sun/patches/5.9/9_recommanded
Web proxy host name: proxy.cdcam.com
Web proxy port number: 8080
srv2
another one is local and try to analyze with smpatch through srv1
it has the error :
#smpatch analyze
detectors: not found at http://srv1:3816/solaris
Logs on srv1 show :
2006-11-23 13:49:00 Thu Nov 23 13:49:00 MET 2006(INFO) => com.sun.patchpro.server.PatchProServerServlet@15a6029 <=Protocol version: 2.1
2006-11-23 13:49:00 Thu Nov 23 13:49:00 MET 2006(INFO) => com.sun.patchpro.server.PatchProServerServlet@10bbf9e <=Protocol version: 2.1
2006-11-23 13:49:00 Thu Nov 23 13:49:00 MET 2006(DEBUG) => com.sun.patchpro.server.PatchProServerServlet@15a6029 <=Requested Detector Name: detectors
2006-11-23 13:49:00 Thu Nov 23 13:49:00 MET 2006(DEBUG) => com.sun.patchpro.server.PatchProServerServlet@10bbf9e <=Requested Database Name: patchdb
2006-11-23 13:49:00 Thu Nov 23 13:49:00 MET 2006(ERROR) => com.sun.patchpro.server.PatchProServerServlet@15a6029 <=Problem detectedwhile servicing"downloadRealizationDetectors" request. /local-arbre/export/download/sun/patches/5.9/9_recommanded/Misc/detectors.jar (No such file or directory)
2006-11-23 13:49:00 Thu Nov 23 13:49:00 MET 2006(ERROR) => com.sun.patchpro.server.PatchProServerServlet@10bbf9e <=Problem detectedwhile servicing"downloadPatchDB" request. /local-arbre/export/download/sun/patches/5.9/9_recommanded/Misc/patchdb.zip (No such file or directory)
Any idea of how to correct the problem ?
thanks
[2129 byte] By [
ixisam] at [2007-11-26 11:41:36]
# 1
Hi
Patch source URL: file:///local-arbre/export/download/sun/patches/5.9/9_recommanded
is wrong , the patch source should be : https://getupdates1.sun.com/
You may set this correctly using :
# patchsvr setup -p https://getupdates1.sun.com/
Let us know how you get on.
Mod
# 2
> patchsvr stop
Shutting down Local Patch Server
[root|srv1] /etc/init.d
> patchsvr setup -p https://getupdates1.sun.com/
[root|srv1] /etc/init.d
> patchsvr start
Starting Local Patch Server
Patch source URL: https://getupdates1.sun.com/
Cache Location: /local-arbre/export/download/sun/patches/5.9/9_recommanded/
Web proxy host name: proxy.cdcam.com
Web proxy port number: 8080
i still have the same errors logs on srv1 when i try to smpatch analyze from srv2
2006-11-23 14:47:22 Thu Nov 23 14:47:22 MET 2006(INFO) => com.sun.patchpro.server.PatchProServerServlet@10bbf9e <=Protocol version: 2.1
2006-11-23 14:47:22 Thu Nov 23 14:47:22 MET 2006(DEBUG) => com.sun.patchpro.server.PatchProServerServlet@10bbf9e <=Requested Database Name: patchdb
2006-11-23 14:47:22 Thu Nov 23 14:47:22 MET 2006(ERROR) => com.sun.patchpro.server.PatchProServerServlet@10bbf9e <=Problem detected while servicing "downloadPatchDB" request. /local-arbre/export/download/sun/patches/5.9/9_recommanded/Misc/patchdb.zip (No such file or directory)
2006-11-23 14:47:22 Thu Nov 23 14:47:22 MET 2006(INFO) => com.sun.patchpro.server.PatchProServerServlet@10bbf9e <=Protocol version: 2.1
2006-11-23 14:47:22 Thu Nov 23 14:47:22 MET 2006(DEBUG) => com.sun.patchpro.server.PatchProServerServlet@10bbf9e <=Requested Detector Name: detectors
2006-11-23 14:47:22 Thu Nov 23 14:47:22 MET 2006(ERROR) => com.sun.patchpro.server.PatchProServerServlet@10bbf9e <=Problem detected while servicing "downloadRealizationDetectors" request. /local-arbre/export/download/sun/patches/5.9/9_recommanded/Misc/detectors.jar (No such file or directory)
# 3
Hi
May we see from the Update Connection Proxy (srv1) _and_ the Client (srv2) :
# smpatch get
# showrev -p | awk \
'/Patch: (123005|121453|121118|120335|121081|121563|122231|119788)/ {print $2}'
And rom the Update Connection Proxy (srv1) :
# patchsvr setup -l
# /usr/lib/cc-ccr/bin/ccr -g cns.assetid
Thank you.
# 4
Well i tried before a reboot and now the error messages is different
srv2 gives:
smpatch analyze
Cannot connect to retrieve detectors: Server returned HTTP response code: 500 for URL: http://srv1:3816/solaris
Logs indicate on srv1 :
2006-11-23 16:09:50 Thu Nov 23 16:09:50 MET 2006(ERROR) => com.sun.patchpro.server.PatchProServerServlet@1774b9b <=Problem detected while servicing "downloadRealizationDetectors" request. Cannot connect to retrieve detectors: sun.security.validator.ValidatorException: No trusted certificate found
# 5
HiPlease send us the output of previously requested data , it may be the result of a missing patch.What web proxy are you using btw ?
# 6
Proxy is a netcache appliance
srv2:
smpatch get
patchpro.backout.directory-""
patchpro.download.directory-/var/sadm/spool
patchpro.install.types -rebootafter:reconfigafter:standard
patchpro.patch.sourcehttp://srv1:3816/solaris https://updateserver.sun.com/solaris/
patchpro.patchsetpatchdb patchdb1
patchpro.proxy.host -""
patchpro.proxy.passwd********
patchpro.proxy.port -8080
patchpro.proxy.user -""
patchpro.sun.passwd ********
patchpro.sun.user-""
root@srv2 # showrev -p | awk '/Patch: (123005|121453|121118|120335|121081|121563|122231|119788)/ {print $2}'
root@srv2 # /usr/lib/cc-ccr/bin/ccr -g cns.assetid
ksh: /usr/lib/cc-ccr/bin/ccr: not found
srv1 :
# smpatch get
patchpro.backout.directory-""
patchpro.download.directory/local-arbre/export/download/sun/patches/5.9/9_recommanded/var/sadm/spool
patchpro.install.types rebootafter:reconfigafter:rebootimmediate:reconfigimmediate:singleuser:standard :interactiverebootafter:reconfigafter:standard
patchpro.patch.sourcehttps://updateserver.sun.com/solaris/https://updateserver.sun.com/solaris/
patchpro.patchsetpatchdb patchdb
patchpro.proxy.host proxy.cdcam.com ""
patchpro.proxy.passwd********
patchpro.proxy.port 80808080
patchpro.proxy.user fpatraul""
patchpro.sun.passwd ********
patchpro.sun.userixisam.sroyer""
# showrev -p | awk '/Patch: (123005|121453|121118|120335|121081|121563|122231|119788)/ {print $2}'
# /usr/lib/cc-ccr/bin/ccr -g cns.assetid
ksh: /usr/lib/cc-ccr/bin/ccr: not found
# 7
It appears that the patch source on srv2 is incorrect$ smpatch set patchpro.patch.source= http://srv1:3816/solaris/Please note that the source must have a trailing slash.mod.
# 8
Same error :
smpatch download
Cannot connect to retrieve detectors: Server returned HTTP response code: 500 for URL: http://srv1:3816/solaris/
And localhost_log.2006-11-23.txt show on srv1 :
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
any idea ?
# 9
> Proxy is a netcache applianceDoes the proxy use NTLM authentication, if so does it allow fallback to basic authentication?
# 10
Answer of network proxy admin : "Yes, it use NTLM, and if you use Netscape, you will be prompted for basic authentication"
# 11
NTLM maybe be a problem, but it does fall back.As you have old versions of Solaris, do this on the patch server:# patchsvr setup -p https://getupdates.sun.com/solaris/And then restart patchsvr, and check clients can get patches from it.-- Modski
# 12
Thanks for the tips , i'll try tomorrow and give you the result (actually i need to change the proxy ACL to authorize this new url to be reached without an authentification
Btw do you know if sunchekup is freely available for SUN Customer who have a contract support ?
I did not find anywhere to download it from support website
# 13
I'm not familiar with availability of Sun Checkup so I'd suggest contacting your acocunt manager for further information.
# 14
Well back to the original problem, the url worked far better than the old one but it is still not working as expected :-)
srv2 : (which have 15+ outdated patchs)
# smpatch analyze
No patches required.
logs on srv1 show:
2006-11-24 11:13:53 Fri Nov 24 11:13:53 MET 2006(INFO) => com.sun.patchpro.server.PatchProServerServlet@3ef810 <=Protocol version: 2.1
2006-11-24 11:13:53 Fri Nov 24 11:13:53 MET 2006(DEBUG) => com.sun.patchpro.server.PatchProServerServlet@3ef810 <=Requested Database Name: patchdb
2006-11-24 11:13:53 Fri Nov 24 11:13:53 MET 2006(DEBUG) => com.sun.patchpro.server.ServerPatchServiceProvider@19bb25a <=cacheFile is: /local-arbre/export/download/sun/patches/5.9/9_recommanded/Misc/https%3A%2F%2Fg etupdates.sun.com%2Fsolaris%2F%2Fpatchdb.zip
2006-11-24 11:13:53 Fri Nov 24 11:13:53 MET 2006(DEBUG) => com.sun.patchpro.server.ServerPatchServiceProvider@19bb25a <=POST String: action=downloadPatchDB&name=patchdb&version=2.1
# 15
Hi
If the NTLM authentication falls back to BASIC we believe this should work.
Please try the following to see what console output there is :
Test that a connection can be made to the proxy and a outgoing
connection to the patch servers can be made. First telnet to the
web proxy on port 80;
$ telnet 208.20.22.76 80
Then when it states you are connected to that address enter the
following line and then press enter twice.
CONNECT getupdates1.sun.com:443 HTTP/1.0
Note that as you require authentication for your web proxy user we
are not testing the connection fully but only to the web proxy.
Mod.
# 16
What i have is :
Escape character is '^]'.
CONNECT getupdates1.sun.com:443 HTTP/1.0
HTTP/1.0 200 Connection established
Proxy-Agent: NetCache NetApp/6.0.4
when i telnet..
And it is still displaying on srv2
# smpatch analyze
No patches required.
more infos:
with patchdiag i see :
1185583435SunOS 5.9: Kernel Patch
# smpatch analyze -C patchpro.internal.statustags=true -C patchpro.log.level=7 -C patchpro.debug=true -C patchpro.log.file=/tmp/smpatchDebug.log
i do see this in /tmp/smpatchDebug.log on the srv2 :
Fri Nov 24 15:47:34 MET 2006(DEBUG)=> com.sun.patchpro.plugins.sunos.patch.SunOSBaseDataExtension@e0b6f5 <=SunOSBaseDataExtension.makePatch(): lineAsString is
Patch: 118558-34 Obsoletes: 112987-01 113543-02 114126-03 114338-01 114378-02 114386-03 114395-03 115994-01 113025-01 113221-03 113574-08 114375-09 114381-06
114465-01 114752-02 114753-02 114765-01 11
Fri Nov 24 15:47:34 MET 2006(DEBUG)=> com.sun.patchpro.plugins.sunos.patch.SunOSBaseDataExtension@e0b6f5 <=SunOSBaseDataExtension.buildDatabase(): added 11855
8-34
[...}
ost is com.sun.patchpro.host.ExtendedHost@10382a9
Fri Nov 24 15:47:53 MET 2006(DEBUG)=> com.sun.patchpro.patch.PatchSequencer@1913751 <=PatchSequencer.getPatchListFromRealizations(): Realization list is com.s
un.patchpro.host.RealizationEnumerator@917cb0
Fri Nov 24 15:47:53 MET 2006(DEBUG)=> com.sun.patchpro.patch.PatchSequencer@1913751 <=PatchSequencer.getPatchListFromRealizations(): Adding Patch 112945-44 t
o the patchlist to be returned.
Fri Nov 24 15:47:53 MET 2006(DEBUG)=> com.sun.patchpro.patch.PatchSequencer@1913751 <=PatchSequencer.getPatchListFromRealizations(): Adding Patch 114503-14 t
o the patchlist to be returned.
Fri Nov 24 15:47:53 MET 2006(DEBUG)=> com.sun.patchpro.patch.PatchSequencer@1913751 <=PatchSequencer.getPatchListFromRealizations(): Adding Patch 112945-44 t
o the patchlist to be returned.
Fri Nov 24 15:47:53 MET 2006(DEBUG)=> com.sun.patchpro.patch.PatchSequencer@1913751 <=PatchSequencer.getPatchListFromRealizations(): Adding Patch 114503-14 t
o the patchlist to be returned.
Fri Nov 24 15:47:53 MET 2006(DEBUG)=> com.sun.patchpro.patch.PatchSequencer@1913751 <=PatchSequencer.getPatchListFromRealizations(): Adding Patch 112945-44 t
o the patchlist to be returned.
Fri Nov 24 15:47:53 MET 2006(DEBUG)=> com.sun.patchpro.patch.PatchSequencer@1913751 <=PatchSequencer.getPatchListFromRealizations(): Adding Patch 112945-44 t
o the patchlist to be returned.
Fri Nov 24 15:47:53 MET 2006(DEBUG)=> com.sun.patchpro.patch.PatchSequencer@1913751 <=PatchSequencer.getPatchListFromRealizations(): Adding Patch 112945-44 t
o the patchlist to be returned.
Fri Nov 24 15:47:53 MET 2006(DEBUG)=> com.sun.patchpro.patch.PatchSequencer@1913751 <=PatchSequencer.getPatchListFromRealizations(): Adding Patch 112945-44 t
o the patchlist to be returned.
Fri Nov 24 15:47:54 MET 2006(DEBUG)=> com.sun.patchpro.patch.PatchSequencer@1913751 <=PatchSequencer.evaluatePatchList(): The patch being processed in the ini
tialPatchList is 112945-44
Fri Nov 24 15:47:54 MET 2006(DEBUG)=> com.sun.patchpro.patch.PatchSequencer@1913751 <=Installed patch 112945-44 is >= to current patch 112945-44
Fri Nov 24 15:47:54 MET 2006(DEBUG)=> com.sun.patchpro.patch.PatchSequencer@1913751 <=PatchSequencer.evaluatePatchList(): Patch is installed on the system.
Fri Nov 24 15:47:54 MET 2006(DEBUG)=> com.sun.patchpro.patch.PatchSequencer@1913751 <=PatchSequencer.evaluatePatchList(): The patch being processed in the ini
tialPatchList is 114503-14
Fri Nov 24 15:47:54 MET 2006(DEBUG)=> com.sun.patchpro.patch.PatchSequencer@1913751 <=Installed patch 114503-14 is >= to current patch 114503-14
Fri Nov 24 15:47:54 MET 2006(DEBUG)=> com.sun.patchpro.patch.PatchSequencer@1913751 <=PatchSequencer.evaluatePatchList(): Patch is installed on the system.
Fri Nov 24 15:47:54 MET 2006(DEBUG)=> com.sun.patchpro.model.PatchProStateMachine$9@6e70c7 <=runSequencer(): finished, returning com.sun.patchpro.host.Extende
dHost@10382a9
Fri Nov 24 15:47:54 MET 2006(DEBUG)=> com.sun.patchpro.model.PatchProStateMachine$14@ae506e <=downloadOrStartOver(): returning 9
Fri Nov 24 15:47:54 MET 2006(DEBUG)=> com.sun.patchpro.model.PatchProStateMachine@1e04cbf <=reached the end state.
Fri Nov 24 15:47:54 MET 2006(DEBUG)=> com.sun.patchpro.model.PatchProStateMachine@1e04cbf <=reading state 8
Fri Nov 24 15:47:54 MET 2006(DEBUG)=> com.sun.patchpro.model.PatchProStateMachine@1e04cbf <=State 8 is not terminal.
Fri Nov 24 15:47:54 MET 2006(DEBUG)=> com.sun.patchpro.model.PatchProStateMachine@1e04cbf <=nextStates =
Fri Nov 24 15:47:54 MET 2006(DEBUG)=> com.sun.patchpro.model.PatchProStateMachine@1e04cbf <= 9
Fri Nov 24 15:47:54 MET 2006(DEBUG)=> com.sun.patchpro.model.PatchProStateMachine@1e04cbf <=StateMachine is officially done.
Fri Nov 24 15:47:54 MET 2006(DEBUG)=> com.sun.patchpro.model.PatchProStateMachine@1e04cbf <=setDone()
Message was edited by:
ixisam
# 17
Have you registered the systems yet?See http://sunsolve.sun.com/search/document.do?assetkey=1-9-82688-1 for further details
# 18
Nope i did not register them because i don't have the command installed on the systemIs sconadm a solaris 10 command?because the srv1 is under solaris 9how can i register a system to have a lps proxy using solaris9 then ?
# 19
Can the proxy (svr1) patch itself?-- Modski
# 20
Yes, it has a connection to the internet
# 21
Which version of Solaris is running on the client?Mod.
# 22
Solaris 9 9/05 s9s_u8wos_05 SPARCPatch level : 118558-34
# 23
Could you set the LPS patch source to:https://getupdates.sun.com/solaris/and set the client smpatch source to: http://srv1:3816/solaris/(keeping the trailing slashes). And try smptch again?Mod.
# 24
i still have on srv2 :
# smpatch analyze
No patches required.
and smpatch on srv1 (direct connexion on the internet) gives me:
> smpatch analyze
No patches required.
(and i do need patchs on the system , patchdiag confirm this)
> smpatch get
patchpro.backout.directory-""
patchpro.download.directory/local-arbre/export/download/sun/patches/5.9/9_recommanded/var/sadm/spool
patchpro.install.types rebootafter:reconfigafter:rebootimmediate:reconfigimmediate:singleuser:standard :interactiverebootafter:reconfigafter:standard
patchpro.patch.sourcehttps://getupdates.sun.com/solaris/https://updateserver.sun.com/solaris/
patchpro.patchsetpatchdb patchdb1
# 25
You could try using a different patchset:-smpatch set patchpro.patchset=recommendedCan you also provide a list of the patches that you say should be applied?
# 26
> smpatch analyze
recommanded: not found at https://getupdates.sun.com/solaris/
patchdiag shows:
1143322325SunOS 5.9: c2audit & *libbsm.so.1 Patch
1145640910SunOS 5.9: /usr/sbin/in.ftpd Patch
1160160304SunOS 5.9: /usr/sbin/logadm patch
1166692021SunOS 5.9: md Patch
1185583536SunOS 5.9: Kernel Patch
etc
# 27
It looks like you made a typo:"recommanded" should be "recommended"Please correct this and try again.
# 28
oops sorry
looks like it is working!
srv1
> smpatch analyze
113277-49 SunOS 5.9: sd and ssd Patch
114564-10 SunOS 5.9: /usr/sbin/in.ftpd Patch
root@srv2 # smpatch analyze
112960-40 SunOS 5.9: patch libsldap ldap_cachemgr libldap
118558-35 SunOS 5.9: Kernel Patch
116548-05 SunOS 5.9: ufsboot Patch
114133-03 SunOS 5.9: mail Patch
113277-49 SunOS 5.9: sd and ssd Patch
114564-10 SunOS 5.9: /usr/sbin/in.ftpd Patch
112965-06 SunOS 5.9: patch /kernel/drv/sparcv9/eri
114049-14 SunOS 5.9: Netscape Portable Runtime(4.1.4)/Network Security System(3.3.4)
114538-38 SunOS 5.9: Sun XVR-100 Graphics Accelerator Patch
114555-33 SunOS 5.9: Sun XVR-1200 Graphics Accelerator Patch
112661-11 SunOS 5.9: IIIM and X Input & Output Method patch
